Changes accomplish the following:

- Allow for binary identity attributes. - Simplify configuration of the svc.
2006-05-31 15:24:01 +00:00 · 2006-05-31 15:24:01 +00:00 · b1966cac5f
commit b1966cac5f
parent 47d8264272
9 changed files with 99 additions and 61 deletions
--- a/auth_token/server/AuthTokenSvc/Makefile.am
+++ b/auth_token/server/AuthTokenSvc/Makefile.am
@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java

 $(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
 	@echo [======== Creating Webapp $@ ========]
-	cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
+	cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
+	cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
+	cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
+	cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
 	cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
 	cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
 	cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/
--- a/auth_token/server/AuthTokenSvc/authtoken.settings
+++ b/auth_token/server/AuthTokenSvc/authtoken.settings
@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<settings>
+<TokenLifetime>3600</TokenLifetime>
+</settings>
--- a/auth_token/server/AuthTokenSvc/identoken.settings
+++ b/auth_token/server/AuthTokenSvc/identoken.settings
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<settings>
+<EncryptAttributes>false</EncryptAttributes>
+<Attributes>sn</Attributes>
+</settings>
+
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
@ -46,7 +46,7 @@ public class AuthTokenConfig
   public final static String IdentityTokenType = "IdentityTokenType";

   // Default configuration values
-   private String m_defaultTokenLifetimeValue = "360";   // Seconds
+   private String m_defaultTokenLifetimeValue = "3600";  // Seconds
   private String m_defaultLifetimeShorterValue = "5";   // Seconds
   private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";

--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
@ -45,8 +45,6 @@ import java.net.URLClassLoader;
 */
 public class Authenticate implements RpcMethod
 {
-   private static final String   sessionTokenLifetime = "360"; // tbd - Obtain from configuration
-
   private static final String   m_mechanismSettingsFileName = "mechanism.settings";

   private Map m_authMechanismMap;
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken
      private final static int AWAITING_ATTRIBUTE_START = 18;
      private final static int AWAITING_ATTRIBUTE_END = 19;
      private final static int AWAITING_ATTRIBUTE_DATA = 20;
-      private final static int DONE_PARSING = 21;
+      private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
+      private final static int DONE_PARSING = 22;

      private CasaIdentityToken  m_casaIdentToken;
      private int          m_state;
@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken
               // Save the element name as the current attribute
               m_currAttribute = qName;

-               // Advance to the next state
-               m_state = AWAITING_ATTRIBUTE_DATA;
+               // Advance to the next state based on the attribute type
+               String attrType = atts.getValue("type");
+               if (attrType != null && attrType.equals("binary"))
+               {
+                  // We are dealing with a binary attribute. We are going to
+                  // assume that binary attributes are always base64 encoded.
+                  m_state = AWAITING_BINARY_ATTRIBUTE_DATA;
+               }
+               else
+               {
+                  // Assume we are dealing with an attribute of type string
+                  m_state = AWAITING_ATTRIBUTE_DATA;
+               }
               break;

            default:
@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken
               {
                  // tbd - Decrypt the attribute key and value with the private key of the service
                  // using the configured mechanism.
-                  m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length));
               }
               else
               {
@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken
               m_state = AWAITING_ATTRIBUTE_END;
               break;

+            case AWAITING_BINARY_ATTRIBUTE_DATA:
+               // Consume the data
+               //
+               // Decrypt the attribute data if necessary
+               if (m_encryptedAttrs)
+               {
+                  // tbd - Decrypt the attribute key and value with the private key of the service
+                  // using the configured mechanism.
+               }
+               else
+               {
+                  // The data is base64 encoded
+                  System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length); 
+                  char[] encodedChars = new char[length];
+                  System.arraycopy(ch, start, encodedChars, 0, length);
+                  System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array"); 
+                  m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
+                  System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded"); 
+               }
+
+               // Advance to the next state
+               m_state = AWAITING_ATTRIBUTE_END;
+               break;
+
            default:
               // Do nothing
               break;
@ -480,7 +515,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Constructor.
    */
-   public CasaIdentityToken(IdenTokenConfig idenTokenConfig)
+   public CasaIdentityToken (IdenTokenConfig idenTokenConfig)
   {
      // Initialize our members
      m_token = null;
@ -491,7 +526,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Constructor.
    */
-   public CasaIdentityToken()
+   public CasaIdentityToken ()
   {
      // Initialize our members
      m_token = null;
@ -502,11 +537,11 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Initialize with parameters.
    */
-   public void initialize(String identityId,
-                          String sourceName,
-                          String targetService,
-                          String targetHost,
-                          SvcConfig svcConfig) throws Exception
+   public void initialize (String identityId,
+                           String sourceName,
+                           String targetService,
+                           String targetHost,
+                           SvcConfig svcConfig) throws Exception
   {
      // Save input parameters
      m_identityId = identityId;
@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken

      try
      {
-         // tbd - Read parameters from configuration and leverage Higgins.
-         //
         // Open a directory context and use it to read the identity attributes.
         Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
         env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
+         env.put("java.naming.ldap.attributes.binary", "guid");
         env.put(IAContext.IA_REALM_SELECTOR, sourceName);

         DirContext ctx = new InitialDirContext(env);
@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken
            NamingEnumeration enumeration = attr.getAll();
            while (enumeration.hasMore())
            {
-               String attrValue = null;
-               Object o = enumeration.next();
-               if (o == null)
-               {
-                  System.err.println("CasaIdentityToken.initialize()- null");
-               }
-               if (o instanceof java.lang.String)
-               {
-                  System.err.println("CasaIdentityToken.initialize()- Type string");
-                  attrValue = (String) o;
-               }
-               else if (o instanceof java.lang.Byte)
-               {
-                  System.err.println("CasaIdentityToken.initialize()- Type byte[]");
-                  attrValue = ((byte[]) o).toString();
-               }
+               Object attrValue = enumeration.next();
+               m_attributes.put(attr.getID(), attrValue);
+               System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());

-               // Proceed if we were able to get the attribute value in String form
-               if (attrValue != null)
+               // Encrypt the attribute if necessary
+               if (encryptAttributes == true)
               {
-                  m_attributes.put(attr.getID(), attrValue);
-                  System.err.println("CasaIdentityToken.initialize()- Including attribute  " + attr.getID() + " of value " + attrValue);
-
-                  // Encrypt the attribute if necessary
-                  if (encryptAttributes == true)
-                  {
-                     // tbd - Encrypt the attributes using the services public key, let the mechanism
-                     // be configurable. The services certificate should be Base64 encoded as a setting
-                     // of the identoken.settings file.
-                     sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
-                  }
-                  else
-                  {
-                     sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
-                  }
+                  // tbd - Encrypt the attributes using the services public key, let the mechanism
+                  // be configurable. The service's certificate should be Base64 encoded as a setting
+                  // of the identoken.settings file.
               }
               else
               {
-                  System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID());
+                  // Proceed based on the attribute value type
+                  if (attrValue instanceof byte[])
+                  {
+                     // The attribute value is of type byte[], we need to encode it.
+                     sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "</" + attr.getID() + ">" + "\r\n");
+                     System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue)));
+                  }
+                  else
+                  {
+                     // Assume the attribute value is of type String
+                     sb.append("<" + attr.getID() + ">" + (String) attrValue + "</" + attr.getID() + ">" + "\r\n");
+                  }
               }
            }
         }
@ -647,7 +667,7 @@ public class CasaIdentityToken implements IdentityToken
    * IMPORTANT: The token string can not contain the substring "]]>"
    * within it.
    */
-   public String getEncodedToken() throws Exception
+   public String getEncodedToken () throws Exception
   {
      if (m_token != null)
      {
@ -663,7 +683,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Returns a string containing our type of identity token provider.
    */
-   public String getProviderType() throws Exception
+   public String getProviderType () throws Exception
   {
      // tbd - Change to a GUID
      return "CasaIdentityToken";
@ -672,7 +692,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Returns a string containing the identity id.
    */
-   public String getIdentityId() throws Exception
+   public String getIdentityId () throws Exception
   {
      if (m_identityId != null)
         return m_identityId;
@ -687,7 +707,7 @@ public class CasaIdentityToken implements IdentityToken
    * Returns a string containing the name associated with the
    * identity source.
    */
-   public String getSourceName() throws Exception
+   public String getSourceName () throws Exception
   {
      if (m_sourceName != null)
         return m_sourceName;
@ -702,7 +722,7 @@ public class CasaIdentityToken implements IdentityToken
    * Returns a string containing the url associated with the
    * identity source.
    */
-   public String getSourceUrl() throws Exception
+   public String getSourceUrl () throws Exception
   {
      if (m_sourceUrl != null)
         return m_sourceUrl;
@ -716,7 +736,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Returns a string containing the name of the targeted service.
    */
-   public String getTargetService() throws Exception
+   public String getTargetService () throws Exception
   {
      if (m_service != null)
         return m_service;
@ -731,7 +751,7 @@ public class CasaIdentityToken implements IdentityToken
    * Returns a string containig the name of the host where the
    * targeted service resides.
    */
-   public String getTargetHost() throws Exception
+   public String getTargetHost () throws Exception
   {
      if (m_host != null)
         return m_host;
@ -745,7 +765,7 @@ public class CasaIdentityToken implements IdentityToken
   /*
    * Returns the attributes of the identity.
    */
-   public javax.naming.directory.Attributes getAttributes() throws Exception
+   public javax.naming.directory.Attributes getAttributes () throws Exception
   {
      if (m_attributes != null)
         return m_attributes;
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
@ -54,8 +54,8 @@ public class SvcConfig
   public final static String AppRootPath = "AppRootPath";

   // Default configuration values
-   private String m_defaultSessionTokenLifetimeValue = "360";  // Seconds
-   private String m_defaultLifetimeShorterValue = "5";         // Seconds
+   private String m_defaultSessionTokenLifetimeValue = "43200";   // Seconds
+   private String m_defaultLifetimeShorterValue = "5";            // Seconds

   private static final String m_svcSettingsFileName = "svc.settings";
   private Map m_svcSettingsMap;
--- a/auth_token/server/AuthTokenSvc/svc.settings
+++ b/auth_token/server/AuthTokenSvc/svc.settings
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<settings>
+<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile>
+<startSearchContext>Replace with the Context from where to start searches, do not specify to start at the root.</startSearchContext>
+<SessionTokenLifetime>43200</SessionTokenLifetime>
+</settings>
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml
@ -4,6 +4,7 @@
 	CasaAuthTokenSvc</display-name>
    <servlet>
        <description>
+            The CasaAuthTokenSvc provides authentication tokens.
        </description>
        <display-name>
        Rpc</display-name>