public Policy loadPolicy(String xmlPath, String clientKey) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
RampartConfig rc = new RampartConfig();
rc.setUser("admin");
rc.setUserCertAlias("wso2carbon");
rc.setEncryptionUser("wso2carbon");
rc.setPwCbClass(SecurityClient.class.getName());
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop1 = new Properties();
prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
sigCryptoConfig.setProp(prop1);
CryptoConfig encrCryptoConfig = new CryptoConfig();
encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop2 = new Properties();
prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
encrCryptoConfig.setProp(prop2);
rc.setSigCryptoConfig(sigCryptoConfig);
rc.setEncrCryptoConfig(encrCryptoConfig);
policy.addAssertion(rc);
return policy;
}
private void run() {
try {
loadConfigurations();
// set the trust store as a system property for communication over
// TLS.
System.setProperty("javax.net.ssl.trustStore", keystorePath);
System.setProperty("javax.net.ssl.trustStorePassword", keystorePwd);
// create configuration context
ConfigurationContext configCtx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(repoPath);
// create STS client
STSClient stsClient = new STSClient(configCtx);
stsClient.setRstTemplate(getRSTTemplate());
String action = null;
String responseTokenID = null;
action =
TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
stsClient.setAction(action);
// request the security token from STS.
Token responseToken;
Policy stsPolicy = loadPolicy(stsPolicyPath);
// add rampart config assertion to the ws-sec policies
RampartConfig rampartConfig = buildRampartConfig();
stsPolicy.addAssertion(rampartConfig);
responseToken = stsClient.requestSecurityToken(null, stsEPR, stsPolicy, relyingPartyEPR);
// store the obtained token in token store to be used in future
// communication.
TokenStorage store = TrustUtil.getTokenStore(configCtx);
responseTokenID = responseToken.getId();
store.add(responseToken);
// print token
System.out.println(responseToken.getToken().toString());
// sending token renew request
String renewedTokenID = null;
if (enableRenewing) {
System.out.println("Renewing " + tokenType);
String TokenProfile = null;
if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_11)) {
TokenProfile = RahasConstants.TOK_TYPE_SAML_10;
} else if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_20)) {
TokenProfile = RahasConstants.TOK_TYPE_SAML_20;
}
stsClient.setRstTemplate(getRSTTemplate());
boolean tokenRenewed =
stsClient.renewToken(responseTokenID, TokenProfile, stsEPR, stsPolicy, store);
System.out.println("tokenRenewed : " + tokenRenewed);
Token renewedToken = store.getRenewedTokens()[0];
renewedTokenID = renewedToken.getId();
System.out.println("Renewed Token : \n" + renewedToken.getToken().toString());
}
// Validate the token
if (enableValidateBinding) {
// validating the token.
stsClient = new STSClient(configCtx);
action =
TrustUtil.getActionValue(
RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_VALIDATE);
stsClient.setAction(action);
String tokenID = null;
if (renewedTokenID != null) {
tokenID = renewedTokenID;
} else {
tokenID = responseTokenID;
}
boolean isValid = stsClient.validateToken(tokenID, stsEPR, stsPolicy);
if (isValid) {
if (enableRenewing) {
System.out.println("Renewed SAML " + tokenType + " Token is valid");
} else {
System.out.println("Response SAML " + tokenType + " Token is valid");
}
} else {
if (enableRenewing) {
System.out.println("Renewed SAML " + tokenType + " Token is invalid");
} else {
System.out.println("Response SAML " + tokenType + " Token is invalid");
}
}
}
// Send the token to relying party
if (enableRelyingParty) {
/* Invoke secured service using the obtained token */
OMElement responseElem = null;
// create service client
ServiceClient serClient = new ServiceClient(configCtx, null);
// engage modules
serClient.engageModule("addressing");
serClient.engageModule("rampart");
// load policy of secured service
Policy sec_policy = loadPolicy(relyingPartyPolicyPath);
// add rampart config to the ws-sec policies
sec_policy.addAssertion(rampartConfig);
// set in/out security policies in client opts
serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLICY, sec_policy);
// Set the token id as a property in the Axis2 client scope, so
// that this will be picked up when creating the secure message to
// invoke
// the endpoint.
serClient
.getOptions()
.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, renewedTokenID);
// set action of the Hello Service to be invoked.
serClient.getOptions().setAction("urn:echoString");
serClient.getOptions().setTo(new EndpointReference(relyingPartyEPR));
// invoke the service
// System.out.println(serClient.sendReceive(getPayload(echoRequestMsg)).toString());
responseElem = serClient.sendReceive(getPayload(echoRequestMsg));
// cleanup transports
serClient.getOptions().setCallTransportCleanup(true);
System.out.println(responseElem.toString());
System.exit(0);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
System.exit(0);
}
}