|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment
public class WSITProviderSecurityEnvironment
| Field Summary | |
|---|---|
protected static Logger |
log
logger |
protected long |
MAX_CLOCK_SKEW
|
protected long |
maxClockSkewG
|
protected long |
maxNonceAge
|
static String |
PASSWORD_CBH
|
protected boolean |
revocationEnabled
|
protected String |
revocationEnabledAttr
|
protected long |
TIMESTAMP_FRESHNESS_LIMIT
|
protected long |
timestampFreshnessLimitG
|
static String |
USERNAME_CBH
|
| Constructor Summary | |
|---|---|
WSITProviderSecurityEnvironment(CallbackHandler handler,
Map options,
Properties configAssertions)
Creates a new instance of WSITProviderSecurityEnvironment |
|
| Method Summary | |
|---|---|
String |
authenticateUser(Map context,
String username)
Authenticate the user against a list of known usernames |
boolean |
authenticateUser(Map context,
String username,
String password)
Authenticate the user against a list of known username-password pairs. |
boolean |
authenticateUser(Map context,
String username,
String passwordDigest,
String nonce,
String created)
Authenticate the user given the password digest. |
KerberosContext |
doKerberosLogin()
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc |
KerberosContext |
doKerberosLogin(byte[] tokenValue)
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc |
CallbackHandler |
getCallbackHandler()
|
X509Certificate |
getCertificate(Map context,
BigInteger serialNumber,
String issuerName)
|
X509Certificate |
getCertificate(Map context,
byte[] ski)
|
X509Certificate |
getCertificate(Map context,
byte[] identifier,
String valueType)
|
X509Certificate |
getCertificate(Map context,
PublicKey publicKey,
boolean forSign)
|
X509Certificate |
getCertificate(Map context,
String alias,
boolean forSigning)
|
X509Certificate |
getCertificate(String keyIdentifier)
|
X509Certificate |
getDefaultCertificate(Map context)
Retrieves a reasonable default value for the current user's X509Certificate if one exists. |
X509Certificate |
getMatchingCertificate(Map context,
BigInteger serialNumber,
String issuerName)
|
X509Certificate |
getMatchingCertificate(Map context,
byte[] keyIdMatch)
|
X509Certificate |
getMatchingCertificate(Map context,
byte[] keyIdMatch,
String valueType)
|
String |
getPassword(Map context)
|
PrivateKey |
getPrivateKey(Map context,
BigInteger serialNumber,
String issuerName)
|
PrivateKey |
getPrivateKey(Map context,
byte[] keyIdentifier)
|
PrivateKey |
getPrivateKey(Map context,
byte[] keyIdentifier,
String valueType)
|
PrivateKey |
getPrivateKey(Map context,
PublicKey publicKey,
boolean forSign)
|
PrivateKey |
getPrivateKey(Map context,
String alias)
|
PrivateKey |
getPrivateKey(Map context,
X509Certificate cert)
|
PublicKey |
getPublicKey(Map context,
BigInteger serialNumber,
String issuerName)
|
PublicKey |
getPublicKey(Map context,
byte[] keyIdentifier)
|
PublicKey |
getPublicKey(Map context,
byte[] identifier,
String valueType)
|
PublicKey |
getPublicKey(String keyIdentifier)
|
Subject |
getRequesterSubject(Map context)
|
SecretKey |
getSecretKey(Map context,
String alias,
boolean encryptMode)
|
Subject |
getSubject()
|
Subject |
getSubject(Map context)
|
String |
getUsername(Map context)
|
boolean |
isSelfCertificate(X509Certificate cert)
|
Element |
locateSAMLAssertion(Map context,
Element binding,
String assertionId,
Document ownerDoc)
Locate and return a SAML Assertion, given the Authority binding and assertionId |
AuthenticationTokenPolicy.SAMLAssertionBinding |
populateSAMLPolicy(Map fpcontext,
AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding,
DynamicApplicationContext context)
Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information. |
void |
setRequesterSubject(Subject subject,
Map context)
|
void |
setSubject(Subject subject,
Map context)
|
void |
updateOtherPartySubject(Subject subject,
Assertion assertion)
Update the public credentials of the subject of the party whose Assertion is given. |
void |
updateOtherPartySubject(Subject subject,
GSSName clientCred,
GSSCredential gssCred)
Update the principal/credentials of the requesting party subject |
void |
updateOtherPartySubject(Subject subject,
String username,
String password)
Update the public/private credentials of the subject of the party whose username password pair is given. |
void |
updateOtherPartySubject(Subject subject,
Subject bootStrapSubject)
Update the principal/credentials of the requesting party subject |
void |
updateOtherPartySubject(Subject subject,
X509Certificate cert)
Update the public credentials of the subject of the party whose certificate is given. |
void |
updateOtherPartySubject(Subject subject,
XMLStreamReader assertion)
Update the public credentials of the subject of the party whose Assertion is given. |
boolean |
validateAndCacheNonce(Map context,
String nonce,
String created,
long nonceAge)
Validate the given nonce. |
boolean |
validateCertificate(X509Certificate cert,
Map context)
Validate an X509Certificate. |
void |
validateCreationTime(Map context,
String creationTime,
long maxClockSkew,
long timestampFreshnessLimit)
Validate the creation time. |
void |
validateSAMLAssertion(Map context,
Element assertion)
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. |
void |
validateSAMLAssertion(Map context,
XMLStreamReader assertion)
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. |
boolean |
validateSamlIssuer(String issuer)
|
boolean |
validateSamlUser(String user,
String domain,
String format)
|
void |
validateTimestamp(Map context,
String created,
String expires,
long maxClockSkew,
long freshnessLimit)
|
void |
validateTimestamp(Map context,
Timestamp timestamp,
long maxClockSkew,
long freshnessLimit)
Validate the creation time. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected final long MAX_CLOCK_SKEW
protected final long TIMESTAMP_FRESHNESS_LIMIT
protected static final Logger log
public static final String USERNAME_CBH
public static final String PASSWORD_CBH
protected long maxClockSkewG
protected long timestampFreshnessLimitG
protected long maxNonceAge
protected String revocationEnabledAttr
protected boolean revocationEnabled
| Constructor Detail |
|---|
public WSITProviderSecurityEnvironment(CallbackHandler handler,
Map options,
Properties configAssertions)
throws XWSSecurityException
XWSSecurityException| Method Detail |
|---|
public PrivateKey getPrivateKey(Map context,
String alias)
throws XWSSecurityException
getPrivateKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesalias - the alias for identifying the PrivateKey
XWSSecurityException - if there was an error while trying to locate the PrivateKey
public PrivateKey getPrivateKey(Map context,
byte[] keyIdentifier)
throws XWSSecurityException
getPrivateKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertieskeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the PrivateKey
public PrivateKey getPrivateKey(Map context,
X509Certificate cert)
throws XWSSecurityException
getPrivateKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiescert - the X509Certificate
XWSSecurityException - if there was an error while trying to locate the PrivateKey
public PrivateKey getPrivateKey(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
getPrivateKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the PrivateKey
public X509Certificate getDefaultCertificate(Map context)
throws XWSSecurityException
getDefaultCertificate in interface SecurityEnvironmentkeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException
public boolean authenticateUser(Map context,
String username,
String password)
throws XWSSecurityException
authenticateUser in interface SecurityEnvironmentusername - password - context - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying to authenticate the username
public String authenticateUser(Map context,
String username)
throws XWSSecurityException
authenticateUser in interface SecurityEnvironmentusername - context - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying to authenticate the username
public boolean authenticateUser(Map context,
String username,
String passwordDigest,
String nonce,
String created)
throws XWSSecurityException
authenticateUser in interface SecurityEnvironmentusername - passwordDigest - nonce - created - context - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying to authenticate the username
public boolean validateCertificate(X509Certificate cert,
Map context)
throws XWSSecurityException
validateCertificate in interface SecurityEnvironmentcert - the X509Certificate to be validatedcontext - Map of application and integration-layer specific properties
XWSSecurityException - if there is some problem during validation.
public X509Certificate getMatchingCertificate(Map context,
byte[] keyIdMatch)
throws XWSSecurityException
keyIdMatch - KeyIdentifier to search for
XWSSecurityException
public X509Certificate getMatchingCertificate(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
XWSSecurityException
public X509Certificate getMatchingCertificate(Map context,
byte[] keyIdMatch,
String valueType)
throws XWSSecurityException
keyIdMatch - KeyIdentifier to search for
XWSSecurityException
public SecretKey getSecretKey(Map context,
String alias,
boolean encryptMode)
throws XWSSecurityException
getSecretKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesalias - the alias for identifying the SecretKeyencryptMode - whether this request is for an Encrypt or Decrypt operation
XWSSecurityException - if there was an error while trying to locate the SecretKey
public X509Certificate getCertificate(Map context,
String alias,
boolean forSigning)
throws XWSSecurityException
getCertificate in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesalias - the alias for identifying the certificateforSigning - whether this request is for a Sign operation or Encrypt
XWSSecurityException - if there was an error while trying to locate the Cerificate
public void updateOtherPartySubject(Subject subject,
String username,
String password)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partyusername - the username of the requesting partypassword - the password of the requesting party
public void updateOtherPartySubject(Subject subject,
X509Certificate cert)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partycert - the X509Certificate of the requesting party
public void updateOtherPartySubject(Subject subject,
Assertion assertion)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partyassertion - the SAML Assertion of the requesting party
public PublicKey getPublicKey(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
getPublicKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the PublicKey
public PublicKey getPublicKey(String keyIdentifier)
throws XWSSecurityException
XWSSecurityException
public PublicKey getPublicKey(Map context,
byte[] keyIdentifier)
throws XWSSecurityException
getPublicKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertieskeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the PublicKey
public PublicKey getPublicKey(Map context,
byte[] identifier,
String valueType)
throws XWSSecurityException
getPublicKey in interface SecurityEnvironmentXWSSecurityException
public X509Certificate getCertificate(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
getCertificate in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the X509Certificate
public X509Certificate getCertificate(String keyIdentifier)
throws XWSSecurityException
XWSSecurityException
public PrivateKey getPrivateKey(Map context,
PublicKey publicKey,
boolean forSign)
getPrivateKey in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiespublicKey - the publicKeyforSign - set to true if the purpose is Signature
public X509Certificate getCertificate(Map context,
byte[] ski)
getCertificate in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesski - an Opaque identifier indicating
the X509 certificate.
public X509Certificate getCertificate(Map context,
PublicKey publicKey,
boolean forSign)
throws XWSSecurityException
getCertificate in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiespublicKey - the publicKeyforSign - set to true if the public key is to be used for SignatureVerification
XWSSecurityException - if there was an error while trying to locate the PublicKey
public X509Certificate getCertificate(Map context,
byte[] identifier,
String valueType)
throws XWSSecurityException
getCertificate in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesidentifier - an Opaque identifier indicating the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the X509Certificatepublic boolean validateSamlIssuer(String issuer)
public boolean validateSamlUser(String user,
String domain,
String format)
public void setSubject(Subject subject,
Map context)
public void setRequesterSubject(Subject subject,
Map context)
public Subject getSubject()
getSubject in interface SecurityEnvironmentpublic Subject getSubject(Map context)
public Subject getRequesterSubject(Map context)
public String getUsername(Map context)
throws XWSSecurityException
getUsername in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying obtain the username
public String getPassword(Map context)
throws XWSSecurityException
getPassword in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying obtain the password
public boolean validateAndCacheNonce(Map context,
String nonce,
String created,
long nonceAge)
throws XWSSecurityException
SecurityEnvironment
validateAndCacheNonce in interface SecurityEnvironmentcontext - a context containing runtime propertiesnonce - the encoded nonce valuecreated - the creation time valuenonceAge - the time in milliseconds for which this nonce
will be stored on the receiver.
XWSSecurityException - if there was an error while trying to validate the Nonce
public void validateTimestamp(Map context,
String created,
String expires,
long maxClockSkew,
long freshnessLimit)
throws XWSSecurityException
validateTimestamp in interface SecurityEnvironmentXWSSecurityException
public void validateTimestamp(Map context,
Timestamp timestamp,
long maxClockSkew,
long freshnessLimit)
throws XWSSecurityException
SecurityEnvironment
validateTimestamp in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiestimestamp - the Timestamp elementmaxClockSkew - (in milliseconds) the maximum clockskewfreshnessLimit - (in milliseconds) the limit for which timestamps
are considered fresh
XWSSecurityException - if there was an error while trying validate the Timestamp
public void validateCreationTime(Map context,
String creationTime,
long maxClockSkew,
long timestampFreshnessLimit)
throws XWSSecurityException
SecurityEnvironment
validateCreationTime in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiescreationTime - the creation-time valuemaxClockSkew - (in milliseconds) the maximum clockskewtimestampFreshnessLimit - (in milliseconds) the limit for which timestamps
are considered fresh
XWSSecurityException - if there was an error while trying to validate the creationTime
public CallbackHandler getCallbackHandler()
throws XWSSecurityException
getCallbackHandler in interface SecurityEnvironmentXWSSecurityException - if there was an error while trying retrieve the CallbackHandler
public void validateSAMLAssertion(Map context,
Element assertion)
throws XWSSecurityException
SecurityEnvironment
validateSAMLAssertion in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesassertion - the Assertion to be validated
XWSSecurityException - if there was an error while validating the SAML Assertion
public Element locateSAMLAssertion(Map context,
Element binding,
String assertionId,
Document ownerDoc)
throws XWSSecurityException
SecurityEnvironment
locateSAMLAssertion in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesbinding - an org.w3c.dom.Element representing the SAML AuthorityBindingassertionId - the Assertion ID of the SAML AssertionownerDoc - the owner document into which the returned SAML Assertion should be imported to
XWSSecurityException - if there was an error while trying to locate the SAML Assertion
public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext,
AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding,
DynamicApplicationContext context)
throws XWSSecurityException
SecurityEnvironment
populateSAMLPolicy in interface SecurityEnvironmentfpcontext - a Map of application and integration-layer specific propertiessamlBinding - the SAML Assertion Policy to be populatedcontext - the DynamicApplicationContext
XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy
public PrivateKey getPrivateKey(Map context,
byte[] keyIdentifier,
String valueType)
throws XWSSecurityException
getPrivateKey in interface SecurityEnvironmentXWSSecurityException
public void validateSAMLAssertion(Map context,
XMLStreamReader assertion)
throws XWSSecurityException
SecurityEnvironment
validateSAMLAssertion in interface SecurityEnvironmentcontext - a Map of application and integration-layer specific propertiesassertion - the Assertion to be validated
XWSSecurityException - if there was an error while validating the SAML Assertion
public void updateOtherPartySubject(Subject subject,
XMLStreamReader assertion)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partyassertion - the SAML Assertion of the requesting partypublic boolean isSelfCertificate(X509Certificate cert)
isSelfCertificate in interface SecurityEnvironment
public void updateOtherPartySubject(Subject subject,
Subject bootStrapSubject)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partybootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party
public KerberosContext doKerberosLogin()
throws XWSSecurityException
SecurityEnvironment
doKerberosLogin in interface SecurityEnvironmentXWSSecurityException
public KerberosContext doKerberosLogin(byte[] tokenValue)
throws XWSSecurityException
SecurityEnvironment
doKerberosLogin in interface SecurityEnvironmentXWSSecurityException
public void updateOtherPartySubject(Subject subject,
GSSName clientCred,
GSSCredential gssCred)
SecurityEnvironment
updateOtherPartySubject in interface SecurityEnvironmentsubject - the Subject of the requesting partyclientCred - the GSSName of the requesting party
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||