/* * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.entitlement.mediator.callback; import java.security.cert.X509Certificate; import org.apache.synapse.MessageContext; import org.apache.synapse.core.axis2.Axis2MessageContext; import org.wso2.carbon.identity.entitlement.proxy.Attribute; import org.wso2.carbon.identity.entitlement.proxy.ProxyConstants; public class X509EntitlementCallbackHandler extends EntitlementCallbackHandler { /* * (non-Javadoc) * * @see * org.wso2.carbon.identity.entitlement.mediator.callback.EntitlementCallbackHandler#getUserName(org. * apache.synapse.MessageContext) */ public String getUserName(MessageContext synCtx) { org.apache.axis2.context.MessageContext msgContext; Axis2MessageContext axis2Msgcontext = null; axis2Msgcontext = (Axis2MessageContext) synCtx; msgContext = axis2Msgcontext.getAxis2MessageContext(); // For WS-Security X509Certificate cert = (X509Certificate) msgContext.getProperty("X509Certificate"); if(cert == null){ // For mutual authentication Object sslCertObject = msgContext.getProperty("ssl.client.auth.cert.X509"); javax.security.cert.X509Certificate[] certs = (javax.security.cert.X509Certificate[]) sslCertObject; if(certs != null && certs.length > 0) { return certs[0].getSubjectDN().getName(); } } else { return cert.getSubjectDN().getName(); } return null; } /* * (non-Javadoc) * * @see * org.wso2.carbon.identity.entitlement.mediator.callback.EntitlementCallbackHandler#findOtherAttributes( * org.apache.synapse.MessageContext) */ public Attribute[] findOtherAttributes(MessageContext synCtx) { org.apache.axis2.context.MessageContext msgContext; Axis2MessageContext axis2Msgcontext = null; axis2Msgcontext = (Axis2MessageContext) synCtx; msgContext = axis2Msgcontext.getAxis2MessageContext(); String issuer = null; String signatureAlgo = null; // For WS-Security X509Certificate cert = (X509Certificate) msgContext.getProperty("X509Certificate"); if(cert == null){ // For mutual authentication Object sslCertObject = msgContext.getProperty("ssl.client.auth.cert.X509"); javax.security.cert.X509Certificate[] certs = (javax.security.cert.X509Certificate[]) sslCertObject; if(certs != null && certs.length > 0) { issuer = certs[0].getIssuerDN().getName(); signatureAlgo = certs[0].getSigAlgName(); } } else { issuer = cert.getIssuerDN().getName(); signatureAlgo = cert.getSigAlgName(); } if(issuer != null && signatureAlgo != null){ Attribute issuerAttr = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "IssuerDN", ProxyConstants.DEFAULT_DATA_TYPE, issuer); Attribute signatureAlgoAttr = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:environment", "SignatureAlgorithm", ProxyConstants.DEFAULT_DATA_TYPE, signatureAlgo); return new Attribute[]{issuerAttr, signatureAlgoAttr}; } return null; } }