Package org.apache.ws.security.message.token

Examples of org.apache.ws.security.message.token.Reference


            //
            // Prepare and setup the token references for this Signature
            //
            switch (keyIdentifierType) {
            case WSConstants.BST_DIRECT_REFERENCE:
                Reference ref = new Reference(document);
                ref.setURI("#" + certUri);
                if (!useSingleCert) {
                    bstToken = new PKIPathSecurity(document);
                    ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
                    secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
                } else {
                    bstToken = new X509Security(document);
                    ((X509Security) bstToken).setX509Certificate(certs[0]);
                }
                ref.setValueType(bstToken.getValueType());
                secRef.setReference(ref);
                bstToken.setID(certUri);
                wsDocInfo.addTokenElement(bstToken.getElement(), false);
                break;
   
            case WSConstants.ISSUER_SERIAL:
                String issuer = certs[0].getIssuerX500Principal().getName();
                java.math.BigInteger serialNumber = certs[0].getSerialNumber();
                DOMX509IssuerSerial domIssuerSerial =
                    new DOMX509IssuerSerial(doc, issuer, serialNumber);
                DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
                secRef.setX509Data(domX509Data);
                break;
   
            case WSConstants.X509_KEY_IDENTIFIER:
                secRef.setKeyIdentifier(certs[0]);
                break;
   
            case WSConstants.SKI_KEY_IDENTIFIER:
                secRef.setKeyIdentifierSKI(certs[0], crypto);
                break;
   
            case WSConstants.THUMBPRINT_IDENTIFIER:
                secRef.setKeyIdentifierThumb(certs[0]);
                break;
               
            case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
                if (encrKeySha1value != null) {
                    secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
                } else {
                    byte[] digestBytes = WSSecurityUtil.generateDigest(secretKey);
                    secRef.setKeyIdentifierEncKeySHA1(Base64.encode(digestBytes));
                }
                secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                break;
   
            case WSConstants.CUSTOM_SYMM_SIGNING :
                Reference refCust = new Reference(document);
                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                    refCust.setValueType(customTokenValueType);
                } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                    refCust.setValueType(customTokenValueType);
                } else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
                    secRef.addTokenType(customTokenValueType);
                    refCust.setValueType(customTokenValueType);
                } else {
                    refCust.setValueType(customTokenValueType);
                }
                refCust.setURI("#" + customTokenId);
                secRef.setReference(refCust);
                break;
   
            case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
                Reference refCustd = new Reference(document);
                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                    refCustd.setValueType(customTokenValueType);
                } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                    refCustd.setValueType(customTokenValueType);
                } else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
                    secRef.addTokenType(customTokenValueType);
                    refCustd.setValueType(customTokenValueType);
                } else {
                    refCustd.setValueType(customTokenValueType);
                }
                refCustd.setURI(customTokenId);
                secRef.setReference(refCustd);
                break;
               
            case WSConstants.CUSTOM_KEY_IDENTIFIER:
                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
View Full Code Here


        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
       
        SecurityTokenReference secRef = new SecurityTokenReference(doc);
        Reference ref = new Reference(doc);
        ref.setURI("custom-uri");
        secRef.setReference(ref);
        builder.setSecurityTokenReference(secRef);
       
        Document signedDoc = builder.build(doc, crypto, secHeader);
View Full Code Here

   
    static Element writeSecurityTokenReference(W3CDOMStreamWriter writer,
                                                    String id,
                                                    String refValueType) {

        Reference ref = new Reference(writer.getDocument());
        ref.setURI(id);
        if (refValueType != null) {
            ref.setValueType(refValueType);
        }
        SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
        str.setReference(ref);

        writer.getCurrentNode().appendChild(str.getElement());
View Full Code Here

                throw new WSSecurityException(
                    WSSecurityException.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}
                );
            }
        } else if (secRef.containsReference()) {
            Reference reference = secRef.getReference();
            // Try asking the CallbackHandler for the secret key
            secretKey = getSecretKeyFromToken(uri, reference.getValueType(), data);
            if (secretKey == null) {
                Element token =
                    secRef.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler());
                QName el = new QName(token.getNamespaceURI(), token.getLocalName());
                if (el.equals(WSSecurityEngine.BINARY_TOKEN)) {
View Full Code Here

            DOMX509Data domX509Data = new DOMX509Data(document, domIssuerSerial);
            secToken.setX509Data(domX509Data);
            break;

        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(document);
            String certUri = UUIDGenerator.getUUID();
            ref.setURI("#" + certUri);
            bstToken = new X509Security(document);
            ((X509Security) bstToken).setX509Certificate(remoteCert);
            bstToken.setID(certUri);
            ref.setValueType(bstToken.getValueType());
            secToken.setReference(ref);
            break;
           
        case WSConstants.CUSTOM_SYMM_SIGNING :
            Reference refCust = new Reference(document);
            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                refCust.setValueType(customEKTokenValueType);
            } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
            } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                refCust.setValueType(customEKTokenValueType);
            } else {
                refCust.setValueType(customEKTokenValueType);
            }
            refCust.setURI("#" + customEKTokenId);
            secToken.setReference(refCust);
            break;
           
        case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
            Reference refCustd = new Reference(document);
            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                refCustd.setValueType(customEKTokenValueType);
            } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
            else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
                secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                refCustd.setValueType(customEKTokenValueType);
            } else {
                refCustd.setValueType(customEKTokenValueType);
            }
            refCustd.setURI(customEKTokenId);
            secToken.setReference(refCustd);
            break;
           
        case WSConstants.CUSTOM_KEY_IDENTIFIER:
            secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
View Full Code Here

            case WSConstants.BST_DIRECT_REFERENCE:
                BinarySecurity bstToken = null;
                bstToken = new X509Security(doc);
                ((X509Security) bstToken).setX509Certificate(remoteCert);
                bstToken.setID(certUri);
                Reference ref = new Reference(doc);
                ref.setURI("#" + certUri);
                ref.setValueType(bstToken.getValueType());
                secToken.setReference(ref);
//                WSSecurityUtil.prependChildElement(
//                    doc,
//                    wsseSecurity,
//                    bstToken.getElement(),
View Full Code Here

     */
    private void extractSecret(WSDocInfo wsDocInfo, DerivedKeyToken dkt)
            throws WSSecurityException {
        SecurityTokenReference str = dkt.getSecuityTokenReference();
        if (str != null) {
            Reference ref = str.getReference();
            String uri = ref.getURI();
            Processor processor = wsDocInfo.getProcessor(uri.substring(1));
            if (processor instanceof EncryptedKeyProcessor) {
                this.secret = ((EncryptedKeyProcessor) processor)
                        .getDecryptedBytes();
            } else if (processor instanceof SecurityContextTokenProcessor) {
View Full Code Here

    /*
     * Prepare and setup the token references for this Signature
     */
    switch (keyIdentifierType) {
    case WSConstants.BST_DIRECT_REFERENCE:
      Reference ref = new Reference(document);
      ref.setURI("#" + certUri);
      if (!useSingleCert) {
        bstToken = new PKIPathSecurity(document);
        ((PKIPathSecurity) bstToken).setX509Certificates(certs, false,
            crypto);
      } else {
        bstToken = new X509Security(document);
        ((X509Security) bstToken).setX509Certificate(certs[0]);
      }
      ref.setValueType(bstToken.getValueType());
      secRef.setReference(ref);
      bstToken.setID(certUri);
      wsDocInfo.setBst(bstToken.getElement());
      break;

    case WSConstants.ISSUER_SERIAL:
      XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
          certs[0]);
      X509Data x509Data = new X509Data(document);
      x509Data.add(data);
      secRef.setX509IssuerSerial(x509Data);
      break;

    case WSConstants.X509_KEY_IDENTIFIER:
      secRef.setKeyIdentifier(certs[0]);
      break;

    case WSConstants.SKI_KEY_IDENTIFIER:
      secRef.setKeyIdentifierSKI(certs[0], crypto);
      break;

    case WSConstants.UT_SIGNING:
      Reference refUt = new Reference(document);
      refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
      String utId = usernameToken.getId();
      refUt.setURI("#" + utId);
      secRef.setReference(refUt);
      secretKey = usernameToken.getSecretKey();
      break;

    case WSConstants.THUMBPRINT_IDENTIFIER:
View Full Code Here

                secRefSaml = new SecurityTokenReference(doc);
                String strSamlUri = "STRSAMLId-" + secRefSaml.hashCode();
                secRefSaml.setID(strSamlUri);

                // Decouple Reference/KeyInfo setup - quick shot here
                Reference ref = new Reference(doc);
                ref.setURI("#" + assertion.getId());
                ref.setValueType(WSConstants.WSS_SAML_NS
                        + WSConstants.WSS_SAML_ASSERTION);
                secRefSaml.setReference(ref);
                // up to here

                Element ctx = createSTRParameter(doc);
                transforms = new Transforms(doc);
                transforms.addTransform(STRTransform.implementedTransformURI,
                        ctx);
                sig.addDocument("#" + strSamlUri, transforms);
            }
        } catch (TransformationException e1) {
            throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                    "noXMLSig", null, e1);
        } catch (XMLSignatureException e1) {
            throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                    "noXMLSig", null, e1);
        }

        switch (keyIdentifierType) {
        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(doc);
            if (senderVouches) {
                ref.setURI("#" + certUri);
                bstToken = new X509Security(doc);
                ((X509Security) bstToken).setX509Certificate(certs[0]);
                bstToken.setID(certUri);
                wsDocInfo.setBst(bstToken.getElement());
                ref.setValueType(bstToken.getValueType());
            } else {
                ref.setURI("#" + assertion.getId());
                ref.setValueType(WSConstants.WSS_SAML_NS
                        + WSConstants.WSS_SAML_ASSERTION);
            }
            secRef.setReference(ref);
            break;
        //
View Full Code Here

    SecurityTokenReference secRef = new SecurityTokenReference(secRefToken);
    byte[] decryptedData = null;

    if (secRef.containsReference()) {
      Reference reference = secRef.getReference();
      String uri = reference.getURI();
      String id = uri.substring(1);
      Processor p = wsDocInfo.getProcessor(id);
      if (p == null || (!(p instanceof EncryptedKeyProcessor) && !(p instanceof DerivedKeyTokenProcessor))) {
        throw new WSSecurityException(
            WSSecurityException.FAILED_ENC_DEC, "unsupportedKeyId");
View Full Code Here

TOP

Related Classes of org.apache.ws.security.message.token.Reference

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.