org.apache.xml.security.utils.XMLUtils Java Examples

The following examples show how to use org.apache.xml.security.utils.XMLUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KerberosTokenInterceptorProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken)
        throws TokenStoreException {
    SecurityToken token = new SecurityToken(kerberosToken.getId());
    token.setTokenType(kerberosToken.getKerberosTokenValueType());

    SecretKey secretKey = getSecretKeyFromToken(kerberosToken);
    token.setKey(secretKey);
    if (secretKey != null) {
        token.setSecret(secretKey.getEncoded());
    }

    byte[] ticket = kerberosToken.getBinaryContent();
    try {
        token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket)));
    } catch (WSSecurityException e) {
        // Just consume this for now as it isn't critical...
    }

    TokenStoreUtils.getTokenStore(message).add(token);
    message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
}
 
Example #2
Source File: SpnegoContextTokenInInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void writeProofToken(
    W3CDOMStreamWriter writer,
    String prefix,
    String namespace,
    byte[] key
) throws Exception {
    // RequestedProofToken
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);

    // EncryptedKey
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptedKey", WSS4JConstants.ENC_NS);
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptionMethod", WSS4JConstants.ENC_NS);
    writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap");
    writer.writeEndElement();
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherData", WSS4JConstants.ENC_NS);
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherValue", WSS4JConstants.ENC_NS);

    writer.writeCharacters(XMLUtils.encodeToString(key));

    writer.writeEndElement();
    writer.writeEndElement();
    writer.writeEndElement();

    writer.writeEndElement();
}
 
Example #3
Source File: UsernameTokenInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement, boolean bspCompliant,
                                                              boolean allowNamespaceQualifiedPWDTypes)
    throws WSSecurityException, Base64DecodingException {
    BSPEnforcer bspEnforcer = new org.apache.wss4j.common.bsp.BSPEnforcer(!bspCompliant);
    org.apache.wss4j.dom.message.token.UsernameToken ut =
        new org.apache.wss4j.dom.message.token.UsernameToken(tokenElement, allowNamespaceQualifiedPWDTypes,
                                                             bspEnforcer);

    WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
    if (ut.getNonce() != null) {
        principal.setNonce(XMLUtils.decode(ut.getNonce()));
    }
    principal.setPassword(ut.getPassword());
    principal.setCreatedTime(ut.getCreated());
    principal.setPasswordType(ut.getPasswordType());

    return principal;
}
 
Example #4
Source File: SignerBES.java    From xades4j with GNU Lesser General Public License v3.0 5 votes vote down vote up
private Element createElementForAlgorithm(Algorithm algorithm, String elementName, Document signatureDocument) throws UnsupportedAlgorithmException
{
    Element algorithmElem = XMLUtils.createElementInSignatureSpace(signatureDocument, elementName);
    algorithmElem.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithm.getUri());

    List<Node> algorithmParams = this.algorithmsParametersMarshaller.marshalParameters(algorithm, signatureDocument);
    if (algorithmParams != null)
    {
        for (Node p : algorithmParams)
        {
            algorithmElem.appendChild(p);
        }
    }
    return algorithmElem;
}
 
Example #5
Source File: CustomUsernameTokenInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected Subject createSubject(String name,
                                String password,
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();

    // delegate to the external security system if possible

    // authenticate the user somehow
    subject.getPrincipals().add(new SimplePrincipal(name));

    // add roles this user is in
    String roleName = "Alice".equals(name) ? "developers" : "pms";
    try {
        String expectedPassword = "Alice".equals(name) ? "ecilA"
            : UsernameTokenUtil.doPasswordDigest(XMLUtils.decode(nonce), created, "invalid-password");
        if (!password.equals(expectedPassword)) {
            throw new SecurityException("Wrong Password");
        }
    } catch (org.apache.wss4j.common.ext.WSSecurityException ex) {
        throw new SecurityException("Wrong Password");
    }

    subject.getPrincipals().add(new SimpleGroup(roleName, name));
    subject.setReadOnly();
    return subject;
}
 
Example #6
Source File: SpnegoContextTokenInInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
private SpnegoTokenContext handleBinaryExchange(
    Element binaryExchange,
    Message message,
    String namespace
) throws Exception {
    if (binaryExchange == null) {
        throw new Exception("No BinaryExchange element received");
    }
    String encoding = binaryExchange.getAttributeNS(null, "EncodingType");
    if (!WSS4JConstants.BASE64_ENCODING.equals(encoding)) {
        throw new Exception("Unknown encoding type: " + encoding);
    }

    String valueType = binaryExchange.getAttributeNS(null, "ValueType");
    if (!(namespace + "/spnego").equals(valueType)) {
        throw new Exception("Unknown value type: " + valueType);
    }

    String content = DOMUtils.getContent(binaryExchange);
    byte[] decodedContent = XMLUtils.decode(content);

    String jaasContext =
        (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
    String kerberosSpn =
        (String)message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
    CallbackHandler callbackHandler =
        SecurityUtils.getCallbackHandler(
            SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message)
        );

    SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
    spnegoToken.validateServiceTicket(
        jaasContext, callbackHandler, kerberosSpn, decodedContent
    );
    return spnegoToken;
}
 
Example #7
Source File: STSInvoker.java    From cxf with Apache License 2.0 5 votes vote down vote up
byte[] writeProofToken(String prefix,
    String namespace,
    W3CDOMStreamWriter writer,
    byte[] clientEntropy,
    int keySize
) throws NoSuchAlgorithmException, WSSecurityException, XMLStreamException {
    byte[] secret = null;
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);

        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(XMLUtils.encodeToString(secret));
        writer.writeEndElement();
    } else {
        byte[] entropy = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);

        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
        writer.writeEndElement();

        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(XMLUtils.encodeToString(entropy));
        writer.writeEndElement();

    }
    writer.writeEndElement();
    return secret;
}
 
Example #8
Source File: TokenStoreCallbackHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up
private static String getSHA1(byte[] input) {
    try {
        byte[] digestBytes = KeyUtils.generateDigest(input);
        return XMLUtils.encodeToString(digestBytes);
    } catch (WSSecurityException e) {
        //REVISIT
    }
    return null;
}
 
Example #9
Source File: KerberosTokenPolicyValidator.java    From cxf with Apache License 2.0 5 votes vote down vote up
private SecurityToken createSecurityToken(KerberosSecurity binarySecurityToken) {
    SecurityToken token = new SecurityToken(binarySecurityToken.getID());
    token.setToken(binarySecurityToken.getElement());
    token.setTokenType(binarySecurityToken.getValueType());
    byte[] tokenBytes = binarySecurityToken.getToken();
    try {
        token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(tokenBytes)));
    } catch (WSSecurityException e) {
        // Just consume this for now as it isn't critical...
    }
    return token;
}
 
Example #10
Source File: SymmetricBindingHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up
private static String getSHA1(byte[] input) {
    try {
        byte[] digestBytes = KeyUtils.generateDigest(input);
        return XMLUtils.encodeToString(digestBytes);
    } catch (WSSecurityException e) {
        //REVISIT
    }
    return null;
}