Package com.sun.xml.ws.security.trust

Examples of com.sun.xml.ws.security.trust.WSTrustElementFactory

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    }

    @SuppressWarnings("UnusedAssignment")
    public void isValideToken(IssuedTokenContext ctx) throws WSTrustException {
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
       
        // Get the token to be validated
        Token token = ctx.getTarget();
       
        // Validate the token and create the Status
        // Only for SAML tokens for now: verify the signature and check
        // the time stamp
        Element element = eleFac.toElement(token.getTokenValue());
       
        String code = wstVer.getValidStatusCodeURI();
        String reason = "The Trust service successfully validate the input";
       
        // Check if it is an SAML assertion
        if (!isSAMLAssertion(element)){
            code = wstVer.getInvalidStatusCodeURI();
            reason = "The Trust service did not successfully validate the input";
        }
       
        //==============================
        // validate the SAML asserttion
        //==============================
       
        // Get the STS's certificate and private key
        final X509Certificate stsCert = (X509Certificate)ctx.getOtherProperties().get(IssuedTokenContext.STS_CERTIFICATE);
      
       try{
            boolean isValid = true;

            // Verify the signature of the SAML assertion
            isValid = SAMLUtil.verifySignature(element, stsCert.getPublicKey());
       
            // validate time in Conditions
            isValid = SAMLUtil.validateTimeInConditionsStatement(element);
          
            if (!isValid){
                 code = wstVer.getInvalidStatusCodeURI();
                 reason = "The Trust service did not successfully validate the input";
            }
        }catch (XWSSecurityException ex){
            throw new WSTrustException(ex.getMessage());
        }
       
        // Create the Status
        Status status = eleFac.createStatus(code, reason);
       
        // Get TokenType
        String tokenType = ctx.getTokenType();
        if (!wstVer.getValidateStatuesTokenType().equals(tokenType)){
            // Todo: create a token of the required type
View Full Code Here
216
217
218
219
220
221
222
223
224
225
      
       return eleFac.createSecurityContextToken(idURI, wsuInstance, wsuId);
   }
  
   public static SecurityTokenReference createSecurityTokenReference(final String id, final String valueType){
       WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
       final KeyIdentifier ref = eleFac.createKeyIdentifier(valueType, null);
        ref.setValue(id);
        return eleFac.createSecurityTokenReference(ref);
    }
View Full Code Here
216
217
218
219
220
221
222
223
224
225
      
       return eleFac.createSecurityContextToken(idURI, wsuInstance, wsuId);
   }
  
   public static SecurityTokenReference createSecurityTokenReference(final String id, final String valueType){
       WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
       final KeyIdentifier ref = eleFac.createKeyIdentifier(valueType, null);
        ref.setValue(id);
        return eleFac.createSecurityTokenReference(ref);
    }
View Full Code Here
182
183
184
185
186
187
188
189
190
191
192
    public Source invoke(final Source rstElement){
        final STSConfiguration config = getConfiguration();
        Source rstrEle = null;
        try{
            // Get RequestSecurityToken
            final WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
            final RequestSecurityToken rst = parseRST(rstElement, config);
           
            String appliesTo = null;
            final AppliesTo applTo = rst.getAppliesTo();
            if(applTo != null){
View Full Code Here
393
394
395
396
397
398
399
400
401
402
403
404
                ele = (Element)node;
            }
        }catch(Exception xe){
            throw new WSTrustException("Error occurred while trying to parse RST stream", xe);
        }
        WSTrustElementFactory fact = WSTrustElementFactory.newInstance(wstVer);
        RequestSecurityToken rst = fact.createRSTFrom(ele);

        // handling SAML assertion in RST; assume there is one one
        // in it fro OnBehalfOf, ActAs or ValidateTarget.
        NodeList list = ele.getElementsByTagNameNS("*", "Assertion");
        if (list.getLength() > 0){
View Full Code Here
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    }

    @SuppressWarnings("UnusedAssignment")
    public void isValideToken(IssuedTokenContext ctx) throws WSTrustException {
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
       
        // Get the token to be validated
        Token token = ctx.getTarget();
       
        // Validate the token and create the Status
        // Only for SAML tokens for now: verify the signature and check
        // the time stamp
        Element element = eleFac.toElement(token.getTokenValue());
       
        String code = wstVer.getValidStatusCodeURI();
        String reason = "The Trust service successfully validate the input";
       
        // Check if it is an SAML assertion
        if (!isSAMLAssertion(element)){
            code = wstVer.getInvalidStatusCodeURI();
            reason = "The Trust service did not successfully validate the input";
        }
       
        //==============================
        // validate the SAML asserttion
        //==============================
       
        // Get the STS's certificate and private key
        final X509Certificate stsCert = (X509Certificate)ctx.getOtherProperties().get(IssuedTokenContext.STS_CERTIFICATE);
      
       try{
            boolean isValid = true;

            // Verify the signature of the SAML assertion
            isValid = SAMLUtil.verifySignature(element, stsCert.getPublicKey());
       
            // validate time in Conditions
            isValid = SAMLUtil.validateTimeInConditionsStatement(element);
          
            if (!isValid){
                 code = wstVer.getInvalidStatusCodeURI();
                 reason = "The Trust service did not successfully validate the input";
            }
        }catch (XWSSecurityException ex){
            throw new WSTrustException(ex.getMessage());
        }
       
        // Create the Status
        Status status = eleFac.createStatus(code, reason);
       
        // Get TokenType
        String tokenType = ctx.getTokenType();
        if (!wstVer.getValidateStatuesTokenType().equals(tokenType)){
            // Todo: create a token of the required type
View Full Code Here
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        jaxbContext = WSTrustElementFactory.getContext(wsTrustVer);       
         try {
           marshaller = jaxbContext.createMarshaller();
           unmarshaller = jaxbContext.createUnmarshaller();
        } catch (JAXBException ex){
           log.log(Level.SEVERE,"WSSC0016.problem.mar.unmar", ex);
          throw new RuntimeException("Problem creating JAXB Marshaller/Unmarshaller", ex);
        }
       
        final Message request = Messages.create(marshaller, eleFac.toJAXBElement(rst), sctConfig.getWSBinding().getSOAPVersion());   
       
        // Log Request created
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE,
                    LogStringsMessages.WSSC_1009_SEND_REQ_MESSAGE(printMessageAsString(request)));
        }
        Packet reqPacket = new Packet(request);
        if (sctConfig.getSCToken() != null){
            reqPacket.invocationProperties.put(SC_ASSERTION, sctConfig.getSCToken());
        }
        if (sctConfig.getPacket() != null){
            for(WSTrustConstants.STS_PROPERTIES stsProperty : WSTrustConstants.STS_PROPERTIES.values()) {
                reqPacket.invocationProperties.put(stsProperty.toString(),sctConfig.getPacket().invocationProperties.get(stsProperty.toString()));
            }
        }
       
        //reqPacket.setEndPointAddressString(endPointAddress);
        reqPacket.endpointAddress = packet.endpointAddress;
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE,
                    LogStringsMessages.WSSC_1008_SET_EP_ADDRESS(endPointAddress));
        }
       
        // Add addressing headers to the message
        try{
            reqPacket = addAddressingHeaders(reqPacket, sctConfig.getWSDLPort(), sctConfig.getWSBinding(), action, sctConfig.getAddressingVersion());
        }catch (WSSecureConversationException ex){
            log.log(Level.SEVERE,
                    LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), ex);
            throw new RuntimeException(LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), ex);
        }
       
        // Ideally this property for enabling FI or not should be available to the pipeline.
        // As a workaround for now, we
        // copy the property for the client packet to the reqPacket mananually here.
        if (sctConfig.getPacket() != null){
            reqPacket.contentNegotiation = sctConfig.getPacket().contentNegotiation;
        }
       
        copyStandardSecurityProperties(sctConfig.getPacket(),reqPacket);
       
        // Send the message
        Packet respPacket = null;
        if(sctConfig.getClientTube() != null){           
            reqPacket = ((SecurityClientTube)sctConfig.getClientTube()).processClientRequestPacket(reqPacket);
            Tube tubeline = sctConfig.getNextTube();           
            Fiber fiber = getFiberEngine().createFiber();
            respPacket = fiber.runSync(tubeline, reqPacket);
            respPacket = ((SecurityClientTube)sctConfig.getClientTube()).processClientResponsePacket(respPacket);           
        }else{
            WSITClientAuthContext wsitAuthCtx = (WSITClientAuthContext)sctConfig.getOtherOptions().get(MessageConstants.WSIT_CLIENT_AUTHCONTEXT);
            if (wsitAuthCtx != null){
                try{
                    respPacket = wsitAuthCtx.secureRequest(reqPacket, null, true);
                } catch (XWSSecurityException e) {
                    throw new RuntimeException( e);
                }
            }
        }
       
        // Obtain the RequestSecurtyTokenResponse
        final Message response = respPacket.getMessage();
        BaseSTSResponse rstr = null;
        if (!response.isFault()){
            JAXBElement rstrEle = null;
            try {
                rstrEle = (JAXBElement)response.readPayloadAsJAXB(unmarshaller);
            }catch (JAXBException ex){
                log.log(Level.SEVERE,
                        LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), ex);
                throw new RuntimeException(LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), ex);
            }
            if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13.getNamespaceURI())){

                try {
                    rstr = eleFac.createRSTRCollectionFrom(rstrEle);
                } catch (Exception e) {
                    rstr = eleFac.createRSTRFrom(rstrEle);
                }
  
            }else{
                rstr = eleFac.createRSTRFrom(rstrEle);
            }
        } else {
            try{
                //SOAPFaultBuilder builder = SOAPFaultBuilder.create(response);
                //throw (SOAPFaultException)builder.createException(null, response);
View Full Code Here
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        final URI tokenType = URI.create(wsscVer.getSCTTokenTypeURI());
        final URI requestType = URI.create(wsTrustVer.getIssueRequestTypeURI());
        final SecureRandom random = new SecureRandom();
        final byte[] rawValue = new byte[skl/8];
        random.nextBytes(rawValue);
        final BinarySecret secret = eleFac.createBinarySecret(rawValue, wsTrustVer.getNonceBinarySecretTypeURI());
        final Entropy entropy = reqClientEntropy?eleFac.createEntropy(secret):null;
        Lifetime lifetime = null;
        if(sctConfig.getSCTokenTimeout() > 0){
            // Create Lifetime
            long currentTime = WSTrustUtil.getCurrentTimeWithOffset();
            lifetime = WSTrustUtil.createLifetime(currentTime, sctConfig.getSCTokenTimeout(), wsTrustVer);
        }
        RequestSecurityToken rst = null;
        try {
            rst = eleFac.createRSTForIssue(tokenType, requestType, null, null, null, entropy, lifetime);
            rst.setKeySize(skl);
            rst.setKeyType(URI.create(wsTrustVer.getSymmetricKeyTypeURI()));
            rst.setComputedKeyAlgorithm(URI.create(wsTrustVer.getCKPSHA1algorithmURI()));           
        } catch (WSTrustException ex){
            throw new WSSecureConversationException(ex);
View Full Code Here
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        final URI tokenType = URI.create(wsscVer.getSCTTokenTypeURI());               
        final URI requestType = URI.create(wsTrustVer.getRenewRequestTypeURI());  
        final SecureRandom random = new SecureRandom();
        final byte[] rawValue = new byte[skl/8];
        random.nextBytes(rawValue);
        final BinarySecret secret = eleFac.createBinarySecret(rawValue, wsTrustVer.getNonceBinarySecretTypeURI());
        final Entropy entropy = reqClientEntropy?eleFac.createEntropy(secret):null;
        final RenewTarget target = eleFac.createRenewTarget((SecurityTokenReference)itc.getUnAttachedSecurityTokenReference());
       
        RequestSecurityToken rst = null;
        try {
            rst = eleFac.createRSTForRenew(tokenType, requestType, null, target, null, null);
            rst.setEntropy(entropy);
            rst.setKeySize(skl);
            rst.setKeyType(URI.create(wsTrustVer.getSymmetricKeyTypeURI()));
            rst.setComputedKeyAlgorithm(URI.create(wsTrustVer.getCKPSHA1algorithmURI()));
        } catch (WSTrustException ex){
View Full Code Here
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){           
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        URI requestType = URI.create(wsTrustVer.getCancelRequestTypeURI());
       
        final CancelTarget target = eleFac.createCancelTarget((SecurityTokenReference)ctx.getUnAttachedSecurityTokenReference());
        final RequestSecurityToken rst = eleFac.createRSTForCancel(requestType, target);
       
        if(log.isLoggable(Level.FINE)){
            log.log(Level.FINE, LogStringsMessages.WSSC_1015_CREATED_SCT_RST_CANCEL(WSTrustUtil.elemToString(rst, wsTrustVer)));
        }
       
View Full Code Here
TOP

Related Classes of com.sun.xml.ws.security.trust.WSTrustElementFactory

  • com.sun.xml.ws.security.secconv.WSSCPlugin
  • com.sun.xml.ws.security.trust.impl.DefaultSAMLTokenProvider
  • com.sun.xml.ws.security.trust.sts.BaseSTSImpl
  • com.sun.xml.ws.security.trust.util.WSTrustUtil
  • com.sun.xml.wss.jaxws.impl.SecurityServerTube
  • com.sun.xml.wss.provider.wsit.WSITServerAuthContext
  • javax.xml.parsers.DocumentBuilderFactory
  • javax.xml.parsers.DocumentBuilder
  • org.w3c.dom.Document
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.