1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.model;
20
21 import org.apache.neethi.Assertion;
22 import org.apache.neethi.Policy;
23 import org.apache.wss4j.policy.SPConstants;
24 import org.w3c.dom.Element;
25
26 import javax.xml.namespace.QName;
27 import java.util.*;
28
29 public class KerberosToken extends AbstractToken {
30
31 public enum ApReqTokenType {
32 WssKerberosV5ApReqToken11,
33 WssGssKerberosV5ApReqToken11;
34
35 private static final Map<String, ApReqTokenType> LOOKUP = new HashMap<>();
36
37 static {
38 for (ApReqTokenType u : EnumSet.allOf(ApReqTokenType.class)) {
39 LOOKUP.put(u.name(), u);
40 }
41 }
42
43 public static ApReqTokenType lookUp(String name) {
44 return LOOKUP.get(name);
45 }
46 }
47
48 private boolean requireKeyIdentifierReference;
49
50 private ApReqTokenType apReqTokenType;
51
52 public KerberosToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
53 Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
54 super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
55
56 parseNestedPolicy(nestedPolicy, this);
57 }
58
59 @Override
60 public QName getName() {
61 return getVersion().getSPConstants().getKerberosToken();
62 }
63
64 @Override
65 public boolean equals(Object object) {
66 if (object == this) {
67 return true;
68 }
69 if (!(object instanceof KerberosToken)) {
70 return false;
71 }
72
73 KerberosToken that = (KerberosToken)object;
74 if (requireKeyIdentifierReference != that.requireKeyIdentifierReference) {
75 return false;
76 }
77 if (apReqTokenType != that.apReqTokenType) {
78 return false;
79 }
80
81 return super.equals(object);
82 }
83
84 @Override
85 public int hashCode() {
86 int result = 17;
87 if (apReqTokenType != null) {
88 result = 31 * result + apReqTokenType.hashCode();
89 }
90 result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
91
92 return 31 * result + super.hashCode();
93 }
94
95 @Override
96 protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
97 return new KerberosToken(getVersion(), getIncludeTokenType(), getIssuer(),
98 getIssuerName(), getClaims(), nestedPolicy);
99 }
100
101 protected void parseNestedPolicy(Policy nestedPolicy, KerberosToken kerberosToken) {
102 Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
103
104
105
106 if (alternatives.hasNext()) {
107 List<Assertion> assertions = alternatives.next();
108 for (Assertion assertion : assertions) {
109 String assertionName = assertion.getName().getLocalPart();
110 String assertionNamespace = assertion.getName().getNamespaceURI();
111 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
112 if (derivedKeys != null) {
113 if (kerberosToken.getDerivedKeys() != null) {
114 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
115 }
116 kerberosToken.setDerivedKeys(derivedKeys);
117 continue;
118 }
119 QName requireKeyIdentifierRef =
120 getVersion().getSPConstants().getRequireKeyIdentifierReference();
121 if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
122 && requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
123 if (kerberosToken.isRequireKeyIdentifierReference()) {
124 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
125 }
126 kerberosToken.setRequireKeyIdentifierReference(true);
127 continue;
128 }
129 ApReqTokenType apReqTokenType = ApReqTokenType.lookUp(assertionName);
130 if (apReqTokenType != null) {
131 if (kerberosToken.getApReqTokenType() != null) {
132 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
133 }
134 kerberosToken.setApReqTokenType(apReqTokenType);
135 continue;
136 }
137 }
138 }
139 }
140
141 public boolean isRequireKeyIdentifierReference() {
142 return requireKeyIdentifierReference;
143 }
144
145 protected void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
146 this.requireKeyIdentifierReference = requireKeyIdentifierReference;
147 }
148
149 public ApReqTokenType getApReqTokenType() {
150 return apReqTokenType;
151 }
152
153 protected void setApReqTokenType(ApReqTokenType apReqTokenType) {
154 this.apReqTokenType = apReqTokenType;
155 }
156 }