Added support for the Validate AuthToken Service.

Made necessary spec file changes to support our configuration.

CASA-auth-token/java/configure.in

@@ -19,9 +19,11 @@
 #
 #######################################################################
 
-AC_INIT(autogen.sh)
+AC_INIT(CASA_auth_token_svc, 1.7.1,,CASA_auth_token_svc)
+AC_CONFIG_SRCDIR(autogen.sh)
 AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(CASA_auth_token_svc, 1.7.1)
+AM_INIT_AUTOMAKE(tar-pax)
+
 RELEASE=`date +%Y%m%d_%H%M`
 AC_SUBST(RELEASE)
 AM_MAINTAINER_MODE

CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Sep 14 09:57:00 MDT 2006 - jluciani@novell.com
+
+- Made changes to support the Authtoken Validate Service. This now
+  fixes support of "C" services.
+
+- Switched to using IBMs java instead of SUNs. This was done in order to
+  gain better Kerberos support (IBMs Kerberos modul supports more
+  encryption types) and to get around a problem in SUN's Invocation API
+  that was not letting us consume our AuthToken class from a native thread
+  other than the thread which creates the JVM.
+
 -------------------------------------------------------------------
 Fri Aug 18 11:49:22 MDT 2006 - jluciani@novell.com
 

CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in

@@ -17,7 +17,7 @@
 
 Name:          @PACKAGE@ 
 URL:           http://www.novell.com/products
-BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-sun java-1_5_0-sun-devel update-alternatives mono-devel servletapi5 identity-abstraction
+BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel update-alternatives mono-devel servletapi5 identity-abstraction
 %define prefix /usr
 License:       LGPL
 Group:         Applications/System
@@ -28,7 +28,7 @@ Release:       0
 Summary:       Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
 Source:        %{name}-%{version}.tar.bz2
 BuildRoot:     %{_tmppath}/%{name}-%{version}-build
-Requires:      java-1_5_0-sun servletapi5 tomcat5
+Requires:      java-1_5_0-ibm servletapi5 tomcat5
 PreReq:        %fillup_prereq %insserv_prereq
 BuildArchitectures: noarch
 
@@ -51,7 +51,7 @@ enabled.
 %package -n CASA_auth_token_jaas_support
 Summary:      Libraries needed for JAAS applications development.
 Group:        Applications/System
-Requires:     java-1_5_0-sun
+Requires:     java-1_5_0-ibm
 
 %description -n CASA_auth_token_jaas_support
 CASA_auth_token is an authentication token infrastructure with support for multiple
@@ -93,29 +93,54 @@ make
 install -d %{buildroot}%{prefix}
 install -d %{buildroot}%{prefix}/share
 install -d %{buildroot}%{prefix}/share/java
+install -d %{buildroot}%{prefix}/share/java/CASA
+install -d %{buildroot}%{prefix}/share/java/CASA/authtoken
+install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external
 install -d %{buildroot}/etc
-install -d -m 777 %{buildroot}/etc/CASA
+install -d -m 755 %{buildroot}/var/lib/CASA
-install -d -m 777 %{buildroot}/etc/CASA/authtoken
+install -d -m 755 %{buildroot}/var/lib/CASA/authtoken
+install -d -m 755 %{buildroot}/var/lib/CASA/authtoken/svc
+install -d -m 755 %{buildroot}/etc/CASA
+install -d -m 755 %{buildroot}/etc/CASA/authtoken.d
+install -d -m 755 %{buildroot}/etc/CASA/authtoken.d
+install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/svc.d
+install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/java-keys
 
 ## CASA_auth_token_svc ##
 # Libs
-install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc-%{bldno}.war
+install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
 
 # Lib Symbolic Links
-ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc.war
+ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
-ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc.war.1
+ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1
 
 ## CASA_auth_token_jaas_support ##
 # Libs
-install -m 755 %{_lib}/java/CasaJaasSupport.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport-%{bldno}.jar
+install -m 755 %{_lib}/java/CasaJaasSupport.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
-install -m 755 %{_lib}/java/CasaAuthToken.jar %{buildroot}%{prefix}/share/java/CasaAuthToken-%{bldno}.jar
+install -m 755 %{_lib}/java/CasaAuthToken.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
-install -m 755 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken/crypto.properties
+install -m 755 server/Svc/external/axis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/axis.jar
+install -m 755 server/Svc/external/axis-ant.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/axis-ant.jar
+install -m 755 server/Svc/external/commons-discovery-0.2.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar
+install -m 755 server/Svc/external/commons-logging-1.0.4.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar
+install -m 755 server/Svc/external/commons-logging-api.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-logging-api.jar
+install -m 755 server/Svc/external/jaxrpc.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/jaxrpc.jar
+install -m 755 server/Svc/external/log4j.properties %{buildroot}%{prefix}/share/java/CASA/authtoken/external/log4j.properties
+install -m 755 server/Svc/external/log4j-1.2.8.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/log4j-1.2.8.jar
+install -m 755 server/Svc/external/saaj.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/saaj.jar
+install -m 755 server/Svc/external/wsdl4j-1.5.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar
+install -m 755 server/Svc/external/wss4j-1.5.0.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/wss4j-1.5.0.jar
+install -m 755 server/Svc/external/xalan.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xalan.jar
+install -m 755 server/Svc/external/xercesImpl.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
+install -m 755 server/Svc/external/xml-apis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
+install -m 755 server/Svc/external/xmlsec-1.2.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
+install -m 644 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken.d/crypto.properties
+install -m 644 server/Svc/jaas.conf %{buildroot}/etc/CASA/authtoken.d/svc.d/jaas.conf
 
 # Lib Symbolic Links
-ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport.jar
+ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
-ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport.jar.1
+ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
-ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaAuthToken.jar
+ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
-ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaAuthToken.jar.1
+ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -136,11 +161,18 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root)
+%dir %{prefix}/share/java/CASA
+%dir %{prefix}/share/java/CASA/authtoken
+%dir /var/lib/CASA
+%dir /var/lib/CASA/authtoken
+%dir /var/lib/CASA/authtoken/svc
 %dir /etc/CASA
-%dir /etc/CASA/authtoken
+%dir /etc/CASA/authtoken.d
-%{prefix}/share/java/CasaAuthTokenSvc-%{bldno}.war
+%dir /etc/CASA/authtoken.d/svc.d
-%{prefix}/share/java/CasaAuthTokenSvc.war
+%dir /etc/CASA/authtoken.d/java-keys
-%{prefix}/share/java/CasaAuthTokenSvc.war.1
+%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
+%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
+%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1
 
 
 ## CASA_auth_token_jaas_support ##
@@ -158,15 +190,35 @@ rm -rf $RPM_BUILD_ROOT
 
 %files -n CASA_auth_token_jaas_support
 %defattr(-,root,root)
+%dir %{prefix}/share/java/CASA
+%dir %{prefix}/share/java/CASA/authtoken
+%dir %{prefix}/share/java/CASA/authtoken/external
 %dir /etc/CASA
-%dir /etc/CASA/authtoken
+%dir /etc/CASA/authtoken.d
-%{prefix}/share/java/CasaJaasSupport-%{bldno}.jar
+%dir /etc/CASA/authtoken.d/java-keys
-%{prefix}/share/java/CasaJaasSupport.jar
+%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
-%{prefix}/share/java/CasaJaasSupport.jar.1
+%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
-%{prefix}/share/java/CasaAuthToken-%{bldno}.jar
+%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
-%{prefix}/share/java/CasaAuthToken.jar
+%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
-%{prefix}/share/java/CasaAuthToken.jar.1
+%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
-/etc/CASA/authtoken/crypto.properties
+%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
+%{prefix}/share/java/CASA/authtoken/external/axis.jar
+%{prefix}/share/java/CASA/authtoken/external/axis-ant.jar
+%{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar
+%{prefix}/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar
+%{prefix}/share/java/CASA/authtoken/external/commons-logging-api.jar
+%{prefix}/share/java/CASA/authtoken/external/jaxrpc.jar
+%{prefix}/share/java/CASA/authtoken/external/log4j.properties
+%{prefix}/share/java/CASA/authtoken/external/log4j-1.2.8.jar
+%{prefix}/share/java/CASA/authtoken/external/saaj.jar
+%{prefix}/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar
+%{prefix}/share/java/CASA/authtoken/external/wss4j-1.5.0.jar
+%{prefix}/share/java/CASA/authtoken/external/xalan.jar
+%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
+%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
+%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
+/etc/CASA/authtoken.d/crypto.properties
+/etc/CASA/authtoken.d/svc.d/jaas.conf
 
 
 %changelog -n CASA_auth_token_svc

CASA-auth-token/java/server/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java

@@ -190,7 +190,7 @@ public class CasaLoginModule implements LoginModule
          // Instantiate the AuthToken, this validates the token itself.
          try
          {
-            AuthToken authToken = new AuthToken(new String(authTokenChars));
+            AuthToken authToken = new AuthToken(new String(authTokenChars), true);
             
             // Instantiate the appropriate IdentityToken based on the IdentityTokenProvider type
             // tbd - For now use the CasaIdentityToken

CASA-auth-token/java/server/Svc/Makefile.am

@@ -28,7 +28,8 @@ EXTRA_DIST = authtoken.settings \
 		svc.settings \
 		TODO \
 		web.xml \
-		crypto.properties
+		crypto.properties \
+		jaas.conf
 
 ROOT = ../..
 

CASA-auth-token/java/server/Svc/crypto.properties

@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=foobar
+org.apache.ws.security.crypto.merlin.keystore.alias=privkey
+org.apache.ws.security.crypto.merlin.alias.password=foobar
+org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken.d/java-keys/privkeystore

CASA-auth-token/java/server/Svc/jaas.conf

@@ -0,0 +1,11 @@
+other {
+com.sun.security.auth.module.Krb5LoginModule required
+	useTicketCache=true
+	ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache"
+	useKeyTab=true
+	principal="host/jcserver2.provo.novell.com"
+	doNotPrompt=true
+	storeKey=true
+	keyTab="/etc/krb5.keytab"
+	debug=true;
+};

CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java

@@ -135,14 +135,27 @@ public class AuthToken
     * Constructor given an authentication token string. The constructor
     * validates the token as part of its processing.
     */
-   public AuthToken(String token) throws Exception
+   public AuthToken(String token,
+                    boolean encodedToken) throws Exception
    {
-      // Decode the token string
+      // Decode the token string if necessary
-      m_token = Base64Coder.decode(token);
+      if (encodedToken)
+         m_token = Base64Coder.decode(token);
+      else
+         m_token = token;
 
       // Now instantiate a SOAP message with the string
       InputStream inStream = new ByteArrayInputStream(m_token.getBytes());
-      Message message = new Message(inStream);
+      org.apache.axis.Message message;
+      try
+      {
+         message = new Message(inStream);
+
+      } catch (Exception e)
+      {
+         System.err.println("AuthToken()- Exception caught creating message, msg: " + e.getMessage());
+         throw new Exception("Invalid Authentication Token");
+      }
 
       // Get access to the SOAP Envelope
       SOAPEnvelope envelope = message.getSOAPEnvelope();
@@ -284,16 +297,20 @@ public class AuthToken
     * Validates an authentication token. If successful it
     * returns a string containing the identity token associated
     * with the authentication token; otherwise it returns NULL;
+    *
+    * Note, the routine assumes that the token is not encoded.
     */
    public static String validate(String authTokenString)
    {
+      System.err.println("AuthToken.validate()- Start");
       // Instantiate the AuthToken, this validates the token itself.
       try
       {
-         AuthToken authToken = new AuthToken(authTokenString);
+         AuthToken authToken = new AuthToken(authTokenString, false);
 
          // If we are here is because the token validation succeeded,
          // return the identity token string.
+         System.err.println("AuthToken.validate()- Returning identity token");
          return authToken.getIdentityToken();
 
       }