public Element submit()

in services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java [184:312]

• 109 lines of code
• 31 McCabe index (conditional complexity)

    public Element submit(RequestContext context, String realm, String homeRealm) throws Exception {

        SecurityToken idpToken = getSecurityToken(context, homeRealm);
        if (idpToken == null || idpToken.getToken() == null) {
            LOG.warn("No IdPToken is found");
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }

        Bus cxfBus = getBus();
        Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, "idpConfig");

        IdpSTSClient sts = new IdpSTSClient(cxfBus);
        sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);

        Application serviceConfig = idpConfig.findApplication(realm);
        if (serviceConfig == null) {
            LOG.warn("No service config found for " + realm);
            throw new ProcessingException(TYPE.BAD_REQUEST);
        }

        // Parse wreq parameter - we only support parsing TokenType and KeyType for now
        String wreq = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REQUEST);
        String stsTokenType = null;
        String stsKeyType = keyType;
        if (wreq != null) {
            try {
                Document wreqDoc = DOMUtils.readXml(new StringReader(wreq));
                Element wreqElement = wreqDoc.getDocumentElement();
                if (wreqElement != null && "RequestSecurityToken".equals(wreqElement.getLocalName())
                    && (STSUtils.WST_NS_05_12.equals(wreqElement.getNamespaceURI())
                        || HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST.equals(wreqElement.getNamespaceURI()))) {
                    Element tokenTypeElement = DOMUtils
                        .getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
                    if (tokenTypeElement != null) {
                        stsTokenType = tokenTypeElement.getTextContent();
                    }
                    Element keyTypeElement = DOMUtils
                        .getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
                    if (keyTypeElement != null) {
                        stsKeyType = keyTypeElement.getTextContent();
                    }
                }
            } catch (Exception e) {
                LOG.warn("Error parsing 'wreq' parameter: " + e.getMessage());
                throw new ProcessingException(TYPE.BAD_REQUEST);
            }
        }

        if (stsTokenType != null) {
            sts.setTokenType(stsTokenType);
        } else if (serviceConfig.getTokenType() != null && serviceConfig.getTokenType().length() > 0) {
            sts.setTokenType(serviceConfig.getTokenType());
        } else {
            sts.setTokenType(getTokenType());
        }

        if (serviceConfig.getPolicyNamespace() != null && serviceConfig.getPolicyNamespace().length() > 0) {
            sts.setWspNamespace(serviceConfig.getPolicyNamespace());
        }

        LOG.debug("TokenType {} set for realm {}", sts.getTokenType(), realm);

        sts.setKeyType(stsKeyType);
        if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(stsKeyType)) {
            HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
            if (servletRequest != null) {
                X509Certificate[] certs = (X509Certificate[])servletRequest
                    .getAttribute("javax.servlet.request.X509Certificate");
                if (certs != null && certs.length > 0) {
                    sts.setUseCertificateForConfirmationKeyInfo(true);
                    sts.setUseKeyCertificate(certs[0]);
                } else {
                    LOG.info("Can't send a PublicKey KeyType as no client certs are available");
                    sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
                }
            }
        }

        processWsdlLocation(context);
        sts.setWsdlLocation(wsdlLocation);
        sts.setServiceQName(new QName(namespace, wsdlService));
        sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
        if (use200502Namespace) {
            sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
        }

        if (serviceConfig.getRequestedClaims() != null && !serviceConfig.getRequestedClaims().isEmpty()) {
            addClaims(sts, serviceConfig.getRequestedClaims());
            LOG.debug("Requested claims set for {}", realm);
        }

        sts.setEnableLifetime(true);
        setLifetime(sts, serviceConfig, realm);

        sts.setEnableAppliesTo(serviceConfig.isEnableAppliesTo());

        sts.setOnBehalfOf(idpToken.getToken());

        if (properties != null) {
            sts.setProperties(properties);
        }

        if (getCustomSTSParameter() != null) {
            String authRealmParameter = context.getRequestParameters().get(getCustomSTSParameter());
            LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
            if (authRealmParameter != null) {
                sts.setCustomContent(authRealmParameter);
            }
        }

        final Element rpToken;
        try {
            rpToken = sts.requestSecurityTokenResponse(realm);
        } catch (SoapFault ex) {
            LOG.error("Error in retrieving a token {}", ex.getMessage());
            if (ex.getFaultCode() != null && "RequestFailed".equals(ex.getFaultCode().getLocalPart())) {
                throw new ProcessingException(TYPE.BAD_REQUEST);
            }
            throw ex;
        }

        if (LOG.isInfoEnabled()) {
            String id = getIdFromToken(rpToken);

            LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]", id,
                     realm, idpToken.getId());
        }
        return rpToken;
    }