public SubjectBean getSubject(
TokenProviderParameters providerParameters, Document doc, byte[] secret
) {
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
String tokenType = tokenRequirements.getTokenType();
String keyType = keyRequirements.getKeyType();
String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
Principal principal = null;
ReceivedToken receivedToken = null;
//[TODO] ActAs support
//TokenValidator in IssueOperation has validated the ReceivedToken
//if validation was successful, the principal was set in ReceivedToken
if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
receivedToken = providerParameters.getTokenRequirements().getOnBehalfOf();
if (receivedToken.getState().equals(STATE.VALID)) {
principal = receivedToken.getPrincipal();
}
} else if (providerParameters.getTokenRequirements().getValidateTarget() != null) {
receivedToken = providerParameters.getTokenRequirements().getValidateTarget();
if (receivedToken.getState().equals(STATE.VALID)) {
principal = receivedToken.getPrincipal();
}
} else {
principal = providerParameters.getPrincipal();
}
if (principal == null) {
LOG.fine("Error in getting principal");
throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
}
SubjectBean subjectBean =
new SubjectBean(principal.getName(), subjectNameQualifier, confirmationMethod);
LOG.fine("Creating new subject with principal name: " + principal.getName());
if (subjectNameIDFormat != null && subjectNameIDFormat.length() > 0) {
subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
}
if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)) {
Crypto crypto = stsProperties.getEncryptionCrypto();
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
String encryptionName = encryptionProperties.getEncryptionName();
if (encryptionName == null) {
// Fall back on the STS encryption name
encryptionName = stsProperties.getEncryptionUsername();
}
if (encryptionName == null) {
LOG.fine("No encryption Name is configured for Symmetric KeyType");
throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
}
cryptoType.setAlias(encryptionName);
try {
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs == null || certs.length <= 0) {
new STSException("Encryption certificate is not found for alias: " + encryptionName,
STSException.REQUEST_FAILED);
}
KeyInfoBean keyInfo =
createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
subjectBean.setKeyInfo(keyInfo);
} catch (WSSecurityException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException(ex.getMessage(), ex);
}
} else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
ReceivedKey receivedKey = keyRequirements.getReceivedKey();
// Validate UseKey trust
if (stsProperties.isValidateUseKey() && stsProperties.getSignatureCrypto() != null) {
if (receivedKey.getX509Cert() != null) {
try {
if (!stsProperties.getSignatureCrypto().verifyTrust(
new X509Certificate[]{receivedKey.getX509Cert()}, false)) {
LOG.log(Level.FINE, "Error in trust validation of UseKey");
throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
}
} catch (WSSecurityException e) {
LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
}
}
if (receivedKey.getPublicKey() != null) {
try {
if (!stsProperties.getSignatureCrypto().verifyTrust(receivedKey.getPublicKey())) {
LOG.log(Level.FINE, "Error in trust validation of UseKey");
throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
}
} catch (WSSecurityException e) {
LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);