Package org.apache.cxf.ws.security.tokenstore

Examples of org.apache.cxf.ws.security.tokenstore.SecurityToken

251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
                        CustomTokenPrincipal customPrincipal =
                            (CustomTokenPrincipal)principal;
                        byte[] secretKey =
                            (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
                        if (secretKey != null) {
                            SecurityToken token =
                                new SecurityToken(
                                    customPrincipal.getName(),
                                    (java.util.Calendar)null,
                                    (java.util.Calendar)null
                                );
                            token.setSecret(secretKey);
                            return token;
                        }
                    }
                }
            }
View Full Code Here
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
                }
            } else if (isRequestor()
                && (token instanceof IssuedToken
                    || token instanceof SecureConversationToken)) {
                //ws-trust/ws-sc stuff.......
                SecurityToken secToken = getSecurityToken();
                if (secToken == null) {
                    policyNotAsserted(token, "Could not find IssuedToken");
                }
                addSupportingElement(cloneElement(secToken.getToken()));
       
                if (suppTokens.isEncryptedToken()) {
                    this.encryptedTokensIdList.add(secToken.getId());
                }
       
                if (secToken.getX509Certificate() == null) {  
                    //Add the extracted token
                    ret.put(token, new WSSecurityTokenHolder(secToken));
                } else {
                    WSSecSignatureHelper sig = new WSSecSignatureHelper();                   
                    sig.setX509Certificate(secToken.getX509Certificate());
                    sig.setCustomTokenId(secToken.getId());
                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                    String tokenType = secToken.getTokenType();
                    if (WSS_SAML_TOKEN_TYPE.equals(tokenType)) {
                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                                    + WSConstants.SAML_ASSERTION_ID);
                    } else if (WSS_SAML2_TOKEN_TYPE.equals(tokenType)) {
                        sig.setCustomTokenValueType(WSS_SAML2_KI_VALUE_TYPE);
                    } else if (tokenType != null) {
                        sig.setCustomTokenValueType(tokenType);
                    } else {
                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                    }
                    sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
                   
                    Crypto crypto = secToken.getCrypto();
                    String uname = null;
                    try {
                        uname = crypto.getKeyStore().getCertificateAlias(secToken.getX509Certificate());
                    } catch (KeyStoreException e1) {
                        throw new Fault(e1);
                    }

                    String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
                    if (password == null) {
                        password = "";
                    }
                    sig.setUserInfo(uname, password);
                    try {
                        sig.prepare(saaj.getSOAPPart(),
                                    secToken.getCrypto(),
                                    secHeader);
                    } catch (WSSecurityException e) {
                        throw new Fault(e);
                    }
                   
                    if (suppTokens.isEncryptedToken()) {
                        encryptedTokensIdList.add(secToken.getId());
                    }
                    ret.put(token, sig);               
                }

            } else if (token instanceof X509Token) {
View Full Code Here
550
551
552
553
554
555
556
557
558
559
560
    protected Element cloneElement(Element el) {
        return (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
    }

    protected SecurityToken getSecurityToken() {
        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
        if (st == null) {
            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
            if (id != null) {
                st = getTokenStore().getToken(id);
            }
View Full Code Here
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
                } catch (WSSecurityException e) {
                    policyNotAsserted(ent.getKey(), e);
                }
               
            } else if (tempTok instanceof WSSecurityTokenHolder) {
                SecurityToken token = ((WSSecurityTokenHolder)tempTok).getToken();
                if (isTokenProtection) {
                    sigParts.add(new WSEncryptionPart(token.getId()));
                }
               
                try {
                    if (ent.getKey().isDerivedKeys()) {
                        doSymmSignatureDerived(ent.getKey(), token, sigParts, isTokenProtection);
View Full Code Here
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
       
        writer.writeEndElement();

        Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

        SecurityToken token = createSecurityToken(getDocumentElement((DOMSource)obj[0]), requestorEntropy);
        if (cert != null) {
            token.setX509Certificate(cert, crypto);
        }
        if (token.getTokenType() == null) {
            if (sptt != null) {
                token.setTokenType(sptt);
            } else if (tokenType != null) {
                token.setTokenType(tokenType);
            }
        }
        return token;
    }
View Full Code Here
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
        Element rstDec = rst;
        String id = findID(rar, rur, rstDec);
        if (StringUtils.isEmpty(id)) {
            throw new TrustException("NO_ID", LOG);
        }
        SecurityToken token = new SecurityToken(id, rstDec, lte);
        token.setAttachedReference(rar);
        token.setUnattachedReference(rur);
        token.setIssuerAddress(location);
        token.setTokenType(tt);

        byte[] secret = null;

        if (rpt != null) {
            Element child = DOMUtils.getFirstElement(rpt);
            QName childQname = DOMUtils.getElementQName(child);
            if (childQname.equals(new QName(namespace, "BinarySecret"))) {
                // First check for the binary secret
                String b64Secret = DOMUtils.getContent(child);
                secret = Base64.decode(b64Secret);
            } else if (childQname.equals(new QName(namespace, WSConstants.ENC_KEY_LN))) {
                try {

                    EncryptedKeyProcessor processor = new EncryptedKeyProcessor();

                    processor.handleToken(child, null, createCrypto(true), createHandler(), null,
                                          new Vector(), null);

                    secret = processor.getDecryptedBytes();
                } catch (IOException e) {
                    throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
                }
            } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
                // Handle the computed key
                Element binSecElem = entropy == null ? null : DOMUtils.getFirstElement(entropy);
                String content = binSecElem == null ? null : DOMUtils.getContent(binSecElem);
                if (content != null && !StringUtils.isEmpty(content.trim())) {

                    byte[] serviceEntr = Base64.decode(content);

                    // Right now we only use PSHA1 as the computed key algo
                    P_SHA1 psha1 = new P_SHA1();

                    int length = (keySize > 0) ? keySize : 256;
                    if (algorithmSuite != null) {
                        length = (keySize > 0) ? keySize : algorithmSuite.getMaximumSymmetricKeyLength();
                    }
                    try {
                        secret = psha1.createKey(requestorEntropy, serviceEntr, 0, length / 8);
                    } catch (ConversationException e) {
                        throw new TrustException("DERIVED_KEY_ERROR", LOG, e);
                    }
                } else {
                    // Service entropy missing
                    throw new TrustException("NO_ENTROPY", LOG);
                }
            }
        } else if (requestorEntropy != null) {
            // Use requester entropy as the key
            secret = requestorEntropy;
        }
        token.setSecret(secret);

        return token;
    }
View Full Code Here
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
        Element issuedAssertion =
            this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
       
        String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
       
        SecurityToken issuedToken =
            new SecurityToken(assertionId, issuedAssertion, null);
       
        Properties cryptoProps = new Properties();
        URL url = ClassLoader.getSystemResource("META-INF/cxf/outsecurity.properties");
        cryptoProps.load(url.openStream());
        Crypto crypto = CryptoFactory.getInstance(cryptoProps);
        String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
        issuedToken.setX509Certificate(crypto.getCertificates(alias)[0], crypto);
       
        msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
                issuedToken.getId());
        msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
       
        TokenStore tokenStore = new MemoryTokenStore();
        msg.getExchange().get(Endpoint.class).getEndpointInfo()
            .setProperty(TokenStore.class.getName(), tokenStore);
        tokenStore.add(issuedToken);
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
                if (utBuilder != null) {
                    utBuilder.prepare(saaj.getSOAPPart());
                    utBuilder.appendToHeader(secHeader);
                }
            } else if (token instanceof IssuedToken) {
                SecurityToken secTok = getSecurityToken();
               
                SPConstants.IncludeTokenType inclusion = token.getInclusion();
               
                if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
                    || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
                        || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
                        && isRequestor())) {
                 
                    //Add the token
                    addEncyptedKeyElement(cloneElement(secTok.getToken()));
                }
            } else {
                //REVISIT - not supported for signed.  Exception?
            }
        }
View Full Code Here
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
                                          TokenWrapper wrapper,
                                          SecurityToken securityTok) throws Exception {
        Document doc = saaj.getSOAPPart();
       
        //Get the issued token
        SecurityToken secTok = securityTok;
        if (secTok == null) {
            secTok = getSecurityToken();
        }
  
        SPConstants.IncludeTokenType inclusion = token.getInclusion();
        boolean tokenIncluded = false;
       
        Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
        if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
            || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
                || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
                && isRequestor())) {
         
            //Add the token
            Element el = cloneElement(secTok.getToken());
            if (securityTok != null) {
                //do we need to sign this as well?
                //String id = addWsuIdToElement(el);
                //sigParts.add(new WSEncryptionPart(id));                         
            }
           
            addEncyptedKeyElement(el);
            tokenIncluded = true;
        }
       
        if (timestampEl != null) {
            sigParts.add(new WSEncryptionPart(timestampEl.getId()));                         
        }
       
        if (signdParts != null) {
            if (signdParts.isBody()) {
                sigParts.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
            }
            if (secTok.getX509Certificate() != null
                || securityTok != null) {
                //the "getX509Certificate" this is to workaround an issue in WCF
                //In WCF, for TransportBinding, in most cases, it doesn't wan't any of
                //the headers signed even if the policy sais so.   HOWEVER, for KeyValue
                //IssuedTokends, it DOES want them signed
                for (Header header : signdParts.getHeaders()) {
                    WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
                            header.getNamespace(),
                            "Content");
                    sigParts.add(wep);
                }
            }
        }
       
        //check for derived keys
        AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
        if (token.isDerivedKeys()) {
            //Do Signature with derived keys
            WSSecDKSign dkSign = new WSSecDKSign();
         
            //Setting the AttachedReference or the UnattachedReference according to the flag
            Element ref;
            if (tokenIncluded) {
                ref = secTok.getAttachedReference();
            } else {
                ref = secTok.getUnattachedReference();
            }
         
            if (ref != null) {
                dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
            } else {
                dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
            }
         
            //    Set the algo info
            dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
            dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
            if (token.getSPConstants() == SP12Constants.INSTANCE) {
                dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
            }
            dkSign.prepare(doc, secHeader);
         
            addDerivedKeyElement(dkSign.getdktElement());
         
            dkSign.setParts(sigParts);
            dkSign.addReferencesToSign(sigParts, secHeader);
         
            //Do signature
            dkSign.computeSignature();
         
            dkSign.appendSigToHeader(secHeader);
         
            return dkSign.getSignatureValue();
        } else {
            WSSecSignature sig = new WSSecSignature();
            if (secTok.getTokenType() == null) {
                sig.setCustomTokenId(secTok.getId());
                sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            } else {
                String id = secTok.getWsuId();
                if (id == null) {
                    sig.setCustomTokenId(secTok.getId());
                    sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
                } else {
                    sig.setCustomTokenId(secTok.getWsuId());
                    sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
                }
                String tokenType = secTok.getTokenType();
                if (WSS_SAML_TOKEN_TYPE.equals(tokenType)) {
                    sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                } else if (WSS_SAML2_TOKEN_TYPE.equals(tokenType)) {
                    sig.setCustomTokenValueType(WSS_SAML2_KI_VALUE_TYPE);
                } else {
                    sig.setCustomTokenValueType(tokenType);
                }
                sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
            }
            Crypto crypto = null;
            if (secTok.getSecret() == null) {
                sig.setX509Certificate(secTok.getX509Certificate());
               
                crypto = secTok.getCrypto();
                String uname = crypto.getKeyStore().getCertificateAlias(secTok.getX509Certificate());
                String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
                if (password == null) {
                    password = "";
                }
                sig.setUserInfo(uname, password);
                sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
            } else {
                crypto = getSignatureCrypto(wrapper);
                sig.setSecretKey(secTok.getSecret());
                sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
            }
            sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());

            sig.prepare(doc, crypto, secHeader);
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
            }
            boolean attached = false;
            if (initiatorWrapper != null) {
                Token initiatorToken = initiatorWrapper.getToken();
                if (initiatorToken instanceof IssuedToken) {
                    SecurityToken secToken = getSecurityToken();
                    if (secToken == null) {
                        policyNotAsserted(initiatorToken, "Security token is not found or expired");
                        return;
                    } else {
                        policyAsserted(initiatorToken);
                       
                        if (includeToken(initiatorToken.getInclusion())) {
                            Element el = secToken.getToken();
                            this.addEncryptedKeyElement(cloneElement(el));
                            attached = true;
                        }
                    }
                } else if (initiatorToken instanceof SamlToken) {
View Full Code Here
TOP

Related Classes of org.apache.cxf.ws.security.tokenstore.SecurityToken

  • org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction
  • org.apache.cxf.fediz.service.idp.beans.STSClientAction
  • org.apache.cxf.fediz.service.idp.beans.ValidateTokenAction
  • org.apache.cxf.fediz.service.idp.beans.WfreshParser
  • org.apache.cxf.fediz.service.idp.IdpServlet
  • org.apache.cxf.fediz.service.idp.STSAuthenticationProvider
  • org.apache.cxf.fediz.sts.realms.ITCrossRealmTest
  • org.apache.cxf.staxutils.W3CDOMStreamWriter
  • org.apache.cxf.sts.cache.CacheUtils
  • org.apache.cxf.sts.cache.DefaultInMemoryTokenStore
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.