Package org.apache.rahas

Examples of org.apache.rahas.Token


            // Create the RequestedSecurityToken element and add the SAML token
            // to it
            OMElement reqSecTokenElem = TrustUtil
                    .createRequestedSecurityTokenElement(wstVersion, rstrElem);
            Token assertionToken;
            try {
                Node tempNode = assertion.toDOM();
                reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
                        .getOwnerDocument().importNode(tempNode, true));

                // Store the token
                assertionToken = new Token(assertion.getId(),
                        (OMElement) assertion.toDOM(), creationTime,
                        expirationTime);

                // At this point we definitely have the secret
                // Otherwise it should fail with an exception earlier
                assertionToken.setSecret(data.getEphmeralKey());
                TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);

            } catch (SAMLException e) {
                throw new TrustException("samlConverstionError", e);
            }
View Full Code Here


        OMElement lifeTimeEle =
                rstr.getFirstChildWithName(new QName(ns,
                                                     RahasConstants.IssuanceBindingLocalNames.
                                                             LIFETIME));

        Token token = new Token(id, tokenElem, lifeTimeEle);
        token.setIssuerAddress(issuerAddress);
        token.setAttachedReference(reqAttRef);
        token.setUnattachedReference(reqUnattRef);

        //Handle proof token
        OMElement rpt =
                rstr.getFirstChildWithName(new QName(ns,
                                                     RahasConstants.LocalNames.
                                                             REQUESTED_PROOF_TOKEN));

        byte[] secret = null;

        if (rpt != null) {
            OMElement child = rpt.getFirstElement();
            if (child == null) {
                throw new TrustException("invalidRPT");
            }
            if (child.getQName().equals(new QName(ns,
                                                  RahasConstants.LocalNames.
                                                          BINARY_SECRET))) {
                //First check for the binary secret
                String b64Secret = child.getText();
                secret = Base64.decode(b64Secret);
            } else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
                try {
                    Element domChild = (Element) new StAXOMBuilder(
                            DOOMAbstractFactory.getOMFactory(), child
                            .getXMLStreamReader()).getDocumentElement();

                    EncryptedKeyProcessor processor = new EncryptedKeyProcessor();

                    processor.handleToken(domChild, null, this.crypto,
                                          this.cbHandler, null, new Vector(),
                                          null);

                    secret = processor.getDecryptedBytes();
                } catch (WSSecurityException e) {
                    throw new TrustException("errorInProcessingEncryptedKey", e);
                }
            } else if (child.getQName().equals(new QName(ns,
                                                         RahasConstants.IssuanceBindingLocalNames.
                                                                 COMPUTED_KEY))) {
                //Handle the computed key

                //Get service entropy
                OMElement serviceEntrElem = rstr
                        .getFirstChildWithName(new QName(ns,
                                                         RahasConstants.IssuanceBindingLocalNames.
                                                                 ENTROPY));

                OMElement binSecElem = serviceEntrElem.getFirstElement();

                if (binSecElem != null && binSecElem.getText() != null
                    && !"".equals(binSecElem.getText().trim())) {

                    byte[] serviceEntr = Base64.decode(binSecElem.getText());

                    //Right now we only use PSHA1 as the computed key algo                   
                    P_SHA1 p_sha1 = new P_SHA1();

                    int length = (this.keySize > 0) ? keySize
                                 : this.algorithmSuite
                            .getMaximumSymmetricKeyLength();
                    try {
                        secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
                    } catch (ConversationException e) {
                        throw new TrustException("keyDerivationError", e);
                    }
                } else {
                    //Service entropy missing
                    throw new TrustException("serviceEntropyMissing");
                }
            }

        } else {
            if (this.requestorEntropy != null) {
                //Use requester entropy as the key
                secret = this.requestorEntropy;
            }
        }
        token.setSecret(secret);
        return token;
    }
View Full Code Here

       
        tokenTypeElem.setText(tokenType);
       
        TokenStorage store = TrustUtil.getTokenStore(configCtx);
       
        Token token = store.getToken(tokenId);
       
        if ( token != null) {           
            OMElement str = token.getUnattachedReference();    
           
            if (str == null) {
                str = token.getAttachedReference();
            }
           
            TrustUtil.createValidateTargetElement(this.version, rst,str);
           
           
View Full Code Here

        OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(version, rst);
        tokenTypeElem.setText(tokenType);
       
        TokenStorage store = TrustUtil.getTokenStore(configCtx);
       
        Token token = store.getToken(tokenId);
       
        if ( token != null) {
           
            OMElement str = token.getUnattachedReference();    
           
            if (str == null) {
                str = token.getAttachedReference();
            }
           
            TrustUtil.createRenewTargetElement(this.version, rst,str);
           
           
View Full Code Here

        }

        DateFormat zulu = null;
        OMElement reqSecTokenElem = null;
        Node assertionElement = null;
        Token assertionToken = null;

        // Use GMT time in milliseconds
        zulu = new XmlSchemaDateFormat();

        // Add the Lifetime element
        TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu.format(notBefore), zulu
                .format(notAfter));

        reqSecTokenElem = TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
        assertionElement = doc.importNode(assertionElem, true);
        reqSecTokenElem.addChild((OMNode) assertionElement);

        if (log.isDebugEnabled()) {
            log.debug(assertionElement.toString());
        }

        if (encryptedKey != null) {
            encryptSAMLAssertion(doc, (Element) assertionElement, encryptedKey);
        }

        createAttachedRef(rstrElem, assertionId);
        createUnattachedRef(rstrElem, assertionId);

        // Store the Token
        assertionToken = new Token(assertionId, (OMElement) doc.importNode(assertionElem, true),
                notBefore, notAfter);

        // At this point we definitely have the secret
        // Otherwise it should fail with an exception earlier
        assertionToken.setSecret(data.getEphmeralKey());
        TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);

        // Creating the ReqProoftoken - END
        if (log.isDebugEnabled()) {
            log.debug("RSTR Elem created.");
View Full Code Here

                    // Store the token
                    try {
                        TokenStorage store = rmd.getTokenStorage();
                        if (store.getToken(id) == null) {
                            Token token = new Token(id,
                                    (OMElement) SAML2Utils.getElementFromAssertion(assertion),
                                    dateOfCreation, dateOfExpiration);
                            token.setSecret(saml2KeyInfo.getSecret());
                            store.add(token);
                        }
                    } catch (Exception e) {
                        throw new RampartException("errorInAddingTokenIntoStore", e);
                    }

                }
                // if this is a SAML1.1 assertion
                else {
                    final SAMLAssertion assertion = ((SAMLAssertion) wser
                            .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));

                    // if the subject confirmation method is Bearer, do not try to get the KeyInfo
                    if (RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(TrustUtil
                            .getSAML11SubjectConfirmationMethod(assertion))) {
                        break;
                    }

                    String id = assertion.getId();
                    Date created = assertion.getNotBefore();
                    Date expires = assertion.getNotOnOrAfter();
                    SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion, signatureCrypto,
                            tokenCallbackHandler);
                    try {
                        TokenStorage store = rmd.getTokenStorage();
                        if (store.getToken(id) == null) {
                            Token token = new Token(id, (OMElement) assertion.toDOM(), created,
                                    expires);
                            token.setSecret(samlKi.getSecret());
                            store.add(token);
                        }
                    } catch (Exception e) {
                        throw new RampartException("errorInAddingTokenIntoStore", e);
                    }
View Full Code Here

            // Create the RequestedSecurityToken element and add the SAML token
            // to it
            OMElement reqSecTokenElem = TrustUtil
                    .createRequestedSecurityTokenElement(wstVersion, rstrElem);
            Token assertionToken;
            try {
                Node tempNode = assertion.toDOM();
                reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
                        .getOwnerDocument().importNode(tempNode, true));

                // Store the token
                assertionToken = new Token(assertion.getId(),
                        (OMElement) assertion.toDOM(), creationTime,
                        expirationTime);

                // At this point we definitely have the secret
                // Otherwise it should fail with an exception earlier
                assertionToken.setSecret(data.getEphmeralKey());
                TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);

            } catch (SAMLException e) {
                throw new TrustException("samlConverstionError", e);
            }
View Full Code Here

                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                String id = pc.getIdentifer();

                if ((pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN || pc.getUsage() == WSPasswordCallback.CUSTOM_TOKEN)
                        && this.store != null) {
                    Token tok;
                    try {
                        // Pick up the token from the token store
                        tok = this.store.getToken(id);
                        if (tok != null) {
                            // Get the secret and set it in the callback object
                            pc.setKey(tok.getSecret());
                            pc.setCustomToken((Element) tok.getToken());
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw new IOException(e.getMessage());
                    }
                } else if (pc.getUsage() == WSPasswordCallback.ENCRYPTED_KEY_TOKEN) {
                    try {

                        String[] tokenIdentifiers = this.store.getTokenIdentifiers();
                        Token tok;

                        for (int j = 0; j < tokenIdentifiers.length; j++) {

                            tok = this.store.getToken(tokenIdentifiers[j]);
                            String tokenNS = tok.getToken().getNamespace().getNamespaceURI();

                            if (tok instanceof EncryptedKeyToken
                                    && ((EncryptedKeyToken) tok).getSHA1().equals(id)) {
                                pc.setKey(tok.getSecret());
                                pc.setCustomToken((Element) tok.getToken());

                                tokenIdentifier = tokenIdentifiers[j];

                            } else if ((tokenNS.equals(RahasConstants.TOK_TYPE_SAML_10_NS) ||
                                        tokenNS.equals(RahasConstants.TOK_TYPE_SAML_20_NS))) {
                                if (tok.getUnattachedReference().getFirstElement().getText().equals(id)) {
                                    pc.setKey(tok.getSecret());
                                    pc.setCustomToken((Element) tok.getToken());
                                }
                            }
                        }

                    } catch (TrustException e) {
View Full Code Here

                    rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
                                                         RahasConstants.IssuanceBindingLocalNames.
                                                                 REQUESTED_SECURITY_TOKEN));
            ns = RahasConstants.WST_NS_05_12;
        }
        Token token = null;
        if (rstElem != null) {
            OMElement sctElem = rstElem.getFirstElement();
            if (sctElem != null) {
                SecurityContextToken sct = new SecurityContextToken(
                        (Element) sctElem);
                token = new Token(sct.getIdentifier(), sctElem, rstr
                        .getFirstChildWithName(new QName(ns,
                                                         RahasConstants.IssuanceBindingLocalNames.
                                                                 LIFETIME)));
                resgisterContext(sct.getIdentifier(), config);
            } else {
                throw new RampartException("sctMissingInResponse");
            }
        } else {
            throw new TrustException("reqestedSecTokMissing");
        }

        // Process RequestedProofToken and extract the secret
        byte[] secret = null;
        OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
                                                             RahasConstants.LocalNames.
                                                                     REQUESTED_PROOF_TOKEN));
        if (rpt != null) {
            OMElement elem = rpt.getFirstElement();

            if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
                && WSConstants.ENC_NS.equals(elem.getNamespace().getNamespaceURI())) {
                // Handle the xenc:EncryptedKey case
                EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
                processor.handleToken((Element) elem, null, Util
                        .getCryptoInstace(config),
                                      getCallbackHandlerInstance(config), null, new Vector(),
                                      null);
                secret = processor.getDecryptedBytes();
            } else if (RahasConstants.LocalNames.BINARY_SECRET.equals(elem.getLocalName()) &&
                       RahasConstants.WST_NS_05_02.equals(elem.getNamespace().getNamespaceURI()))
            {
                // Handle the wst:BinarySecret case
                secret = Base64.decode(elem.getText());
            } else {
                throw new TrustException("notSupported", new String[]{"{"
                                                                      + elem.getNamespace().getNamespaceURI() + "}"
                                                                      + elem.getLocalName()});
            }
        } else {
            throw new TrustException("rptMissing");
        }

        // Check for attached ref
        OMElement reqAttElem =
                rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
                                                     RahasConstants.IssuanceBindingLocalNames.
                                                             REQUESTED_ATTACHED_REFERENCE));
        OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
                .getFirstElement();

        OMElement reqUnattElem =
                rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
                                                     RahasConstants.IssuanceBindingLocalNames.
                                                             REQUESTED_UNATTACHED_REFERENCE));
        OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
                .getFirstElement();

        token.setAttachedReference(reqAttRef);
        token.setUnattachedReference(reqUnattRef);
        token.setSecret(secret);
        config.getTokenStore().add(token);
    }
View Full Code Here

        for (int i = 0; i < callbacks.length; i++) {

            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                String id = pc.getIdentifer();
                Token tok;
                try {
                    //Pick up the token from the token store
                    tok = this.config.getTokenStore().getToken(id);
                    //Get the secret and set it in the callback object
                    pc.setKey(tok.getSecret());
                    //Register the security context in the current configuration
                    Util.resgisterContext(id, config);
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new IOException(e.getMessage());
View Full Code Here

TOP

Related Classes of org.apache.rahas.Token

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.