Examples of org.picketlink.identity.federation.core.wstrust.STSClient

• org.picketlink.identity.federation.core.wstrust.STSClient
  WS-Trust Client @author Anil.Saldhana@redhat.com @since Aug 29, 2009

            // sts config file has to be present to call STS (using sts client)
            if (this.stsConfigurationFile == null)
                throw logger.authSTSConfigFileNotFound();

            // send the assertion to the STS for validation.
            STSClient client = this.getSTSClient();
            try {
                boolean isValid = client.validateToken(assertionElement);
                // if the STS says the assertion is invalid, throw an exception to signal that authentication has failed.
                if (isValid == false)
                    throw logger.authInvalidSAMLAssertionBySTS();
            } catch (WSTrustException we) {
                throw logger.authAssertionValidationError(we);

        /*
         * Builder builder = new Builder(this.stsConfigurationFile); STSClient client = new STSClient(builder.build());
         */

        Builder builder = null;
        STSClient client = null;
        if (rawOptions.containsKey(STS_CONFIG_FILE)) {
            builder = new Builder(this.stsConfigurationFile);
            client = STSClientFactory.getInstance(maxClientsInPool).create(initialNumberOfClients, builder.build());
        } else {
            builder = new Builder();
            builder.endpointAddress((String) rawOptions.get(ENDPOINT_ADDRESS));
            builder.portName((String) rawOptions.get(PORT_NAME)).serviceName((String) rawOptions.get(SERVICE_NAME));
            builder.username((String) rawOptions.get(USERNAME_KEY)).password((String) rawOptions.get(PASSWORD_KEY));

            String passwordString = (String) rawOptions.get(PASSWORD_KEY);
            if (passwordString != null && passwordString.startsWith(PicketLinkFederationConstants.PASS_MASK_PREFIX)) {
                // password is masked
                String salt = (String) rawOptions.get(PicketLinkFederationConstants.SALT);
                if (StringUtil.isNullOrEmpty(salt))
                    throw logger.optionNotSet("Salt");

                String iCount = (String) rawOptions.get(PicketLinkFederationConstants.ITERATION_COUNT);
                if (StringUtil.isNullOrEmpty(iCount))
                    throw logger.optionNotSet("Iteration Count");

                int iterationCount = Integer.parseInt(iCount);
                try {
                    builder.password(StringUtil.decode(passwordString, salt, iterationCount));
                } catch (Exception e) {
                    throw logger.unableToDecodePasswordError(passwordString);
                }
            }
            client = STSClientFactory.getInstance(maxClientsInPool).create(initialNumberOfClients, builder.build());
        }

        // if the login module options map still contains any properties, assume they are for configuring the connection
        // to the STS and set them in the Dispatch request context.
        if (!this.options.isEmpty()) {
            Dispatch<Source> dispatch = client.getDispatch();
            for (Map.Entry<String, ?> entry : this.options.entrySet())
                dispatch.getRequestContext().put(entry.getKey(), entry.getValue());
        }
        return client;
    }

                throwSecurityTokenUnavailable();
            }

            setUsernameFromMessageContext(messageContext, configBuilder);
            setPasswordFromMessageContext(messageContext, configBuilder);
            final STSClient stsClient = createSTSClient(configBuilder);

            if (stsClient.validateToken(securityToken) == false) {
                throwFailedAuthentication();
            }
        } catch (final WSTrustException e) {
            throwInvalidSecurity();
        } catch (ParsingException e) {

            }

            if (passwordStacking)
                setPasswordStackingCredentials(builder);

            final STSClient stsClient = createWSTrustClient(builder.build());

            final Element token = invokeSTS(stsClient);

            if (token == null) {
                // Throw an exception as returing false only says that this login module should be ignored.

     *        request.
     * @return an {@code Element} representing the security token that has been issued.
     * @throws WSTrustException if a WS-Trust exception is thrown by the STS.
     */
    private Element issueInternal(RequestSecurityToken request, int clientIndex) throws WSTrustException {
        STSClient client = this.clients[clientIndex];
        try {
            return client.issueToken(request);
        } catch (RuntimeException e) {
            // if this was a connection refused exception and we still have clients to try, call the next client.
            if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) {
                return this.issueInternal(request, ++clientIndex);
            }

     *        request.
     * @return an {@code Element} representing the security token that has been renewed.
     * @throws WSTrustException if a WS-Trust exception is thrown by the STS.
     */
    private Element renewInternal(String tokenType, Element token, int clientIndex) throws WSTrustException {
        STSClient client = this.clients[clientIndex];
        try {
            return client.renewToken(tokenType, token);
        } catch (RuntimeException e) {
            // if this was a connection refused exception and we still have clients to try, call the next client.
            if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) {
                return this.renewInternal(tokenType, token, ++clientIndex);
            }

     *        request.
     * @return {@code true} if the token was considered valid; {@code false} otherwise.
     * @throws WSTrustException if a WS-Trust exception is thrown by the STS.
     */
    private boolean validateInternal(Element token, int clientIndex) throws WSTrustException {
        STSClient client = this.clients[clientIndex];
        try {
            return client.validateToken(token);
        } catch (RuntimeException e) {
            // if this was a connection refused exception and we still have clients to try, call the next client.
            if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) {
                return this.validateInternal(token, ++clientIndex);
            }

     *        request.
     * @return {@code true} if the token was canceled; {@code false} otherwise.
     * @throws WSTrustException if a WS-Trust exception is thrown by the STS.
     */
    private boolean cancelInternal(Element token, int clientIndex) throws WSTrustException {
        STSClient client = this.clients[clientIndex];
        try {
            return client.cancelToken(token);
        } catch (RuntimeException e) {
            // if this was a connection refused exception and we still have clients to try, call the next client.
            if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) {
                return this.cancelInternal(token, ++clientIndex);
            }