Examples of org.apache.cxf.security.transport.TLSSessionInfo

Package org.apache.cxf.security.transport

Examples of org.apache.cxf.security.transport.TLSSessionInfo

org.apache.cxf.security.transport.TLSSessionInfo
An immutable struct that contains information about a negotiated TLS Session, including the (potentially negotiated) peer certificates as well as the currently effective TLS ciper suite.

            (String) request.getAttribute(SSL_CIPHER_SUITE_ATTRIBUTE);
        if (cipherSuite != null) {
            final java.security.cert.Certificate[] certs = 
                (java.security.cert.Certificate[]) request.getAttribute(SSL_PEER_CERT_CHAIN_ATTRIBUTE);
            message.put(TLSSessionInfo.class,
                        new TLSSessionInfo(cipherSuite,
                                           null,
                                           certs));
        }
    }

View Full Code Here

            (String) request.getAttribute(SSL_CIPHER_SUITE_ATTRIBUTE);
        if (cipherSuite != null) {
            final java.security.cert.Certificate[] certs = 
                (java.security.cert.Certificate[]) request.getAttribute(SSL_PEER_CERT_CHAIN_ATTRIBUTE);
            message.put(TLSSessionInfo.class,
                        new TLSSessionInfo(cipherSuite,
                                           null,
                                           certs));
        }
    }

View Full Code Here

                        LOG.fine(e.getMessage());
                    }
                    // Store the TLS principal on the message context
                    SecurityContext sc = message.get(SecurityContext.class);
                    if (sc == null || sc.getUserPrincipal() == null) {
                        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);      
                        if (tlsInfo != null && tlsInfo.getPeerCertificates() != null 
                                && tlsInfo.getPeerCertificates().length > 0
                                && (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate)
                        ) {
                            X509Certificate cert = (X509Certificate)tlsInfo.getPeerCertificates()[0];
                            message.put(
                                SecurityContext.class, createSecurityContext(cert.getSubjectX500Principal())
                            );
                        } 
                    }

View Full Code Here

                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
                        NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
                    }
                }


                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);                
                if (tlsInfo != null) {
                    if (token.getAuthenticationType() 
                        == HttpsToken.AuthenticationType.RequireClientCertificate) {
                        if (tlsInfo.getPeerCertificates() == null 
                            || tlsInfo.getPeerCertificates().length == 0) {
                            asserted = false;
                        } else {
                            NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
                        }
                    }
                    
                    if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) {
                        httpsTokenSecurityEvent.setAuthenticationType(
                            HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication
                        );
                        HttpsSecurityTokenImpl httpsSecurityToken = 
                            new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
                    } else if (httpsTokenSecurityEvent.getAuthenticationType() == null) {
                        httpsTokenSecurityEvent.setAuthenticationType(
                            HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication

View Full Code Here

            }


            // Configure replay caching
            configureReplayCaches(reqData, actions, msg);
            
            TLSSessionInfo tlsInfo = msg.get(TLSSessionInfo.class);
            if (tlsInfo != null) {
                Certificate[] tlsCerts = tlsInfo.getPeerCertificates();
                reqData.setTlsCerts(tlsCerts);
            }


            /*
             * Get and check the Signature specific parameters first because

View Full Code Here

            }
        }
        
        // We might have an IssuedToken TransportToken
        private void assertNonHttpsTransportToken(Message message) throws XMLSecurityException {
            TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);                
            if (tlsInfo != null) {
                HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
                if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) {
                    httpsTokenSecurityEvent.setAuthenticationType(
                        HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication
                    );
                    HttpsSecurityTokenImpl httpsSecurityToken = 
                        new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
                    httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                    httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
                } else if (httpsTokenSecurityEvent.getAuthenticationType() == null) {
                    httpsTokenSecurityEvent.setAuthenticationType(
                        HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication

View Full Code Here


                                if (!checkVersion(aim, samlToken, assertionWrapper)) {
                                    ai.setNotAsserted("Wrong SAML Version");
                                }
                                
                                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
                                Certificate[] tlsCerts = null;
                                if (tlsInfo != null) {
                                    tlsCerts = tlsInfo.getPeerCertificates();
                                }
                                if (!DOMSAMLUtil.checkHolderOfKey(assertionWrapper, null, tlsCerts)) {
                                    ai.setNotAsserted("Assertion fails holder-of-key requirements");
                                    continue;
                                }

View Full Code Here

        return tok;
    }
    
    protected boolean isTLSInUse(SoapMessage message) {
        // See whether TLS is in use or not
        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
        if (tlsInfo != null) {
            return true;
        }
        return false;
    }

View Full Code Here

        return null;
    }
    
    private boolean isTLSInUse() {
        // See whether TLS is in use or not
        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
        if (tlsInfo != null) {
            return true;
        }
        return false;
    }

View Full Code Here

        if (ais.size() > 0) {
            return true;
        }
        
        // No bindings, check if we are using TLS
        TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
        if (tlsInfo != null) {
            // We don't need to check these policies for TLS
            assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
            assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS);
            assertPolicy(aim, SP12Constants.SIGNED_PARTS);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.cxf.security.transport.TLSSessionInfo

org.apache.cxf.interceptor.security.callback.CallbackHandlerTlsCert

org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler

org.apache.cxf.rs.security.oauth2.services.AbstractTokenService

org.apache.cxf.rs.security.saml.AbstractSamlInHandler

org.apache.cxf.sts.token.renewer.SAMLTokenRenewer$ProofOfPossessionValidator

org.apache.cxf.transport.http.AbstractHTTPDestination

org.apache.cxf.transport.http.netty.server.integration.SSLNettyServerTest$MySSLInterceptor

org.apache.cxf.transport.https.CertConstraintsInterceptor

org.apache.cxf.transport.https.SSLUtils

org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenInInterceptor

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.