diff --git a/auth_token/server/AuthTokenSvc/Makefile.am b/auth_token/server/AuthTokenSvc/Makefile.am
index 8d90128d..a54ad79a 100644
--- a/auth_token/server/AuthTokenSvc/Makefile.am
+++ b/auth_token/server/AuthTokenSvc/Makefile.am
@@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java
$(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
@echo [======== Creating Webapp $@ ========]
- cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
+ cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
+ cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
+ cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
+ cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/
diff --git a/auth_token/server/AuthTokenSvc/authtoken.settings b/auth_token/server/AuthTokenSvc/authtoken.settings
new file mode 100644
index 00000000..4f10c209
--- /dev/null
+++ b/auth_token/server/AuthTokenSvc/authtoken.settings
@@ -0,0 +1,4 @@
+
+
+3600
+
diff --git a/auth_token/server/AuthTokenSvc/identoken.settings b/auth_token/server/AuthTokenSvc/identoken.settings
new file mode 100644
index 00000000..20209b9c
--- /dev/null
+++ b/auth_token/server/AuthTokenSvc/identoken.settings
@@ -0,0 +1,6 @@
+
+
+false
+sn
+
+
diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
index 29aa6fbe..066be707 100644
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
@@ -46,7 +46,7 @@ public class AuthTokenConfig
public final static String IdentityTokenType = "IdentityTokenType";
// Default configuration values
- private String m_defaultTokenLifetimeValue = "360"; // Seconds
+ private String m_defaultTokenLifetimeValue = "3600"; // Seconds
private String m_defaultLifetimeShorterValue = "5"; // Seconds
private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";
diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
index ef00cc0f..d2244fba 100644
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java
@@ -45,8 +45,6 @@ import java.net.URLClassLoader;
*/
public class Authenticate implements RpcMethod
{
- private static final String sessionTokenLifetime = "360"; // tbd - Obtain from configuration
-
private static final String m_mechanismSettingsFileName = "mechanism.settings";
private Map m_authMechanismMap;
diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
index 9de40376..75996278 100644
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
@@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken
private final static int AWAITING_ATTRIBUTE_START = 18;
private final static int AWAITING_ATTRIBUTE_END = 19;
private final static int AWAITING_ATTRIBUTE_DATA = 20;
- private final static int DONE_PARSING = 21;
+ private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
+ private final static int DONE_PARSING = 22;
private CasaIdentityToken m_casaIdentToken;
private int m_state;
@@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken
// Save the element name as the current attribute
m_currAttribute = qName;
- // Advance to the next state
- m_state = AWAITING_ATTRIBUTE_DATA;
+ // Advance to the next state based on the attribute type
+ String attrType = atts.getValue("type");
+ if (attrType != null && attrType.equals("binary"))
+ {
+ // We are dealing with a binary attribute. We are going to
+ // assume that binary attributes are always base64 encoded.
+ m_state = AWAITING_BINARY_ATTRIBUTE_DATA;
+ }
+ else
+ {
+ // Assume we are dealing with an attribute of type string
+ m_state = AWAITING_ATTRIBUTE_DATA;
+ }
break;
default:
@@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
- m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length));
}
else
{
@@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken
m_state = AWAITING_ATTRIBUTE_END;
break;
+ case AWAITING_BINARY_ATTRIBUTE_DATA:
+ // Consume the data
+ //
+ // Decrypt the attribute data if necessary
+ if (m_encryptedAttrs)
+ {
+ // tbd - Decrypt the attribute key and value with the private key of the service
+ // using the configured mechanism.
+ }
+ else
+ {
+ // The data is base64 encoded
+ System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length);
+ char[] encodedChars = new char[length];
+ System.arraycopy(ch, start, encodedChars, 0, length);
+ System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array");
+ m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
+ System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded");
+ }
+
+ // Advance to the next state
+ m_state = AWAITING_ATTRIBUTE_END;
+ break;
+
default:
// Do nothing
break;
@@ -480,7 +515,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Constructor.
*/
- public CasaIdentityToken(IdenTokenConfig idenTokenConfig)
+ public CasaIdentityToken (IdenTokenConfig idenTokenConfig)
{
// Initialize our members
m_token = null;
@@ -491,7 +526,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Constructor.
*/
- public CasaIdentityToken()
+ public CasaIdentityToken ()
{
// Initialize our members
m_token = null;
@@ -502,11 +537,11 @@ public class CasaIdentityToken implements IdentityToken
/*
* Initialize with parameters.
*/
- public void initialize(String identityId,
- String sourceName,
- String targetService,
- String targetHost,
- SvcConfig svcConfig) throws Exception
+ public void initialize (String identityId,
+ String sourceName,
+ String targetService,
+ String targetHost,
+ SvcConfig svcConfig) throws Exception
{
// Save input parameters
m_identityId = identityId;
@@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken
try
{
- // tbd - Read parameters from configuration and leverage Higgins.
- //
// Open a directory context and use it to read the identity attributes.
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
+ env.put("java.naming.ldap.attributes.binary", "guid");
env.put(IAContext.IA_REALM_SELECTOR, sourceName);
DirContext ctx = new InitialDirContext(env);
@@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken
NamingEnumeration enumeration = attr.getAll();
while (enumeration.hasMore())
{
- String attrValue = null;
- Object o = enumeration.next();
- if (o == null)
- {
- System.err.println("CasaIdentityToken.initialize()- null");
- }
- if (o instanceof java.lang.String)
- {
- System.err.println("CasaIdentityToken.initialize()- Type string");
- attrValue = (String) o;
- }
- else if (o instanceof java.lang.Byte)
- {
- System.err.println("CasaIdentityToken.initialize()- Type byte[]");
- attrValue = ((byte[]) o).toString();
- }
+ Object attrValue = enumeration.next();
+ m_attributes.put(attr.getID(), attrValue);
+ System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());
- // Proceed if we were able to get the attribute value in String form
- if (attrValue != null)
+ // Encrypt the attribute if necessary
+ if (encryptAttributes == true)
{
- m_attributes.put(attr.getID(), attrValue);
- System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID() + " of value " + attrValue);
-
- // Encrypt the attribute if necessary
- if (encryptAttributes == true)
- {
- // tbd - Encrypt the attributes using the services public key, let the mechanism
- // be configurable. The services certificate should be Base64 encoded as a setting
- // of the identoken.settings file.
- sb.append("<" + attr.getID() + ">" + attrValue + "" + "\r\n");
- }
- else
- {
- sb.append("<" + attr.getID() + ">" + attrValue + "" + "\r\n");
- }
+ // tbd - Encrypt the attributes using the services public key, let the mechanism
+ // be configurable. The service's certificate should be Base64 encoded as a setting
+ // of the identoken.settings file.
}
else
{
- System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID());
+ // Proceed based on the attribute value type
+ if (attrValue instanceof byte[])
+ {
+ // The attribute value is of type byte[], we need to encode it.
+ sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "" + "\r\n");
+ System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue)));
+ }
+ else
+ {
+ // Assume the attribute value is of type String
+ sb.append("<" + attr.getID() + ">" + (String) attrValue + "" + "\r\n");
+ }
}
}
}
@@ -647,7 +667,7 @@ public class CasaIdentityToken implements IdentityToken
* IMPORTANT: The token string can not contain the substring "]]>"
* within it.
*/
- public String getEncodedToken() throws Exception
+ public String getEncodedToken () throws Exception
{
if (m_token != null)
{
@@ -663,7 +683,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Returns a string containing our type of identity token provider.
*/
- public String getProviderType() throws Exception
+ public String getProviderType () throws Exception
{
// tbd - Change to a GUID
return "CasaIdentityToken";
@@ -672,7 +692,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Returns a string containing the identity id.
*/
- public String getIdentityId() throws Exception
+ public String getIdentityId () throws Exception
{
if (m_identityId != null)
return m_identityId;
@@ -687,7 +707,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containing the name associated with the
* identity source.
*/
- public String getSourceName() throws Exception
+ public String getSourceName () throws Exception
{
if (m_sourceName != null)
return m_sourceName;
@@ -702,7 +722,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containing the url associated with the
* identity source.
*/
- public String getSourceUrl() throws Exception
+ public String getSourceUrl () throws Exception
{
if (m_sourceUrl != null)
return m_sourceUrl;
@@ -716,7 +736,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Returns a string containing the name of the targeted service.
*/
- public String getTargetService() throws Exception
+ public String getTargetService () throws Exception
{
if (m_service != null)
return m_service;
@@ -731,7 +751,7 @@ public class CasaIdentityToken implements IdentityToken
* Returns a string containig the name of the host where the
* targeted service resides.
*/
- public String getTargetHost() throws Exception
+ public String getTargetHost () throws Exception
{
if (m_host != null)
return m_host;
@@ -745,7 +765,7 @@ public class CasaIdentityToken implements IdentityToken
/*
* Returns the attributes of the identity.
*/
- public javax.naming.directory.Attributes getAttributes() throws Exception
+ public javax.naming.directory.Attributes getAttributes () throws Exception
{
if (m_attributes != null)
return m_attributes;
diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
index 5e2ad335..39630987 100644
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
+++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java
@@ -54,8 +54,8 @@ public class SvcConfig
public final static String AppRootPath = "AppRootPath";
// Default configuration values
- private String m_defaultSessionTokenLifetimeValue = "360"; // Seconds
- private String m_defaultLifetimeShorterValue = "5"; // Seconds
+ private String m_defaultSessionTokenLifetimeValue = "43200"; // Seconds
+ private String m_defaultLifetimeShorterValue = "5"; // Seconds
private static final String m_svcSettingsFileName = "svc.settings";
private Map m_svcSettingsMap;
diff --git a/auth_token/server/AuthTokenSvc/svc.settings b/auth_token/server/AuthTokenSvc/svc.settings
new file mode 100644
index 00000000..c58c30fa
--- /dev/null
+++ b/auth_token/server/AuthTokenSvc/svc.settings
@@ -0,0 +1,6 @@
+
+
+Replace with path to the Identity Abstraction Realms Configuration File.
+Replace with the Context from where to start searches, do not specify to start at the root.
+43200
+
diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml b/auth_token/server/AuthTokenSvc/web.xml
similarity index 93%
rename from auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml
rename to auth_token/server/AuthTokenSvc/web.xml
index cf655ee5..9cefa768 100644
--- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml
+++ b/auth_token/server/AuthTokenSvc/web.xml
@@ -4,6 +4,7 @@
CasaAuthTokenSvc
+ The CasaAuthTokenSvc provides authentication tokens.
Rpc