Java Code Examples for org.apache.wss4j.dom.handler.RequestData#setDecCrypto()
The following examples show how to use
org.apache.wss4j.dom.handler.RequestData#setDecCrypto() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: WSS4JInInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
/**
* Do whatever is necessary to determine the action for the incoming message and
* do whatever other setup work is necessary.
*
* @param msg
* @param reqData
*/
protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException {
//
// Try to get Crypto Provider from message context properties.
// It gives a possibility to use external Crypto Provider
//
Crypto encCrypto =
(Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, msg);
if (encCrypto != null) {
reqData.setDecCrypto(encCrypto);
}
Crypto sigCrypto =
(Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, msg);
if (sigCrypto != null) {
reqData.setSigVerCrypto(sigCrypto);
}
}
Example 2
| Source File: IssueUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception {
RequestData requestData = new RequestData();
requestData.setDisableBSPEnforcement(true);
CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler();
requestData.setCallbackHandler(callbackHandler);
Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties");
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
requestData.setWsDocInfo(new WSDocInfo(token.getToken().getOwnerDocument()));
Processor processor = new SAMLTokenProcessor();
return processor.handleToken(token.getToken(), requestData);
}
Example 3
| Source File: STSRESTTest.java From cxf with Apache License 2.0 | 5 votes |
|
private static List<WSSecurityEngineResult> processToken(Element assertionElement)
throws Exception {
RequestData requestData = new RequestData();
// requestData.setDisableBSPEnforcement(true);
requestData.setCallbackHandler(new org.apache.cxf.systest.sts.common.CommonCallbackHandler());
requestData.setDecCrypto(serviceCrypto);
// requestData.setSigVerCrypto(serviceCrypto);
requestData.setWsDocInfo(new WSDocInfo(assertionElement.getOwnerDocument()));
return new SAMLTokenProcessor().handleToken(assertionElement, requestData);
}
Example 4
| Source File: CustomParameterTest.java From cxf with Apache License 2.0 | 5 votes |
|
private List<WSSecurityEngineResult> processToken(Element assertionElement)
throws Exception {
RequestData requestData = new RequestData();
requestData.setDisableBSPEnforcement(true);
CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler();
requestData.setCallbackHandler(callbackHandler);
Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties");
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
requestData.setWsDocInfo(new WSDocInfo(assertionElement.getOwnerDocument()));
Processor processor = new SAMLTokenProcessor();
return processor.handleToken(assertionElement, requestData);
}
Example 5
| Source File: SimpleBatchSTSClient.java From cxf with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
XMLUtils.getDirectChildElement(child, "CipherData", WSS4JConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.getMimeDecoder().decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
return cipherValue;
}
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
data.setWsDocInfo(docInfo);
List<WSSecurityEngineResult> result = proc.handleToken(child, data);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
}
}
Example 6
| Source File: AbstractSTSClient.java From cxf with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException, Base64DecodingException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
XMLUtils.getDirectChildElement(child, "CipherData", WSS4JConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = org.apache.xml.security.utils.XMLUtils.decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
return cipherValue;
}
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
data.setWsDocInfo(docInfo);
List<WSSecurityEngineResult> result = proc.handleToken(child, data);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
}
}
Example 7
| Source File: FederationProcessorImpl.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
private Element decryptEncryptedRST(Element encryptedRST, FedizContext config) throws ProcessingException {
KeyManager decryptionKeyManager = config.getDecryptionKey();
if (decryptionKeyManager == null || decryptionKeyManager.getCrypto() == null) {
LOG.debug("We must have a decryption Crypto instance configured to decrypt encrypted tokens");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
String keyPassword = decryptionKeyManager.getKeyPassword();
if (keyPassword == null) {
LOG.debug("We must have a decryption key password to decrypt encrypted tokens");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
EncryptedDataProcessor proc = new EncryptedDataProcessor();
WSDocInfo docInfo = new WSDocInfo(encryptedRST.getOwnerDocument());
RequestData data = new RequestData();
data.setWsDocInfo(docInfo);
// Disable WSS4J processing of the (decrypted) SAML Token
WSSConfig wssConfig = WSSConfig.getNewInstance();
wssConfig.setProcessor(WSConstants.SAML_TOKEN, new NOOpProcessor());
wssConfig.setProcessor(WSConstants.SAML2_TOKEN, new NOOpProcessor());
data.setWssConfig(wssConfig);
data.setDecCrypto(decryptionKeyManager.getCrypto());
data.setCallbackHandler(new DecryptionCallbackHandler(keyPassword));
try {
List<WSSecurityEngineResult> result = proc.handleToken(encryptedRST, data);
if (!result.isEmpty()) {
@SuppressWarnings("unchecked")
List<WSDataRef> dataRefs = (List<WSDataRef>)result.get(result.size() - 1)
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
if (dataRefs != null && !dataRefs.isEmpty()) {
return dataRefs.get(0).getProtectedElement();
}
}
} catch (WSSecurityException e) {
LOG.debug(e.getMessage(), e);
throw new ProcessingException(TYPE.TOKEN_INVALID);
}
return null;
}
