View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.processor;
21  
22  import org.apache.wss4j.dom.WSConstants;
23  import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
24  import org.apache.wss4j.common.ext.WSPasswordCallback;
25  import org.apache.wss4j.common.ext.WSSecurityException;
26  import org.apache.wss4j.common.util.XMLUtils;
27  import org.apache.wss4j.dom.handler.RequestData;
28  import org.apache.wss4j.dom.message.token.SecurityContextToken;
29  import org.apache.wss4j.dom.validate.Credential;
30  import org.apache.wss4j.dom.validate.Validator;
31  import org.w3c.dom.Element;
32  
33  import javax.security.auth.callback.Callback;
34  import javax.security.auth.callback.CallbackHandler;
35  import javax.security.auth.callback.UnsupportedCallbackException;
36  import javax.xml.namespace.QName;
37  
38  import java.util.List;
39  import java.io.IOException;
40  
41  /**
42   * The processor to process <code>wsc:SecurityContextToken</code>.
43   */
44  public class SecurityContextTokenProcessor implements Processor {
45  
46      public List<WSSecurityEngineResult> handleToken(
47          Element elem,
48          RequestData data
49      ) throws WSSecurityException {
50          SecurityContextToken sct = new SecurityContextToken(elem);
51  
52          Validator validator =
53              data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName()));
54  
55          WSSecurityEngineResult result =
56              new WSSecurityEngineResult(WSConstants.SCT, sct);
57          if (validator != null) {
58              // Hook to allow the user to validate the SecurityContextToken
59              Credential credential = new Credential();
60              credential.setSecurityContextToken(sct);
61  
62              Credential returnedCredential = validator.validate(credential, data);
63              result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
64              String tokenId = sct.getID();
65              if (tokenId.length() != 0) {
66                  result.put(WSSecurityEngineResult.TAG_ID, tokenId);
67              }
68              result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
69          } else {
70              String id = sct.getID();
71              id = XMLUtils.getIDFromReference(id);
72  
73              byte[] secret = null;
74              try {
75                  secret = getSecret(data.getCallbackHandler(), sct.getIdentifier());
76              } catch (WSSecurityException ex) {
77                  secret = getSecret(data.getCallbackHandler(), id);
78              }
79              if (secret == null || secret.length == 0) {
80                  secret = getSecret(data.getCallbackHandler(), id);
81              }
82              result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
83              result.put(WSSecurityEngineResult.TAG_SECRET, secret);
84          }
85  
86          data.getWsDocInfo().addTokenElement(elem);
87          data.getWsDocInfo().addResult(result);
88          return java.util.Collections.singletonList(result);
89      }
90  
91      /**
92       * Get the secret from the provided callback handler and return it.
93       *
94       * @param cb
95       * @param identifier
96       * @return The key collected using the callback handler
97       */
98      private byte[] getSecret(CallbackHandler cb, String identifier)
99          throws WSSecurityException {
100 
101         if (cb == null) {
102             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
103         }
104 
105         WSPasswordCallback callback =
106             new WSPasswordCallback(identifier, WSPasswordCallback.SECURITY_CONTEXT_TOKEN);
107         try {
108             Callback[] callbacks = new Callback[]{callback};
109             cb.handle(callbacks);
110         } catch (IOException | UnsupportedCallbackException e) {
111             throw new WSSecurityException(
112                 WSSecurityException.ErrorCode.FAILURE, e,
113                 "noKey",
114                 new Object[] {identifier});
115         }
116 
117         return callback.getKey();
118     }
119 
120 }