Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#setSHA1()
The following examples show how to use
org.apache.cxf.ws.security.tokenstore.SecurityToken#setSHA1() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 2
Source File: PassThroughKerberosClient.java From cxf-fediz with Apache License 2.0 | 6 votes |
@Override public SecurityToken requestSecurityToken() throws Exception { KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); bst.setToken(token); bst.addWSUNamespace(); bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst)); SecurityToken securityToken = new SecurityToken(bst.getID()); securityToken.setToken(bst.getElement()); securityToken.setWsuId(bst.getID()); securityToken.setSecret(bst.getToken()); String sha1 = Base64.getEncoder().encodeToString(KeyUtils.generateDigest(bst.getToken())); securityToken.setSHA1(sha1); securityToken.setTokenType(bst.getValueType()); return securityToken; }
Example 3
Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
private SecurityToken getEncryptedKey() { WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); if (encryptedKeyResult != null) { // Store it in the cache Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); return securityToken; } return null; }
Example 4
Source File: TokenStoreCallbackHandler.java From cxf with Apache License 2.0 | 6 votes |
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback)callback; String id = pc.getIdentifier(); SecurityToken tok = store.getToken(id); if (tok != null && !tok.isExpired()) { if (tok.getSHA1() == null && pc.getKey() != null) { tok.setSHA1(getSHA1(pc.getKey())); // Create another cache entry with the SHA1 Identifier as the key for easy retrieval store.add(tok.getSHA1(), tok); } pc.setKey(tok.getSecret()); pc.setKey(tok.getKey()); pc.setCustomToken(tok.getToken()); return; } } } if (internal != null) { internal.handle(callbacks); } }
Example 5
Source File: KerberosTokenInterceptorProvider.java From cxf with Apache License 2.0 | 6 votes |
private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken) throws TokenStoreException { SecurityToken token = new SecurityToken(kerberosToken.getId()); token.setTokenType(kerberosToken.getKerberosTokenValueType()); SecretKey secretKey = getSecretKeyFromToken(kerberosToken); token.setKey(secretKey); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } byte[] ticket = kerberosToken.getBinaryContent(); try { token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket))); } catch (WSSecurityException e) { // Just consume this for now as it isn't critical... } TokenStoreUtils.getTokenStore(message).add(token); message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId()); }
Example 6
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 7
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 8
Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
public SecurityToken requestSecurityToken() throws Exception { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Requesting Kerberos ticket for " + serviceName + " using JAAS Login Module: " + getContextName()); } KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst)); SecurityToken token = new SecurityToken(bst.getID()); token.setToken(bst.getElement()); token.setWsuId(bst.getID()); SecretKey secretKey = bst.getSecretKey(); if (secretKey != null) { token.setSecret(secretKey.getEncoded()); } String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken())); token.setSHA1(sha1); token.setTokenType(bst.getValueType()); return token; }
Example 9
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException { WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); tokenStore.add(tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(secHeader); } return id; }
Example 10
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ENCR && encryptedKeyID != null && encryptedKeyID.length() != 0) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setSHA1(getSHA1((byte[])wser .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); tokenStore.add(tempTok); return encryptedKeyID; } } } return null; }
Example 11
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ENCR && encryptedKeyID != null && encryptedKeyID.length() != 0) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setSHA1(getSHA1((byte[])wser .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); tokenStore.add(tempTok); return encryptedKeyID; } } } return null; }
Example 12
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException { WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); tokenStore.add(tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(secHeader); } return id; }
Example 13
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ENCR && encryptedKeyID != null && encryptedKeyID.length() != 0) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setSHA1(getSHA1((byte[])wser .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); tokenStore.add(tempTok); return encryptedKeyID; } } } return null; }
Example 14
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException { WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); tokenStore.add(tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(secHeader); } return id; }
Example 15
Source File: KerberosTokenPolicyValidator.java From cxf with Apache License 2.0 | 5 votes |
private SecurityToken createSecurityToken(KerberosSecurity binarySecurityToken) { SecurityToken token = new SecurityToken(binarySecurityToken.getID()); token.setToken(binarySecurityToken.getElement()); token.setTokenType(binarySecurityToken.getValueType()); byte[] tokenBytes = binarySecurityToken.getToken(); try { token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(tokenBytes))); } catch (WSSecurityException e) { // Just consume this for now as it isn't critical... } return token; }
Example 16
Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException { AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption()); SecretKey symmetricKey = keyGen.generateKey(); WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken, symmetricKey); assertTokenWrapper(wrapper); String id = encrKey.getId(); byte[] secret = symmetricKey.getEncoded(); Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(encrKey.getEncryptedKeySHA1()); tokenStore.add(tempTok); // Create another cache entry with the SHA1 Identifier as the key for easy retrieval tokenStore.add(tempTok.getSHA1(), tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(); } return id; }
Example 17
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); for (WSSecurityEngineResult wser : wsSecEngineResults) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ENCR && encryptedKeyID != null && encryptedKeyID.length() != 0) { Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setSHA1(getSHA1((byte[])wser .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); tokenStore.add(tempTok); return encryptedKeyID; } } } return null; }
Example 18
Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException { WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); Date created = new Date(); Date expires = new Date(); expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSecret(secret); // Set the SHA1 value of the encrypted key, this is used when the encrypted // key is referenced via a key identifier of type EncryptedKeySHA1 tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); tokenStore.add(tempTok); String bstTokenId = encrKey.getBSTTokenId(); //If direct ref is used to refer to the cert //then add the cert to the sec header now if (bstTokenId != null && bstTokenId.length() > 0) { encrKey.prependBSTElementToHeader(secHeader); } return id; }
Example 19
Source File: WSS4JUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String parseAndStoreStreamingSecurityToken( org.apache.xml.security.stax.securityToken.SecurityToken securityToken, Message message ) throws XMLSecurityException, TokenStoreException { if (securityToken == null) { return null; } SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId()); if (existingToken == null || existingToken.isExpired()) { Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires); cachedTok.setSHA1(securityToken.getSha1Identifier()); if (securityToken.getTokenType() != null) { if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) { cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KERBEROS_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_GSS_KERBEROS5_AP_REQ); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_11_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_20_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE); } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN || securityToken.getTokenType() == WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN) { cachedTok.setTokenType(WSSConstants.NS_WSC_05_02); } } for (Map.Entry<String, Key> entry : securityToken.getSecretKey().entrySet()) { if (entry.getValue() != null) { cachedTok.setKey(entry.getValue()); if (entry.getValue() instanceof SecretKey) { cachedTok.setSecret(entry.getValue().getEncoded()); } break; } } TokenStoreUtils.getTokenStore(message).add(cachedTok); return cachedTok.getId(); } return existingToken.getId(); }