Package com.sun.xml.wss.impl.misc

Class DefaultSecurityEnvironmentImpl

java.lang.Object
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl
All Implemented Interfaces:
SecurityEnvironment
public class DefaultSecurityEnvironmentImpl extends Object implements SecurityEnvironment

  • Field Details

    • log

      protected static final Logger log
      logger

  • Constructor Details

    • DefaultSecurityEnvironmentImpl

      public DefaultSecurityEnvironmentImpl(CallbackHandler cHandler)

    • DefaultSecurityEnvironmentImpl

      public DefaultSecurityEnvironmentImpl(CallbackHandler cHandler, Properties confAssertions)

  • Method Details

    • getDefaultCertificate

      public X509Certificate getDefaultCertificate(Map context) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Retrieves a reasonable default value for the current user's X509Certificate if one exists.
      Specified by:
      getDefaultCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      Returns:
      the default certificate for the current user
      Throws:
      XWSSecurityException

    • getDefaultPrivKeyCertRequest

      public SignatureKeyCallback.PrivKeyCertRequest getDefaultPrivKeyCertRequest(Map context) throws XWSSecurityException
      Throws:
      XWSSecurityException

    • getAliasPrivKeyCertRequest

      public SignatureKeyCallback.AliasPrivKeyCertRequest getAliasPrivKeyCertRequest(String certIdentifier) throws XWSSecurityException
      Throws:
      XWSSecurityException

    • getDefaultPrivateKey

      public PrivateKey getDefaultPrivateKey(Map context) throws XWSSecurityException
      Throws:
      XWSSecurityException

    • getSecretKey

      public SecretKey getSecretKey(Map context, String alias, boolean encryptMode) throws XWSSecurityException
      Specified by:
      getSecretKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      alias - the alias for identifying the SecretKey
      encryptMode - whether this request is for an Encrypt or Decrypt operation
      Returns:
      the SecretKey corresponding to the alias
      Throws:
      XWSSecurityException - if there was an error while trying to locate the SecretKey

    • getCertificate

      public X509Certificate getCertificate(Map context, String alias, boolean forSigning) throws XWSSecurityException
      Specified by:
      getCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      alias - the alias for identifying the certificate
      forSigning - whether this request is for a Sign operation or Encrypt
      Returns:
      the certificate corresponding to the alias
      Throws:
      XWSSecurityException - if there was an error while trying to locate the Cerificate

    • getCertificate

      public X509Certificate getCertificate(Map context, PublicKey publicKey, boolean forSign) throws XWSSecurityException
      Specified by:
      getCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      publicKey - the publicKey
      forSign - set to true if the public key is to be used for SignatureVerification
      Returns:
      the X509Certificate corresponding to a PublicKey
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PublicKey

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, String alias) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      alias - the alias for identifying the PrivateKey
      Returns:
      the PrivateKey corresponding to the alias
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PrivateKey

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, byte[] identifier, String valueType) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Throws:
      XWSSecurityException

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, byte[] keyIdentifier) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      keyIdentifier - an Opaque identifier indicating the X509 certificate.
      Returns:
      the PrivateKey corresponding to a KeyIdentifier
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PrivateKey

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      serialNumber - the serialNumber of the certificate
      issuerName - the issuerName of the certificate
      Returns:
      the PrivateKey corresponding to (serialNumber, issuerName)
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PrivateKey

    • getPublicKey

      public PublicKey getPublicKey(Map context, byte[] identifier, String valueType) throws XWSSecurityException
      Specified by:
      getPublicKey in interface SecurityEnvironment
      Throws:
      XWSSecurityException

    • getPublicKey

      public PublicKey getPublicKey(Map context, byte[] keyIdentifier) throws XWSSecurityException
      Specified by:
      getPublicKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      keyIdentifier - an Opaque identifier indicating the X509 certificate.
      Returns:
      the PublicKey corresponding to a KeyIdentifier
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PublicKey

    • getCertificate

      public X509Certificate getCertificate(Map context, byte[] identifier, String valueType) throws XWSSecurityException
      Specified by:
      getCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      identifier - an Opaque identifier indicating the X509 certificate.
      Returns:
      the X509Certificate corresponding to a KeyIdentifier
      Throws:
      XWSSecurityException - if there was an error while trying to locate the X509Certificate

    • getCertificate

      public X509Certificate getCertificate(Map context, byte[] keyIdentifier) throws XWSSecurityException
      Specified by:
      getCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      keyIdentifier - an Opaque identifier indicating the X509 certificate.
      Returns:
      the X509Certificate corresponding to a KeyIdentifier
      Throws:
      XWSSecurityException - if there was an error while trying to locate the X509Certificate

    • getPublicKey

      public PublicKey getPublicKey(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException
      Specified by:
      getPublicKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      serialNumber - the serialNumber of the certificate
      issuerName - the issuerName of the certificate
      Returns:
      the PublicKey corresponding to (serialNumber, issuerName)
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PublicKey

    • getCertificate

      public X509Certificate getCertificate(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException
      Specified by:
      getCertificate in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      serialNumber - the serialNumber of the certificate
      issuerName - the issuerName of the certificate
      Returns:
      the X509Certificate corresponding to (serialNumber, issuerName)
      Throws:
      XWSSecurityException - if there was an error while trying to locate the X509Certificate

    • validateCertificate

      public boolean validateCertificate(X509Certificate cert, Map context) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate an X509Certificate.
      Specified by:
      validateCertificate in interface SecurityEnvironment
      Parameters:
      cert - the X509Certificate to be validated
      context - Map of application and integration-layer specific properties
      Returns:
      true, if the cert is a valid one, false otherwise.
      Throws:
      XWSSecurityException - if there is some problem during validation. public boolean validateCertificate(X509Certificate cert) throws XWSSecurityException; / /** Validate an X509Certificate.

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, String username, String password)
      Description copied from interface: SecurityEnvironment
      Update the public/private credentials of the subject of the party whose username password pair is given.
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      username - the username of the requesting party
      password - the password of the requesting party

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, X509Certificate cert)
      Description copied from interface: SecurityEnvironment
      Update the public credentials of the subject of the party whose certificate is given.
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      cert - the X509Certificate of the requesting party

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, Assertion assertion)
      Description copied from interface: SecurityEnvironment
      Update the public credentials of the subject of the party whose Assertion is given.
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      assertion - the SAML Assertion of the requesting party

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, Key secretKey)

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, String ek)

    • getSubject

      public static Subject getSubject(Map context)

    • getSubject

      public static Subject getSubject(FilterProcessingContext context)

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, X509Certificate cert) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      cert - the X509Certificate
      Returns:
      the PrivateKey corresponding to the X509Certificate
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PrivateKey

    • getPrivateKey

      public PrivateKey getPrivateKey(Map context, PublicKey publicKey, boolean forSign) throws XWSSecurityException
      Specified by:
      getPrivateKey in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      publicKey - the publicKey
      forSign - set to true if the purpose is Signature
      Returns:
      the PrivateKey corresponding to a PublicKey
      Throws:
      XWSSecurityException - if there was an error while trying to locate the PrivateKey

    • getSubject

      public Subject getSubject()
      Specified by:
      getSubject in interface SecurityEnvironment
      Returns:
      the host/sender Subject, null if subject is not available/initialized

    • authenticateUser

      public boolean authenticateUser(Map context, String username, String passwordDigest, String nonce, String created) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Authenticate the user given the password digest.
      Specified by:
      authenticateUser in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      username - the username
      passwordDigest - the digested password
      nonce - the nonce which was part of the digest
      created - the creation time which was part of the digest
      Returns:
      true if the password digest is valid, false otherwise
      Throws:
      XWSSecurityException - if there was an error while trying to authenticate the username

    • authenticateUser

      public boolean authenticateUser(Map context, String username, String password) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Authenticate the user against a list of known username-password pairs.
      Specified by:
      authenticateUser in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      username - the username
      password - the password
      Returns:
      true if the username-password pair is valid, false otherwise
      Throws:
      XWSSecurityException - if there was an error while trying to authenticate the username

    • authenticateUser

      public String authenticateUser(Map context, String username) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Authenticate the user given the username and context.
      Specified by:
      authenticateUser in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      username - the username
      Returns:
      password if the username is valid
      Throws:
      XWSSecurityException - if there was an error while trying to authenticate the username

    • validateCreationTime

      public void validateCreationTime(Map context, String creationTime, long maxClockSkew, long timestampFreshnessLimit) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW
      Specified by:
      validateCreationTime in interface SecurityEnvironment
      Parameters:
      creationTime -
      context - a Map of application and integration-layer specific properties
      maxClockSkew - (in milliseconds) the maximum clockskew
      timestampFreshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh
      Throws:
      XWSSecurityException

    • validateSamlIssuer

      public boolean validateSamlIssuer(String issuer)

    • validateSamlUser

      public boolean validateSamlUser(String user, String domain, String format)

    • getUsername

      public String getUsername(Map context) throws XWSSecurityException
      Specified by:
      getUsername in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      Returns:
      the username using UsernameCallback
      Throws:
      XWSSecurityException - if there was an error while trying obtain the username

    • getPassword

      public String getPassword(Map context) throws XWSSecurityException
      Specified by:
      getPassword in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      Returns:
      the password using PasswordCallback
      Throws:
      XWSSecurityException - if there was an error while trying obtain the password

    • validateTimestamp

      public void validateTimestamp(Map context, Timestamp timestamp, long maxClockSkew, long freshnessLimit) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW
      Specified by:
      validateTimestamp in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      timestamp - the Timestamp element
      maxClockSkew - (in milliseconds) the maximum clockskew
      freshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh
      Throws:
      XWSSecurityException - if there was an error while trying validate the Timestamp

    • validateTimestamp

      public void validateTimestamp(Map context, String created, String expires, long maxClockSkew, long freshnessLimit) throws XWSSecurityException
      Specified by:
      validateTimestamp in interface SecurityEnvironment
      Throws:
      XWSSecurityException

    • newSOAPFaultException

      public static WssSoapFaultException newSOAPFaultException(QName faultCode, String faultstring, Throwable th)
      Create and initialize a WssSoapFaultException. This method is used in conjunction with generateClientFault.

    • validateSAMLAssertion

      public void validateSAMLAssertion(Map context, Element assertion) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime
      Specified by:
      validateSAMLAssertion in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      assertion - the Assertion to be validated
      Throws:
      XWSSecurityException - if there was an error while validating the SAML Assertion

    • locateSAMLAssertion

      public Element locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Locate and return a SAML Assertion, given the Authority binding and assertionId
      Specified by:
      locateSAMLAssertion in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      binding - an org.w3c.dom.Element representing the SAML AuthorityBinding
      assertionId - the Assertion ID of the SAML Assertion
      ownerDoc - the owner document into which the returned SAML Assertion should be imported to
      Throws:
      XWSSecurityException - if there was an error while trying to locate the SAML Assertion

    • populateSAMLPolicy

      public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy, DynamicApplicationContext context) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information. The DynamicApplicationContext may contain information to be used by the implementation to make its runtime decisions on how to obtaim the SAML Assertion
      Specified by:
      populateSAMLPolicy in interface SecurityEnvironment
      Parameters:
      fpcontext - a Map of application and integration-layer specific properties
      policy - the SAML Assertion Policy to be populated
      context - the DynamicApplicationContext
      Returns:
      populated SAML Assertion policy
      Throws:
      XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy

    • getCallbackHandler

      public CallbackHandler getCallbackHandler()
      Specified by:
      getCallbackHandler in interface SecurityEnvironment
      Returns:
      any Callback Handler associated with this Environment, null otherwise

    • validateSAMLAssertion

      public void validateSAMLAssertion(Map context, XMLStreamReader assertion) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime In case HOK SAML Assertion the enveloped signature is removed from this SAML Assertion and verified. (i,e one will not find Signature element under this SAMLAssertion)
      Specified by:
      validateSAMLAssertion in interface SecurityEnvironment
      Parameters:
      context - a Map of application and integration-layer specific properties
      assertion - the Assertion to be validated
      Throws:
      XWSSecurityException - if there was an error while validating the SAML Assertion

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, XMLStreamReader assertion)
      Description copied from interface: SecurityEnvironment
      Update the public credentials of the subject of the party whose Assertion is given.
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      assertion - the SAML Assertion of the requesting party

    • isSelfCertificate

      public boolean isSelfCertificate(X509Certificate cert)
      Specified by:
      isSelfCertificate in interface SecurityEnvironment
      Returns:
      true if the certificate is a self certificate, false otherwise

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, Subject bootStrapSubject)
      Description copied from interface: SecurityEnvironment
      Update the principal/credentials of the requesting party subject
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      bootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party

    • doKerberosLogin

      public KerberosContext doKerberosLogin() throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
      Specified by:
      doKerberosLogin in interface SecurityEnvironment
      Throws:
      XWSSecurityException

    • doKerberosLogin

      public KerberosContext doKerberosLogin(byte[] tokenValue) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
      Specified by:
      doKerberosLogin in interface SecurityEnvironment
      Throws:
      XWSSecurityException

    • updateOtherPartySubject

      public void updateOtherPartySubject(Subject subject, GSSName clientCred, GSSCredential gssCred)
      Description copied from interface: SecurityEnvironment
      Update the principal/credentials of the requesting party subject
      Specified by:
      updateOtherPartySubject in interface SecurityEnvironment
      Parameters:
      subject - the Subject of the requesting party
      clientCred - the GSSName of the requesting party

    • validateAndCacheNonce

      public boolean validateAndCacheNonce(Map context, String nonce, String created, long nonceAge) throws XWSSecurityException
      Description copied from interface: SecurityEnvironment
      Validate the given nonce. It is an error if the nonce matches any stored nonce values on the server if there is no error then the nonce is Cached.
      Specified by:
      validateAndCacheNonce in interface SecurityEnvironment
      Parameters:
      context - a context containing runtime properties
      nonce - the encoded nonce value
      created - the creation time value
      nonceAge - the time in milliseconds for which this nonce will be stored on the receiver.
      Returns:
      true if this nonce is valid
      Throws:
      XWSSecurityException - if there was an error while trying to validate the Nonce