0001: /*
0002: * $Id: AuthenticationTokenPolicy.java,v 1.10 2007/07/14 05:05:24 shyam_rao Exp $
0003: */
0004:
0005: /*
0006: * The contents of this file are subject to the terms
0007: * of the Common Development and Distribution License
0008: * (the License). You may not use this file except in
0009: * compliance with the License.
0010: *
0011: * You can obtain a copy of the license at
0012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
0013: * See the License for the specific language governing
0014: * permissions and limitations under the License.
0015: *
0016: * When distributing Covered Code, include this CDDL
0017: * Header Notice in each file and include the License file
0018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
0019: * If applicable, add the following below the CDDL Header,
0020: * with the fields enclosed by brackets [] replaced by
0021: * you own identifying information:
0022: * "Portions Copyrighted [year] [name of copyright owner]"
0023: *
0024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
0025: */
0026:
0027: package com.sun.xml.wss.impl.policy.mls;
0028:
0029: //import com.sun.xml.wss.saml.internal.impl.AssertionImpl;
0030:
0031: import java.security.cert.X509Certificate; //import com.sun.xml.wss.saml.AuthorityBinding;
0032:
0033: import com.sun.xml.wss.impl.policy.MLSPolicy;
0034: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
0035:
0036: import com.sun.xml.wss.impl.PolicyTypeUtil;
0037: import com.sun.xml.wss.impl.MessageConstants;
0038: import javax.xml.stream.XMLStreamReader;
0039: import org.w3c.dom.Element;
0040:
0041: /**
0042: * Objects of this class represent a concrete WSS Authentication
0043: * token as FeatureBinding. The following WSS Authentication Tokens
0044: * are supported :
0045: * <UL>
0046: * <LI>A <code> UsernameToken</code>
0047: * <LI>A <code>X509Certificate</code>
0048: * <LI>A <code>SAMLAssertion</code>
0049: * </UL>
0050: *
0051: */
0052: public class AuthenticationTokenPolicy extends
0053: WSSFeatureBindingExtension {
0054:
0055: /**
0056: * Feature Bindings
0057: *
0058: * (1) UsernameTokenBinding
0059: * (2) X509CertificateBinding
0060: * (3) SAMLAssertionBinding
0061: *
0062: * Key Bindings
0063: */
0064:
0065: /**
0066: * Default Constructor
0067: */
0068: public AuthenticationTokenPolicy() {
0069: setPolicyIdentifier(PolicyTypeUtil.AUTH_POLICY_TYPE);
0070: }
0071:
0072: /**
0073: * Equals operator
0074: * @param policy <code>WSSPolicy</code> to be compared for equality
0075: * @return true if the policy is equal to this policy
0076: */
0077: public boolean equals(WSSPolicy policy) {
0078: boolean _assert = false;
0079:
0080: try {
0081: if (!PolicyTypeUtil.authenticationTokenPolicy(policy))
0082: return false;
0083: AuthenticationTokenPolicy aPolicy = (AuthenticationTokenPolicy) policy;
0084: _assert = ((WSSPolicy) getFeatureBinding())
0085: .equals((WSSPolicy) aPolicy.getFeatureBinding());
0086: } catch (Exception cce) {
0087: }
0088:
0089: return _assert;
0090: }
0091:
0092: /*
0093: * Equality comparision ignoring the Targets
0094: * @param policy the policy to be compared for equality
0095: * @return true if the argument policy is equal to this
0096: */
0097: public boolean equalsIgnoreTargets(WSSPolicy policy) {
0098: return equals(policy);
0099: }
0100:
0101: /**
0102: * Clone operator
0103: * @return a clone of this AuthenticationTokenPolicy
0104: */
0105: public Object clone() {
0106: AuthenticationTokenPolicy atPolicy = new AuthenticationTokenPolicy();
0107:
0108: try {
0109: WSSPolicy fBinding = (WSSPolicy) getFeatureBinding();
0110: WSSPolicy kBinding = (WSSPolicy) getKeyBinding();
0111:
0112: if (fBinding != null)
0113: atPolicy
0114: .setFeatureBinding((MLSPolicy) fBinding.clone());
0115:
0116: if (kBinding != null)
0117: atPolicy.setKeyBinding((MLSPolicy) kBinding.clone());
0118:
0119: } catch (Exception e) {
0120: }
0121:
0122: return atPolicy;
0123: }
0124:
0125: /**
0126: * @return the type of the policy
0127: */
0128: public String getType() {
0129: return PolicyTypeUtil.AUTH_POLICY_TYPE;
0130: }
0131:
0132: /**
0133: * A policy representing a WSS UsernameToken. An instance of
0134: * this class can be used as concrete feature binding for an
0135: * AuthenticationTokenPolicy.
0136: * Different parameters in this policy are applicable depending
0137: * upon whether this policy is used to construct a wss:UsernameToken
0138: * (sender side policy) or it is used to verify an incoming UsernameToken
0139: * (receiver side policy). Information on applicability will be indicated
0140: * where appropriate.
0141: */
0142: public static class UsernameTokenBinding extends KeyBindingBase {
0143:
0144: /**
0145: * Feature Bindings
0146: *
0147: * (1) TimestampPolicy
0148: *
0149: * Key Bindings
0150: */
0151:
0152: String nonce = MessageConstants._EMPTY;
0153: String username = MessageConstants._EMPTY;
0154: String password = MessageConstants._EMPTY;
0155:
0156: // setting this to false for PlugFest/Policy
0157: boolean useNonce = false;
0158: // setting this to false for PlugFest/Policy
0159: boolean doDigest = false;
0160: boolean noPasswd = false;
0161:
0162: long maxNonceAge = 0;
0163:
0164: /**
0165: * Default Constructor
0166: */
0167: public UsernameTokenBinding() {
0168: setPolicyIdentifier(PolicyTypeUtil.USERNAMETOKEN_TYPE);
0169: }
0170:
0171: /**
0172: * Constructor
0173: *
0174: * @param username username to be sent
0175: * @param password password to be sent
0176: * @param nonce nonce
0177: * @param doDigest if password should be digested
0178: * @param creationTime timestamp
0179: */
0180: public UsernameTokenBinding(String username, String password,
0181: String nonce, boolean doDigest, String creationTime) {
0182: this ();
0183:
0184: this .username = username;
0185: this .password = password;
0186: this .nonce = nonce;
0187: this .doDigest = doDigest;
0188: }
0189:
0190: /**
0191: * Create and set the FeatureBinding for this WSSPolicy to a TimestampPolicy * @return a new TimestampPolicy as a FeatureBinding for this WSSPolicy
0192: * @exception PolicyGenerationException, if TimestampPolicy is not a valid FeatureBinding for this WSSPolicy
0193: * @see SignaturePolicy
0194: * @see EncryptionPolicy
0195: * @see AuthenticationTokenPolicy
0196: */
0197: public MLSPolicy newTimestampFeatureBinding()
0198: throws PolicyGenerationException {
0199: if (isReadOnly()) {
0200: throw new RuntimeException(
0201: "Can not create a feature binding of Timestamp type for ReadOnly "
0202: + _policyIdentifier);
0203: }
0204:
0205: if (!(_policyIdentifier == PolicyTypeUtil.USERNAMETOKEN_TYPE)
0206: && !(_policyIdentifier == PolicyTypeUtil.SIGNATURE_POLICY_FEATUREBINDING_TYPE))
0207: throw new PolicyGenerationException(
0208: "Can not create a feature binding of Timestamp type for "
0209: + _policyIdentifier);
0210:
0211: this ._featureBinding = new TimestampPolicy();
0212: return _featureBinding;
0213: }
0214:
0215: /**
0216: * set the username
0217: * @param username
0218: */
0219: public void setUsername(String username) {
0220: if (isReadOnly()) {
0221: throw new RuntimeException(
0222: "Can not set Username : Policy is ReadOnly");
0223: }
0224: this .username = username;
0225: }
0226:
0227: /**
0228: * set the password
0229: * @param password
0230: */
0231: public void setPassword(String password) {
0232: if (isReadOnly()) {
0233: throw new RuntimeException(
0234: "Can not set Password : Policy is ReadOnly");
0235: }
0236: this .password = password;
0237: }
0238:
0239: /**
0240: * set the nonce
0241: * @param nonce
0242: */
0243: public void setNonce(String nonce) {
0244: if (isReadOnly()) {
0245: throw new RuntimeException(
0246: "Can not set Nonce : Policy is ReadOnly");
0247: }
0248:
0249: this .nonce = nonce;
0250: }
0251:
0252: /**
0253: * setter for a boolean flag indicating whether a nonce should be
0254: * while constructing a wss:UsernameToken from this Policy
0255: * @param useNonce
0256: */
0257: public void setUseNonce(boolean useNonce) {
0258: if (isReadOnly()) {
0259: throw new RuntimeException(
0260: "Can not set useNonce flag : Policy is ReadOnly");
0261: }
0262:
0263: this .useNonce = useNonce;
0264: }
0265:
0266: /**
0267: * setter for a boolean flag indicating whether the password should be
0268: * digested while constructing a wss:UsernameToken from this Policy
0269: * @param doDigest
0270: */
0271: public void setDigestOn(boolean doDigest) {
0272: if (isReadOnly()) {
0273: throw new RuntimeException(
0274: "Can not set digest flag : Policy is ReadOnly");
0275: }
0276:
0277: this .doDigest = doDigest;
0278: }
0279:
0280: /**
0281: * set the maximum age in Milliseconds for which a receiving entity should
0282: * cache the nonce associated with this policy. A receiver may
0283: * cache received nonces for this period (or more) to minimize nonce-replay attacks
0284: * This parameter is applicable when this UsernameToken is used as a Receiver requirement.
0285: * @param nonceAge
0286: */
0287: public void setMaxNonceAge(long nonceAge) {
0288: if (isReadOnly()) {
0289: throw new RuntimeException(
0290: "Can not set maxNonceAge flag : Policy is ReadOnly");
0291: }
0292:
0293: this .maxNonceAge = nonceAge;
0294: }
0295:
0296: /**
0297: * get the username
0298: * @return username
0299: */
0300: public String getUsername() {
0301: return this .username;
0302: }
0303:
0304: /**
0305: * get the password
0306: * @return password
0307: */
0308: public String getPassword() {
0309: return this .password;
0310: }
0311:
0312: /**
0313: * get the nonce
0314: * @return nonce
0315: */
0316: public String getNonce() {
0317: return this .nonce;
0318: }
0319:
0320: /**
0321: * get the useNonce flag
0322: * @return true if the useNonce flag is set to true
0323: */
0324: public boolean getUseNonce() {
0325: return this .useNonce;
0326: }
0327:
0328: /**
0329: * @return if password is digested
0330: */
0331: public boolean getDigestOn() {
0332: return this .doDigest;
0333: }
0334:
0335: /**
0336: * @return the maxNonceAge
0337: */
0338: public long getMaxNonceAge() {
0339: return this .maxNonceAge;
0340: }
0341:
0342: public boolean hasNoPassword() {
0343: return noPasswd;
0344: }
0345:
0346: public void setNoPassword(boolean value) {
0347: this .noPasswd = value;
0348: }
0349:
0350: /**
0351: * Equals operator
0352: * @return true if the binding is equal to this UsernameToken Policy
0353: */
0354: public boolean equals(WSSPolicy policy) {
0355: boolean assrt = false;
0356:
0357: try {
0358: if (!PolicyTypeUtil.usernameTokenPolicy(policy))
0359: return false;
0360: UsernameTokenBinding utBinding = (UsernameTokenBinding) policy;
0361: assrt = (useNonce == utBinding.getUseNonce() && doDigest == utBinding
0362: .getDigestOn());
0363: } catch (Exception e) {
0364: }
0365:
0366: return assrt;
0367: }
0368:
0369: /*
0370: * Equality comparision ignoring the Targets
0371: * @param policy the policy to be compared for equality
0372: * @return true if the argument policy is equal to this
0373: */
0374: public boolean equalsIgnoreTargets(WSSPolicy policy) {
0375: return equals(policy);
0376: }
0377:
0378: /**
0379: *@return a clone of this policy
0380: */
0381: public Object clone() {
0382: UsernameTokenBinding utBinding = new UsernameTokenBinding();
0383:
0384: utBinding.setUsername(username);
0385: utBinding.setPassword(password);
0386: utBinding.setNonce(nonce);
0387: utBinding.setUseNonce(useNonce);
0388: utBinding.setDigestOn(doDigest);
0389: utBinding.setUUID(UUID);
0390: //utBinding.setPolicyToken(this.getPolicyToken());
0391: utBinding.setIncludeToken(this .getIncludeToken());
0392: utBinding.setPolicyTokenFlag(this .policyTokenWasSet());
0393: return utBinding;
0394: }
0395:
0396: /**
0397: * @return the type of the policy
0398: */
0399: public String getType() {
0400: return PolicyTypeUtil.USERNAMETOKEN_TYPE;
0401: }
0402:
0403: public String toString() {
0404: return PolicyTypeUtil.USERNAMETOKEN_TYPE + "::"
0405: + getUsername();
0406: }
0407: }
0408:
0409: /**
0410: * A policy representing a WSS X509Certificate. An instance of
0411: * this class can be used as concrete feature binding for an
0412: * AuthenticationTokenPolicy.
0413: */
0414: public static class X509CertificateBinding extends KeyBindingBase {
0415:
0416: /**
0417: * Feature Bindings
0418: *
0419: * Key Bindings
0420: *
0421: * (1) PrivateKeyBinding
0422: */
0423:
0424: String _valueType = MessageConstants._EMPTY;
0425: String _encodingType = MessageConstants._EMPTY;
0426: String _referenceType = MessageConstants._EMPTY;
0427:
0428: //X509CRL _crl = null;
0429: //CertPath _certPath = null;
0430: X509Certificate _certificate = null;
0431:
0432: String _keyAlgorithm = MessageConstants._EMPTY;
0433: String _certificateIdentifier = "";
0434: String strId = null;
0435:
0436: /**
0437: * Default Constructor
0438: */
0439: public X509CertificateBinding() {
0440: setPolicyIdentifier(PolicyTypeUtil.X509CERTIFICATE_TYPE);
0441: }
0442:
0443: /**
0444: * @param certificateIdentifier X509Certificate identifiers like alias
0445: * @param keyAlgorithm Key algorithm to be used
0446: */
0447: public X509CertificateBinding(String certificateIdentifier,
0448: String keyAlgorithm) {
0449: this ();
0450: this ._certificateIdentifier = certificateIdentifier;
0451: this ._keyAlgorithm = keyAlgorithm;
0452: }
0453:
0454: /**
0455: * Create and set the KeyBinding for this WSSPolicy to a PrivateKeyBinding
0456: * @return a new PrivateKeyBinding as a KeyBinding for this WSSPolicy
0457: */
0458: public MLSPolicy newPrivateKeyBinding() {
0459: if (isReadOnly()) {
0460: throw new RuntimeException(
0461: "Can not create PrivateKeyBinding : Policy is Readonly");
0462: }
0463:
0464: this ._keyBinding = new PrivateKeyBinding();
0465: return _keyBinding;
0466: }
0467:
0468: /**
0469: * set the ValueType
0470: * @param valueType Token type like X509v3, X509PKIPathv1, PKCS7
0471: */
0472: public void setValueType(String valueType) {
0473: if (isReadOnly()) {
0474: throw new RuntimeException(
0475: "Can not set ValueType of X509Certificate : Policy is ReadOnly");
0476: }
0477:
0478: this ._valueType = valueType;
0479: }
0480:
0481: /**
0482: * set the EncodingType
0483: * @param encodingType encoding type like base64
0484: */
0485: public void setEncodingType(String encodingType) {
0486: if (isReadOnly()) {
0487: throw new RuntimeException(
0488: "Can not set EncodingType of X509Certificate : Policy is ReadOnly");
0489: }
0490:
0491: this ._encodingType = encodingType;
0492: }
0493:
0494: /**
0495: * set the ReferenceType
0496: * @param referenceType KeyIdentifier, Direct etc.,.
0497: */
0498: public void setReferenceType(String referenceType) {
0499: if (isReadOnly()) {
0500: throw new RuntimeException(
0501: "Can not set ReferenceType of X509Certificate : Policy is ReadOnly");
0502: }
0503:
0504: this ._referenceType = referenceType;
0505: }
0506:
0507: /**
0508: * set the Certificate Identifier
0509: * @param certificateIdentifier alias, key identifier etc.,.
0510: */
0511: public void setCertificateIdentifier(
0512: String certificateIdentifier) {
0513: if (isReadOnly()) {
0514: throw new RuntimeException(
0515: "Can not set X509Certificate Identifier : Policy is ReadOnly");
0516: }
0517:
0518: this ._certificateIdentifier = certificateIdentifier;
0519: }
0520:
0521: /**
0522: * set the Certificate
0523: * @param certificate X509Certificate
0524: */
0525: public void setX509Certificate(X509Certificate certificate) {
0526: if (isReadOnly()) {
0527: throw new RuntimeException(
0528: "Can not set X509Certificate : Policy is ReadOnly");
0529: }
0530:
0531: this ._certificate = certificate;
0532: }
0533:
0534: /**
0535: * @return valueType
0536: */
0537: public String getValueType() {
0538: return this ._valueType;
0539: }
0540:
0541: /**
0542: * @return encodingType
0543: */
0544: public String getEncodingType() {
0545: return this ._encodingType;
0546: }
0547:
0548: /**
0549: * @return referenceType
0550: */
0551: public String getReferenceType() {
0552: return this ._referenceType;
0553: }
0554:
0555: /**
0556: * @return certificateIdentifier
0557: */
0558: public String getCertificateIdentifier() {
0559: return this ._certificateIdentifier;
0560: }
0561:
0562: /**
0563: * @return X509Certificate
0564: */
0565: public X509Certificate getX509Certificate() {
0566: return this ._certificate;
0567: }
0568:
0569: /**
0570: * @param keyAlgorithm the keyAlgorithm
0571: */
0572: public void setKeyAlgorithm(String keyAlgorithm) {
0573: if (isReadOnly()) {
0574: throw new RuntimeException(
0575: "Can not set KeyAlgorithm : Policy is ReadOnly");
0576: }
0577:
0578: this ._keyAlgorithm = keyAlgorithm;
0579: }
0580:
0581: /**
0582: * @return the keyAlgorithm
0583: */
0584: public String getKeyAlgorithm() {
0585: return _keyAlgorithm;
0586: }
0587:
0588: /*
0589: * @param id the wsu:id of the wsse:SecurityTokenReference to
0590: * be generated for this X509Certificate Token. Applicable while
0591: * sending a message (sender side policy)
0592: */
0593: public void setSTRID(String id) {
0594: if (isReadOnly()) {
0595: throw new RuntimeException(
0596: "Can not set STRID attribute : Policy is ReadOnly");
0597: }
0598:
0599: this .strId = id;
0600: }
0601:
0602: /*
0603: * @return the wsu:id of the wsse:SecurityTokenReference to
0604: * be generated for this X509Certificate Token, if specified,
0605: * null otherwise.
0606: */
0607: public String getSTRID() {
0608: return this .strId;
0609: }
0610:
0611: /**
0612: * @param policy the policy to be compared for equality
0613: * @return true if the argument policy is equal to this
0614: */
0615: public boolean equals(WSSPolicy policy) {
0616:
0617: boolean assrt = false;
0618:
0619: try {
0620: if (!PolicyTypeUtil.x509CertificateBinding(policy))
0621: return false;
0622:
0623: X509CertificateBinding ctBinding = (X509CertificateBinding) policy;
0624:
0625: boolean b1 = _valueType.equals("") ? true : _valueType
0626: .equals(ctBinding.getValueType());
0627: if (!b1)
0628: return false;
0629: boolean b2 = _encodingType.equals("") ? true
0630: : _encodingType.equals(ctBinding
0631: .getEncodingType());
0632: if (!b2)
0633: return false;
0634: boolean b3 = _referenceType.equals("") ? true
0635: : _referenceType.equals(ctBinding
0636: .getReferenceType());
0637: if (!b3)
0638: return false;
0639: boolean b4 = _keyAlgorithm.equals("") ? true
0640: : _keyAlgorithm.equals(ctBinding
0641: .getKeyAlgorithm());
0642: if (!b4)
0643: return false;
0644:
0645: if (strId == null && ctBinding.getSTRID() == null) {
0646: return true;
0647: }
0648:
0649: if (strId != null && strId.equals(ctBinding.getSTRID())) {
0650: return true;
0651: }
0652: } catch (Exception e) {
0653: }
0654: return false;
0655: }
0656:
0657: /*
0658: * Equality comparision ignoring the Targets
0659: * @param policy the policy to be compared for equality
0660: * @return true if the argument policy is equal to this
0661: */
0662: public boolean equalsIgnoreTargets(WSSPolicy policy) {
0663: return equals(policy);
0664: }
0665:
0666: /**
0667: * Clone operator
0668: * @return clone of this policy
0669: */
0670: public Object clone() {
0671: X509CertificateBinding x509Binding = new X509CertificateBinding();
0672:
0673: try {
0674: x509Binding.setValueType(_valueType);
0675: x509Binding.setEncodingType(_encodingType);
0676: x509Binding.setReferenceType(_referenceType);
0677: x509Binding.setKeyAlgorithm(_keyAlgorithm);
0678: x509Binding
0679: .setCertificateIdentifier(_certificateIdentifier);
0680: x509Binding.setX509Certificate(_certificate);
0681: x509Binding.setUUID(UUID);
0682: x509Binding.setSTRID(this .strId);
0683:
0684: WSSPolicy kBinding = (WSSPolicy) this .getKeyBinding();
0685:
0686: if (kBinding != null)
0687: x509Binding.setKeyBinding((MLSPolicy) kBinding
0688: .clone());
0689:
0690: //x509Binding.setPolicyToken(this.getPolicyToken());
0691: x509Binding.setIncludeToken(this .getIncludeToken());
0692: x509Binding
0693: .setPolicyTokenFlag(this .policyTokenWasSet());
0694: } catch (Exception e) {
0695: }
0696:
0697: return x509Binding;
0698: }
0699:
0700: /**
0701: * @return the type of the policy
0702: */
0703: public String getType() {
0704: return PolicyTypeUtil.X509CERTIFICATE_TYPE;
0705: }
0706:
0707: public String toString() {
0708: return PolicyTypeUtil.X509CERTIFICATE_TYPE + "::"
0709: + getCertificateIdentifier() + "::" + strId + "::"
0710: + _referenceType;
0711: }
0712: }
0713:
0714: /**
0715: * A policy representing a SAML Assertion. An instance of
0716: * this class can be used as concrete feature binding for an
0717: * AuthenticationTokenPolicy.
0718: */
0719: public static class SAMLAssertionBinding extends KeyBindingBase {
0720:
0721: /**
0722: * Feature Bindings
0723: * Key Bindings
0724: */
0725:
0726: String _type = "";
0727: String _keyAlgorithm = "";
0728: String _keyIdentifier = "";
0729: String _referenceType = "";
0730: String _authorityIdentifier = "";
0731:
0732: String strId = null;
0733: String assertionId = null;
0734: String samlVersion = null;
0735:
0736: public static final String V10_ASSERTION = "SAML10Assertion";
0737: public static final String V11_ASSERTION = "SAML11Assertion";
0738: public static final String V20_ASSERTION = "SAML20Assertion";
0739:
0740: /**
0741: * Sender-Vouches Subject ConfirmationMethod
0742: */
0743: public static final String SV_ASSERTION = "SV";
0744: /**
0745: * Holder-Of-Key Subject ConfirmationMethod
0746: */
0747: public static final String HOK_ASSERTION = "HOK";
0748:
0749: Element _assertion = null;
0750: Element _authorityBinding = null;
0751: XMLStreamReader samlAssertion = null;
0752:
0753: /**
0754: * Default constructor
0755: */
0756: public SAMLAssertionBinding() {
0757: setPolicyIdentifier(PolicyTypeUtil.SAMLASSERTION_TYPE);
0758: }
0759:
0760: /**
0761: * Constructor
0762: * @param type the SubjectConfirmation type of the SAML assertion, one of SV, HOK
0763: * @param keyIdentifier an abstract identifier for the Confirmation Key
0764: * @param authorityIdentifier an abstract identifier for the issuing authority
0765: * @param referenceType the reference type for references to the SAML Assertion,
0766: * should be one of KeyIdentifier, Embedded reference type as defined by
0767: * WSS SAML Token profile 1.0.
0768: */
0769: public SAMLAssertionBinding(String type, String keyIdentifier,
0770: String authorityIdentifier, String referenceType) {
0771: this ();
0772: this ._type = type;
0773: this ._keyIdentifier = keyIdentifier;
0774: this ._authorityIdentifier = authorityIdentifier;
0775: this ._referenceType = referenceType;
0776: }
0777:
0778: /**
0779: * set the SubjectConfirmation type of the SAML assertion
0780: * @param type the SubjectConfirmation type of the SAML assertion, one of SV, HOK
0781: */
0782: public void setAssertionType(String type) {
0783: if (isReadOnly()) {
0784: throw new RuntimeException(
0785: "Can not set SAMLAssertionType : Policy is ReadOnly");
0786: }
0787:
0788: if (SV_ASSERTION.equals(type)) {
0789: this ._type = SV_ASSERTION;
0790: } else if (HOK_ASSERTION.equals(type)) {
0791: this ._type = HOK_ASSERTION;
0792: } else {
0793: //throw error
0794: }
0795: }
0796:
0797: public void setSAMLVersion(String ver) {
0798: if (isReadOnly()) {
0799: throw new RuntimeException(
0800: "Can not set SAMLAssertionType : Policy is ReadOnly");
0801: }
0802:
0803: this .samlVersion = ver;
0804: }
0805:
0806: public String getSAMLVersion() {
0807: return samlVersion;
0808: }
0809:
0810: /**
0811: * Create and set the KeyBinding for this WSSPolicy to a PrivateKeyBinding
0812: * @return a new PrivateKeyBinding as a KeyBinding for this WSSPolicy
0813: */
0814: public MLSPolicy newPrivateKeyBinding() {
0815: if (isReadOnly()) {
0816: throw new RuntimeException(
0817: "Can not create PrivateKeyBinding : Policy is Readonly");
0818: }
0819:
0820: this ._keyBinding = new PrivateKeyBinding();
0821: return _keyBinding;
0822: }
0823:
0824: /**
0825: * set the abstract identifier for the Confirmation Key
0826: * @param ki the abstract identifier for the Confirmation Key
0827: */
0828: public void setKeyIdentifier(String ki) {
0829: if (isReadOnly()) {
0830: throw new RuntimeException(
0831: "Can not set SAML KeyIdentifier : Policy is ReadOnly");
0832: }
0833:
0834: this ._keyIdentifier = ki;
0835: }
0836:
0837: /**
0838: * set the abstract identifier for the issuing authority
0839: * @param uri the URI of the Assertion Issuer
0840: */
0841: public void setAuthorityIdentifier(String uri) {
0842: if (isReadOnly()) {
0843: throw new RuntimeException(
0844: "Can not set SAML AuthorityIdentifier : Policy is ReadOnly");
0845: }
0846:
0847: this ._authorityIdentifier = uri;
0848: }
0849:
0850: /**
0851: * set the ReferenceType to be used for references to the SAML Assertion
0852: * @param rtype reference type (one of KeyIdentifier, Embedded)
0853: */
0854: public void setReferenceType(String rtype) {
0855: if (isReadOnly()) {
0856: throw new RuntimeException(
0857: "Can not set SAML ReferenceType : Policy is ReadOnly");
0858: }
0859:
0860: this ._referenceType = rtype;
0861: }
0862:
0863: /**
0864: * set the SAML AuthorityBinding element, identifying a remote assertion
0865: * @param authorityBinding
0866: */
0867: public void setAuthorityBinding(Element authorityBinding) {
0868: if (isReadOnly()) {
0869: throw new RuntimeException(
0870: "Can not set SAML AuthorityBinding : Policy is ReadOnly");
0871: }
0872:
0873: this ._authorityBinding = authorityBinding;
0874: }
0875:
0876: /**
0877: * set the SAML Assertion
0878: * @param assertion the SAML Assertion
0879: */
0880: public void setAssertion(Element assertion) {
0881: if (isReadOnly()) {
0882: throw new RuntimeException(
0883: "Can not set SAML Assertion : Policy is ReadOnly");
0884: }
0885:
0886: this ._assertion = assertion;
0887: }
0888:
0889: public void setAssertion(XMLStreamReader reader) {
0890: this .samlAssertion = reader;
0891: }
0892:
0893: /**
0894: * set the keyAlgorithm to be used
0895: * @param algorithm the keyAlgorithm to be used
0896: */
0897: public void setKeyAlgorithm(String algorithm) {
0898: if (isReadOnly()) {
0899: throw new RuntimeException(
0900: "Can not set KeyAlgorithm : Policy is ReadOnly");
0901: }
0902:
0903: this ._keyAlgorithm = algorithm;
0904: }
0905:
0906: /**
0907: * @return key algorithm
0908: */
0909: public String getKeyAlgorithm() {
0910: return this ._keyAlgorithm;
0911: }
0912:
0913: /**
0914: * @return reference type
0915: */
0916: public String getReferenceType() {
0917: return this ._referenceType;
0918: }
0919:
0920: /**
0921: * @return type of SAMLAssertion (SV/HOK)
0922: */
0923: public String getAssertionType() {
0924: return this ._type;
0925: }
0926:
0927: /**
0928: * @return identifier to key bound to the Assertion
0929: */
0930: public String getKeyIdentifier() {
0931: return this ._keyIdentifier;
0932: }
0933:
0934: /**
0935: * @return identifier to Authority issueing the Assertion
0936: */
0937: public String getAuthorityIdentifier() {
0938: return this ._authorityIdentifier;
0939: }
0940:
0941: /**
0942: * @return authority binding component of the assertion
0943: */
0944: public Element getAuthorityBinding() {
0945: return this ._authorityBinding;
0946: }
0947:
0948: /**
0949: * @return SAML assertion
0950: */
0951: public Element getAssertion() {
0952: return this ._assertion;
0953: }
0954:
0955: public XMLStreamReader getAssertionReader() {
0956: return this .samlAssertion;
0957: }
0958:
0959: /**
0960: * equals operator
0961: * @param policy the policy to be compared for equality
0962: * @return true if the argument policy is equal to this
0963: */
0964: public boolean equals(WSSPolicy policy) {
0965:
0966: try {
0967: if (!PolicyTypeUtil.samlTokenPolicy(policy)) {
0968: return false;
0969: }
0970:
0971: SAMLAssertionBinding sBinding = (SAMLAssertionBinding) policy;
0972:
0973: // this kind of equals is still incorrect
0974:
0975: boolean b1 = _type.equals("") ? true : _type
0976: .equals(sBinding.getAssertionType());
0977: if (!b1)
0978: return false;
0979:
0980: boolean b2 = _authorityIdentifier.equals("") ? true
0981: : _authorityIdentifier.equals(sBinding
0982: .getAuthorityIdentifier());
0983: if (!b2)
0984: return false;
0985:
0986: boolean b3 = _referenceType.equals("") ? true
0987: : _referenceType.equals(sBinding
0988: .getReferenceType());
0989: if (!b3)
0990: return false;
0991:
0992: boolean b6 = _keyAlgorithm.equals("") ? true
0993: : _keyAlgorithm.equals(sBinding
0994: .getKeyAlgorithm());
0995: if (!b6)
0996: return false;
0997:
0998: boolean b7 = (strId == null) ? true : strId
0999: .equals(sBinding.getSTRID());
1000: if (!b7)
1001: return false;
1002:
1003: boolean b8 = (assertionId == null) ? true : assertionId
1004: .equals(sBinding.getAssertionId());
1005: if (!b8)
1006: return false;
1007:
1008: } catch (Exception e) {
1009: }
1010:
1011: return true;
1012: }
1013:
1014: /*
1015: * Equality comparision ignoring the Targets
1016: * @param binding the policy to be compared for equality
1017: * @return true if the argument binding is equal to this
1018: */
1019: public boolean equalsIgnoreTargets(WSSPolicy binding) {
1020: return equals(binding);
1021: }
1022:
1023: /**
1024: *@return clone of this SAML Policy
1025: */
1026: public Object clone() {
1027: SAMLAssertionBinding samlBinding = new SAMLAssertionBinding();
1028:
1029: try {
1030: samlBinding.setAssertionType(_type);
1031: samlBinding.setKeyAlgorithm(_keyAlgorithm);
1032: samlBinding.setKeyIdentifier(_keyIdentifier);
1033: samlBinding.setReferenceType(_referenceType);
1034: samlBinding
1035: .setAuthorityIdentifier(_authorityIdentifier);
1036: samlBinding.setAssertion(_assertion);
1037: samlBinding.setAssertion(this .samlAssertion);
1038: samlBinding.setAuthorityBinding(_authorityBinding);
1039: samlBinding.setSTRID(this .strId);
1040: samlBinding.setAssertionId(this .assertionId);
1041: //samlBinding.setPolicyToken(this.getPolicyToken());
1042: samlBinding.setIncludeToken(this .getIncludeToken());
1043: samlBinding
1044: .setPolicyTokenFlag(this .policyTokenWasSet());
1045:
1046: } catch (Exception e) {
1047: }
1048:
1049: return samlBinding;
1050: }
1051:
1052: /**
1053: * @return the type of the policy
1054: */
1055:
1056: public String getType() {
1057: return PolicyTypeUtil.SAMLASSERTION_TYPE;
1058: }
1059:
1060: /*
1061: * @param id the wsu:id of the wsse:SecurityTokenReference to
1062: * be generated for this X509Certificate Token. Applicable while
1063: * sending a message (sender side policy)
1064: */
1065: public void setSTRID(String id) {
1066: if (isReadOnly()) {
1067: throw new RuntimeException(
1068: "Can not set SAML STRID : Policy is ReadOnly");
1069: }
1070:
1071: this .strId = id;
1072: }
1073:
1074: /*
1075: * @return the wsu:id of the wsse:SecurityTokenReference to
1076: * be generated for this X509Certificate Token, if specified,
1077: * null otherwise.
1078: */
1079: public String getSTRID() {
1080: return this .strId;
1081: }
1082:
1083: /**
1084: * set the AssertionId for the possibly remote assertion
1085: * A CallbackHandler can choose to just set the
1086: * AuthorityBinding and the AssertionId, and not set
1087: * the actual assertion
1088: * @param id the Assertion Id of the possibly remote SAML Assertion
1089: */
1090: public void setAssertionId(String id) {
1091: if (isReadOnly()) {
1092: throw new RuntimeException(
1093: "Can not set SAML AssertionID : Policy is ReadOnly");
1094: }
1095:
1096: this .assertionId = id;
1097: }
1098:
1099: /**
1100: * A CallbackHandler can choose to just set the
1101: * AuthorityBinding and the AssertionId, and not set
1102: * the actual assertion
1103: * @return the Assertion ID of the SAML Assertion represented by this Policy
1104: */
1105: public String getAssertionId() {
1106: return this .assertionId;
1107: }
1108:
1109: public String toString() {
1110: return PolicyTypeUtil.SAMLASSERTION_TYPE + "::"
1111: + getReferenceType() + "::" + this ._type;
1112: }
1113:
1114: public Element get_assertion() {
1115: return _assertion;
1116: }
1117: }
1118: }
|