1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.processor;
21
22 import org.apache.wss4j.dom.WSConstants;
23 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
24 import org.apache.wss4j.common.ext.WSPasswordCallback;
25 import org.apache.wss4j.common.ext.WSSecurityException;
26 import org.apache.wss4j.common.util.XMLUtils;
27 import org.apache.wss4j.dom.handler.RequestData;
28 import org.apache.wss4j.dom.message.token.SecurityContextToken;
29 import org.apache.wss4j.dom.validate.Credential;
30 import org.apache.wss4j.dom.validate.Validator;
31 import org.w3c.dom.Element;
32
33 import javax.security.auth.callback.Callback;
34 import javax.security.auth.callback.CallbackHandler;
35 import javax.security.auth.callback.UnsupportedCallbackException;
36 import javax.xml.namespace.QName;
37
38 import java.util.List;
39 import java.io.IOException;
40
41
42
43
44 public class SecurityContextTokenProcessor implements Processor {
45
46 public List<WSSecurityEngineResult> handleToken(
47 Element elem,
48 RequestData data
49 ) throws WSSecurityException {
50 SecurityContextToken sct = new SecurityContextToken(elem);
51
52 Validator validator =
53 data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName()));
54
55 WSSecurityEngineResult result =
56 new WSSecurityEngineResult(WSConstants.SCT, sct);
57 if (validator != null) {
58
59 Credential credential = new Credential();
60 credential.setSecurityContextToken(sct);
61
62 Credential returnedCredential = validator.validate(credential, data);
63 result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
64 String tokenId = sct.getID();
65 if (tokenId.length() != 0) {
66 result.put(WSSecurityEngineResult.TAG_ID, tokenId);
67 }
68 result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
69 } else {
70 String id = sct.getID();
71 id = XMLUtils.getIDFromReference(id);
72
73 byte[] secret = null;
74 try {
75 secret = getSecret(data.getCallbackHandler(), sct.getIdentifier());
76 } catch (WSSecurityException ex) {
77 secret = getSecret(data.getCallbackHandler(), id);
78 }
79 if (secret == null || secret.length == 0) {
80 secret = getSecret(data.getCallbackHandler(), id);
81 }
82 result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
83 result.put(WSSecurityEngineResult.TAG_SECRET, secret);
84 }
85
86 data.getWsDocInfo().addTokenElement(elem);
87 data.getWsDocInfo().addResult(result);
88 return java.util.Collections.singletonList(result);
89 }
90
91
92
93
94
95
96
97
98 private byte[] getSecret(CallbackHandler cb, String identifier)
99 throws WSSecurityException {
100
101 if (cb == null) {
102 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
103 }
104
105 WSPasswordCallback callback =
106 new WSPasswordCallback(identifier, WSPasswordCallback.SECURITY_CONTEXT_TOKEN);
107 try {
108 Callback[] callbacks = new Callback[]{callback};
109 cb.handle(callbacks);
110 } catch (IOException | UnsupportedCallbackException e) {
111 throw new WSSecurityException(
112 WSSecurityException.ErrorCode.FAILURE, e,
113 "noKey",
114 new Object[] {identifier});
115 }
116
117 return callback.getKey();
118 }
119
120 }