Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#getTokenType()
The following examples show how to use
org.apache.cxf.ws.security.tokenstore.SecurityToken#getTokenType() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken( String appliesTo, String action, String requestType, String binaryExchange ) throws Exception { STSResponse response = issue(appliesTo, action, requestType, binaryExchange); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 2
Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken( String appliesTo, String action, String requestType, String binaryExchange ) throws Exception { STSResponse response = issue(appliesTo, action, requestType, binaryExchange); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 3
Source File: STSClient.java From cxf with Apache License 2.0 | 6 votes |
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception { STSResponse response = renew(tok); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null); inlineAttachments(token, response.getAttachments()); if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 4
Source File: STSClient.java From cxf with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken( String appliesTo, String action, String requestType, String binaryExchange ) throws Exception { STSResponse response = issue(appliesTo, action, requestType, binaryExchange); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); inlineAttachments(token, response.getAttachments()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 5
Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken( String appliesTo, String action, String requestType, String binaryExchange ) throws Exception { STSResponse response = issue(appliesTo, action, requestType, binaryExchange); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 6
Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken( String appliesTo, String action, String requestType, String binaryExchange ) throws Exception { STSResponse response = issue(appliesTo, action, requestType, binaryExchange); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 7
Source File: STSClient.java From steady with Apache License 2.0 | 5 votes |
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception { STSResponse response = renew(tok); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null); if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 8
Source File: STSClient.java From steady with Apache License 2.0 | 5 votes |
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception { STSResponse response = renew(tok); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null); if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 9
Source File: STSClient.java From steady with Apache License 2.0 | 5 votes |
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception { STSResponse response = renew(tok); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null); if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 10
Source File: STSClient.java From steady with Apache License 2.0 | 5 votes |
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception { STSResponse response = renew(tok); SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null); if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } return token; }
Example 11
Source File: AbstractStaxBindingHandler.java From cxf with Apache License 2.0 | 4 votes |
protected void storeSecurityToken(AbstractToken policyToken, SecurityToken tok) { SecurityTokenConstants.TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken; if (tok.getTokenType() != null) { if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) { tokenType = WSSecurityTokenConstants.KERBEROS_TOKEN; } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE) || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) { tokenType = WSSecurityTokenConstants.SAML_11_TOKEN; } else if (tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_02) || tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_12)) { tokenType = WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN; } } final Key key = tok.getKey(); final byte[] secret = tok.getSecret(); final X509Certificate[] certs = new X509Certificate[1]; if (tok.getX509Certificate() != null) { certs[0] = tok.getX509Certificate(); } final GenericOutboundSecurityToken encryptedKeySecurityToken = new GenericOutboundSecurityToken(tok.getId(), tokenType, key, certs) { @Override public Key getSecretKey(String algorithmURI) throws XMLSecurityException { if (secret != null && algorithmURI != null && !"".equals(algorithmURI)) { return KeyUtils.prepareSecretKey(algorithmURI, secret); } if (key != null) { return key; } if (secret != null) { String jceAlg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI); if (jceAlg == null || "".equals(jceAlg)) { jceAlg = "HmacSHA1"; } return new SecretKeySpec(secret, jceAlg); } return super.getSecretKey(algorithmURI); } }; // Store a DOM Element reference if it exists Element ref; if (isTokenRequired(policyToken.getIncludeTokenType())) { ref = tok.getAttachedReference(); } else { ref = tok.getUnattachedReference(); } if (ref != null && policyToken instanceof IssuedToken) { encryptedKeySecurityToken.setCustomTokenReference(ref); } final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider = new SecurityTokenProvider<OutboundSecurityToken>() { @Override public OutboundSecurityToken getSecurityToken() throws XMLSecurityException { return encryptedKeySecurityToken; } @Override public String getId() { return encryptedKeySecurityToken.getId(); } }; encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1()); outboundSecurityContext.registerSecurityTokenProvider( encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider); outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, encryptedKeySecurityTokenProvider.getId()); outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, encryptedKeySecurityTokenProvider.getId()); outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, encryptedKeySecurityTokenProvider.getId()); }
Example 12
Source File: STSClient.java From cxf with Apache License 2.0 | 4 votes |
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype) throws Exception { STSResponse response = validate(tok, tokentype); Element el = getDocumentElement(response.getResponse()); if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) { el = DOMUtils.getFirstElement(el); } if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) { throw new Fault("Unexpected element " + el.getLocalName(), LOG); } el = DOMUtils.getFirstElement(el); String reason = null; boolean valid = false; List<SecurityToken> tokens = new LinkedList<>(); while (el != null) { if ("Status".equals(el.getLocalName())) { Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code"); String s = DOMUtils.getContent(e2); valid = s.endsWith("/status/valid"); e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason"); if (e2 != null) { reason = DOMUtils.getContent(e2); } } else if ("RequestedSecurityToken".equals(el.getLocalName())) { SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy()); if (response.getCert() != null) { token.setX509Certificate(response.getCert(), response.getCrypto()); } if (token.getTokenType() == null) { String tokenTypeFromTemplate = getTokenTypeFromTemplate(); if (tokenTypeFromTemplate != null) { token.setTokenType(tokenTypeFromTemplate); } else if (tokenType != null) { token.setTokenType(tokenType); } } tokens.add(token); } el = DOMUtils.getNextElement(el); } if (!valid) { throw new TrustException(LOG, "VALIDATION_FAILED", reason); } if (tokens.isEmpty()) { tokens.add(tok); } return tokens; }
Example 13
Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
private void doSymmSignature(Token policyToken, SecurityToken tok, List<WSEncryptionPart> sigParts, boolean isTokenProtection) throws WSSecurityException, ConversationException { Document doc = saaj.getSOAPPart(); WSSecSignature sig = new WSSecSignature(wssConfig); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo if (policyToken instanceof X509Token) { if (isRequestor()) { // TODO Add support for SAML2 here sig.setCustomTokenValueType( WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE ); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { //the tok has to be an EncryptedKey token sig.setEncrKeySha1value(tok.getSHA1()); sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } } else { String tokenType = tok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else if (policyToken instanceof UsernameToken) { sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String sigTokId = tok.getWsuId(); if (sigTokId == null) { sigTokId = tok.getId(); } //Hack to handle reference id issues //TODO Need a better fix if (sigTokId.startsWith("#")) { sigTokId = sigTokId.substring(1); } sig.setCustomTokenId(sigTokId); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); sig.prepare(doc, getSignatureCrypto(null), secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature sig.computeSignature(referenceList, false, null); signatures.add(sig.getSignatureValue()); }
Example 14
Source File: TransportBindingHandler.java From steady with Apache License 2.0 | 4 votes |
private byte[] doSignature( boolean tokenIncluded, SecurityToken secTok, Token token, TokenWrapper wrapper, List<WSEncryptionPart> sigParts ) throws Exception { WSSecSignature sig = new WSSecSignature(wssConfig); //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (tokenIncluded) { ref = secTok.getAttachedReference(); } else { ref = secTok.getUnattachedReference(); } if (ref != null) { SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), false); sig.setSecurityTokenReference(secRef); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (token instanceof UsernameToken) { sig.setCustomTokenId(secTok.getId()); sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT; sig.setKeyIdentifierType(type); } else if (secTok.getTokenType() == null) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { String id = secTok.getWsuId(); if (id == null) { sig.setCustomTokenId(secTok.getId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT); } else { sig.setCustomTokenId(secTok.getWsuId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String tokenType = secTok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { sig.setCustomTokenValueType(tokenType); } } Crypto crypto = null; if (secTok.getSecret() == null) { sig.setX509Certificate(secTok.getX509Certificate()); crypto = secTok.getCrypto(); if (crypto == null) { crypto = getSignatureCrypto(wrapper); } String uname = crypto.getX509Identifier(secTok.getX509Certificate()); if (uname == null) { String userNameKey = SecurityConstants.SIGNATURE_USERNAME; uname = (String)message.getContextualProperty(userNameKey); } String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); if (password == null) { password = ""; } sig.setUserInfo(uname, password); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); } else { crypto = getSignatureCrypto(wrapper); sig.setSecretKey(secTok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); } sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n()); Document doc = saaj.getSOAPPart(); sig.prepare(doc, crypto, secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature if (bottomUpElement == null) { sig.computeSignature(referenceList, false, null); } else { sig.computeSignature(referenceList, true, bottomUpElement); } bottomUpElement = sig.getSignatureElement(); mainSigId = sig.getId(); return sig.getSignatureValue(); }
Example 15
Source File: AbstractBindingBuilder.java From cxf with Apache License 2.0 | 4 votes |
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok, List<WSEncryptionPart> sigParts, boolean isSigProtect) throws WSSecurityException { WSSecSignature sig = new WSSecSignature(secHeader); sig.setIdAllocator(wssConfig.getIdAllocator()); sig.setCallbackLookup(callbackLookup); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); sig.setStoreBytesInAttachment(storeBytesInAttachment); sig.setExpandXopInclude(isExpandXopInclude()); sig.setWsDocInfo(wsDocInfo); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo if (policyToken instanceof X509Token) { if (isRequestor()) { // TODO Add support for SAML2 here sig.setCustomTokenValueType( WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE ); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { //the tok has to be an EncryptedKey token sig.setEncrKeySha1value(tok.getSHA1()); sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } } else { String tokenType = tok.getTokenType(); if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else if (policyToken instanceof UsernameToken) { sig.setCustomTokenValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String sigTokId = tok.getWsuId(); if (sigTokId == null) { sigTokId = tok.getId(); } sigTokId = XMLUtils.getIDFromReference(sigTokId); sig.setCustomTokenId(sigTokId); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature()); AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); sig.setDigestAlgo(algType.getDigest()); sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); sig.prepare(getSignatureCrypto()); sig.getParts().addAll(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts); //Do signature sig.computeSignature(referenceList, false, null); if (isSigProtect) { WSEncryptionPart part = new WSEncryptionPart(sig.getId(), "Element"); encryptedTokensList.add(part); } addSig(sig.getSignatureValue()); }
Example 16
Source File: TransportBindingHandler.java From steady with Apache License 2.0 | 4 votes |
private byte[] doSignature( boolean tokenIncluded, SecurityToken secTok, Token token, TokenWrapper wrapper, List<WSEncryptionPart> sigParts ) throws Exception { WSSecSignature sig = new WSSecSignature(wssConfig); //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (tokenIncluded) { ref = secTok.getAttachedReference(); } else { ref = secTok.getUnattachedReference(); } if (ref != null) { SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), false); sig.setSecurityTokenReference(secRef); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (token instanceof UsernameToken) { sig.setCustomTokenId(secTok.getId()); sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT; sig.setKeyIdentifierType(type); } else if (secTok.getTokenType() == null) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { String id = secTok.getWsuId(); if (id == null) { sig.setCustomTokenId(secTok.getId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT); } else { sig.setCustomTokenId(secTok.getWsuId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String tokenType = secTok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { sig.setCustomTokenValueType(tokenType); } } Crypto crypto = null; if (secTok.getSecret() == null) { sig.setX509Certificate(secTok.getX509Certificate()); crypto = secTok.getCrypto(); if (crypto == null) { crypto = getSignatureCrypto(wrapper); } String uname = crypto.getX509Identifier(secTok.getX509Certificate()); if (uname == null) { String userNameKey = SecurityConstants.SIGNATURE_USERNAME; uname = (String)message.getContextualProperty(userNameKey); } String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); if (password == null) { password = ""; } sig.setUserInfo(uname, password); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); } else { crypto = getSignatureCrypto(wrapper); sig.setSecretKey(secTok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); } sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n()); Document doc = saaj.getSOAPPart(); sig.prepare(doc, crypto, secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature if (bottomUpElement == null) { sig.computeSignature(referenceList, false, null); } else { sig.computeSignature(referenceList, true, bottomUpElement); } bottomUpElement = sig.getSignatureElement(); mainSigId = sig.getId(); return sig.getSignatureValue(); }
Example 17
Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
private void doSymmSignature(Token policyToken, SecurityToken tok, List<WSEncryptionPart> sigParts, boolean isTokenProtection) throws WSSecurityException, ConversationException { Document doc = saaj.getSOAPPart(); WSSecSignature sig = new WSSecSignature(wssConfig); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo if (policyToken instanceof X509Token) { if (isRequestor()) { // TODO Add support for SAML2 here sig.setCustomTokenValueType( WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE ); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { //the tok has to be an EncryptedKey token sig.setEncrKeySha1value(tok.getSHA1()); sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } } else { String tokenType = tok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else if (policyToken instanceof UsernameToken) { sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String sigTokId = tok.getWsuId(); if (sigTokId == null) { sigTokId = tok.getId(); } //Hack to handle reference id issues //TODO Need a better fix if (sigTokId.startsWith("#")) { sigTokId = sigTokId.substring(1); } sig.setCustomTokenId(sigTokId); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); sig.prepare(doc, getSignatureCrypto(null), secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature sig.computeSignature(referenceList, false, null); signatures.add(sig.getSignatureValue()); }
Example 18
Source File: TransportBindingHandler.java From steady with Apache License 2.0 | 4 votes |
private byte[] doSignature( boolean tokenIncluded, SecurityToken secTok, Token token, TokenWrapper wrapper, List<WSEncryptionPart> sigParts ) throws Exception { WSSecSignature sig = new WSSecSignature(wssConfig); //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (tokenIncluded) { ref = secTok.getAttachedReference(); } else { ref = secTok.getUnattachedReference(); } if (ref != null) { SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), false); sig.setSecurityTokenReference(secRef); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (token instanceof UsernameToken) { sig.setCustomTokenId(secTok.getId()); sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT; sig.setKeyIdentifierType(type); } else if (secTok.getTokenType() == null) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { String id = secTok.getWsuId(); if (id == null) { sig.setCustomTokenId(secTok.getId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT); } else { sig.setCustomTokenId(secTok.getWsuId()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String tokenType = secTok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { sig.setCustomTokenValueType(tokenType); } } Crypto crypto = null; if (secTok.getSecret() == null) { sig.setX509Certificate(secTok.getX509Certificate()); crypto = secTok.getCrypto(); if (crypto == null) { crypto = getSignatureCrypto(wrapper); } String uname = crypto.getX509Identifier(secTok.getX509Certificate()); if (uname == null) { String userNameKey = SecurityConstants.SIGNATURE_USERNAME; uname = (String)message.getContextualProperty(userNameKey); } String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); if (password == null) { password = ""; } sig.setUserInfo(uname, password); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); } else { crypto = getSignatureCrypto(wrapper); sig.setSecretKey(secTok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); } sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n()); Document doc = saaj.getSOAPPart(); sig.prepare(doc, crypto, secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature if (bottomUpElement == null) { sig.computeSignature(referenceList, false, null); } else { sig.computeSignature(referenceList, true, bottomUpElement); } bottomUpElement = sig.getSignatureElement(); mainSigId = sig.getId(); return sig.getSignatureValue(); }
Example 19
Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
private void doSymmSignature(Token policyToken, SecurityToken tok, List<WSEncryptionPart> sigParts, boolean isTokenProtection) throws WSSecurityException, ConversationException { Document doc = saaj.getSOAPPart(); WSSecSignature sig = new WSSecSignature(wssConfig); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo if (policyToken instanceof X509Token) { if (isRequestor()) { // TODO Add support for SAML2 here sig.setCustomTokenValueType( WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE ); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { //the tok has to be an EncryptedKey token sig.setEncrKeySha1value(tok.getSHA1()); sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } } else { String tokenType = tok.getTokenType(); if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else if (policyToken instanceof UsernameToken) { sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else { sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } String sigTokId = tok.getWsuId(); if (sigTokId == null) { sigTokId = tok.getId(); } //Hack to handle reference id issues //TODO Need a better fix if (sigTokId.startsWith("#")) { sigTokId = sigTokId.substring(1); } sig.setCustomTokenId(sigTokId); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); sig.prepare(doc, getSignatureCrypto(null), secHeader); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); //Do signature sig.computeSignature(referenceList, false, null); signatures.add(sig.getSignatureValue()); }
Example 20
Source File: AbstractBindingBuilder.java From cxf with Apache License 2.0 | 4 votes |
private SupportingToken signSupportingToken(SecurityToken secToken, String id, AbstractToken token, SupportingTokens suppTokens) throws SOAPException { WSSecSignature sig = new WSSecSignature(secHeader); sig.setIdAllocator(wssConfig.getIdAllocator()); sig.setCallbackLookup(callbackLookup); sig.setX509Certificate(secToken.getX509Certificate()); sig.setCustomTokenId(id); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); sig.setWsDocInfo(wsDocInfo); sig.setExpandXopInclude(isExpandXopInclude()); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); sig.setStoreBytesInAttachment(storeBytesInAttachment); String tokenType = secToken.getTokenType(); if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else { sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature()); sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); Crypto crypto = secToken.getCrypto(); String uname = null; try { uname = crypto.getX509Identifier(secToken.getX509Certificate()); } catch (WSSecurityException e1) { LOG.log(Level.FINE, e1.getMessage(), e1); throw new Fault(e1); } String password = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); } sig.setUserInfo(uname, password); try { sig.prepare(secToken.getCrypto()); } catch (WSSecurityException e) { LOG.log(Level.FINE, e.getMessage(), e); throw new Fault(e); } return new SupportingToken(token, sig, getSignedParts(suppTokens)); }