in modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java [794:904]
private void initializeTokens(RampartMessageData rmd) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
MessageContext msgContext = rmd.getMsgContext();
if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
if (log.isDebugEnabled()) {
log.debug("Processing symmetric binding: " +
"Setting up encryption token and signature token");
}
//Setting up encryption token and signature token
Token sigTok = rpd.getSignatureToken();
Token encrTok = rpd.getEncryptionToken();
if(sigTok instanceof IssuedToken) {
log.debug("SignatureToken is an IssuedToken");
if(rmd.getIssuedSignatureTokenId() == null) {
log.debug("No Issuedtoken found, requesting a new token");
IssuedToken issuedToken = (IssuedToken)sigTok;
String id = RampartUtil.getIssuedToken(rmd,
issuedToken);
rmd.setIssuedSignatureTokenId(id);
}
} else if(sigTok instanceof SecureConversationToken) {
log.debug("SignatureToken is a SecureConversationToken");
//TODO check for an existing token and use it
String secConvTokenId = rmd.getSecConvTokenId();
//The RSTR has to be secured with the cancelled token
String action = msgContext.getOptions().getAction();
boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
//In the case of the cancel req or resp we should mark the token as cancelled
if(secConvTokenId != null && cancelReqResp) {
try {
rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
//remove from the local map of contexts
String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
} catch (TrustException e) {
throw new RampartException("errorExtractingToken");
}
}
if (secConvTokenId == null
|| (secConvTokenId != null &&
(!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
log.debug("No SecureConversationToken found, requesting a new token");
SecureConversationToken secConvTok =
(SecureConversationToken) sigTok;
try {
String id = RampartUtil.getSecConvToken(rmd, secConvTok);
rmd.setSecConvTokenId(id);
} catch (TrustException e) {
throw new RampartException("errorInObtainingSct", e);
}
}
}
//If it was the ProtectionToken assertion then sigTok is the
//same as encrTok
if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
log.debug("Symmetric binding uses a ProtectionToken, both" +
" SignatureToken and EncryptionToken are the same");
rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
} else {
//Now we'll have to obtain the encryption token as well :-)
//ASSUMPTION: SecureConversationToken is used as a
//ProtectionToken therefore we only have to process a issued
//token here
log.debug("Obtaining the Encryption Token");
if(rmd.getIssuedEncryptionTokenId() != null) {
log.debug("EncrytionToken not alredy set");
IssuedToken issuedToken = (IssuedToken)encrTok;
String id = RampartUtil.getIssuedToken(rmd,
issuedToken);
rmd.setIssuedEncryptionTokenId(id);
}
}
}
//TODO : Support processing IssuedToken and SecConvToken assertoins
//in supporting tokens, right now we only support UsernameTokens and
//X.509 Tokens
}