📄 permiswebservice.java
字号:
Element statement = this.extractAttributeStatement(msg);
if (statement==null) {
request.appendChild(typeTag);
return request;
}
NodeList list = statement.getChildNodes();
for (int i=0; i<list.getLength(); i++) {
Node node = list.item(i);
if (Text.class.isAssignableFrom(node.getClass())) continue;
if (node.getNodeName().equals("saml:Attribute")) {
Element ele = (Element)node;
String name = ele.getAttribute("Name");
Element attribute = this.doc.createElement("Attribute");
String id = new String("permis:"+name);
attribute.setAttribute("AttributeId",id);
attribute.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#string");
NodeList list1 = node.getChildNodes();
for (int j=0; j<list1.getLength(); j++) {
Node node1 = list1.item(j);
if (Text.class.isAssignableFrom(node1.getClass())) continue;
if (node1.getNodeName().equals("saml:AttributeValue")) {
Element value = this.doc.createElement("AttributeValue");
NodeList list2 = node1.getChildNodes();
for (int k=0; k<list2.getLength(); k++) {
Node node2 = list2.item(k);
if (Text.class.isAssignableFrom(node2.getClass())) {
String val = node2.getNodeValue();
val = val.trim();
Text text = this.doc.createTextNode(val);
value.appendChild(text);
}
}
attribute.appendChild(value);
}
}
typeTag.appendChild(attribute);
}
}
request.appendChild(typeTag);
return request;
}
/**
* This method returns a string XML, which represents WS-Trust security tokens
* @param contextIn, which represent a wst:RequestSecurityToken element
* @return wst:RequestSecurityTokenResponse
*/
public String getCreds(Element contextIn) throws Exception {
Interpreter inter = new Interpreter(contextIn);
String DNIn = inter.getSubjectDN();
String ValidLDAPDN = RFC2253NameParser.toCanonicalDN(DNIn);
if (ValidLDAPDN==null) {
Element response = this.getResponse(null,inter.getContextRef(),"invalid","invalid DN");
return new EncodeXML().encode(response,0);
}
ArrayList listOfACs = new ArrayList();
if (inter.getModel()==Interpreter.PULL) {
SubjectAttributeReference[] subAttRefs = inter.getSubAttrRefs();
for (int i=0; i<subAttRefs.length; i++) {
String url = subAttRefs[i].getReference();
URL urlC = new URL(url);
String method = urlC.getMethod();
String address = urlC.getAddress();
String port = urlC.getPort();
String base = urlC.getBaseDN();
if (base==null) base="dc=issrg,dc=uok";
if (port==null) port="-1";
int pN = new Integer(port).intValue();
ArrayList list = this.getAttributeCertificates(ValidLDAPDN,method,address,pN,base);
if (list!=null) listOfACs.addAll(list);
}
} else if (inter.getModel()==Interpreter.PUSH) {
AttributeStatement[] statement = inter.getAttributeStatements();
for (int i=0; i<statement.length; i++) {
AttributeStatement attSt = statement[i];
String url = attSt.getRepository();
String[] ACs = attSt.getBinaryTokens();
ArrayList localList = new ArrayList();
for (int j=0; j<ACs.length; j++) {
String binary = ACs[j];
if (binary==null) continue;
byte [] b=new byte[binary.length()];
b = binary.getBytes();
Base64 base64 = new Base64();
byte [] ac = base64.decode(b);
String AcDN = issrg.ac.AttributeCertificate.getHolderDN(ac);
String ValidLDAPDN1 = RFC2253NameParser.toCanonicalDN(AcDN);
if (ValidLDAPDN1==null) continue;
if (!DNIn.equals(AcDN)) continue;
Binary cert = new Binary(ac);
listOfACs.add(cert);
localList.add(cert);
}
if (url!=null) {
Binary [] localACs = new Binary[localList.size()];
localACs = (Binary[])localList.toArray(localACs);
byte[][] creds = new byte[localACs.length][];
for (int k=0; k<localACs.length; k++) creds[k] = localACs[k].getBinaryValue();
URL urlC = new URL(url);
String method = urlC.getMethod();
String address = urlC.getAddress();
String port = urlC.getPort();
String base = urlC.getBaseDN();
if (base==null) base="dc=issrg,dc=uok";
if (port==null) port="-1";
int pN = new Integer(port).intValue();
try {this.addAttributeCertificates(DNIn,creds,method,address,pN,base);}
catch (Exception e) {
Element response = this.getResponse(null,inter.getContextRef(),"invalid","can not store the ACs in "+url);
return new EncodeXML().encode(response,0);
}
}
}
} else if (inter.getModel()==Interpreter.INDETERMINATE) {
Element response = this.getResponse(null,inter.getContextRef(),"invalid","invalid request context");
return new EncodeXML().encode(response,0);
}
LDAPDNPrincipal user = new LDAPDNPrincipal(ValidLDAPDN);
try {
Subject subject = null;
Binary [] ACs = new Binary[listOfACs.size()];
ACs = (Binary[])listOfACs.toArray(ACs);
if (ACs.length==0) subject=this.pba.getCreds(user);
else {
byte[][] creds = new byte[ACs.length][];
for (int i=0; i<ACs.length; i++) creds[i] = ACs[i].getBinaryValue();
subject=this.pba.getCreds(user,creds);
}
if (subject==null) {
Element response = this.getResponse(null,inter.getContextRef(),"invalid","Subject is null");
return new EncodeXML().encode(response,0);
}
Credentials creds=subject.exportCreds();
Element samlAssertion = null;
samlAssertion = this.getSamlAssertion(creds, DNIn);
Element response = this.getResponse(samlAssertion,inter.getContextRef(),"valid",null);
return new EncodeXML().encode(response,0);
} catch (Exception e) {
Element response = this.getResponse(null,inter.getContextRef(),"invalid",e.getLocalizedMessage());
return new EncodeXML().encode(response,0);
}
}
private Element getSamlAssertion(Credentials creds,String DNIn) throws Exception {
Element subAtts = null;
ArrayList list = this.getAttributesAndValidityPeriods(creds);
subAtts = doc.createElement("saml:Assertion");
subAtts.setAttribute("ID", "Permis-Credential-Validation-Service-V1.0");
subAtts.setAttribute("IssueInstant", this.getTime().toString());
subAtts.setAttribute("Version","2.0");
subAtts.setAttribute("xmlns:saml","urn:oasis:names:tc:SAML:2.0:assertion");
if (list.size()<1) return subAtts;
Element issuer = doc.createElement("saml:Issuer");
Text text1 = doc.createTextNode("http://issrg.cs.kent.ac.uk/axis/services/PermisWebService");
issuer.appendChild(text1);
subAtts.appendChild(issuer);
Element subject = doc.createElement("saml:Subject");
Element identifier = doc.createElement("saml:NameID");
identifier.setAttribute("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName");
Text text2 = doc.createTextNode(DNIn);
identifier.appendChild(text2);
subject.appendChild(identifier);
subAtts.appendChild(subject);
Element condition = doc.createElement("saml:Conditions");
Element statement = doc.createElement("saml:AttributeStatement");
Date notBefore = null, notAfter = null;
for (Iterator i=list.iterator();i.hasNext();) {
AttributeAndValidityPeriod pair = (AttributeAndValidityPeriod)i.next();
Element attribute = doc.createElement("saml:Attribute");
attribute.setAttribute("Name", pair.getRoleType());
Element attributeValue = doc.createElement("saml:AttributeValue");
Text text = doc.createTextNode(pair.getRoleValue().trim());
attributeValue.appendChild(text);
attribute.appendChild(attributeValue);
statement.appendChild(attribute);
if (notBefore==null) notBefore = pair.getNotBefore();
else if (notBefore.before(pair.getNotBefore())) notBefore = pair.getNotBefore();
if (notAfter==null) notAfter = pair.getNotAfter();
else if (notAfter.after(pair.getNotAfter())) notAfter = pair.getNotAfter();
}
condition.setAttribute("NotBefore", notBefore.toString());
condition.setAttribute("NotOnOrAfter", notAfter.toString());
subAtts.appendChild(condition);
subAtts.appendChild(statement);
return subAtts;
}
private Element getResponse(Element samlIn,String ctxRefIn, String status, String reason) throws Exception {
Element res = doc.createElement("wst:RequestSecurityTokenResponse");
res.setAttribute("xmlns:wst","http://schemas.xmlsoap.org/ws/2005/02/trust");
if (ctxRefIn!=null)
res.setAttribute("Context",ctxRefIn);
Element tokenType = doc.createElement("wst:TokenType");
Text text1 = doc.createTextNode("urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML");
tokenType.appendChild(text1);
res.appendChild(tokenType);
if (status.equals("valid")) {
Element requested = doc.createElement("wst:RequestedSecurityToken");
requested.appendChild(samlIn);
res.appendChild(requested);
}
Element statusCode = doc.createElement("wst:Status");
Element code = doc.createElement("wst:Code");
Text text2 = null;
if (status.equals("valid")) {
text2 = doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid");
} else {
text2 = doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid");
}
code.appendChild(text2);
statusCode.appendChild(code);
if (reason!=null) {
Element reasonCode = doc.createElement("wst:Reason");
Text text3 = doc.createTextNode(reason);
reasonCode.appendChild(text3);
statusCode.appendChild(reasonCode);
}
res.appendChild(statusCode);
return res;
}
private ArrayList getAttributesAndValidityPeriods(Credentials creds) {
ArrayList list = new ArrayList();
AttributeAndValidityPeriod pair = null;
if (ExpirableCredentials.class.isAssignableFrom(creds.getClass())) {
ExpirableCredentials ecs = (ExpirableCredentials)creds;
RoleBasedCredentials rbcs = (RoleBasedCredentials)ecs.getExpirable();
ValidityPeriod vp = ecs.getValidityPeriod();
pair = new AttributeAndValidityPeriod(rbcs, vp);
list.add(pair);
} else {
SetOfSubsetsCredentials screds = (SetOfSubsetsCredentials)creds;
Vector vector = screds.getValue();
for (Iterator i=vector.iterator();i.hasNext();) {
Credentials subsets = (Credentials)i.next();
ArrayList subList = new ArrayList();
subList = this.getAttributesAndValidityPeriods(subsets);
list.addAll(subList);
}
}
return list;
}
/**
* The time is stopped forever, so the latch returns the same as getTime()
*/
public Date latch(){
return this.getTime();
}
/**
* The time is stopped forever, so the latch returns the same as getTime()
*/
public Date getTime(){
return this.time;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -