📄 cardissuer.java
字号:
/* * Copyright 2005-2007 WSO2, Inc. (http://wso2.com) Licensed under the Apache * License, Version 2.0 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law * or agreed to in writing, software distributed under the License is * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the specific language * governing permissions and limitations under the License. */package org.wso2.solutions.identity.cards;import org.apache.axiom.om.util.Base64;import org.apache.axiom.om.util.UUIDGenerator;import org.apache.axis2.addressing.EndpointReference;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;import org.w3c.dom.Element;import org.wso2.solutions.identity.IdentityConstants;import org.wso2.solutions.identity.IdentityProviderConstants;import org.wso2.solutions.identity.IdentityProviderException;import org.wso2.solutions.identity.UserStore;import org.wso2.solutions.identity.admin.RegisteredInfoCardInfoAdmin;import org.wso2.solutions.identity.admin.ReportAdmin;import org.wso2.solutions.identity.cards.model.CardImage;import org.wso2.solutions.identity.cards.model.CardModelException;import org.wso2.solutions.identity.cards.model.Identity;import org.wso2.solutions.identity.cards.model.InformationCard;import org.wso2.solutions.identity.cards.model.InformationCardReference;import org.wso2.solutions.identity.cards.model.Metadata;import org.wso2.solutions.identity.cards.model.RequireAppliesTo;import org.wso2.solutions.identity.cards.model.SelfIssuedCredential;import org.wso2.solutions.identity.cards.model.SupportedClaimType;import org.wso2.solutions.identity.cards.model.SupportedClaimTypeList;import org.wso2.solutions.identity.cards.model.TokenService;import org.wso2.solutions.identity.cards.model.TokenServiceList;import org.wso2.solutions.identity.cards.model.UserCredential;import org.wso2.solutions.identity.cards.model.UsernamePasswordCredential;import org.wso2.solutions.identity.cards.model.X509V3Credential;import org.wso2.solutions.identity.i18n.Messages;import org.wso2.solutions.identity.openid.OpenIDUtil;import org.wso2.solutions.identity.persistence.IPPersistenceManager;import org.wso2.solutions.identity.persistence.dataobject.ActionDO;import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;import org.wso2.solutions.identity.persistence.dataobject.InfoCardDO;import org.wso2.utils.ServerConfiguration;import org.wso2.wsas.ServerConstants;import java.io.ByteArrayOutputStream;import java.io.FileInputStream;import java.security.KeyStore;import java.security.PrivateKey;import java.security.cert.Certificate;import java.security.cert.X509Certificate;import java.text.DateFormat;import java.text.SimpleDateFormat;import java.util.Calendar;import java.util.Date;import java.util.GregorianCalendar;import java.util.Iterator;import java.util.List;import java.util.Map;import java.util.TimeZone;/** * Issues information cards according to the given configuration. */public class CardIssuer { private static Log log = LogFactory.getLog(CardIssuer.class); private static Messages messages = Messages .getInstance(IdentityProviderConstants.RESOURCES); // track whether an OpenIdInfoCard which is based on OpenIDToken type or // an InfoCard based on SAML token type. private boolean isOpenIdInfoCard = false; private static Log cardIssuerLog = LogFactory .getLog(IdentityProviderConstants.CARD_ISSUSER_LOG); private boolean isCardLogDebug = false; private static CardIssuerConfig issuerConfig = null; public CardIssuer() throws IdentityProviderException { issuerConfig = CardIssuerConfig.getInstance(); isCardLogDebug = cardIssuerLog.isDebugEnabled(); } public Element issueCardForUsername(String username, boolean requireAppliesTo) throws IdentityProviderException { if (isCardLogDebug) { cardIssuerLog.debug(messages.getMessage("startCardIssue", new String[] { "usernameToken", username })); } UsernamePasswordCredential passCred = new UsernamePasswordCredential(); passCred.setUsername(username); UserCredential cred = new UserCredential(passCred); return issueCard(cred, requireAppliesTo, username); } public Element issueCardForSelfIssuedCard(String ppid, boolean requireAppliesTo) throws IdentityProviderException { if (isCardLogDebug) { cardIssuerLog.debug(messages.getMessage("startCardIssue", new String[] { "selfIssuedCard", ppid })); } Element cardElement = null; SelfIssuedCredential selfCred = new SelfIssuedCredential(ppid); RegisteredInfoCardInfoAdmin registerAdmin = new RegisteredInfoCardInfoAdmin(); String primaryUserName = registerAdmin.extractPrimaryUserName(ppid); UserCredential cred = new UserCredential(selfCred); if (primaryUserName == null) { cardElement = issueCard(cred, requireAppliesTo, ppid); } else { cardElement = issueCard(cred, requireAppliesTo, primaryUserName); } return cardElement; } public Element issueCardForX509V3Certificate(String userName, String cert, boolean requireAppliesTo) throws IdentityProviderException { if (isCardLogDebug) { cardIssuerLog.debug(messages.getMessage("startCardIssue", new String[] { "x509v3Cert", cert })); } // TODO : Store audit data // TOOD : - cert, user X509V3Credential x509Cred = new X509V3Credential(); /////TODO : IMPORTANT Debug only cert = "NQM0IBvuplAtETQvk+6gn8C13wE="; x509Cred.setBase64EncodedThumbprintValue(cert); UserCredential cred = new UserCredential(x509Cred); Element cardElement = issueCard(cred, requireAppliesTo, userName); return cardElement; } private Element issueCard(UserCredential credential, boolean requireAppliesTo, String primaryUserId) throws IdentityProviderException { ServerConfiguration serverConfig = ServerConfiguration.getInstance(); try { String storeFilePath = serverConfig .getFirstProperty("Security.KeyStore.Location"); FileInputStream is = new FileInputStream(storeFilePath); KeyStore store = KeyStore.getInstance(serverConfig .getFirstProperty("Security.KeyStore.Type")); String passwd = serverConfig .getFirstProperty("Security.KeyStore.Password"); store.load(is, passwd.toCharArray()); Generator gen = new Generator(); gen.setSignatureAlgorithm(issuerConfig.getSigAlgo()); String alias = serverConfig .getFirstProperty("Security.KeyStore.KeyAlias"); Certificate[] certs = store.getCertificateChain(alias); gen.setCertChain(certs); gen.setPrivateKey((PrivateKey) store.getKey(alias, serverConfig .getFirstProperty("Security.KeyStore.KeyPassword") .toCharArray())); Identity id = new Identity(); id.setCertificate((X509Certificate) store.getCertificate(alias)); InformationCard infoCard = getInfoCard(credential, id, requireAppliesTo, primaryUserId); if (isCardLogDebug) { cardIssuerLog.debug(messages.getMessage("cardElementGenerated", new String[] { infoCard.getInformationCardReference() .getCardId() })); } storeCard(infoCard, primaryUserId); Element elem = gen.signCard(infoCard); if (isCardLogDebug) { cardIssuerLog.debug(messages.getMessage( "cardSignedSuccessfully", new String[] { infoCard .getInformationCardReference().getCardId() })); } String cardId = infoCard.getInformationCardReference().getCardId(); if (isOpenIdInfoCard) { ReportAdmin.record(primaryUserId, ActionDO.ACTION_USER_DOWNLOAD_OPENID_CARD, "CardId=" + cardId); } else { ReportAdmin.record(primaryUserId, ActionDO.ACTION_USER_DOWNLOAD_CARD, "CardId=" + cardId); } return elem; } catch (CardModelException e) { throw new IdentityProviderException("cardModelError", e); } catch (Exception e) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -