Package com.sun.xml.ws.security.opt.api.keyinfo

Examples of com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
     * @throws com.sun.xml.wss.XWSSecurityException
     */
    @SuppressWarnings("unchecked")
    @Override
    public BuilderResult process() throws XWSSecurityException {
        BuilderResult result = new BuilderResult();
        String assertionId;
       
        SecurityHeaderElement she = null;
       
        Element samlAssertion = keyBinding.getAssertion();
        if (samlAssertion == null) {
             reader = keyBinding.getAssertionReader();
            if (reader != null) {
                try {
                    reader.next(); //start document , so move to next event
                    id = reader.getAttributeValue(null, "AssertionID");
                    if (id == null) {
                        id = reader.getAttributeValue(null, "ID");
                    }
                    //version = reader.getAttributeValue(null, "Version");
                    buffer = new MutableXMLStreamBuffer();
                    StreamWriterBufferCreator bCreator = new StreamWriterBufferCreator(buffer);
                    XMLStreamWriter writer_tmp = (XMLStreamWriter) bCreator;
                    while (!(XMLStreamReader.END_DOCUMENT == reader.getEventType())) {
                        com.sun.xml.ws.security.opt.impl.util.StreamUtil.writeCurrentEvent(reader, writer_tmp);
                        reader.next();
                    }
                } catch (XMLStreamException ex) {
                   throw new XWSSecurityException(ex);
                }
            }
        }

        if (samlAssertion != null) {
            she = new GSHeaderElement(samlAssertion);
        }else if (reader != null) {
            she = new GSHeaderElement(buffer);
            she.setId(id)// set the ID again to bring it to top           
        }
        JAXBEncryptedKey ek;
        String asID;
        String idVal = "";
        String keyEncAlgo = XMLCipher.RSA_v1dot5;       
        Key samlkey = null;
        if(samlAssertion != null){
            asID = samlAssertion.getAttributeNS(null,"AssertionID");
            if(she == null){
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1811_NULL_SAML_ASSERTION());
                throw new XWSSecurityException("SAML Assertion is NULL");
            }
            if(asID == null || asID.length() ==0){
                idVal = samlAssertion.getAttributeNS(null,"ID");
                she.setId(idVal);
            }else{
                she.setId(asID);
            }
        }else {
            if (she == null) {
                she = (SecurityHeaderElement) context.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
            }
            if (she == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1811_NULL_SAML_ASSERTION());
                throw new XWSSecurityException("SAML Assertion is NULL");
            }
            idVal = asID = she.getId();
        }
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, "SAML Assertion id:{0}", asID);
        }
       
        Key dataProtectionKey;
        if(forSign){
            PrivateKeyBinding privKBinding  = (PrivateKeyBinding)keyBinding.getKeyBinding();
            dataProtectionKey = privKBinding.getPrivateKey();
            if (dataProtectionKey == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1810_NULL_PRIVATEKEY_SAML());
                throw new XWSSecurityException("PrivateKey null inside PrivateKeyBinding set for SAML Policy ");
            }
           
            if(context.getSecurityHeader().getChildElement(she.getId()) == null){
                context.getSecurityHeader().add(she);
            }
           
        } else {
            SecurityHeaderElement assertion = (SecurityHeaderElement) context.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
            samlkey = ((SAMLAssertion) assertion).getKey();
            /*
            x509Cert = context.getSecurityEnvironment().getCertificate(
                    context.getExtraneousProperties() ,(PublicKey)key, false);
            if (x509Cert == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1812_MISSING_CERT_SAMLASSERTION());
                throw new XWSSecurityException("Could not locate Certificate corresponding to Key in SubjectConfirmation of SAML Assertion");
            }
            */
            if (!"".equals(keyBinding.getKeyAlgorithm())) {
                keyEncAlgo = keyBinding.getKeyAlgorithm();
            }
            String dataEncAlgo = SecurityUtil.getDataEncryptionAlgo(context);
            dataProtectionKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
        }
        Element authorityBinding = keyBinding.getAuthorityBinding();
        //assertionId = keyBinding.getAssertionId();
       
       
       
        String referenceType = keyBinding.getReferenceType();
        if (referenceType.equals(MessageConstants.EMBEDDED_REFERENCE_TYPE)) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1813_UNSUPPORTED_EMBEDDEDREFERENCETYPE_SAML());
            throw new XWSSecurityException("Embedded Reference Type for SAML Assertions not supported yet");
        }
       
        assertionId = she.getId();
       
        //todo reference different keyreference types.
        SecurityTokenReference samlSTR;
        if(authorityBinding == null){
            KeyIdentifier keyIdentifier = new KeyIdentifier(context.getSOAPVersion());
            keyIdentifier.setValue(assertionId);
            if(MessageConstants.SAML_v2_0_NS.equals(she.getNamespaceURI())){
                keyIdentifier.setValueType(MessageConstants.WSSE_SAML_v2_0_KEY_IDENTIFIER_VALUE_TYPE);
            } else{
                keyIdentifier.setValueType(MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE);
            }
            samlSTR = elementFactory.createSecurityTokenReference(keyIdentifier);
            if (idVal != null) {
                samlSTR.setTokenType(MessageConstants.WSSE_SAML_v2_0_TOKEN_TYPE);
            }else{
                samlSTR.setTokenType(MessageConstants.WSSE_SAML_v1_1_TOKEN_TYPE);
            }
            //((SecurityTokenReferenceType)samlSTR).getAny().add(authorityBinding);
            ((NamespaceContextEx)context.getNamespaceContext()).addWSS11NS();
            buildKeyInfo((SecurityTokenReference) samlSTR);
        } else{
            //TODO: handle authorityBinding != null
        }
       
       
        if(!forSign){
            HashMap ekCache = context.getEncryptedKeyCache();
            ek = (JAXBEncryptedKey)elementFactory.createEncryptedKey(context.generateID(),keyEncAlgo,super.keyInfo,samlkey,dataProtectionKey);
            context.getSecurityHeader().add(ek);
            String ekId = ek.getId();
            DirectReference dr = buildDirectReference(ekId,MessageConstants.EncryptedKey_NS);
            result.setKeyInfo(buildKeyInfo(dr,""));
        }else{
            result.setKeyInfo(super.keyInfo);
        }
       
        HashMap sentSamlKeys = (HashMap) context.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
        if(sentSamlKeys == null)
            sentSamlKeys = new HashMap();
        sentSamlKeys.put(assertionId, dataProtectionKey);
        context.setExtraneousProperty(MessageConstants.STORED_SAML_KEYS, sentSamlKeys);
       
        result.setDataProtectionKey(dataProtectionKey);
       
        return result;
    }
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
     * @return BuilderResult
     * @throws com.sun.xml.wss.XWSSecurityException
     */
    @SuppressWarnings("unchecked")
    public BuilderResult process() throws XWSSecurityException {
        BuilderResult itkbResult = new BuilderResult();
        byte[] proofKey = context.getTrustContext().getProofKey();
        Key dataProtectionKey = null;
        SecurityTokenReferenceType str = null;
        Key cacheKey = null;       
        //For Encryption proofKey will be null.
        if (proofKey == null) {
             KeyPair keyPair = context.getTrustContext().getProofKeyPair();
             if (keyPair == null){
                X509Certificate cert =
                        context.getTrustContext().getRequestorCertificate();
                if (cert == null){
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1823_KEY_PAIR_PROOF_KEY_NULL_ISSUEDTOKEN());
                    throw new XWSSecurityException(
                        "Proof Key and RSA KeyPair for Supporting token (KeyValueToken or RsaToken) are both null for Issued Token");
                }else{
                    dataProtectionKey = context.getSecurityEnvironment().getPrivateKey(context.getExtraneousProperties(), cert);
                    cacheKey = cert.getPublicKey();
                }
            }else{
                dataProtectionKey = keyPair.getPrivate();
                cacheKey = keyPair.getPublic();
            }
        }else{
            String secretKeyAlg = "AES";
            if (context.getAlgorithmSuite() != null) {
                secretKeyAlg = SecurityUtil.getSecretKeyAlgorithm(context.getAlgorithmSuite().getEncryptionAlgorithm());
            }
            //TODO: assuming proofkey is a byte array in case of Trust as well
            dataProtectionKey = new SecretKeySpec(proofKey, secretKeyAlg);
            cacheKey = dataProtectionKey;
            //SecurityUtil.updateSamlVsKeyCache(str, context, dataProtectionKey);
        }
       
        SecurityHeaderElement issuedTokenElement = null;
        GenericToken issuedToken = (GenericToken)context.getTrustContext().getSecurityToken();
        if(issuedToken != null){
            issuedTokenElement = issuedToken.getElement();
            if(issuedTokenElement == null){
                Element element = (Element)issuedToken.getTokenValue();
                issuedTokenElement = new GSHeaderElement(element);
                issuedTokenElement.setId(issuedToken.getId());
                itkbResult.setDPTokenId(issuedToken.getId());
            }
            String tokId = issuedTokenElement.getId();
            if ("".equals(tokId) &&  MessageConstants.ENCRYPTED_DATA_LNAME.equals(issuedTokenElement.getLocalPart())) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1808_ID_NOTSET_ENCRYPTED_ISSUEDTOKEN());
                throw new XWSSecurityException("ID attribute not set");
            }
            context.getTokenCache().put(ikb.getUUID(), issuedTokenElement);
           
            HashMap sentSamlKeys = (HashMap) context.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
            if(sentSamlKeys == null){
                sentSamlKeys = new HashMap();
            }
            sentSamlKeys.put(tokId, dataProtectionKey);
            context.setExtraneousProperty(MessageConstants.STORED_SAML_KEYS, sentSamlKeys);
        }
        String itType = ikb.getIncludeToken();
        boolean includeToken = (ikb.INCLUDE_ALWAYS.equals(itType) ||
                                ikb.INCLUDE_ALWAYS_TO_RECIPIENT.equals(itType) ||
                                ikb.INCLUDE_ALWAYS_VER2.equals(itType) ||
                                ikb.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals(itType)
                                );
       
        if (includeToken) {
            str = (SecurityTokenReferenceType)context.getTrustContext().
                    getAttachedSecurityTokenReference();
        }else{
            str = (SecurityTokenReferenceType)context.getTrustContext().
                    getUnAttachedSecurityTokenReference();
        }
       
        if (issuedToken != null && includeToken) {
            if( context.getSecurityHeader().getChildElement(issuedTokenElement.getId()) == null){
                context.getSecurityHeader().add(issuedTokenElement);
            }
        }

        ((NamespaceContextEx)context.getNamespaceContext()).addWSS11NS();
        keyInfo = new KeyInfo();
        JAXBElement je = new com.sun.xml.ws.security.secext10.ObjectFactory().createSecurityTokenReference(str);
        List strList = Collections.singletonList(je);
        keyInfo.setContent(strList);
        if(str != null)
            SecurityUtil.updateSamlVsKeyCache(str, context, cacheKey);
        itkbResult.setDataProtectionKey(dataProtectionKey);
        itkbResult.setKeyInfo(keyInfo);
        return itkbResult;
    }
View Full Code Here
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
        String referenceType = binding.getReferenceType();
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, LogStringsMessages.WSS_1851_REFERENCETYPE_X_509_TOKEN(referenceType));
        }
        Key dataProtectionKey = null;
        BuilderResult result = new BuilderResult();
        KeyPair keyPair = (KeyPair)context.getExtraneousProperties().get("UseKey-RSAKeyPair");
        /*if(keyPair == null){
            KeyPairGenerator kpg;           
            try{
                kpg = KeyPairGenerator.getInstance("RSA");
                //RSAKeyGenParameterSpec rsaSpec = new RSAKeyGenParameterSpec(512, RSAKeyGenParameterSpec.F0);
                //kpg.initialize(rsaSpec);               
            }catch (NoSuchAlgorithmException ex){
                throw new XWSSecurityException("Unable to create key pairs in Security Layer for KeyValueToken/RsaToken policy", ex);
            }
            //catch (InvalidAlgorithmParameterException ex){
            //    throw new XWSSecurityException("Unable to create key pairs in Security Layer for KeyValueToken/RsaToken policy", ex);
            //}
            kpg.initialize(512);
            keyPair = kpg.generateKeyPair();
            if(keyPair == null){
                throw new XWSSecurityException("RSA keypair is not generated/set for supporting token (KeyValueToken or RsaToken).");
            }
        }*/
        if (keyPair != null){
            dataProtectionKey = keyPair.getPrivate();
            if (dataProtectionKey == null) {
                //log here
                throw new XWSSecurityException("PrivateKey null inside PrivateKeyBinding set for KeyValueToken/RsaToken Policy ");
            }
            buildKeyInfo(keyPair.getPublic());
            result.setDataProtectionKey(dataProtectionKey);
            result.setKeyInfo(keyInfo);
        }
        return result;
    }   
View Full Code Here
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
        String referenceType = binding.getReferenceType();
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, LogStringsMessages.WSS_1851_REFERENCETYPE_X_509_TOKEN(referenceType));
        }
        BuilderResult result = new BuilderResult();
        if (referenceType.equals("Direct")) {
            BinarySecurityToken bst = createBinarySecurityToken(binding, binding.getX509Certificate());
            if (bst == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY(), "creating binary security token failed");
                throw new XWSSecurityException(LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
            }
            DirectReference dr = buildDirectReference(bst.getId(), MessageConstants.X509v3_NS);
            buildKeyInfo(dr, binding.getSTRID());
        } else if (referenceType.equals("Identifier")) {
            BinarySecurityToken bst = createBinarySecurityToken(binding, binding.getX509Certificate());
            buildKeyInfoWithKI(binding, MessageConstants.X509SubjectKeyIdentifier_NS);
            try {
                if (binding.getSTRID() != null) {
                    SecurityElement bsToken = elementFactory.createBinarySecurityToken(null, binding.getX509Certificate().getEncoded());
                    SSEData data = new SSEData(bsToken, false, context.getNamespaceContext());
                    context.getSTRTransformCache().put(binding.getSTRID(), data);
                }
            } catch (CertificateEncodingException ce) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
            }
        } else if (referenceType.equals(MessageConstants.THUMB_PRINT_TYPE)) {
            BinarySecurityToken bst = createBinarySecurityToken(binding, binding.getX509Certificate());
            KeyIdentifier ki = buildKeyInfoWithKI(binding, MessageConstants.ThumbPrintIdentifier_NS);
            try {
                if (binding.getSTRID() != null) {
                    SecurityElement bsToken = elementFactory.createBinarySecurityToken(null, binding.getX509Certificate().getEncoded());
                    SSEData data = new SSEData(bsToken, false, context.getNamespaceContext());
                    context.getSTRTransformCache().put(binding.getSTRID(), data);
                }
            } catch (CertificateEncodingException ce) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
            }
        } else if (referenceType.equals(MessageConstants.X509_ISSUER_TYPE)) {
            BinarySecurityToken bst = createBinarySecurityToken(binding, binding.getX509Certificate());
            X509Certificate xCert = binding.getX509Certificate();
            X509IssuerSerial xis = elementFactory.createX509IssuerSerial(xCert.getIssuerDN().getName(), xCert.getSerialNumber());
            X509Data x509Data = elementFactory.createX509DataWithIssuerSerial(xis);
            buildKeyInfo(x509Data, binding.getSTRID());
            try {
                if (binding.getSTRID() != null) {
                    SecurityElement bsToken = elementFactory.createBinarySecurityToken(null, binding.getX509Certificate().getEncoded());
                    SSEData data = new SSEData(bsToken, false, context.getNamespaceContext());
                    context.getSTRTransformCache().put(binding.getSTRID(), data);
                }
            } catch (CertificateEncodingException ce) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), ce);
            }
        } else {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
            throw new XWSSecurityException(LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
        }
        result.setKeyInfo(keyInfo);
        return result;
    }
View Full Code Here
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
        if (untokenId == null || untokenId.equals("")) {
            untokenId = context.generateID();
        }
        SecurityUtil.checkIncludeTokenPolicyOpt(context, binding, untokenId);
        String referenceType = binding.getReferenceType();      
        BuilderResult result = new BuilderResult();
        if (MessageConstants.DIRECT_REFERENCE_TYPE.equals(referenceType)) {
            UsernameToken unToken = createUsernameToken(binding, binding.getUsernameToken());
            if (unToken == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1856_NULL_USERNAMETOKEN());
                throw new XWSSecurityException("Username Token is NULL");
            }
            DirectReference dr = buildDirectReference(unToken.getId(), MessageConstants.USERNAME_STR_REFERENCE_NS);
            buildKeyInfo(dr, binding.getSTRID());
        }               
        result.setKeyInfo(keyInfo);
        return result;   
    }
View Full Code Here
TOP

Related Classes of com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult

  • com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor
  • com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor
  • com.sun.xml.ws.security.opt.impl.enc.EncryptionProcessor
  • com.sun.xml.ws.security.opt.impl.enc.TokenProcessor
  • com.sun.xml.ws.security.opt.impl.keyinfo.DerivedKeyTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.IssuedTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.KeyValueTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.SamlTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.SCTBuilder
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.