View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.saml;
21  
22  import org.apache.ws.security.WSSecurityException;
23  import org.apache.ws.security.components.crypto.Crypto;
24  import org.apache.ws.security.components.crypto.CryptoFactory;
25  
26  import org.apache.ws.security.saml.ext.AssertionWrapper;
27  import org.apache.ws.security.saml.ext.SAMLParms;
28  import org.apache.ws.security.util.Loader;
29  
30  import java.util.Properties;
31  
32  import javax.security.auth.callback.CallbackHandler;
33  
34  /**
35   * Builds a WS SAML Assertion and inserts it into the SOAP Envelope. Refer to
36   * the WS specification, SAML Token profile
37   */
38  public class SAMLIssuerImpl implements SAMLIssuer {
39  
40      private static final org.apache.commons.logging.Log LOG = 
41          org.apache.commons.logging.LogFactory.getLog(SAMLIssuerImpl.class);
42  
43      private Properties properties = null;
44      
45      private CallbackHandler callbackHandler = null;
46  
47      private String issuer;
48      private Crypto issuerCrypto = null;
49      private String issuerKeyPassword = null;
50      private String issuerKeyName = null;
51  
52      /**
53       * Flag indicating what format to put the subject's key material in when
54       * NOT using Sender Vouches as the confirmation method.  The default is
55       * to use ds:X509Data and include the entire certificate.  If this flag
56       * is set to true, a ds:KeyValue is used instead with just the key material.
57       */
58      private boolean sendKeyValue = false;
59      
60      /**
61       * This boolean controls whether the assertion is to be signed or not
62       */
63      private boolean signAssertion = false;
64  
65      /**
66       * Constructor.
67       */
68      public SAMLIssuerImpl() {
69      }
70  
71      public SAMLIssuerImpl(Properties prop) throws WSSecurityException {
72          /*
73           * if no properties .. just return an instance, the rest will be done
74           * later or this instance is just used to handle certificate
75           * conversions in this implementation
76           */
77          if (prop == null) {
78              return;
79          }
80          properties = prop;
81  
82          String cryptoProp =
83                  properties.getProperty("org.apache.ws.security.saml.issuer.cryptoProp.file");
84          if (cryptoProp != null) {
85              issuerCrypto = CryptoFactory.getInstance(cryptoProp);
86              issuerKeyName =
87                      properties.getProperty("org.apache.ws.security.saml.issuer.key.name");
88              issuerKeyPassword =
89                      properties.getProperty("org.apache.ws.security.saml.issuer.key.password");
90          }
91          
92          String sendKeyValueProp =
93              properties.getProperty("org.apache.ws.security.saml.issuer.sendKeyValue");
94          if (sendKeyValueProp != null) {
95              sendKeyValue = Boolean.valueOf(sendKeyValueProp).booleanValue();
96          }
97          
98          String signAssertionProp =
99              properties.getProperty("org.apache.ws.security.saml.issuer.signAssertion");
100         if (signAssertionProp != null) {
101             signAssertion = Boolean.valueOf(signAssertionProp).booleanValue();
102         }
103         
104         String issuerProp = properties.getProperty("org.apache.ws.security.saml.issuer");
105         if (issuerProp != null) {
106             issuer = issuerProp;
107         }
108     }
109 
110     /**
111      * Creates a new AssertionWrapper.
112      *
113      * @return a new AssertionWrapper.
114      */
115     public AssertionWrapper newAssertion() throws WSSecurityException {
116         if (LOG.isDebugEnabled()) {
117             LOG.debug(
118                 "Entering AssertionWrapper.newAssertion() ... creating SAML token"
119             );
120         }
121 
122         if (callbackHandler == null && properties != null) {
123             try {
124                 String samlCallbackClassname = 
125                     properties.getProperty("org.apache.ws.security.saml.callback");
126                 Class<? extends CallbackHandler> callbackClass = null;
127                 try {
128                     callbackClass = Loader.loadClass(samlCallbackClassname, CallbackHandler.class);
129                 } catch (ClassNotFoundException ex) {
130                     throw new WSSecurityException(ex.getMessage(), ex);
131                 }
132                 callbackHandler = callbackClass.newInstance();
133             } catch (InstantiationException ex) {
134                 throw new WSSecurityException(ex.getMessage(), ex);
135             } catch (IllegalAccessException ex) {
136                 throw new WSSecurityException(ex.getMessage(), ex);
137             }
138         }
139             
140         // Create a new SAMLParms with all of the information from the properties file.
141         SAMLParms samlParms = new SAMLParms();
142         samlParms.setIssuer(issuer);
143         samlParms.setCallbackHandler(callbackHandler);
144 
145         AssertionWrapper sa = new AssertionWrapper(samlParms);
146         if (signAssertion) {
147             sa.signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto, sendKeyValue);
148         }
149 
150         return sa;
151     }
152     
153     /**
154      * Set whether to send the key value or whether to include the entire cert.
155      * @param sendKeyValue whether to send the key value.
156      */
157     public void setSendKeyValue(boolean sendKeyValue) {
158         this.sendKeyValue = sendKeyValue;
159     }
160     
161     /**
162      * Get whether to send the key value or whether to include the entire cert.
163      * @return whether to send the key value
164      */
165     public boolean isSendKeyValue() {
166         return sendKeyValue;
167     }
168     
169     /**
170      * Set whether to sign the assertion or not.
171      * @param signAssertion whether to sign the assertion or not.
172      */
173     public void setSignAssertion(boolean signAssertion) {
174         this.signAssertion = signAssertion;
175     }
176 
177     /**
178      * Get whether to sign the assertion or not
179      * @return whether to sign the assertion or not
180      */
181     public boolean isSignAssertion() {
182         return signAssertion;
183     }
184     
185     /**
186      * Set the CallbackHandler to use
187      * @param callbackHandler the CallbackHandler to use
188      */
189     public void setCallbackHandler(CallbackHandler callbackHandler) {
190         this.callbackHandler = callbackHandler;
191     }
192     
193     /**
194      * Get the CallbackHandler in use
195      * @return the CallbackHandler in use
196      */
197     public CallbackHandler getCallbackHandler() {
198         return callbackHandler;
199     }
200     
201     /**
202      * Set the issuer crypto
203      * @param issuerCrypto the issuer crypto
204      */
205     public void setIssuerCrypto(Crypto issuerCrypto) {
206         this.issuerCrypto = issuerCrypto;
207     }
208     
209     /**
210      * @return Returns the issuerCrypto.
211      */
212     public Crypto getIssuerCrypto() {
213         return issuerCrypto;
214     }
215     
216     /**
217      * Set the issuer name
218      * @param issuer the issuer name
219      */
220     public void setIssuerName(String issuer) {
221         this.issuer = issuer;
222     }
223     
224     /**
225      * Get the issuer name
226      * @return the issuer name
227      */
228     public String getIssuerName() {
229         return issuer;
230     }
231 
232     /**
233      * Set the issuer key name
234      * @param issuerKeyName the issuer key name
235      */
236     public void setIssuerKeyName(String issuerKeyName) {
237         this.issuerKeyName = issuerKeyName;
238     }
239     
240     /**
241      * @return Returns the issuerKeyName.
242      */
243     public String getIssuerKeyName() {
244         return issuerKeyName;
245     }
246     
247     /**
248      * Set the issuer key password
249      * @param issuerKeyPassword the issuerKeyPassword.
250      */
251     public void setIssuerKeyPassword(String issuerKeyPassword) {
252         this.issuerKeyPassword = issuerKeyPassword;
253     }
254 
255     /**
256      * @return Returns the issuerKeyPassword.
257      */
258     public String getIssuerKeyPassword() {
259         return issuerKeyPassword;
260     }
261 
262 }