Java Code Examples for org.apache.cxf.staxutils.W3CDOMStreamWriter#writeAttribute()

The following examples show how to use org.apache.cxf.staxutils.W3CDOMStreamWriter#writeAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SpnegoContextTokenInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private void writeProofToken(
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace,
    byte[] key
) throws Exception {
    // RequestedProofToken
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    
    // EncryptedKey
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptedKey", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptionMethod", WSConstants.ENC_NS);
    writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap");
    writer.writeEndElement();
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherData", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherValue", WSConstants.ENC_NS);

    writer.writeCharacters(Base64.encode(key));
    
    writer.writeEndElement();
    writer.writeEndElement();
    writer.writeEndElement();
    
    writer.writeEndElement();
}
 
Example 2
Source File: SpnegoContextTokenInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private void writeProofToken(
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace,
    byte[] key
) throws Exception {
    // RequestedProofToken
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    
    // EncryptedKey
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptedKey", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptionMethod", WSConstants.ENC_NS);
    writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap");
    writer.writeEndElement();
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherData", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherValue", WSConstants.ENC_NS);

    writer.writeCharacters(Base64.encode(key));
    
    writer.writeEndElement();
    writer.writeEndElement();
    writer.writeEndElement();
    
    writer.writeEndElement();
}
 
Example 3
Source File: SpnegoContextTokenInInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void writeProofToken(
    W3CDOMStreamWriter writer,
    String prefix,
    String namespace,
    byte[] key
) throws Exception {
    // RequestedProofToken
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);

    // EncryptedKey
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptedKey", WSS4JConstants.ENC_NS);
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptionMethod", WSS4JConstants.ENC_NS);
    writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap");
    writer.writeEndElement();
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherData", WSS4JConstants.ENC_NS);
    writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherValue", WSS4JConstants.ENC_NS);

    writer.writeCharacters(XMLUtils.encodeToString(key));

    writer.writeEndElement();
    writer.writeEndElement();
    writer.writeEndElement();

    writer.writeEndElement();
}
 
Example 4
Source File: SpnegoContextTokenInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private void writeProofToken(
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace,
    byte[] key
) throws Exception {
    // RequestedProofToken
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    
    // EncryptedKey
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptedKey", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptionMethod", WSConstants.ENC_NS);
    writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap");
    writer.writeEndElement();
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherData", WSConstants.ENC_NS);
    writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherValue", WSConstants.ENC_NS);

    writer.writeCharacters(Base64.encode(key));
    
    writer.writeEndElement();
    writer.writeEndElement();
    writer.writeEndElement();
    
    writer.writeEndElement();
}
 
Example 5
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            requestorEntropy = WSSecurityUtil
                .generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(Base64.encode(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 
Example 6
Source File: STSInvoker.java    From steady with Apache License 2.0 5 votes vote down vote up
byte[] writeProofToken(String prefix, 
    String namespace,
    W3CDOMStreamWriter writer,
    byte[] clientEntropy,
    int keySize
) throws NoSuchAlgorithmException, WSSecurityException, ConversationException, XMLStreamException {
    byte secret[] = null; 
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);

        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(secret));
        writer.writeEndElement();
    } else {
        byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);

        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");            
        writer.writeEndElement();
        writer.writeEndElement();

        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(entropy));
        writer.writeEndElement();

    }
    writer.writeEndElement();
    return secret;
}
 
Example 7
Source File: SimpleBatchSTSClient.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
            requestorEntropy = WSSecurityUtil
                .generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 
Example 8
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            requestorEntropy = WSSecurityUtil
                .generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(Base64.encode(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 
Example 9
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
protected void addBinaryExchange(
    String binaryExchange, 
    W3CDOMStreamWriter writer
) throws XMLStreamException {
    writer.writeStartElement("wst", "BinaryExchange", namespace);
    writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING);
    writer.writeAttribute("ValueType", namespace + "/spnego");
    writer.writeCharacters(binaryExchange);
    writer.writeEndElement();
}
 
Example 10
Source File: STSInvoker.java    From steady with Apache License 2.0 5 votes vote down vote up
byte[] writeProofToken(String prefix, 
    String namespace,
    W3CDOMStreamWriter writer,
    byte[] clientEntropy,
    int keySize
) throws NoSuchAlgorithmException, WSSecurityException, ConversationException, XMLStreamException {
    byte secret[] = null; 
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);

        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(secret));
        writer.writeEndElement();
    } else {
        byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);

        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");            
        writer.writeEndElement();
        writer.writeEndElement();

        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(entropy));
        writer.writeEndElement();

    }
    writer.writeEndElement();
    return secret;
}
 
Example 11
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
protected void addBinaryExchange(
    String binaryExchange, 
    W3CDOMStreamWriter writer
) throws XMLStreamException {
    writer.writeStartElement("wst", "BinaryExchange", namespace);
    writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING);
    writer.writeAttribute("ValueType", namespace + "/spnego");
    writer.writeCharacters(binaryExchange);
    writer.writeEndElement();
}
 
Example 12
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            requestorEntropy = WSSecurityUtil
                .generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(Base64.encode(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 
Example 13
Source File: STSInvoker.java    From steady with Apache License 2.0 5 votes vote down vote up
byte[] writeProofToken(String prefix, 
    String namespace,
    W3CDOMStreamWriter writer,
    byte[] clientEntropy,
    int keySize
) throws NoSuchAlgorithmException, WSSecurityException, ConversationException, XMLStreamException {
    byte secret[] = null; 
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);

        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(secret));
        writer.writeEndElement();
    } else {
        byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);

        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");            
        writer.writeEndElement();
        writer.writeEndElement();

        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(entropy));
        writer.writeEndElement();

    }
    writer.writeEndElement();
    return secret;
}
 
Example 14
Source File: AbstractSTSClient.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
            requestorEntropy = WSSecurityUtil
                .generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(org.apache.xml.security.utils.XMLUtils.encodeToString(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 
Example 15
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }
    
    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }
        
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
        
        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }
    
    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }
    
    if (sptt == null) {
        addTokenType(writer);
    }
    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    client.getRequestContext().put(SecurityConstants.TOKEN, tok);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();
    
    writer.writeEndElement();

    Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    return new STSResponse((DOMSource)obj[0], null);
}
 
Example 16
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }
    
    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }
        
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
        
        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }
    
    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }
    
    if (sptt == null) {
        addTokenType(writer);
    }
    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    client.getRequestContext().put(SecurityConstants.TOKEN, tok);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();
    
    writer.writeEndElement();

    Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    return new STSResponse((DOMSource)obj[0], null);
}
 
Example 17
Source File: CustomParameterTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCustomParameterToRESTInterface() throws Exception {

    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = CustomParameterTest.class.getResource("cxf-client.xml");

    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);

    String address = "https://localhost:" + STSPORT + "/SecurityTokenServiceREST/token";
    WebClient client = WebClient.create(address, busFile.toString());

    client.type("application/xml").accept("application/xml");

    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    String namespace = STSUtils.WST_NS_05_12;
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);

    writer.writeStartElement("wst", "RequestType", namespace);
    writer.writeCharacters(namespace + "/Issue");
    writer.writeEndElement();

    writer.writeStartElement("wst", "TokenType", namespace);
    writer.writeCharacters(SAML2_TOKEN_TYPE);
    writer.writeEndElement();

    writer.writeStartElement("wst", "Claims", namespace);
    writer.writeAttribute("Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
    writer.writeStartElement("ic", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
    writer.writeAttribute("Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    writer.writeEndElement();
    writer.writeEndElement();

    // Add custom content to the RST
    writer.writeStartElement("", "realm", "http://cxf.apache.org/custom");
    writer.writeCharacters("custom-realm");
    writer.writeEndElement();

    writer.writeEndElement();

    Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));

    RequestSecurityTokenResponseType securityResponse =
        response.readEntity(RequestSecurityTokenResponseType.class);

    Element assertion = validateSAMLSecurityTokenResponse(securityResponse, true);
    assertTrue(DOM2Writer.nodeToString(assertion).contains("admin-user"));

    bus.shutdown(true);
}
 
Example 18
Source File: IdpMetadataWriter.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
public Document getMetaData(Idp config, boolean saml) {
    try {
        //Return as text/xml
        Crypto crypto = CertsUtils.getCryptoFromFile(config.getCertificate());

        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();

        writer.writeStartDocument("UTF-8", "1.0");

        String referenceID = IDGenerator.generateID("_");
        writer.writeStartElement("md", "EntityDescriptor", SAML2_METADATA_NS);
        writer.writeAttribute("ID", referenceID);

        writer.writeAttribute("entityID", config.getIdpUrl().toString());

        writer.writeNamespace("md", SAML2_METADATA_NS);
        writer.writeNamespace("xsi", SCHEMA_INSTANCE_NS);

        if (saml) {
            writeSAMLSSOMetadata(writer, config, crypto);
        } else {
            writeFederationMetadata(writer, config, crypto);
        }

        writer.writeEndElement(); // EntityDescriptor

        writer.writeEndDocument();

        writer.close();

        if (LOG.isDebugEnabled()) {
            String out = DOM2Writer.nodeToString(writer.getDocument());
            LOG.debug("***************** unsigned ****************");
            LOG.debug(out);
            LOG.debug("***************** unsigned ****************");
        }

        Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
                                                      writer.getDocument(), referenceID);
        if (result != null) {
            return result;
        } else {
            throw new RuntimeException("Failed to sign the metadata document: result=null");
        }
    } catch (Exception e) {
        LOG.error("Error creating service metadata information ", e);
        throw new RuntimeException("Error creating service metadata information: " + e.getMessage());
    }

}
 
Example 19
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }
    
    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }
        
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
        
        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }
    
    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }
    
    if (sptt == null) {
        addTokenType(writer);
    }
    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    client.getRequestContext().put(SecurityConstants.TOKEN, tok);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();
    
    writer.writeEndElement();

    Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    return new STSResponse((DOMSource)obj[0], null);
}
 
Example 20
Source File: AbstractSTSClient.java    From cxf with Apache License 2.0 4 votes vote down vote up
/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    client.getRequestContext().remove(SecurityConstants.TOKEN_ID);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }

    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }

        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }

        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }

    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    if (sptt == null) {
        addTokenType(writer);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }

    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();

    // Write out renewal semantics
    writeRenewalSemantics(writer);

    writer.writeEndElement();

    Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    @SuppressWarnings("unchecked")
    Collection<Attachment> attachments =
        (Collection<Attachment>)client.getResponseContext().get(Message.ATTACHMENTS);
    return new STSResponse((DOMSource)obj[0], null, null, null, attachments);
}