Coverage Report - org.kuali.student.security.trust.service.SecurityTokenServiceImpl
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityTokenServiceImpl
0%
0/115
0%
0/48
4.455
 
 1  
 package org.kuali.student.security.trust.service;
 2  
 
 3  
 import java.io.BufferedReader;
 4  
 import java.io.InputStreamReader;
 5  
 import java.io.StringWriter;
 6  
 import java.io.UnsupportedEncodingException;
 7  
 import java.net.HttpURLConnection;
 8  
 import java.net.URL;
 9  
 import java.net.URLEncoder;
 10  
 import java.util.HashMap;
 11  
 import java.util.List;
 12  
 import java.util.Map;
 13  
 
 14  
 import javax.jws.WebService;
 15  
 import javax.xml.bind.JAXBElement;
 16  
 import javax.xml.parsers.DocumentBuilder;
 17  
 import javax.xml.parsers.DocumentBuilderFactory;
 18  
 import javax.xml.transform.Transformer;
 19  
 import javax.xml.transform.TransformerFactory;
 20  
 import javax.xml.transform.dom.DOMSource;
 21  
 import javax.xml.transform.stream.StreamResult;
 22  
 
 23  
 import org.jasig.cas.client.util.CommonUtils;
 24  
 import org.jasig.cas.client.util.XmlUtils;
 25  
 import org.kuali.student.security.exceptions.KSSecurityException;
 26  
 import org.kuali.student.security.trust.dto.RequestSecurityTokenResponseCollectionType;
 27  
 import org.kuali.student.security.trust.dto.RequestSecurityTokenResponseType;
 28  
 import org.kuali.student.security.trust.dto.RequestSecurityTokenType;
 29  
 import org.kuali.student.security.util.SamlUtils;
 30  
 import org.opensaml.SAMLAssertion;
 31  
 import org.w3c.dom.Document;
 32  
 import org.w3c.dom.Element;
 33  
 import org.w3c.dom.Node;
 34  
 
 35  
 /**
 36  
  * This class was generated by Apache CXF 2.2.8
 37  
  * Thu Jun 03 14:08:34 EDT 2010
 38  
  * Generated source version: 2.2.8
 39  
  * 
 40  
  */
 41  
  
 42  
 @WebService(endpointInterface = "org.kuali.student.security.trust.service.SecurityTokenService", serviceName = "SecurityTokenService", 
 43  
             portName = "SecurityTokenService", targetNamespace = "http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl")
 44  0
 public class SecurityTokenServiceImpl implements SecurityTokenService {
 45  
 
 46  
     public static final String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
 47  
     public static final String SAML_11_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
 48  
     
 49  
     
 50  
     private String casServerUrl;
 51  
     private String samlIssuerForUser;
 52  
     private String proxyCallBackUrl;
 53  
     
 54  
     public RequestSecurityTokenResponseCollectionType requestSecurityToken2(RequestSecurityTokenType request) throws KSSecurityException
 55  
     {
 56  0
         return null;
 57  
     }
 58  
 
 59  
     public RequestSecurityTokenResponseType requestSecurityToken(RequestSecurityTokenType request) throws KSSecurityException
 60  
     {
 61  
         // Parse the request
 62  0
         String context = request.getContext();
 63  0
         List<Object> objects = request.getAny();
 64  
         
 65  0
         String tokenTypeUri = null;
 66  0
         String requestTypeUri = null;
 67  0
         String proxyTicketId = null;
 68  0
         String proxyTargetService = null;
 69  
         
 70  0
         for(Object o : objects){
 71  
             // if its being accessed as a SOAP service with JAXB.
 72  0
             if(o instanceof JAXBElement){
 73  0
                 JAXBElement<?> e = (JAXBElement<?>)o;
 74  0
                 if( e.getName().getLocalPart().equalsIgnoreCase("TokenType")){
 75  0
                     tokenTypeUri = (String)e.getValue();
 76  
                 }
 77  0
                 else if(e.getName().getLocalPart().equalsIgnoreCase("RequestType")) {
 78  0
                     requestTypeUri = (String)e.getValue();
 79  
                 }
 80  0
                 else if(e.getName().getLocalPart().equalsIgnoreCase("CasProxyTicket")) {
 81  0
                     proxyTicketId = (String)e.getValue();
 82  
                 }
 83  0
                 else if(e.getName().getLocalPart().equalsIgnoreCase("CasProxyTargetService")) {
 84  0
                     proxyTargetService = (String)e.getValue();
 85  
                 }
 86  
             
 87  
             // if its being accessed with a client impl, no SOAP.
 88  0
             } else if(o instanceof Element){
 89  0
                 Element e = (Element)o;
 90  0
                 if( e.getLocalName().equalsIgnoreCase("TokenType")){
 91  0
                     tokenTypeUri = e.getTextContent();
 92  
                 }
 93  0
                 else if(e.getLocalName().equalsIgnoreCase("RequestType")) {
 94  0
                     requestTypeUri = e.getTextContent();
 95  
                 }
 96  0
                 else if(e.getLocalName().equalsIgnoreCase("CasProxyTicket")) {
 97  0
                     proxyTicketId = e.getTextContent();
 98  
                 }
 99  0
                 else if(e.getLocalName().equalsIgnoreCase("CasProxyTargetService")) {
 100  0
                     proxyTargetService = e.getTextContent();
 101  
                 }
 102  0
             }
 103  
         }
 104  
         
 105  
         
 106  
         // Create the Response
 107  0
         RequestSecurityTokenResponseType rstr = new RequestSecurityTokenResponseType();
 108  
         
 109  0
         if(requestTypeUri == null){ 
 110  0
             throw new KSSecurityException("The element RequestType is required");
 111  
         }
 112  0
         if(proxyTicketId == null || proxyTargetService == null){
 113  0
             throw new KSSecurityException("The elements CasProxyTicket and CasProxyTargetService are required");
 114  
         }
 115  
         
 116  
         //This optional URI specifies the identifier from the original request.
 117  
        // That is, if a context URI is specified on a RST, then it MUST be echoed on the corresponding RSTRs.
 118  0
         if(context != null){
 119  0
             rstr.setContext(context);
 120  
         }
 121  
         
 122  0
         if(tokenTypeUri == null){
 123  
             //default to SAML
 124  0
             tokenTypeUri = SAML_11_NS;
 125  
         }
 126  
        
 127  
         // We are just handling request for tokens of type SAML and for new token issuing, so this is just one BAD mother IF.
 128  0
         if(tokenTypeUri.equals(SAML_11_NS) && requestTypeUri.endsWith("/Issue") ){
 129  
             // create the TokenType and RequestedSecurityToken Elements
 130  0
             Element tokenType = null;
 131  0
             Element requestedSecurityToken = null;
 132  0
             Document signedSAMLDoc = null;
 133  
             try{
 134  
                 
 135  0
                 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 136  
         
 137  
                 //XML Signature needs to be namespace aware -- not sure if I need this here
 138  0
                 dbf.setNamespaceAware(true);
 139  
         
 140  0
                 DocumentBuilder db = dbf.newDocumentBuilder();
 141  0
                 Document doc = db.newDocument();
 142  
         
 143  0
                 tokenType = doc.createElementNS(WST_NS_05_02, "TokenType");
 144  0
                 tokenType.setTextContent(tokenTypeUri);
 145  
                 
 146  0
                 requestedSecurityToken = doc.createElementNS(WST_NS_05_02, "RequestedSecurityToken");
 147  
                 
 148  0
                 String testProperty = System.getProperty("ks.test.securityTokenService.useCas", "true");
 149  
                 
 150  0
                 if(Boolean.valueOf(testProperty)){
 151  0
                     signedSAMLDoc = validateCasProxyTicket(proxyTicketId, proxyTargetService);
 152  
                 } else {
 153  
                     // Create TEST SAML
 154  0
                     signedSAMLDoc = getSamlPrincipal("WS Trust Service is in test mode");
 155  
                 }
 156  0
                 Node signedSAMLAssertion = signedSAMLDoc.getDocumentElement();
 157  0
                 requestedSecurityToken.appendChild(doc.importNode(signedSAMLAssertion, true));
 158  
                 
 159  0
             } catch(Exception e){
 160  0
                 throw new KSSecurityException(e);
 161  0
             }
 162  0
             rstr.getAny().add(tokenType);
 163  0
             rstr.getAny().add(requestedSecurityToken);
 164  
         }
 165  
         
 166  0
         return rstr;
 167  
     }
 168  
 
 169  
     private Document validateCasProxyTicket(String proxyTicketId, String proxyTargetService) throws KSSecurityException{
 170  
         
 171  0
         String url = constructUrl(proxyTicketId, proxyTargetService);
 172  0
         HttpURLConnection conn = null;
 173  
         
 174  
         try {
 175  0
             URL constructedUrl = new URL(url);
 176  0
             conn = (HttpURLConnection) constructedUrl.openConnection();
 177  
 
 178  0
             BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
 179  
 
 180  
             String line;
 181  0
             StringBuffer stringBuffer = new StringBuffer(255);
 182  
             String response;
 183  
 
 184  0
             while ((line = in.readLine()) != null) {
 185  0
                 stringBuffer.append(line);
 186  
             }
 187  
             
 188  0
             response = stringBuffer.toString();
 189  0
             String error = XmlUtils.getTextForElement(response, "authenticationFailure");
 190  
 
 191  0
             if (CommonUtils.isNotEmpty(error)) {
 192  
                 //return error;
 193  0
                 throw new KSSecurityException(error);
 194  
             }
 195  
 
 196  0
             String user = XmlUtils.getTextForElement(response, "user");
 197  0
             String pgt  = XmlUtils.getTextForElement(response, "proxyGrantingTicket");
 198  0
             String proxies = XmlUtils.getTextForElement(response, "proxies");
 199  
             
 200  0
             Map<String,String> samlProperties = new HashMap<String,String>();
 201  0
             samlProperties.put("user", user.trim());
 202  0
             samlProperties.put("proxyGrantingTicket", pgt.trim());
 203  0
             samlProperties.put("proxies", proxies.trim());
 204  0
             samlProperties.put("samlIssuerForUser", samlIssuerForUser.trim());
 205  
             
 206  0
             SamlUtils.setSamlProperties(samlProperties);
 207  0
             SAMLAssertion samlAssertion = SamlUtils.createAssertion();
 208  
             
 209  0
             Document signedSAML = SamlUtils.signAssertion(samlAssertion);
 210  0
             return signedSAML;
 211  
             
 212  
             // transform the saml DOM into a writer, and return as a string response
 213  
             /*DOMSource domSource = new DOMSource(signedSAML);
 214  
             StringWriter writer = new StringWriter();
 215  
             StreamResult result = new StreamResult(writer);
 216  
             
 217  
             TransformerFactory tf = TransformerFactory.newInstance();
 218  
             Transformer transformer;
 219  
             
 220  
             transformer = tf.newTransformer();
 221  
             transformer.transform(domSource, result);
 222  
             
 223  
             writer.flush();
 224  
             
 225  
             return writer.toString();*/
 226  
             
 227  0
         } catch (final Exception e) {
 228  0
             throw new KSSecurityException(e);
 229  
         } finally {
 230  0
             if (conn != null) {
 231  0
                 conn.disconnect();
 232  
             }
 233  
         }
 234  
     }
 235  
     
 236  
     private String constructUrl(String proxyTicketId, String proxyTargetService) throws KSSecurityException{
 237  
         try {
 238  0
             return this.casServerUrl + (this.casServerUrl.endsWith("/") ? "" : "/") + "proxyValidate" + "?ticket=" 
 239  
             + proxyTicketId + "&service=" + URLEncoder.encode(proxyTargetService, "UTF-8") 
 240  
             + "&pgtUrl=" + URLEncoder.encode(proxyCallBackUrl, "UTF-8");
 241  0
         } catch (UnsupportedEncodingException e) {
 242  0
             throw new KSSecurityException(e);
 243  
         }
 244  
     }
 245  
     
 246  
     private Document getSamlPrincipal(String principal) throws KSSecurityException{
 247  
         try {      
 248  0
             Map<String,String> samlProperties = new HashMap<String,String>();
 249  0
             samlProperties.put("user", principal);
 250  0
             samlProperties.put("proxyGrantingTicket", "");
 251  0
             samlProperties.put("proxies", "");
 252  0
             if(samlIssuerForUser == null){
 253  0
                 samlProperties.put("samlIssuerForUser", "org.kuali.student.trust.sts");
 254  
             }else{
 255  0
                 samlProperties.put("samlIssuerForUser", samlIssuerForUser.trim());
 256  
             }
 257  
             
 258  0
             SamlUtils.setSamlProperties(samlProperties);
 259  0
             SAMLAssertion samlAssertion = SamlUtils.createAssertion();
 260  
             
 261  0
             Document signedSAML = SamlUtils.signAssertion(samlAssertion);
 262  
             
 263  0
             return signedSAML;
 264  
             
 265  0
         } catch (final Exception e) {
 266  0
             throw new KSSecurityException(e);
 267  
         } 
 268  
 
 269  
     }
 270  
 
 271  
     public String getCasServerUrl() {
 272  0
         return casServerUrl;
 273  
     }
 274  
 
 275  
     public void setCasServerUrl(String casServerUrl) {
 276  0
         this.casServerUrl = casServerUrl;
 277  0
     }
 278  
 
 279  
     public String getSamlIssuerForUser() {
 280  0
         return samlIssuerForUser;
 281  
     }
 282  
 
 283  
     public void setSamlIssuerForUser(String samlIssuerForUser) {
 284  0
         this.samlIssuerForUser = samlIssuerForUser;
 285  0
     }
 286  
 
 287  
     public String getProxyCallBackUrl() {
 288  0
         return proxyCallBackUrl;
 289  
     }
 290  
 
 291  
     public void setProxyCallBackUrl(String proxyCallBackUrl) {
 292  0
         this.proxyCallBackUrl = proxyCallBackUrl;
 293  0
     }
 294  
 }