/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.dom.engine;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.message.token.SignatureConfirmation;
import org.apache.wss4j.dom.message.token.Timestamp;
import org.apache.wss4j.dom.message.token.UsernameToken;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.List;
public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
//
// Tokens
//
/**
*
*/
private static final long serialVersionUID = 8877354445092724300L;
/**
* Tag denoting the SAML Assertion found, if applicable.
*
* The value under this tag is of type SamlAssertionWrapper.
*/
public static final String TAG_SAML_ASSERTION = "saml-assertion";
/**
* Tag denoting the timestamp found, if applicable.
*
* The value under this tag is of type
* org.apache.wss4j.dom.message.token.Timestamp.
*/
public static final String TAG_TIMESTAMP = "timestamp";
/**
* Tag denoting references to the DOM elements that have been
* cryptographically protected.
*
* The value under this tag is of type SecurityContextToken.
*/
public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
/**
* Tag denoting a UsernameToken object
*/
public static final String TAG_USERNAME_TOKEN = "username-token";
/**
* Tag denoting a DerivedKeyToken object
*/
public static final String TAG_DERIVED_KEY_TOKEN = "derived-key-token";
/**
* Tag denoting the signature confirmation of a signed element,
* if applicable.
*
* The value under this tag is of type
* org.apache.wss4j.dom.message.token.SignatureConfirmation.
*/
public static final java.lang.String TAG_SIGNATURE_CONFIRMATION = "signature-confirmation";
/**
* Tag denoting the BinarySecurityToken found, if applicable.
*
* The value under this tag is of type BinarySecurity.
*/
public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
/**
* Tag denoting a Transformed Token. For certain tokens, the Validator may return
* an SamlAssertionWrapper instance which corresponds to a transformed version of the
* initial token. For example, a Username Token credential might be validated
* by an STS and transformed into a SAML Assertion. This tag then holds the
* transformed SamlAssertionWrapper instance, as a component of the Result corresponding
* to the Username Token.
*
* The value under this tag is of type SamlAssertionWrapper.
*/
public static final String TAG_TRANSFORMED_TOKEN = "transformed-token";
/**
* Tag denoting that the TAG_*_TOKEN result has been validated by a Validator
* implementation. Some of the processors do not have a default validator implementation,
* and so this is not set. Note that this is set for the NoOpValidator if it is
* configured.
*
* The value under this tag is a Boolean instance.
*/
public static final String TAG_VALIDATED_TOKEN = "validated-token";
/**
* Tag denoting the DOM Element of the processed token (if a token has been processed).
*
* The value under this tag is of type org.w3c.dom.Element
*/
public static final String TAG_TOKEN_ELEMENT = "token-element";
//
// Keys and certs
//
/**
* Tag denoting the X.509 certificate found, if applicable.
*
* The value under this tag is of type java.security.cert.X509Certificate.
*/
public static final String TAG_X509_CERTIFICATE = "x509-certificate";
/**
* Tag denoting the signature value of a signed element, if applicable.
*
* The value under this tag is of type byte[].
*/
public static final String TAG_SIGNATURE_VALUE = "signature-value";
/**
* Tag denoting the X.509 certificate chain found, if applicable.
*
* The value under this tag is of type java.security.cert.X509Certificate[].
*/
public static final String TAG_X509_CERTIFICATES = "x509-certificates";
/**
* Tag denoting how the X.509 certificate (chain) was referenced, if applicable.
*
* The value under this tag is of type STRParser.REFERENCE_TYPE.
*/
public static final String TAG_X509_REFERENCE_TYPE = "x509-reference-type";
/**
* Tag denoting the encrypted key bytes
*
* The value under this tag is a byte array
*/
public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
/**
* Tag denoting a byte[] secret associated with this token
*/
public static final String TAG_SECRET = "secret";
/**
* Tag denoting a PublicKey associated with this token
*/
public static final String TAG_PUBLIC_KEY = "public-key";
//
// General tags
//
/**
* Tag denoting the cryptographic operation performed
*
* The value under this tag is of type java.lang.Integer
*/
public static final String TAG_ACTION = "action";
/**
* Tag denoting the security principal found, if applicable.
*
* The value under this tag is of type java.security.Principal.
*/
public static final String TAG_PRINCIPAL = "principal";
/**
* Tag denoting the security subject found, if applicable.
*
* The value under this tag is of type javax.security.auth.Subject.
*/
public static final String TAG_SUBJECT = "subject";
/**
* Tag denoting references to a List of Data ref URIs.
*
* The value under this tag is of type List.
*/
public static final String TAG_DATA_REF_URIS = "data-ref-uris";
/**
* Tag denoting the encrypted key transport algorithm.
*
* The value under this tag is of type String.
*/
public static final String TAG_ENCRYPTED_KEY_TRANSPORT_METHOD = "encrypted-key-transport-method";
/**
* Tag denoting the algorithm that was used to sign the message
*
* The value under this tag is of type String.
*/
public static final String TAG_SIGNATURE_METHOD = "signature-method";
/**
* Tag denoting the algorithm that was used to do canonicalization
*
* The value under this tag is of type String.
*/
public static final String TAG_CANONICALIZATION_METHOD = "canonicalization-method";
/**
* Tag denoting a delegation credential found, if applicable.
*
* For Kerberos (if delegation is enabled), the value under this tag is of type GSSCredential
*/
public static final String TAG_DELEGATION_CREDENTIAL = "delegation-credential";
/**
* The (wsu) Id of the token corresponding to this result.
*/
public static final String TAG_ID = "id";
public WSSecurityEngineResult(int act) {
put(TAG_ACTION, act);
}
public WSSecurityEngineResult(
int act,
SamlAssertionWrapper ass
) {
put(TAG_ACTION, act);
put(TAG_SAML_ASSERTION, ass);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, ass.getElement());
}
public WSSecurityEngineResult(
int act,
Principal princ,
X509Certificate[] certs,
byte[] sv
) {
put(TAG_ACTION, act);
put(TAG_PRINCIPAL, princ);
put(TAG_X509_CERTIFICATES, certs);
put(TAG_SIGNATURE_VALUE, sv);
if (certs != null) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
}
public
WSSecurityEngineResult(
int act,
Principal princ,
X509Certificate[] certs,
List<WSDataRef> dataRefs,
byte[] sv
) {
this(act, princ, certs, sv);
put(TAG_DATA_REF_URIS, dataRefs);
}
public WSSecurityEngineResult(
int act,
byte[] decryptedKey,
byte[] encryptedKeyBytes,
List<WSDataRef> dataRefUris
) {
put(TAG_ACTION, act);
put(TAG_SECRET, decryptedKey);
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_DATA_REF_URIS, dataRefUris);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
}
public WSSecurityEngineResult(
int act,
byte[] decryptedKey,
byte[] encryptedKeyBytes,
List<WSDataRef> dataRefUris,
X509Certificate[] certs
) {
put(TAG_ACTION, act);
put(TAG_SECRET, decryptedKey);
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_DATA_REF_URIS, dataRefUris);
put(TAG_X509_CERTIFICATES, certs);
if (certs != null) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
}
public WSSecurityEngineResult(int act, List<WSDataRef> dataRefUris) {
put(TAG_ACTION, act);
put(TAG_DATA_REF_URIS, dataRefUris);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
}
public WSSecurityEngineResult(int act, Timestamp tstamp) {
put(TAG_ACTION, act);
put(TAG_TIMESTAMP, tstamp);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, tstamp.getElement());
}
public WSSecurityEngineResult(int act, SecurityContextToken sct) {
put(TAG_ACTION, act);
put(TAG_SECURITY_CONTEXT_TOKEN, sct);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, sct.getElement());
}
public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
put(TAG_ACTION, act);
put(TAG_SIGNATURE_CONFIRMATION, sc);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, sc.getElement());
}
public WSSecurityEngineResult(int act, UsernameToken usernameToken) {
this(act, usernameToken, null);
}
public WSSecurityEngineResult(int act, UsernameToken usernameToken, Principal principal) {
put(TAG_ACTION, act);
put(TAG_USERNAME_TOKEN, usernameToken);
put(TAG_PRINCIPAL, principal);
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, usernameToken.getElement());
}
public WSSecurityEngineResult(int act, BinarySecurity token, X509Certificate[] certs) {
put(TAG_ACTION, act);
put(TAG_BINARY_SECURITY_TOKEN, token);
put(TAG_X509_CERTIFICATES, certs);
if (certs != null) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
put(TAG_TOKEN_ELEMENT, token.getElement());
}
}