org.picketlink.identity.federation.core.wstrust

Class WSTrustUtil

java.lang.Object

org.picketlink.identity.federation.core.wstrust.WSTrustUtil

public class WSTrustUtil
extends Object

Utility class that provides methods for parsing/creating WS-Trust elements.

Author:

Stefan Guilhen

Constructor Summary

Constructors

Constructor and Description
WSTrustUtil()

Method Summary

Modifier and Type	Method and Description
static AppliesTo	createAppliesTo(String endpointURI) Creates an instance of AppliesTo using the specified endpoint address.
static Lifetime	createDefaultLifetime(long tokenTimeout) Creates a Lifetime instance that specifies a range of time that starts at the current GMT time and has the specified duration in milliseconds.
static EndpointReferenceType	createIssuer(String addressUri) Given an address, create the WS-Addressing issuer
static KeyIdentifierType	createKeyIdentifier(String valueType, String value) Creates an instance of KeyIdentifierType with the specified values.
static KeyInfoType	createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo) Creates a KeyInfoType that wraps the specified secret.
static KeyInfoType	createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo, X509Certificate cer) Creates a KeyInfoType that wraps the specified secret.
static KeyInfoType	createKeyInfo(Certificate certificate) Creates a KeyInfoType that wraps the specified certificate.
static KeyValueType	createKeyValue(PublicKey key) Creates a KeyValueType that wraps the specified public key.
static OnBehalfOfType	createOnBehalfOfWithUsername(String username, String id) Creates a OnBehalfOfType instance that contains a UsernameTokenType.
static byte[]	createRandomSecret(int size) Creates a random byte[] secret of the specified size.
static RequestedReferenceType	createRequestedReference(KeyIdentifierType keyIdentifier, Map<QName,String> attributes) Creates an instance of RequestedReferenceType with the specified values.
static byte[]	getBinarySecret(EntropyType entropy) Parses the specified EntropyType and returns the first binary secret contained in the entropy.
static Principal	getOnBehalfOfPrincipal(OnBehalfOfType onBehalfOf) Parses the contents of the OnBehalfOf element and returns a Principal representing the identity on behalf of which the request was made.
static String	getServiceNameFromAppliesTo(RequestSecurityToken requestSecurityToken)
static byte[]	P_SHA1(byte[] secret, byte[] seed, int requiredSize) This method implements the P_SHA-1 function as defined in the RFC 2246 - The TLS Protocol Version 1.0 Section 5.
static String	parseAppliesTo(AppliesTo appliesTo) Parses the contents of the AppliesTo element and returns the address the uniquely identify the service provider.
static RenewingType	parseRenewingType(XMLEventReader xmlEventReader)
static void	persistSTSConfiguration(STSType stsConfiguration, OutputStream outputStream) Marshall the STSType to an outputstream

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WSTrustUtil

public WSTrustUtil()

Method Detail

createKeyIdentifier

public static KeyIdentifierType createKeyIdentifier(String valueType,
                                                    String value)

Creates an instance of KeyIdentifierType with the specified values.

Parameters:

valueType - a String representing the identifier value type.

value - a String representing the identifier value.

Returns:

the constructed KeyIdentifierType instance.

createRequestedReference

public static RequestedReferenceType createRequestedReference(KeyIdentifierType keyIdentifier,
                                                              Map<QName,String> attributes)

Creates an instance of RequestedReferenceType with the specified values. This method first creates a SecurityTokenReferenceType with the specified key identifier and attributes and then use this reference to construct the RequestedReferenceType that is returned.

Parameters:

keyIdentifier - the key identifier of the security token reference.

attributes - the attributes to be set on the security token reference.

Returns:

the constructed RequestedReferenceType instance.

createAppliesTo

public static AppliesTo createAppliesTo(String endpointURI)

Creates an instance of AppliesTo using the specified endpoint address.

Parameters:

endpointURI - a String representing the endpoint URI.

Returns:

the constructed AppliesTo instance.

createIssuer

public static EndpointReferenceType createIssuer(String addressUri)

Given an address, create the WS-Addressing issuer

Parameters:

addressUri -

Returns:

parseAppliesTo

public static String parseAppliesTo(AppliesTo appliesTo)

Parses the contents of the AppliesTo element and returns the address the uniquely identify the service provider.

Parameters:

appliesTo - the AppliesTo instance to be parsed.

Returns:

the address of the service provider.

parseRenewingType

public static RenewingType parseRenewingType(XMLEventReader xmlEventReader)
                                      throws ParsingException

Throws:

ParsingException

createDefaultLifetime

public static Lifetime createDefaultLifetime(long tokenTimeout)

Creates a Lifetime instance that specifies a range of time that starts at the current GMT time and has the specified duration in milliseconds.

Parameters:

tokenTimeout - the token timeout value (in milliseconds).

Returns:

the constructed Lifetime instance.

getOnBehalfOfPrincipal

public static Principal getOnBehalfOfPrincipal(OnBehalfOfType onBehalfOf)

Parses the contents of the OnBehalfOf element and returns a Principal representing the identity on behalf of which the request was made.

Parameters:

onBehalfOf - the type that represents the OnBehalfOf element.

Returns:

a Principal representing the extracted identity, or null if the contents of the OnBehalfOf element could not be parsed.

createOnBehalfOfWithUsername

public static OnBehalfOfType createOnBehalfOfWithUsername(String username,
                                                          String id)

Creates a OnBehalfOfType instance that contains a UsernameTokenType.

Parameters:

username - a String that represents the username of the UsernameTokenType.

id - an optional String that uniquely identifies the UsernameTokenType.

Returns:

the constructed OnBehalfOfType instance.

getBinarySecret

public static byte[] getBinarySecret(EntropyType entropy)

Parses the specified EntropyType and returns the first binary secret contained in the entropy.

Parameters:

entropy - a reference to the EntropyType that contains the binary secret.

Returns:

a byte[] containing the secret; null if the specified entropy doesn't contain any secret.

persistSTSConfiguration

public static void persistSTSConfiguration(STSType stsConfiguration,
                                           OutputStream outputStream)

Marshall the STSType to an outputstream

Parameters:

stsConfiguration -

outputStream -

createRandomSecret

public static byte[] createRandomSecret(int size)

Creates a random byte[] secret of the specified size.

Parameters:

size - the size of the secret to be created, in bytes.

Returns:

a byte[] containing the generated secret.

P_SHA1

public static byte[] P_SHA1(byte[] secret,
                            byte[] seed,
                            int requiredSize)
                     throws NoSuchAlgorithmException,
                            InvalidKeyException

This method implements the P_SHA-1 function as defined in the RFC 2246 - The TLS Protocol Version 1.0 Section 5. HMAC and the pseudorandom function:

 P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
                        HMAC_hash(secret, A(2) + seed) +
                        HMAC_hash(secret, A(3) + seed) + ...

 Where + indicates concatenation.

 A() is defined as:
    A(0) = seed
    A(i) = HMAC_hash(secret, A(i-1))
 

Parameters:

secret - a byte[] that represents the HMAC secret.

seed - a byte[] that represents the seed to be used.

requiredSize - an int that specifies the size (in bytes) of the result.

Returns:

a byte[] containing the result of the P_SHA-1 function.

Throws:

NoSuchAlgorithmException - if an error occurs while creating the Mac instance.

InvalidKeyException - if an error occurs while initializing the Mac instance.

createKeyInfo

public static KeyInfoType createKeyInfo(byte[] secret,
                                        PublicKey encryptionKey,
                                        URI keyWrapAlgo,
                                        X509Certificate cer)
                                 throws WSTrustException

Creates a KeyInfoType that wraps the specified secret. If the encryptionKey parameter is not null, the secret is encrypted using the specified public key before it is set in the KeyInfoType. It also create a keyinfo with the information about the key used for the encryption

Parameters:

secret - a byte[] representing the secret (symmetric key).

encryptionKey - the PublicKey that must be used to encrypt the secret.

keyWrapAlgo - the key wrap algorithm to be used.

Returns:

the constructed KeyInfoType instance.

Throws:

WSTrustException - if an error occurs while creating the KeyInfoType object.

createKeyInfo

public static KeyInfoType createKeyInfo(byte[] secret,
                                        PublicKey encryptionKey,
                                        URI keyWrapAlgo)
                                 throws WSTrustException

Creates a KeyInfoType that wraps the specified secret. If the encryptionKey parameter is not null, the secret is encrypted using the specified public key before it is set in the KeyInfoType.

Parameters:

secret - a byte[] representing the secret (symmetric key).

encryptionKey - the PublicKey that must be used to encrypt the secret.

keyWrapAlgo - the key wrap algorithm to be used.

Returns:

the constructed KeyInfoType instance.

Throws:

WSTrustException - if an error occurs while creating the KeyInfoType object.

createKeyInfo

public static KeyInfoType createKeyInfo(Certificate certificate)
                                 throws WSTrustException

Creates a KeyInfoType that wraps the specified certificate.

Parameters:

certificate - the Certificate to be wrapped as a X509DataType inside the KeyInfoType.

Returns:

the constructed KeyInfoType object.

Throws:

WSTrustException - if an error occurs while creating the KeyInfoType.

createKeyValue

public static KeyValueType createKeyValue(PublicKey key)

Creates a KeyValueType that wraps the specified public key. This method supports DSA and RSA keys.

Parameters:

key - the PublicKey that will be represented as a KeyValueType.

Returns:

the constructed KeyValueType or null if the specified key is neither a DSA nor a RSA key.

getServiceNameFromAppliesTo

public static String getServiceNameFromAppliesTo(RequestSecurityToken requestSecurityToken)