in modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java [71:217]
public SOAPEnvelope issue(RahasData data) throws TrustException {
MessageContext inMsgCtx = data.getInMessageContext();
SAMLTokenIssuerConfig tokenIssuerConfiguration = CommonUtil.getTokenIssuerConfiguration(this.configElement,
this.configFile, inMsgCtx.getParameter(this.configParamName));
if (tokenIssuerConfiguration == null) {
if (log.isDebugEnabled()) {
String parameterName;
if (this.configElement != null) {
parameterName = "OMElement - " + this.configElement.toString();
} else if (this.configFile != null) {
parameterName = "File - " + this.configFile;
} else if (this.configParamName != null) {
parameterName = "With message context parameter name - " + this.configParamName;
} else {
parameterName = "No method to build configurations";
}
log.debug("Unable to build token configurations, " + parameterName);
}
throw new TrustException("configurationIsNull");
}
SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
.getEnvelope().getNamespace().getNamespaceURI());
Crypto crypto = tokenIssuerConfiguration.getIssuerCrypto(inMsgCtx
.getAxisService().getClassLoader());
// Creation and expiration times
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusMillis(tokenIssuerConfiguration.getTtl());
// Get the document
Document doc = ((Element) env).getOwnerDocument();
// Get the key size and create a new byte array of that size
int keySize = data.getKeysize();
keySize = (keySize == -1) ? tokenIssuerConfiguration.getKeySize() : keySize;
/*
* Find the KeyType If the KeyType is SymmetricKey or PublicKey,
* issue a SAML HoK assertion. - In the case of the PublicKey, in
* coming security header MUST contain a certificate (maybe via
* signature)
*
* If the KeyType is Bearer then issue a Bearer assertion
*
* If the key type is missing we will issue a HoK assertion
*/
String keyType = data.getKeyType();
Assertion assertion;
if (keyType == null) {
throw new TrustException(TrustException.INVALID_REQUEST,
new String[] { "Requested KeyType is missing" });
}
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
|| keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
assertion = createHoKAssertion(tokenIssuerConfiguration, doc, crypto,
creationTime, expirationTime, data);
} else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
assertion = createBearerAssertion(tokenIssuerConfiguration, doc, crypto,
creationTime, expirationTime, data);
} else {
throw new TrustException("unsupportedKeyType");
}
OMElement rstrElem;
int wstVersion = data.getVersion();
if (RahasConstants.VERSION_05_02 == wstVersion) {
rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
wstVersion, env.getBody());
} else {
OMElement rstrcElem = TrustUtil
.createRequestSecurityTokenResponseCollectionElement(
wstVersion, env.getBody());
rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
wstVersion, rstrcElem);
}
TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
RahasConstants.TOK_TYPE_SAML_10);
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
}
if (tokenIssuerConfiguration.isAddRequestedAttachedRef()) {
TrustUtil.createRequestedAttachedRef(rstrElem, assertion.getID(),wstVersion);
}
if (tokenIssuerConfiguration.isAddRequestedUnattachedRef()) {
TrustUtil.createRequestedUnattachedRef(rstrElem, assertion.getID(),wstVersion);
}
if (data.getAppliesToAddress() != null) {
TrustUtil.createAppliesToElement(rstrElem, data
.getAppliesToAddress(), data.getAddressingNs());
}
// Use GMT time in milliseconds
ZonedDateTime creationTimeZDT = ZonedDateTime.ofInstant(creationTime, ZoneOffset.UTC);
ZonedDateTime expirationTimeZDT = ZonedDateTime.ofInstant(expirationTime, ZoneOffset.UTC);
// Add the Lifetime element
TrustUtil.createLifetimeElement(wstVersion, rstrElem, DateUtil.getDateTimeFormatter(true).format(creationTimeZDT), DateUtil.getDateTimeFormatter(true).format(expirationTimeZDT));
// Create the RequestedSecurityToken element and add the SAML token
// to it
OMElement reqSecTokenElem = TrustUtil
.createRequestedSecurityTokenElement(wstVersion, rstrElem);
Token assertionToken;
//try {
Node tempNode = assertion.getDOM();
reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
.getOwnerDocument().importNode(tempNode, true));
// Store the token
assertionToken = new Token(assertion.getID(),
(OMElement) assertion.getDOM(), Date.from(creationTime),
Date.from(expirationTime));
// At this point we definitely have the secret
// Otherwise it should fail with an exception earlier
assertionToken.setSecret(data.getEphmeralKey());
TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
/* } catch (SAMLException e) {
throw new TrustException("samlConverstionError", e);
}*/
if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
&& tokenIssuerConfiguration.getKeyComputation() != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
// Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
tokenIssuerConfiguration, rstrElem, assertionToken, doc);
}
return env;
}