001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SecurityMechanism.java,v 1.8 2008/08/31 15:50:03 mrudul_uchil Exp $
026 *
027 */
028
029package com.sun.identity.wss.security;
030
031import org.w3c.dom.Element;
032import java.util.HashMap;
033import java.util.Map;
034import java.util.Iterator;
035import java.util.ArrayList;
036import java.util.List;
037 
038/**
039 * This class exposes the <code>SecurityMechanism</code>s used in the Web 
040 * Services Security. 
041 * @supported.all.api
042 */
043public class SecurityMechanism {
044
045    // Initialize the security mechanism map
046    private static Map map = new HashMap();
047
048    /**
049     * <code>URI</code> for the SAML Holder of Key security profile. 
050     */
051    public static final String WSS_NULL_SAML_HK_URI = 
052               "urn:sun:wss:security:null:SAMLToken-HK";
053
054    /**
055     * <code>URI</code> for the SAML Holder of Key security profile with
056     *   <code>TLS</code> or <code>SSL</code> enabled.
057     */
058    public static final String WSS_TLS_SAML_HK_URI = 
059               "urn:sun:wss:security:TLS:SAMLToken-HK";
060
061    /**
062     * <code>URI</code> for the SAML Holder of Key security profile with
063     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
064     */
065    public static final String WSS_CLIENT_TLS_SAML_HK_URI = 
066               "urn:sun:wss:security:ClientTLS:SAMLToken-HK";
067
068    /**
069     * <code>URI</code> for the SAML Sender vouches security profile. 
070     */
071    public static final String WSS_NULL_SAML_SV_URI = 
072               "urn:sun:wss:security:null:SAMLToken-SV";
073
074    /**
075     * <code>URI</code> for the SAML Sender vouches security profile with
076     *   <code>TLS</code> or <code>SSL</code> enabled.
077     */
078    public static final String WSS_TLS_SAML_SV_URI = 
079               "urn:sun:wss:security:TLS:SAMLToken-SV";
080
081    /**
082     * <code>URI</code> for the SAML Sender vouches security profile with
083     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
084     */
085    public static final String WSS_CLIENT_TLS_SAML_SV_URI = 
086               "urn:sun:wss:security:ClientTLS:SAMLToken-SV";
087
088    /**
089     * <code>URI</code> for the X509 token security profile. 
090     */
091    public static final String WSS_NULL_X509_TOKEN_URI = 
092               "urn:sun:wss:security:null:X509Token";
093
094    /**
095     * <code>URI</code> for the X509 security profile with
096     *   <code>TLS</code> or <code>SSL</code> enabled.
097     */
098    public static final String WSS_TLS_X509_TOKEN_URI = 
099               "urn:sun:wss:security:TLS:X509Token";
100
101    /**
102     * <code>URI</code> for the X509 token security profile with
103     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
104     */
105    public static final String WSS_CLIENT_TLS_X509_TOKEN_URI = 
106               "urn:sun:wss:security:ClientTLS:X509Token";
107
108    /**
109     * <code>URI</code> for the Username token security profile. 
110     */
111    public static final String WSS_NULL_USERNAME_TOKEN_URI = 
112               "urn:sun:wss:security:null:UserNameToken";
113
114    /**
115     * <code>URI</code> for the username token security profile with
116     *   <code>TLS</code> or <code>SSL</code> enabled.
117     */
118    public static final String WSS_TLS_USERNAME_TOKEN_URI = 
119               "urn:sun:wss:security:TLS:UserNameToken";
120
121    /**
122     * <code>URI</code> for the username token security profile with
123     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
124     */
125    public static final String WSS_CLIENT_TLS_USERNAME_TOKEN_URI = 
126               "urn:sun:wss:security:ClientTLS:UserNameToken";
127
128    /**
129     * <code>URI</code> for the Username token security profile. 
130     */
131    public static final String WSS_NULL_USERNAME_TOKEN_PLAIN_URI = 
132               "urn:sun:wss:security:null:UserNameToken-Plain";
133
134    /**
135     * <code>URI</code> for the username token security profile with
136     *   <code>TLS</code> or <code>SSL</code> enabled.
137     */
138    public static final String WSS_TLS_USERNAME_TOKEN_PLAIN_URI = 
139               "urn:sun:wss:security:TLS:UserNameToken-Plain";
140
141    /**
142     * <code>URI</code> for the username token security profile with
143     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
144     */
145    public static final String WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN_URI = 
146               "urn:sun:wss:security:ClientTLS:UserNameToken-Plain";
147    
148    /**
149     * <code>URI</code> for all the liberty security profiles.
150     * This <code>URI</code> is mainly for the webservices clients where
151     * the real security mechanims are found from the liberty discovery service.
152     */
153    public static final String LIBERTY_DS_SECURITY_URI = 
154                               "urn:sun:liberty:discovery:security";
155    
156    /**     
157     * This <code>URI</code> is mainly for the webservices clients need to
158     * find the security token from the security token service.
159     */
160    public static final String STS_SECURITY_URI = "urn:sun:wss:sts:security";
161
162    /**
163     * <code>URI</code> for the liberty X509 token security profile.
164     */
165    public static final String LIB_NULL_X509_TOKEN_URI = 
166               "urn:liberty:security:2005-02:null:X509";
167
168    /**
169     * <code>URI</code> for the liberty SAML Bearer token security profile.
170     */
171    public static final String LIB_NULL_SAML_BEARER_TOKEN_URI = 
172               "urn:liberty:security:2005-02:null:Bearer";
173
174    /**
175     * <code>URI</code> for the liberty SAML token security profile.
176     */
177    public static final String LIB_NULL_SAML_TOKEN_URI = 
178               "urn:liberty:security:2005-02:null:SAML";
179
180    /**
181     * <code>URI</code> for the liberty X509 token security profile with TLS.
182     */
183    public static final String LIB_TLS_X509_TOKEN_URI = 
184               "urn:liberty:security:2005-02:TLS:X509";
185
186    /**
187     * <code>URI</code> for the liberty SAML Bearer token security profile with
188     *  SSL enabled.
189     */
190    public static final String LIB_TLS_SAML_BEARER_TOKEN_URI = 
191               "urn:liberty:security:2005-02:TLS:Bearer";
192
193    /**
194     * <code>URI</code> for the liberty SAML token security profile with SSL.
195     */
196    public static final String LIB_TLS_SAML_TOKEN_URI = 
197               "urn:liberty:security:2005-02:TLS:SAML";
198
199    /**
200     * <code>URI</code> for the liberty X509 token security profile with TLS 
201     * and client auth enabled.
202     */
203    public static final String LIB_CLIENT_TLS_X509_TOKEN_URI = 
204               "urn:liberty:security:2005-02:ClientTLS:X509";
205
206    /**
207     * <code>URI</code> for the liberty SAML Bearer token security profile with
208     *  SSL and client auth enabled.
209     */
210    public static final String LIB_CLIENT_TLS_SAML_BEARER_TOKEN_URI = 
211               "urn:liberty:security:2005-02:ClientTLS:Bearer";
212
213    /**
214     * <code>URI</code> for the liberty SAML token security profile with SSL 
215     * and client auth enabled.
216     */
217    public static final String LIB_CLIENT_TLS_SAML_TOKEN_URI = 
218               "urn:liberty:security:2005-02:ClientTLS:SAML";
219    
220    /**
221     * <code>URI</code> for the SAML2 Holder of Key security profile. 
222     */
223    public static final String WSS_NULL_SAML2_HK_URI = 
224               "urn:sun:wss:security:null:SAML2Token-HK";
225
226    /**
227     * <code>URI</code> for the SAML2 Holder of Key security profile with
228     *   <code>TLS</code> or <code>SSL</code> enabled.
229     */
230    public static final String WSS_TLS_SAML2_HK_URI = 
231               "urn:sun:wss:security:TLS:SAML2Token-HK";
232
233    /**
234     * <code>URI</code> for the SAML2 Holder of Key security profile with
235     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
236     */
237    public static final String WSS_CLIENT_TLS_SAML2_HK_URI = 
238               "urn:sun:wss:security:ClientTLS:SAML2Token-HK";
239    
240    /**
241     * <code>URI</code> for the SAML2 Sender Vouches security profile. 
242     */
243    public static final String WSS_NULL_SAML2_SV_URI = 
244               "urn:sun:wss:security:null:SAML2Token-SV";
245
246    /**
247     * <code>URI</code> for the SAML2 Sender Vouches security profile with
248     *   <code>TLS</code> or <code>SSL</code> enabled.
249     */
250    public static final String WSS_TLS_SAML2_SV_URI = 
251               "urn:sun:wss:security:TLS:SAML2Token-SV";
252
253    /**
254     * <code>URI</code> for the SAML2 Sender Vouches security profile with
255     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
256     */
257    public static final String WSS_CLIENT_TLS_SAML2_SV_URI = 
258               "urn:sun:wss:security:ClientTLS:SAML2Token-SV";
259    
260    /**
261     * <code>URI</code> for the anonymous security profile.
262     */
263    public static final String WSS_NULL_ANONYMOUS_URI =
264               "urn:sun:wss:security:null:Anonymous";
265
266    /**
267     * <code>URI</code> for the anonymous security profile with
268     *        <code>TLS</code> or <code>SSL</code> enabled.
269     */
270    public static final String WSS_TLS_ANONYMOUS_URI =
271               "urn:sun:wss:security:TLS:Anonymous";
272
273    /**
274     * <code>URI</code> for the anonymous security profile with
275     *        <code>TLS</code> or <code>SSL</code> and client auth enabled.
276     */
277    public static final String WSS_CLIENT_TLS_ANONYMOUS_URI =
278               "urn:sun:wss:security:ClientTLS:Anonymous";
279    
280    /**
281     * <code>URI</code> for the Kerberos token security profile. 
282     */
283    public static final String WSS_NULL_KERBEROS_TOKEN_URI = 
284               "urn:sun:wss:security:null:KerberosToken";
285
286    /**
287     * <code>URI</code> for the Kerberos security profile with
288     *   <code>TLS</code> or <code>SSL</code> enabled.
289     */
290    public static final String WSS_TLS_KERBEROS_TOKEN_URI = 
291               "urn:sun:wss:security:TLS:KerberosToken";
292
293    /**
294     * <code>URI</code> for the Kerberos token security profile with
295     *   <code>TLS</code> or <code>SSL</code>  and client auth enabled.
296     */
297    public static final String WSS_CLIENT_TLS_KERBEROS_TOKEN_URI = 
298               "urn:sun:wss:security:ClientTLS:KerberosToken";
299
300
301    static {
302        map.put("Anonymous", WSS_NULL_ANONYMOUS_URI);
303        map.put("TLS-Anonymous", WSS_TLS_ANONYMOUS_URI);
304        map.put("ClientTLS-Anonymous", WSS_CLIENT_TLS_ANONYMOUS_URI);        
305        map.put("ClientTLS-SAML-HolderOfKey", WSS_CLIENT_TLS_SAML_HK_URI);
306        map.put("TLS-SAML-HolderOfKey", WSS_TLS_SAML_HK_URI); 
307        map.put("SAML-HolderOfKey", WSS_NULL_SAML_HK_URI); 
308        map.put("ClientTLS-SAML-SenderVouches", WSS_CLIENT_TLS_SAML_SV_URI); 
309        map.put("TLS-SAML-SenderVouches", WSS_TLS_SAML_SV_URI);
310        map.put("SAML-SenderVouches", WSS_NULL_SAML_SV_URI); 
311        map.put("X509Token", WSS_NULL_X509_TOKEN_URI);
312        map.put("TLS-X509Token", WSS_TLS_X509_TOKEN_URI);
313        map.put("ClientTLS-X509Token", WSS_CLIENT_TLS_X509_TOKEN_URI);
314        map.put("UserNameToken", WSS_NULL_USERNAME_TOKEN_URI);
315        map.put("TLS-UserNameToken", WSS_TLS_USERNAME_TOKEN_URI); 
316        map.put("ClientTLS-UserNameToken", WSS_CLIENT_TLS_USERNAME_TOKEN_URI);
317        map.put("UserNameToken-Plain", WSS_NULL_USERNAME_TOKEN_PLAIN_URI);
318        map.put("TLS-UserNameToken-Plain", WSS_TLS_USERNAME_TOKEN_PLAIN_URI); 
319        map.put("ClientTLS-UserNameToken-Plain", WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN_URI);
320        map.put("LibertyDiscoverySecurity", LIBERTY_DS_SECURITY_URI);
321        map.put("LibertyX509Token", LIB_NULL_X509_TOKEN_URI);
322        map.put("LibertyBearerToken", LIB_NULL_SAML_BEARER_TOKEN_URI);
323        map.put("LibertySAMLToken", LIB_NULL_SAML_TOKEN_URI);
324        map.put("TLS-LibertyX509Token", LIB_TLS_X509_TOKEN_URI);
325        map.put("TLS-LibertyBearerToken", LIB_TLS_SAML_BEARER_TOKEN_URI);
326        map.put("TLS-LibertySAMLToken", LIB_TLS_SAML_TOKEN_URI);
327        map.put("ClientTLS-LibertyX509Token", LIB_CLIENT_TLS_X509_TOKEN_URI);
328        map.put("ClientTLS-LibertyBearerToken", 
329                          LIB_CLIENT_TLS_SAML_BEARER_TOKEN_URI);
330        map.put("ClientTLS-LibertySAMLToken", LIB_CLIENT_TLS_SAML_TOKEN_URI);
331        map.put("SAML2-HolderOfKey", WSS_NULL_SAML2_HK_URI);
332        map.put("TLS-SAML2-HolderOfKey", WSS_TLS_SAML2_HK_URI);
333        map.put("ClientTLS-SAML2-HolderOfKey", WSS_CLIENT_TLS_SAML2_HK_URI);
334        map.put("SAML2-SenderVouches", WSS_NULL_SAML2_SV_URI);
335        map.put("TLS-SAML2-SenderVouches", WSS_TLS_SAML2_SV_URI);
336        map.put("ClientTLS-SAML2-SenderVouches", WSS_CLIENT_TLS_SAML2_SV_URI);
337        map.put("STSSecurity", STS_SECURITY_URI);
338        map.put("KerberosToken", WSS_NULL_KERBEROS_TOKEN_URI);
339        map.put("TLS-KerberosToken", WSS_TLS_KERBEROS_TOKEN_URI);
340        map.put("ClientTLS-KerberosToken", WSS_CLIENT_TLS_KERBEROS_TOKEN_URI);
341    }
342
343    // The following defines Security mechanism objects.
344
345    /**
346     * Defines the security mechanism for the saml token holder of key
347     * with SSL and client auth enabled.
348     */
349    public static final SecurityMechanism WSS_CLIENT_TLS_SAML_HK = 
350                      new SecurityMechanism("ClientTLS-SAML-HolderOfKey");
351
352    /**
353     * Defines the security mechanism for the saml token holder of key
354     * with SSL enabled.
355     */
356    public static final SecurityMechanism WSS_TLS_SAML_HK = 
357                      new SecurityMechanism("TLS-SAML-HolderOfKey");
358
359    /**
360     * Defines the security mechanism for the saml token holder of key.
361     */
362    public static final SecurityMechanism WSS_NULL_SAML_HK = 
363                      new SecurityMechanism("SAML-HolderOfKey");
364
365    /**
366     * Defines the security mechanism for the saml token sender vouches
367     * with SSL and client auth enabled.
368     */
369    public static final SecurityMechanism WSS_CLIENT_TLS_SAML_SV = 
370                      new SecurityMechanism("ClientTLS-SAML-SenderVouches");
371
372    /**
373     * Defines the security mechanism for the saml token sender vouches
374     * with SSL enabled.
375     */
376    public static final SecurityMechanism WSS_TLS_SAML_SV = 
377                      new SecurityMechanism("TLS-SAML-SenderVouches");
378
379    /**
380     * Defines the security mechanism for the saml token sender vouches.
381     */
382    public static final SecurityMechanism WSS_NULL_SAML_SV = 
383                      new SecurityMechanism("SAML-SenderVouches");
384
385    /**
386     * Defines the security mechanism for the X509 token profile.
387     */
388    public static final SecurityMechanism WSS_NULL_X509_TOKEN = 
389                      new SecurityMechanism("X509Token");
390
391    /**
392     * Defines the security mechanism for the X509 token profile with 
393     * SSL enabled.
394     */
395    public static final SecurityMechanism WSS_TLS_X509_TOKEN = 
396                      new SecurityMechanism("TLS-X509Token");
397
398    /**
399     * Defines the security mechanism for the X509 token profile with 
400     * SSL and client auth enabled.
401     */
402    public static final SecurityMechanism WSS_CLIENT_TLS_X509_TOKEN = 
403                      new SecurityMechanism("ClientTLS-X509Token");
404
405    /**
406     * Defines the security mechanism for the Username token profile.
407     */
408    public static final SecurityMechanism WSS_NULL_USERNAME_TOKEN = 
409                      new SecurityMechanism("UserNameToken");
410
411    /**
412     * Defines the security mechanism for the Username token profile
413     * with SSL enabled.
414     */
415    public static final SecurityMechanism WSS_TLS_USERNAME_TOKEN = 
416                      new SecurityMechanism("TLS-UserNameToken");
417
418    /**
419     * Defines the security mechanism for the Username token profile
420     * with SSL and client auth enabled.
421     */
422    public static final SecurityMechanism WSS_CLIENT_TLS_USERNAME_TOKEN = 
423                      new SecurityMechanism("ClientTLS-UserNameToken");
424
425    /**
426     * Defines the security mechanism for the Username token profile.
427     */
428    public static final SecurityMechanism WSS_NULL_USERNAME_TOKEN_PLAIN = 
429                      new SecurityMechanism("UserNameToken-Plain");
430
431    /**
432     * Defines the security mechanism for the Username token profile
433     * with SSL enabled.
434     */
435    public static final SecurityMechanism WSS_TLS_USERNAME_TOKEN_PLAIN = 
436                      new SecurityMechanism("TLS-UserNameToken-Plain");
437
438    /**
439     * Defines the security mechanism for the Username token profile
440     * with SSL and client auth enabled.
441     */
442    public static final SecurityMechanism WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN = 
443                      new SecurityMechanism("ClientTLS-UserNameToken-Plain");
444
445    /**
446     * Defines the security mechanism for the Liberty token profiles.
447     */
448    public static final SecurityMechanism LIBERTY_DS_SECURITY = 
449                      new SecurityMechanism("LibertyDiscoverySecurity", true);
450    
451     /**
452     * Defines the security mechanism for the security token service profiles.
453     */
454    public static final SecurityMechanism STS_SECURITY = 
455                      new SecurityMechanism("STSSecurity", true);
456    /**
457     * Defines the security mechanism for the Liberty x509 token profile.
458     */
459    public static final SecurityMechanism LIB_NULL_X509_TOKEN = 
460                      new SecurityMechanism("LibertyX509Token", true);
461
462    /**
463     * Defines the security mechanism for the Liberty bearer token profile.
464     */
465    public static final SecurityMechanism LIB_NULL_SAML_BEARER_TOKEN = 
466                      new SecurityMechanism("LibertyBearerToken", true);
467
468    /**
469     * Defines the security mechanism for the Liberty SAML token profile.
470     */
471    public static final SecurityMechanism LIB_NULL_SAML_TOKEN = 
472                      new SecurityMechanism("LibertySAMLToken", true);
473
474    /**
475     * Defines the security mechanism for the Liberty x509 token profile
476     *         with SSL enabled.
477     */
478    public static final SecurityMechanism LIB_TLS_X509_TOKEN = 
479                      new SecurityMechanism("TLS-LibertyX509Token", true);
480
481    /**
482     * Defines the security mechanism for the Liberty bearer token profile
483     *             with SSL enabled.
484     */
485    public static final SecurityMechanism LIB_TLS_SAML_BEARER_TOKEN = 
486                      new SecurityMechanism("TLS-LibertyBearerToken", true);
487
488    /**
489     * Defines the security mechanism for the Liberty SAML token profile
490     *         with SSL enabled.
491     */
492    public static final SecurityMechanism LIB_TLS_SAML_TOKEN = 
493                      new SecurityMechanism("TLS-LibertySAMLToken", true);
494
495    /**
496     * Defines the security mechanism for the Liberty x509 token profile
497     *         with SSL and client auth enabled.
498     */
499    public static final SecurityMechanism LIB_CLIENT_TLS_X509_TOKEN = 
500                      new SecurityMechanism("ClientTLS-LibertyX509Token", true);
501
502    /**
503     * Defines the security mechanism for the Liberty bearer token profile
504     *             with SSL and client auth enabled.
505     */
506    public static final SecurityMechanism LIB_CLIENT_TLS_SAML_BEARER_TOKEN = 
507                  new SecurityMechanism("ClientTLS-LibertyBearerToken", true);
508
509    /**
510     * Defines the security mechanism for the Liberty SAML token profile
511     *         with SSL and client auth enabled.
512     */
513    public static final SecurityMechanism LIB_CLIENT_TLS_SAML_TOKEN = 
514                      new SecurityMechanism("ClientTLS-LibertySAMLToken", true);
515    
516    /**
517     * Defines the security mechanism for the saml2 token holder of key
518     * with SSL and client auth enabled.
519     */
520    public static final SecurityMechanism WSS_CLIENT_TLS_SAML2_HK = 
521                      new SecurityMechanism("ClientTLS-SAML2-HolderOfKey");
522
523    /**
524     * Defines the security mechanism for the saml2 token holder of key
525     * with SSL enabled.
526     */
527    public static final SecurityMechanism WSS_TLS_SAML2_HK = 
528                      new SecurityMechanism("TLS-SAML2-HolderOfKey");
529
530    /**
531     * Defines the security mechanism for the saml2 token holder of key.
532     */
533    public static final SecurityMechanism WSS_NULL_SAML2_HK = 
534                      new SecurityMechanism("SAML2-HolderOfKey");
535
536    /**
537     * Defines the security mechanism for the saml2 token sender vouches
538     * with SSL and client auth enabled.
539     */
540    public static final SecurityMechanism WSS_CLIENT_TLS_SAML2_SV = 
541                      new SecurityMechanism("ClientTLS-SAML2-SenderVouches");
542
543    /**
544     * Defines the security mechanism for the saml2 token sender vouches
545     * with SSL enabled.
546     */
547    public static final SecurityMechanism WSS_TLS_SAML2_SV = 
548                      new SecurityMechanism("TLS-SAML2-SenderVouches");
549
550    /**
551     * Defines the security mechanism for the saml2 token sender vouches.
552     */
553    public static final SecurityMechanism WSS_NULL_SAML2_SV = 
554                      new SecurityMechanism("SAML2-SenderVouches");
555
556    /**
557     * Defines the security mechanism for the anonymous token
558     * with SSL and client auth enabled.
559     */
560    public static final SecurityMechanism WSS_CLIENT_TLS_ANONYMOUS =
561                      new SecurityMechanism("ClientTLS-Anonymous");
562
563    /**
564     * Defines the security mechanism for the anonymous token
565     * with SSL.
566     */
567    public static final SecurityMechanism WSS_TLS_ANONYMOUS =
568                      new SecurityMechanism("TLS-Anonymous");
569
570    /**
571     * Defines the security mechanism for the anonymous token.
572     */
573    public static final SecurityMechanism WSS_NULL_ANONYMOUS =
574                      new SecurityMechanism("Anonymous");
575    /**
576     * Defines the security mechanism for the Kerberos token profile.
577     */
578    public static final SecurityMechanism WSS_NULL_KERBEROS_TOKEN = 
579                      new SecurityMechanism("KerberosToken");
580
581    /**
582     * Defines the security mechanism for the Kerberos token profile with 
583     * SSL enabled.
584     */
585    public static final SecurityMechanism WSS_TLS_KERBEROS_TOKEN = 
586                      new SecurityMechanism("TLS-KerberosToken");
587
588    /**
589     * Defines the security mechanism for the Kerberos token profile with 
590     * SSL and client auth enabled.
591     */
592    public static final SecurityMechanism WSS_CLIENT_TLS_KERBEROS_TOKEN = 
593                      new SecurityMechanism("ClientTLS-KerberosToken");
594        
595
596    private String sechMech = null;
597    private String uri = null;
598    private boolean lookupEnabled = false;
599    private boolean registerEnabled = false;
600
601    /**
602     * Constructs <code>SecurityMechanism</code>.
603     *
604     * @param name the security mechanism name.
605     *
606     */ 
607    public SecurityMechanism(String name) {
608       this.sechMech = name;
609       this.uri = (String)map.get(sechMech);
610    }
611
612    /**
613     * Constructs <code>SecurityMechanism</code>.
614     * @param name the name of the security mechanism.
615     * @param useTA the boolean variable to let enable for the 
616     *        trust authority look up or registration.
617     */
618    public SecurityMechanism(String name, boolean useTA) {
619       this.sechMech = name;
620       this.uri = (String)map.get(sechMech);
621       this.lookupEnabled = useTA; 
622       this.registerEnabled = useTA;
623    }
624
625    /** 
626     * Returns the security mechanism name.
627     *
628     * @return the name of the security mechanism. 
629     */
630    public String getName() {
631        return sechMech;
632    }
633
634    /**
635     * Returns the <code>URI</code> of the security mechanism.
636     *
637     * @return the name of the security mechanism.
638     */
639    public String getURI() {
640        return uri;
641    }
642
643    /**
644     * Checks if the Trust Authrotiy registration is required
645     * for this security mechanism.
646     *
647     * @return true if the trust authority registration is required.
648     */
649    public boolean isTARegistrationRequired() {
650        return registerEnabled;
651    }
652
653    /**
654     * Checks if the Trust Authority lookup is required for this
655     * security mechanism.
656     *
657     * @return true if the trust authority lookup is required.
658     */
659    public boolean isTALookupRequired() {
660        return lookupEnabled;
661    }
662
663    /**
664     * Returns the security mechanism for the corresponding
665     * security mechanism <code>URI</code>.
666     *
667     * @return the security mechanism object.
668     */
669    public static SecurityMechanism getSecurityMechanism(String uri) {
670        if(uri == null) {
671           return null;
672        }
673        Iterator entries =  map.entrySet().iterator();
674        while(entries.hasNext()) {
675           Map.Entry entry = (Map.Entry)entries.next();
676           String key = (String)entry.getKey();
677           String value = (String)entry.getValue();
678           if(value.equals(uri)) {
679              if(uri.equals(LIBERTY_DS_SECURITY_URI) ||
680                 uri.equals(LIB_NULL_X509_TOKEN_URI) ||
681                 uri.equals(LIB_TLS_X509_TOKEN_URI) ||
682                 uri.equals(LIB_CLIENT_TLS_X509_TOKEN_URI) ||
683                 uri.equals(LIB_NULL_SAML_TOKEN_URI) ||
684                 uri.equals(LIB_TLS_SAML_TOKEN_URI) ||
685                 uri.equals(LIB_CLIENT_TLS_SAML_TOKEN_URI) ||
686                 uri.equals(LIB_NULL_SAML_BEARER_TOKEN_URI) ||
687                 uri.equals(LIB_TLS_SAML_BEARER_TOKEN_URI) ||
688                 uri.equals(LIB_CLIENT_TLS_SAML_BEARER_TOKEN_URI) ||
689                 uri.equals(STS_SECURITY_URI)) {
690                 return new SecurityMechanism(key, true);
691              } else {
692                 return new SecurityMechanism(key);
693              }
694           }
695        }
696        return null;
697    }
698
699    /**
700     * Returns the list of liberty security mechanism URIs.
701     * @return the list of liberty security mechanism URIs.
702     */
703    public static List getLibertySecurityMechanismURIs() {
704        List list = new ArrayList();
705        list.add(LIB_NULL_X509_TOKEN_URI);
706        list.add(LIB_TLS_X509_TOKEN_URI);
707        list.add(LIB_CLIENT_TLS_X509_TOKEN_URI);
708        list.add(LIB_NULL_SAML_BEARER_TOKEN_URI);
709        list.add(LIB_TLS_SAML_BEARER_TOKEN_URI);
710        list.add(LIB_CLIENT_TLS_SAML_BEARER_TOKEN_URI);
711        list.add(LIB_NULL_SAML_TOKEN_URI);
712        list.add(LIB_TLS_SAML_TOKEN_URI);
713        list.add(LIB_CLIENT_TLS_SAML_TOKEN_URI);
714        return list;
715    }
716    
717    /**
718     * Returns all the list of <code>SecurityMechanism</code>s supported
719     * by the Web Services Client.
720     * @return the list of <code>SecurityMechanism<code>s supported
721     * by the Web Services Client.
722     */
723    public static List getAllWSCSecurityMechanisms() {
724        List list = new ArrayList();
725        list.add(WSS_NULL_ANONYMOUS);
726        list.add(WSS_NULL_SAML_SV);
727        list.add(WSS_NULL_SAML_HK);
728        list.add(WSS_NULL_X509_TOKEN);
729        list.add(WSS_NULL_KERBEROS_TOKEN);
730        list.add(WSS_NULL_USERNAME_TOKEN);
731        list.add(WSS_NULL_USERNAME_TOKEN_PLAIN);
732        list.add(WSS_NULL_SAML2_SV);
733        list.add(WSS_NULL_SAML2_HK);
734        list.add(LIBERTY_DS_SECURITY);
735        list.add(STS_SECURITY);
736        return list;
737    }
738
739    /**
740     * Returns all the list of <code>SecurityMechanism<code>s supported
741     *     by the Web Services Provider.
742     * @return the list of <code>SecurityMechanism</code>s supported
743     *     by the Web Services Provider.
744     */
745    public static List getAllWSPSecurityMechanisms() {
746        List list = new ArrayList();
747        list.add(WSS_NULL_ANONYMOUS);
748        list.add(WSS_NULL_SAML_SV);
749        list.add(WSS_NULL_SAML_HK);
750        list.add(WSS_NULL_X509_TOKEN);
751        list.add(WSS_NULL_KERBEROS_TOKEN);
752        list.add(WSS_NULL_USERNAME_TOKEN);
753        list.add(WSS_NULL_USERNAME_TOKEN_PLAIN);
754        list.add(WSS_NULL_SAML2_SV);
755        list.add(WSS_NULL_SAML2_HK);        
756        list.add(LIB_NULL_X509_TOKEN);
757        list.add(LIB_NULL_SAML_BEARER_TOKEN);
758        list.add(LIB_NULL_SAML_TOKEN);
759        return list;
760    }
761
762}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.