View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.engine;
21  
22  import org.apache.wss4j.common.saml.SamlAssertionWrapper;
23  import org.apache.wss4j.common.token.BinarySecurity;
24  import org.apache.wss4j.dom.WSDataRef;
25  import org.apache.wss4j.dom.message.token.SecurityContextToken;
26  import org.apache.wss4j.dom.message.token.SignatureConfirmation;
27  import org.apache.wss4j.dom.message.token.Timestamp;
28  import org.apache.wss4j.dom.message.token.UsernameToken;
29  
30  import java.security.Principal;
31  import java.security.cert.X509Certificate;
32  import java.util.List;
33  
34  
35  public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
36  
37      //
38      // Tokens
39      //
40  
41      /**
42       *
43       */
44      private static final long serialVersionUID = 8877354445092724300L;
45  
46      /**
47       * Tag denoting the SAML Assertion found, if applicable.
48       *
49       * The value under this tag is of type SamlAssertionWrapper.
50       */
51      public static final String TAG_SAML_ASSERTION = "saml-assertion";
52  
53      /**
54       * Tag denoting the timestamp found, if applicable.
55       *
56       * The value under this tag is of type
57       * org.apache.wss4j.dom.message.token.Timestamp.
58       */
59      public static final String TAG_TIMESTAMP = "timestamp";
60  
61      /**
62       * Tag denoting references to the DOM elements that have been
63       * cryptographically protected.
64       *
65       * The value under this tag is of type SecurityContextToken.
66       */
67      public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
68  
69      /**
70       * Tag denoting a UsernameToken object
71       */
72      public static final String TAG_USERNAME_TOKEN = "username-token";
73  
74      /**
75       * Tag denoting a DerivedKeyToken object
76       */
77      public static final String TAG_DERIVED_KEY_TOKEN = "derived-key-token";
78  
79      /**
80       * Tag denoting the signature confirmation of a signed element,
81       * if applicable.
82       *
83       * The value under this tag is of type
84       * org.apache.wss4j.dom.message.token.SignatureConfirmation.
85       */
86      public static final String TAG_SIGNATURE_CONFIRMATION = "signature-confirmation";
87  
88      /**
89       * Tag denoting the BinarySecurityToken found, if applicable.
90       *
91       * The value under this tag is of type BinarySecurity.
92       */
93      public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
94  
95      /**
96       * Tag denoting a Transformed Token. For certain tokens, the Validator may return
97       * an SamlAssertionWrapper instance which corresponds to a transformed version of the
98       * initial token. For example, a Username Token credential might be validated
99       * by an STS and transformed into a SAML Assertion. This tag then holds the
100      * transformed SamlAssertionWrapper instance, as a component of the Result corresponding
101      * to the Username Token.
102      *
103      * The value under this tag is of type SamlAssertionWrapper.
104      */
105     public static final String TAG_TRANSFORMED_TOKEN = "transformed-token";
106 
107     /**
108      * Tag denoting that the TAG_*_TOKEN result has been validated by a Validator
109      * implementation. Some of the processors do not have a default validator implementation,
110      * and so this is not set. Note that this is set for the NoOpValidator if it is
111      * configured.
112      *
113      * The value under this tag is a Boolean instance.
114      */
115     public static final String TAG_VALIDATED_TOKEN = "validated-token";
116 
117     /**
118      * Tag denoting the DOM Element of the processed token (if a token has been processed).
119      *
120      * The value under this tag is of type org.w3c.dom.Element
121      */
122     public static final String TAG_TOKEN_ELEMENT = "token-element";
123 
124     //
125     // Keys and certs
126     //
127 
128     /**
129      * Tag denoting the X.509 certificate found, if applicable.
130      *
131      * The value under this tag is of type java.security.cert.X509Certificate.
132      */
133     public static final String TAG_X509_CERTIFICATE = "x509-certificate";
134 
135     /**
136      * Tag denoting the signature value of a signed element, if applicable.
137      *
138      * The value under this tag is of type byte[].
139      */
140     public static final String TAG_SIGNATURE_VALUE = "signature-value";
141 
142     /**
143      * Tag denoting the X.509 certificate chain found, if applicable.
144      *
145      * The value under this tag is of type java.security.cert.X509Certificate[].
146      */
147     public static final String TAG_X509_CERTIFICATES = "x509-certificates";
148 
149     /**
150      * Tag denoting how the X.509 certificate (chain) was referenced, if applicable.
151      *
152      * The value under this tag is of type STRParser.REFERENCE_TYPE.
153      */
154     public static final String TAG_X509_REFERENCE_TYPE = "x509-reference-type";
155 
156     /**
157      * Tag denoting the encrypted key bytes
158      *
159      * The value under this tag is a byte array
160      */
161     public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
162 
163     /**
164      * Tag denoting a byte[] secret associated with this token
165      */
166     public static final String TAG_SECRET = "secret";
167 
168     /**
169      * Tag denoting a PublicKey associated with this token
170      */
171     public static final String TAG_PUBLIC_KEY = "public-key";
172 
173     //
174     // General tags
175     //
176 
177     /**
178      * Tag denoting the cryptographic operation performed
179      *
180      * The value under this tag is of type java.lang.Integer
181      */
182     public static final String TAG_ACTION = "action";
183 
184     /**
185      * Tag denoting the security principal found, if applicable.
186      *
187      * The value under this tag is of type java.security.Principal.
188      */
189     public static final String TAG_PRINCIPAL = "principal";
190 
191     /**
192      * Tag denoting the security subject found, if applicable.
193      *
194      * The value under this tag is of type javax.security.auth.Subject.
195      */
196     public static final String TAG_SUBJECT = "subject";
197 
198     /**
199      * Tag denoting references to a List of Data ref URIs.
200      *
201      * The value under this tag is of type List.
202      */
203     public static final String TAG_DATA_REF_URIS = "data-ref-uris";
204 
205     /**
206      * Tag denoting the encrypted key transport algorithm.
207      *
208      * The value under this tag is of type String.
209      */
210     public static final String TAG_ENCRYPTED_KEY_TRANSPORT_METHOD = "encrypted-key-transport-method";
211 
212     /**
213      * Tag denoting the algorithm that was used to sign the message
214      *
215      * The value under this tag is of type String.
216      */
217     public static final String TAG_SIGNATURE_METHOD = "signature-method";
218 
219     /**
220      * Tag denoting the algorithm that was used to do canonicalization
221      *
222      * The value under this tag is of type String.
223      */
224     public static final String TAG_CANONICALIZATION_METHOD = "canonicalization-method";
225 
226     /**
227      * Tag denoting a delegation credential found, if applicable.
228      *
229      * For Kerberos (if delegation is enabled), the value under this tag is of type GSSCredential
230      */
231     public static final String TAG_DELEGATION_CREDENTIAL = "delegation-credential";
232 
233     /**
234      * The (wsu) Id of the token corresponding to this result.
235      */
236     public static final String TAG_ID = "id";
237 
238     public WSSecurityEngineResult(int act) {
239         put(TAG_ACTION, act);
240     }
241 
242     public WSSecurityEngineResult(
243         int act,
244         SamlAssertionWrapper ass
245     ) {
246         put(TAG_ACTION, act);
247         put(TAG_SAML_ASSERTION, ass);
248         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
249         put(TAG_TOKEN_ELEMENT, ass.getElement());
250     }
251 
252     public WSSecurityEngineResult(
253         int act,
254         Principal princ,
255         X509Certificate[] certs,
256         byte[] sv
257     ) {
258         put(TAG_ACTION, act);
259         put(TAG_PRINCIPAL, princ);
260         put(TAG_X509_CERTIFICATES, certs);
261         put(TAG_SIGNATURE_VALUE, sv);
262         if (certs != null && certs.length > 0) {
263             put(TAG_X509_CERTIFICATE, certs[0]);
264         }
265         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
266     }
267 
268     public
269     WSSecurityEngineResult(
270         int act,
271         Principal princ,
272         X509Certificate[] certs,
273         List<WSDataRef> dataRefs,
274         byte[] sv
275     ) {
276         this(act, princ, certs, sv);
277         put(TAG_DATA_REF_URIS, dataRefs);
278     }
279 
280     public WSSecurityEngineResult(
281         int act,
282         byte[] decryptedKey,
283         byte[] encryptedKeyBytes,
284         List<WSDataRef> dataRefUris
285     ) {
286         put(TAG_ACTION, act);
287         put(TAG_SECRET, decryptedKey);
288         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
289         put(TAG_DATA_REF_URIS, dataRefUris);
290         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
291     }
292 
293     public WSSecurityEngineResult(
294         int act,
295         byte[] decryptedKey,
296         byte[] encryptedKeyBytes,
297         List<WSDataRef> dataRefUris,
298         X509Certificate[] certs
299     ) {
300         put(TAG_ACTION, act);
301         put(TAG_SECRET, decryptedKey);
302         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
303         put(TAG_DATA_REF_URIS, dataRefUris);
304         put(TAG_X509_CERTIFICATES, certs);
305         if (certs != null && certs.length > 0) {
306             put(TAG_X509_CERTIFICATE, certs[0]);
307         }
308         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
309     }
310 
311     public WSSecurityEngineResult(int act, List<WSDataRef> dataRefUris) {
312         put(TAG_ACTION, act);
313         put(TAG_DATA_REF_URIS, dataRefUris);
314         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
315     }
316 
317     public WSSecurityEngineResult(int act, Timestamp tstamp) {
318         put(TAG_ACTION, act);
319         put(TAG_TIMESTAMP, tstamp);
320         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
321         put(TAG_TOKEN_ELEMENT, tstamp.getElement());
322     }
323 
324     public WSSecurityEngineResult(int act, SecurityContextToken sct) {
325         put(TAG_ACTION, act);
326         put(TAG_SECURITY_CONTEXT_TOKEN, sct);
327         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
328         put(TAG_TOKEN_ELEMENT, sct.getElement());
329     }
330 
331     public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
332         put(TAG_ACTION, act);
333         put(TAG_SIGNATURE_CONFIRMATION, sc);
334         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
335         put(TAG_TOKEN_ELEMENT, sc.getElement());
336     }
337 
338     public WSSecurityEngineResult(int act, UsernameToken usernameToken) {
339         this(act, usernameToken, null);
340     }
341 
342     public WSSecurityEngineResult(int act, UsernameToken usernameToken, Principal principal) {
343         put(TAG_ACTION, act);
344         put(TAG_USERNAME_TOKEN, usernameToken);
345         put(TAG_PRINCIPAL, principal);
346         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
347         put(TAG_TOKEN_ELEMENT, usernameToken.getElement());
348     }
349 
350     public WSSecurityEngineResult(int act, BinarySecurity token, X509Certificate[] certs) {
351         put(TAG_ACTION, act);
352         put(TAG_BINARY_SECURITY_TOKEN, token);
353         put(TAG_X509_CERTIFICATES, certs);
354         if (certs != null && certs.length > 0) {
355             put(TAG_X509_CERTIFICATE, certs[0]);
356         }
357         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
358         put(TAG_TOKEN_ELEMENT, token.getElement());
359     }
360 
361 
362 }