Package org.apache.ws.security.message

Examples of org.apache.ws.security.message.WSSecSignature


   
    protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token) throws RampartException {

        RampartPolicyData rpd = rmd.getPolicyData();
       
        WSSecSignature sig = new WSSecSignature();
        checkForX509PkiPath(sig, token);
        sig.setWsConfig(rmd.getConfig());
       
        log.debug("Token inclusion: " + token.getInclusion());
       
        RampartUtil.setKeyIdentifierType(rpd, sig, token);

        String user = null;
       
        // Get the user - First check whether userCertAlias present
        user = rpd.getRampartConfig().getUserCertAlias();
       
        // If userCertAlias is not present, use user property as Alias
       
        if (user == null) {
            user = rpd.getRampartConfig().getUser();
        }
           
        String password = null;

        if(user != null && !"".equals(user)) {
            log.debug("User : " + user);
           
            //Get the password
            CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
           
            if(handler == null) {
                //If the callback handler is missing
                throw new RampartException("cbHandlerMissing");
            }
           
            WSPasswordCallback[] cb = { new WSPasswordCallback(user,
                    WSPasswordCallback.SIGNATURE) };
           
            try {
                handler.handle(cb);
                if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
                    password = cb[0].getPassword();
                    log.debug("Password : " + password);
                } else {
                    //If there's no password then throw an exception
                    throw new RampartException("noPasswordForUser",
                            new String[]{user});
                }
            } catch (IOException e) {
                throw new RampartException("errorInGettingPasswordForUser",
                        new String[]{user}, e);
            } catch (UnsupportedCallbackException e) {
                throw new RampartException("errorInGettingPasswordForUser",
                        new String[]{user}, e);
            }
           
        } else {
            log.debug("No user value specified in the configuration");
            throw new RampartException("userMissing");
        }
       
        sig.setUserInfo(user, password);
        sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
        sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
       
        try {
            sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
                    .getRampartConfig(), rmd.getCustomClassLoader()),
                    rmd.getSecHeader());
        } catch (WSSecurityException e) {
            throw new RampartException("errorInSignatureWithX509Token", e);
        }
View Full Code Here


                   
                } else if(token instanceof X509Token) {

                        //We have to use a cert
                        //Prepare X509 signature
                        WSSecSignature sig = this.getSignatureBuider(rmd, token);
                        Element bstElem = sig.getBinarySecurityTokenElement();
                        if(bstElem != null) {  
                            bstElem = RampartUtil.insertSiblingAfter(rmd,
                                    this.getInsertionLocation(), bstElem);
                            this.setInsertionLocation(bstElem);
                           
                            if (suppTokens.isEncryptedToken()) {
                                this.encryptedTokensIdList.add(sig.getBSTTokenId());
                            }
                        }
                        endSuppTokMap.put(token, sig);
                       
                } else if(token instanceof UsernameToken) {
View Full Code Here

             
                part = new WSEncryptionPart(
                        ((org.apache.rahas.Token) tempTok).getId());
               
            } else if(tempTok instanceof WSSecSignature) {
                WSSecSignature tempSig = (WSSecSignature) tempTok;
                if(tempSig.getBSTTokenId() != null) {
                    part = new WSEncryptionPart(tempSig.getBSTTokenId());
                }
            } else {
             
              throw new RampartException("UnsupportedTokenInSupportingToken")
            }
View Full Code Here

                }
               
                this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
               
            } else if (tempTok instanceof WSSecSignature) {
                WSSecSignature sig = (WSSecSignature)tempTok;
                if(rmd.getPolicyData().isTokenProtection() &&
                        sig.getBSTTokenId() != null) {
                    sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
                }
               
                try {
                    sig.addReferencesToSign(sigParts, rmd.getSecHeader());
                    sig.computeSignature();
                   
                    this.setInsertionLocation(RampartUtil.insertSiblingAfter(
                            rmd,
                            this.getInsertionLocation(),
                            sig.getSignatureElement()));
                   
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInSignatureWithX509Token", e);
                }
                sigValues.add(sig.getSignatureValue());
            }
        }

        return sigValues;
           
View Full Code Here

                throw new RampartException(
                        "errorInDerivedKeyTokenSignature", e);
            }
        } else {
            try {
                WSSecSignature sig = new WSSecSignature();
                sig.setWsConfig(rmd.getConfig());
               
                // If a EncryptedKeyToken is used, set the correct value type to
                // be used in the wsse:Reference in ds:KeyInfo
                if(policyToken instanceof X509Token) {
                  if (rmd.isInitiator()) {
                      sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                            + WSConstants.ENC_KEY_VALUE_TYPE);
                      sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
                  } else {
                      //the tok has to be an EncryptedKey token
                      sig.setEncrKeySha1value(((EncryptedKeyToken)tok).getSHA1());
                    sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
                  }
                   
                } else {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                          + WSConstants.SAML_ASSERTION_ID);
                  sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
                }
               
                String sigTokId;
               
                if ( policyToken instanceof SecureConversationToken) {
                    OMElement ref = tok.getAttachedReference();
                    if(ref == null) {
                        ref = tok.getUnattachedReference();
                    }
                   
                    if (ref != null) {
                        sigTokId = SimpleTokenStore.getIdFromSTR(ref);
                    } else {
                        sigTokId = tok.getId();
                    }
                } else {
                    sigTokId = tok.getId();
                }
                              
                //Hack to handle reference id issues
                //TODO Need a better fix
                if(sigTokId.startsWith("#")) {
                    sigTokId = sigTokId.substring(1);
                }
               
                sig.setCustomTokenId(sigTokId);
                sig.setSecretKey(tok.getSecret());
                sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
                sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
                sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
                        .getRampartConfig(), rmd.getCustomClassLoader()),
                        rmd.getSecHeader());

                sig.setParts(sigParts);
                sig.addReferencesToSign(sigParts, rmd.getSecHeader());

                //Do signature
                sig.computeSignature();

                if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
                        this.getInsertionLocation() == null) {
                    this.setInsertionLocation(RampartUtil.insertSiblingBefore(
                            rmd,
                            this.mainRefListElement,
                            sig.getSignatureElement()));                   
                } else {
                    this.setInsertionLocation(RampartUtil.insertSiblingAfter(
                            rmd,
                            this.getInsertionLocation(),
                            sig.getSignatureElement()));    
                }

                return sig.getSignatureValue();
               
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithACustomToken", e);
            }
View Full Code Here

            }
           
        } else {
           
            try {
                WSSecSignature sig = this.getSignatureBuider(rmd, token);
               

                sig.appendBSTElementToHeader(rmd.getSecHeader());
               
                if (rpd.isTokenProtection()
                        && !(SPConstants.INCLUDE_TOKEN_NEVER == token.getInclusion())) {
                    sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
                }
               
                sig.addReferencesToSign(sigParts, rmd.getSecHeader());
               
                sig.appendToHeader(rmd.getSecHeader());
               
                sig.computeSignature();
               
                return sig.getSignatureValue();   
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", e);
            }
           
           
View Full Code Here

                      "errorInDerivedKeyTokenSignature", e);
          }
         
        } else {
            try {
                WSSecSignature sig = new WSSecSignature();
                sig.setWsConfig(rmd.getConfig());
                sig.setCustomTokenId(tok.getId().substring(1));
                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
                        WSConstants.SAML_ASSERTION_ID);
                sig.setSecretKey(tok.getSecret());
                sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
                sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
                sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
                        .getRampartConfig(), rmd.getCustomClassLoader()),
                        rmd.getSecHeader());

                sig.setParts(sigParts);
                sig.addReferencesToSign(sigParts, rmd.getSecHeader());

                //Do signature
                sig.computeSignature();

                //Add elements to header
                this.setInsertionLocation(RampartUtil.insertSiblingAfter(
                        rmd,
                        this.getInsertionLocation(),
                        sig.getSignatureElement()));

                return sig.getSignatureValue();

            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithACustomToken", e);
            }
        }
View Full Code Here

                      "errorInDerivedKeyTokenSignature", e);
          }
         
        } else {
            try {
                WSSecSignature sig = new WSSecSignature();
                sig.setWsConfig(rmd.getConfig());
                sig.setCustomTokenId(tok.getId().substring(1));
                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
                        WSConstants.SAML_ASSERTION_ID);
                sig.setSecretKey(tok.getSecret());
                sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
                sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
                sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
                        .getRampartConfig(), rmd.getCustomClassLoader()),
                        rmd.getSecHeader());

                sig.setParts(sigParts);
                sig.addReferencesToSign(sigParts, rmd.getSecHeader());

                //Do signature
                sig.computeSignature();

                //Add elements to header
                this.setInsertionLocation(RampartUtil.insertSiblingAfter(
                        rmd,
                        this.getInsertionLocation(),
                        sig.getSignatureElement()));

                return sig.getSignatureValue();

            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithACustomToken", e);
            }
        }
View Full Code Here

                             SecurityToken tok,
                             boolean included) throws WSSecurityException {
        if (policyToken.isDerivedKeys()) {
            return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok, included);
        } else {
            WSSecSignature sig = new WSSecSignature();
            // If a EncryptedKeyToken is used, set the correct value type to
            // be used in the wsse:Reference in ds:KeyInfo
            int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
            if (policyToken instanceof X509Token) {
                if (isRequestor()) {
                    sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                                                + WSConstants.ENC_KEY_VALUE_TYPE);
                    sig.setKeyIdentifierType(type);
                } else {
                    //the tok has to be an EncryptedKey token
                    sig.setEncrKeySha1value(tok.getSHA1());
                    sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
                }
            } else if (WSS_SAML_TOKEN_TYPE.equals(tok.getTokenType())) {
                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                            + WSConstants.SAML_ASSERTION_ID);
            } else if (WSS_SAML2_TOKEN_TYPE.equals(tok.getTokenType())) {
                sig.setCustomTokenValueType(WSS_SAML2_KI_VALUE_TYPE);
            } else if (tok.getTokenType() != null) {
                sig.setCustomTokenValueType(tok.getTokenType());
                sig.setKeyIdentifierType(type);
            } else {
                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                      + WSConstants.SAML_ASSERTION_ID);
                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            }
           
            String sigTokId;
            if (included) {
                sigTokId = tok.getWsuId();
                if (sigTokId == null) {
                    if (policyToken instanceof SecureConversationToken) {
                        sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
                    }
                    sigTokId = tok.getId();                   
                }
                if (sigTokId.startsWith("#")) {
                    sigTokId = sigTokId.substring(1);
                }
            } else {
                sigTokId = tok.getId();
            }
                          
           
            sig.setCustomTokenId(sigTokId);
            sig.setSecretKey(tok.getSecret());
            sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
            Crypto crypto = null;
            if (sbinding.getProtectionToken() != null) {
                crypto = getEncryptionCrypto(sbinding.getProtectionToken());
            } else {
                crypto = getSignatureCrypto(policyTokenWrapper);
            }
            this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
            sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
            sig.setParts(sigs);
            sig.addReferencesToSign(sigs, secHeader);

            //Do signature
            sig.computeSignature();

            Element mainSigElement = sig.getSignatureElement();
            insertBeforeBottomUp(mainSigElement);
            mainSigId = addWsuIdToElement(mainSigElement);
            return sig.getSignatureValue();
        }
    }
View Full Code Here

            dkSig.appendDKElementToHeader(secHeader);
            dkSig.appendSigToHeader(secHeader);
           
            return dkSig.getSignatureValue();
        } else {
            WSSecSignature sig = getSignatureBuider(wrapper, token, false);
            if (sig != null) {
                sig.prependBSTElementToHeader(secHeader);
           
                sig.addReferencesToSign(sigParts, secHeader);
                insertBeforeBottomUp(sig.getSignatureElement());
           
                sig.computeSignature();
           
                return sig.getSignatureValue();
            } else {
                return null;
            }
        }
    }
View Full Code Here

TOP

Related Classes of org.apache.ws.security.message.WSSecSignature

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.