Package com.sun.xml.ws.security.trust

Examples of com.sun.xml.ws.security.trust.WSTrustElementFactory


    }

    @SuppressWarnings("UnusedAssignment")
    public void isValideToken(IssuedTokenContext ctx) throws WSTrustException {
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
       
        // Get the token to be validated
        Token token = ctx.getTarget();
       
        // Validate the token and create the Status
        // Only for SAML tokens for now: verify the signature and check
        // the time stamp
        Element element = eleFac.toElement(token.getTokenValue());
       
        String code = wstVer.getValidStatusCodeURI();
        String reason = "The Trust service successfully validate the input";
       
        // Check if it is an SAML assertion
        if (!isSAMLAssertion(element)){
            code = wstVer.getInvalidStatusCodeURI();
            reason = "The Trust service did not successfully validate the input";
        }
       
        //==============================
        // validate the SAML asserttion
        //==============================
       
        // Get the STS's certificate and private key
        final X509Certificate stsCert = (X509Certificate)ctx.getOtherProperties().get(IssuedTokenContext.STS_CERTIFICATE);
      
       try{
            boolean isValid = true;

            // Verify the signature of the SAML assertion
            isValid = SAMLUtil.verifySignature(element, stsCert.getPublicKey());
       
            // validate time in Conditions
            isValid = SAMLUtil.validateTimeInConditionsStatement(element);
          
            if (!isValid){
                 code = wstVer.getInvalidStatusCodeURI();
                 reason = "The Trust service did not successfully validate the input";
            }
        }catch (XWSSecurityException ex){
            throw new WSTrustException(ex.getMessage());
        }
       
        // Create the Status
        Status status = eleFac.createStatus(code, reason);
       
        // Get TokenType
        String tokenType = ctx.getTokenType();
        if (!wstVer.getValidateStatuesTokenType().equals(tokenType)){
            // Todo: create a token of the required type
View Full Code Here


      
       return eleFac.createSecurityContextToken(idURI, wsuInstance, wsuId);
   }
  
   public static SecurityTokenReference createSecurityTokenReference(final String id, final String valueType){
       WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
       final KeyIdentifier ref = eleFac.createKeyIdentifier(valueType, null);
        ref.setValue(id);
        return eleFac.createSecurityTokenReference(ref);
    }
View Full Code Here

      
       return eleFac.createSecurityContextToken(idURI, wsuInstance, wsuId);
   }
  
   public static SecurityTokenReference createSecurityTokenReference(final String id, final String valueType){
       WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
       final KeyIdentifier ref = eleFac.createKeyIdentifier(valueType, null);
        ref.setValue(id);
        return eleFac.createSecurityTokenReference(ref);
    }
View Full Code Here

    public Source invoke(final Source rstElement){
        final STSConfiguration config = getConfiguration();
        Source rstrEle = null;
        try{
            // Get RequestSecurityToken
            final WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
            final RequestSecurityToken rst = parseRST(rstElement, config);
           
            String appliesTo = null;
            final AppliesTo applTo = rst.getAppliesTo();
            if(applTo != null){
View Full Code Here

                ele = (Element)node;
            }
        }catch(Exception xe){
            throw new WSTrustException("Error occurred while trying to parse RST stream", xe);
        }
        WSTrustElementFactory fact = WSTrustElementFactory.newInstance(wstVer);
        RequestSecurityToken rst = fact.createRSTFrom(ele);

        // handling SAML assertion in RST; assume there is one one
        // in it fro OnBehalfOf, ActAs or ValidateTarget.
        NodeList list = ele.getElementsByTagNameNS("*", "Assertion");
        if (list.getLength() > 0){
View Full Code Here

    }

    @SuppressWarnings("UnusedAssignment")
    public void isValideToken(IssuedTokenContext ctx) throws WSTrustException {
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);
       
        // Get the token to be validated
        Token token = ctx.getTarget();
       
        // Validate the token and create the Status
        // Only for SAML tokens for now: verify the signature and check
        // the time stamp
        Element element = eleFac.toElement(token.getTokenValue());
       
        String code = wstVer.getValidStatusCodeURI();
        String reason = "The Trust service successfully validate the input";
       
        // Check if it is an SAML assertion
        if (!isSAMLAssertion(element)){
            code = wstVer.getInvalidStatusCodeURI();
            reason = "The Trust service did not successfully validate the input";
        }
       
        //==============================
        // validate the SAML asserttion
        //==============================
       
        // Get the STS's certificate and private key
        final X509Certificate stsCert = (X509Certificate)ctx.getOtherProperties().get(IssuedTokenContext.STS_CERTIFICATE);
      
       try{
            boolean isValid = true;

            // Verify the signature of the SAML assertion
            isValid = SAMLUtil.verifySignature(element, stsCert.getPublicKey());
       
            // validate time in Conditions
            isValid = SAMLUtil.validateTimeInConditionsStatement(element);
          
            if (!isValid){
                 code = wstVer.getInvalidStatusCodeURI();
                 reason = "The Trust service did not successfully validate the input";
            }
        }catch (XWSSecurityException ex){
            throw new WSTrustException(ex.getMessage());
        }
       
        // Create the Status
        Status status = eleFac.createStatus(code, reason);
       
        // Get TokenType
        String tokenType = ctx.getTokenType();
        if (!wstVer.getValidateStatuesTokenType().equals(tokenType)){
            // Todo: create a token of the required type
View Full Code Here

        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        jaxbContext = WSTrustElementFactory.getContext(wsTrustVer);       
         try {
           marshaller = jaxbContext.createMarshaller();
           unmarshaller = jaxbContext.createUnmarshaller();
        } catch (JAXBException ex){
           log.log(Level.SEVERE,"WSSC0016.problem.mar.unmar", ex);
          throw new RuntimeException("Problem creating JAXB Marshaller/Unmarshaller", ex);
        }
       
        final Message request = Messages.create(marshaller, eleFac.toJAXBElement(rst), sctConfig.getWSBinding().getSOAPVersion());   
       
        // Log Request created
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE,
                    LogStringsMessages.WSSC_1009_SEND_REQ_MESSAGE(printMessageAsString(request)));
        }
        Packet reqPacket = new Packet(request);
        if (sctConfig.getSCToken() != null){
            reqPacket.invocationProperties.put(SC_ASSERTION, sctConfig.getSCToken());
        }
        if (sctConfig.getPacket() != null){
            for(WSTrustConstants.STS_PROPERTIES stsProperty : WSTrustConstants.STS_PROPERTIES.values()) {
                reqPacket.invocationProperties.put(stsProperty.toString(),sctConfig.getPacket().invocationProperties.get(stsProperty.toString()));
            }
        }
       
        //reqPacket.setEndPointAddressString(endPointAddress);
        reqPacket.endpointAddress = packet.endpointAddress;
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE,
                    LogStringsMessages.WSSC_1008_SET_EP_ADDRESS(endPointAddress));
        }
       
        // Add addressing headers to the message
        try{
            reqPacket = addAddressingHeaders(reqPacket, sctConfig.getWSDLPort(), sctConfig.getWSBinding(), action, sctConfig.getAddressingVersion());
        }catch (WSSecureConversationException ex){
            log.log(Level.SEVERE,
                    LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), ex);
            throw new RuntimeException(LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), ex);
        }
       
        // Ideally this property for enabling FI or not should be available to the pipeline.
        // As a workaround for now, we
        // copy the property for the client packet to the reqPacket mananually here.
        if (sctConfig.getPacket() != null){
            reqPacket.contentNegotiation = sctConfig.getPacket().contentNegotiation;
        }
       
        copyStandardSecurityProperties(sctConfig.getPacket(),reqPacket);
       
        // Send the message
        Packet respPacket = null;
        if(sctConfig.getClientTube() != null){           
            reqPacket = ((SecurityClientTube)sctConfig.getClientTube()).processClientRequestPacket(reqPacket);
            Tube tubeline = sctConfig.getNextTube();           
            Fiber fiber = getFiberEngine().createFiber();
            respPacket = fiber.runSync(tubeline, reqPacket);
            respPacket = ((SecurityClientTube)sctConfig.getClientTube()).processClientResponsePacket(respPacket);           
        }else{
            WSITClientAuthContext wsitAuthCtx = (WSITClientAuthContext)sctConfig.getOtherOptions().get(MessageConstants.WSIT_CLIENT_AUTHCONTEXT);
            if (wsitAuthCtx != null){
                try{
                    respPacket = wsitAuthCtx.secureRequest(reqPacket, null, true);
                } catch (XWSSecurityException e) {
                    throw new RuntimeException( e);
                }
            }
        }
       
        // Obtain the RequestSecurtyTokenResponse
        final Message response = respPacket.getMessage();
        BaseSTSResponse rstr = null;
        if (!response.isFault()){
            JAXBElement rstrEle = null;
            try {
                rstrEle = (JAXBElement)response.readPayloadAsJAXB(unmarshaller);
            }catch (JAXBException ex){
                log.log(Level.SEVERE,
                        LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), ex);
                throw new RuntimeException(LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), ex);
            }
            if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13.getNamespaceURI())){

                try {
                    rstr = eleFac.createRSTRCollectionFrom(rstrEle);
                } catch (Exception e) {
                    rstr = eleFac.createRSTRFrom(rstrEle);
                }
  
            }else{
                rstr = eleFac.createRSTRFrom(rstrEle);
            }
        } else {
            try{
                //SOAPFaultBuilder builder = SOAPFaultBuilder.create(response);
                //throw (SOAPFaultException)builder.createException(null, response);
View Full Code Here

        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        final URI tokenType = URI.create(wsscVer.getSCTTokenTypeURI());
        final URI requestType = URI.create(wsTrustVer.getIssueRequestTypeURI());
        final SecureRandom random = new SecureRandom();
        final byte[] rawValue = new byte[skl/8];
        random.nextBytes(rawValue);
        final BinarySecret secret = eleFac.createBinarySecret(rawValue, wsTrustVer.getNonceBinarySecretTypeURI());
        final Entropy entropy = reqClientEntropy?eleFac.createEntropy(secret):null;
        Lifetime lifetime = null;
        if(sctConfig.getSCTokenTimeout() > 0){
            // Create Lifetime
            long currentTime = WSTrustUtil.getCurrentTimeWithOffset();
            lifetime = WSTrustUtil.createLifetime(currentTime, sctConfig.getSCTokenTimeout(), wsTrustVer);
        }
        RequestSecurityToken rst = null;
        try {
            rst = eleFac.createRSTForIssue(tokenType, requestType, null, null, null, entropy, lifetime);
            rst.setKeySize(skl);
            rst.setKeyType(URI.create(wsTrustVer.getSymmetricKeyTypeURI()));
            rst.setComputedKeyAlgorithm(URI.create(wsTrustVer.getCKPSHA1algorithmURI()));           
        } catch (WSTrustException ex){
            throw new WSSecureConversationException(ex);
View Full Code Here

        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        final URI tokenType = URI.create(wsscVer.getSCTTokenTypeURI());               
        final URI requestType = URI.create(wsTrustVer.getRenewRequestTypeURI());  
        final SecureRandom random = new SecureRandom();
        final byte[] rawValue = new byte[skl/8];
        random.nextBytes(rawValue);
        final BinarySecret secret = eleFac.createBinarySecret(rawValue, wsTrustVer.getNonceBinarySecretTypeURI());
        final Entropy entropy = reqClientEntropy?eleFac.createEntropy(secret):null;
        final RenewTarget target = eleFac.createRenewTarget((SecurityTokenReference)itc.getUnAttachedSecurityTokenReference());
       
        RequestSecurityToken rst = null;
        try {
            rst = eleFac.createRSTForRenew(tokenType, requestType, null, target, null, null);
            rst.setEntropy(entropy);
            rst.setKeySize(skl);
            rst.setKeyType(URI.create(wsTrustVer.getSymmetricKeyTypeURI()));
            rst.setComputedKeyAlgorithm(URI.create(wsTrustVer.getCKPSHA1algorithmURI()));
        } catch (WSTrustException ex){
View Full Code Here

        if(wsscVer.getNamespaceURI().equals(WSSCVersion.WSSC_13_NS_URI)){           
            wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }else{
            wsTrustVer = WSTrustVersion.WS_TRUST_10;
        }
        WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wsTrustVer);
        URI requestType = URI.create(wsTrustVer.getCancelRequestTypeURI());
       
        final CancelTarget target = eleFac.createCancelTarget((SecurityTokenReference)ctx.getUnAttachedSecurityTokenReference());
        final RequestSecurityToken rst = eleFac.createRSTForCancel(requestType, target);
       
        if(log.isLoggable(Level.FINE)){
            log.log(Level.FINE, LogStringsMessages.WSSC_1015_CREATED_SCT_RST_CANCEL(WSTrustUtil.elemToString(rst, wsTrustVer)));
        }
       
View Full Code Here

TOP

Related Classes of com.sun.xml.ws.security.trust.WSTrustElementFactory

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.