Package org.apache.ws.security.message.token

Examples of org.apache.ws.security.message.token.SecurityTokenReference

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
//                }
                if (secRefToken == null) {
                    throw new WSSecurityException
                            (WSSecurityException.INVALID_SECURITY, "noSecTokRef");
                }
                SecurityTokenReference secRef = new SecurityTokenReference(secRefToken);
                /*
         * Well, at this point there are several ways to get the key.
         * Try to handle all of them :-).
         */
                alias = null;
                /*
                * handle X509IssuerSerial here. First check if all elements are available,
                * get the appropriate data, check if all data is available.
                * If all is ok up to that point, look up the certificate alias according
                * to issuer name and serial number.
                * This method is recommended by OASIS WS-S specification, X509 profile
                */
                if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
                    alias = secRef.getX509IssuerSerialAlias(crypto);
                    if (log.isDebugEnabled()) {
                        log.debug("X509IssuerSerial alias: " + alias);
                    }
                }
                /*
                * If wsse:KeyIdentifier found, then the public key of the attached cert was used to
                * encrypt the session (symmetric) key that encrypts the data. Extract the certificate
                * using the BinarySecurity token (was enhanced to handle KeyIdentifier too).
                * This method is _not_ recommended by OASIS WS-S specification, X509 profile
                */
                else if (secRef.containsKeyIdentifier()) {
                    X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
                    if (certs == null || certs.length < 1 || certs[0] == null) {
                        throw new WSSecurityException(WSSecurityException.FAILURE,
                                "invalidX509Data", new Object[]{"for decryption (KeyId)"});
                    }
                    /*
                    * Here we have the certificate. Now find the alias for it. Needed to identify
                    * the private key associated with this certificate
                    */
                    alias = crypto.getAliasForX509Cert(certs[0]);
                    if (log.isDebugEnabled()) {
                        log.debug("cert: " + certs[0]);
                        log.debug("KeyIdentifier Alias: " + alias);
                    }
                } else if (secRef.containsReference()) {
                    Element bstElement = secRef.getTokenElement(doc, null);

                    // at this point ... check token type: Binary
                    QName el =
                            new QName(bstElement.getNamespaceURI(),
                                    bstElement.getLocalName());
View Full Code Here
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
    public Element encryptForExternalRef(Element dataRef, Vector references)
            throws WSSecurityException {

        //Create the SecurityTokenRef to the DKT
        KeyInfo keyInfo = new KeyInfo(document);
        SecurityTokenReference secToken = new SecurityTokenReference(document);
        Reference ref = new Reference(document);
        ref.setURI("#" + dktId);
        secToken.setReference(ref);

        keyInfo.addUnknownElement(secToken.getElement());

        Vector encDataRefs = doEncryption(document, derivedKeyBytes, keyInfo,
                references);
        Element referenceList = dataRef;
        if (referenceList == null) {
View Full Code Here
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
     */
    public Element encryptForExternalRef(Element dataRef, Vector references)
            throws WSSecurityException {

        KeyInfo keyInfo = new KeyInfo(document);
        SecurityTokenReference secToken = new SecurityTokenReference(document);
        Reference ref = new Reference(document);
        ref.setURI("#" + encKeyId);
        secToken.setReference(ref);

        keyInfo.addUnknownElement(secToken.getElement());

        Vector encDataRefs = doEncryption(document, this.symmetricKey,
                keyInfo, references);
        Element referenceList = dataRef;
        if (referenceList == null) {
View Full Code Here
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
        this.encKeyId = "EncKeyId-" + encryptedKeyElement.hashCode();
        encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);

        KeyInfo keyInfo = new KeyInfo(document);

        SecurityTokenReference secToken = new SecurityTokenReference(document);

        switch (keyIdentifierType) {
        case WSConstants.X509_KEY_IDENTIFIER:
            secToken.setKeyIdentifier(remoteCert);
            break;

        case WSConstants.SKI_KEY_IDENTIFIER:
            secToken.setKeyIdentifierSKI(remoteCert, crypto);
            break;

        case WSConstants.THUMBPRINT_IDENTIFIER:
            secToken.setKeyIdentifierThumb(remoteCert);
            break;

        case WSConstants.ISSUER_SERIAL:
            XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
                    remoteCert);
            X509Data x509Data = new X509Data(document);
            x509Data.add(data);
            secToken.setX509IssuerSerial(x509Data);
            break;

        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(document);
            ref.setURI("#" + certUri);
            bstToken = new X509Security(document);
            ((X509Security) bstToken).setX509Certificate(remoteCert);
            bstToken.setID(certUri);
            ref.setValueType(bstToken.getValueType());
            secToken.setReference(ref);
            break;

        default:
            throw new WSSecurityException(WSSecurityException.FAILURE,
                    "unsupportedKeyId");
        }
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(document, encryptedKeyElement,
                keyInfo.getElement());

        Element xencCipherValue = createCipherValue(document,
                encryptedKeyElement);
View Full Code Here
162
163
164
165
166
167
168
169
170
171
172
       
        keyInfo = sig.getKeyInfo();
        keyInfoUri = "KeyId-" + keyInfo.hashCode();
        keyInfo.setId(keyInfoUri);
       
        secRef = new SecurityTokenReference(doc);
        strUri = "STRId-" + secRef.hashCode();
        secRef.setID(strUri);
       
        Reference refUt = new Reference(document);
        refUt.setURI("#" + this.dktId);
View Full Code Here
181
182
183
184
185
186
187
188
189
190
191
192
193
194
        dkt.setOffset(offset);
        dkt.setID(dktId);
       
        if(this.strElem == null) {
            //Create the SecurityTokenRef to the Encrypted Key
            SecurityTokenReference strEncKey = new SecurityTokenReference(document);
            Reference ref = new Reference(document);
            ref.setURI("#" + this.tokenIdentifier);
            strEncKey.setReference(ref);
            dkt.setSecuityTokenReference(strEncKey);
        } else {
            dkt.setSecuityTokenReference(this.strElem);
        }
    }
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
122
     * @param dkt
     * @throws WSSecurityException
     */
    private void extractSecret(WSDocInfo wsDocInfo, DerivedKeyToken dkt, CallbackHandler cb)
            throws WSSecurityException {
        SecurityTokenReference str = dkt.getSecuityTokenReference();
        if (str != null) {
            Reference ref = str.getReference();
            String uri = ref.getURI();
            Processor processor = wsDocInfo.getProcessor(uri.substring(1));
            if(processor == null) {
                //Now use the callback and get it
                this.secret = this.getSecret(cb, uri.substring(1));
View Full Code Here
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
        }
        encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);

        KeyInfo keyInfo = new KeyInfo(document);

        SecurityTokenReference secToken = new SecurityTokenReference(document);

        switch (keyIdentifierType) {
        case WSConstants.X509_KEY_IDENTIFIER:
            secToken.setKeyIdentifier(remoteCert);
            break;

        case WSConstants.SKI_KEY_IDENTIFIER:
            secToken.setKeyIdentifierSKI(remoteCert, crypto);
            break;

        case WSConstants.THUMBPRINT_IDENTIFIER:
            secToken.setKeyIdentifierThumb(remoteCert);
            break;

        case WSConstants.ISSUER_SERIAL:
            XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
                    remoteCert);
            X509Data x509Data = new X509Data(document);
            x509Data.add(data);
            secToken.setX509IssuerSerial(x509Data);
            break;

        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(document);
            ref.setURI("#" + certUri);
            bstToken = new X509Security(document);
            ((X509Security) bstToken).setX509Certificate(remoteCert);
            bstToken.setID(certUri);
            ref.setValueType(bstToken.getValueType());
            secToken.setReference(ref);
            break;

        default:
            throw new WSSecurityException(WSSecurityException.FAILURE,
                    "unsupportedKeyId");
        }
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(document, encryptedKeyElement,
                keyInfo.getElement());

        Element xencCipherValue = createCipherValue(document,
                encryptedKeyElement);
View Full Code Here
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
            WSSecurityUtil.prependChildElement(doc,
                    parentNode,
                    xencEncryptedKey,
                    true);
        }
        SecurityTokenReference secToken = new SecurityTokenReference(doc);

        switch (keyIdentifierType) {
            case WSConstants.X509_KEY_IDENTIFIER:
                secToken.setKeyIdentifier(remoteCert);
                // build a key id class??
                break;

            case WSConstants.SKI_KEY_IDENTIFIER:
                secToken.setKeyIdentifierSKI(remoteCert, crypto);
                break;
               
            case WSConstants.THUMBPRINT_IDENTIFIER:
                secToken.setKeyIdentifierThumb(remoteCert);
                break;

            case WSConstants.ISSUER_SERIAL:
                XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
                X509Data x509Data = new X509Data(doc);
                x509Data.add(data);
                secToken.setX509IssuerSerial(x509Data);               
                break;

            case WSConstants.BST_DIRECT_REFERENCE:
                Reference ref = new Reference(doc);
                ref.setURI("#" + certUri);
                BinarySecurity bstToken = null;
                bstToken = new X509Security(doc);
                ((X509Security) bstToken).setX509Certificate(remoteCert);
                bstToken.setID(certUri);
                ref.setValueType(bstToken.getValueType());
                secToken.setReference(ref);
                WSSecurityUtil.prependChildElement(doc,
                        wsseSecurity,
                        bstToken.getElement(),
                        false);
                break;

            default :
                throw new WSSecurityException(WSSecurityException.FAILURE,
                        "unsupportedKeyId");
        }
        KeyInfo keyInfo = new KeyInfo(doc);
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(
                doc, xencEncryptedKey, keyInfo.getElement());

        Element xencCipherValue = createCipherValue(doc, xencEncryptedKey);
        xencCipherValue.appendChild(keyText);
View Full Code Here
353
354
355
356
357
358
359
360
361
362
363
    keyInfo = sig.getKeyInfo();
    keyInfoUri = "KeyId-" + keyInfo.hashCode();
    keyInfo.setId(keyInfoUri);

    secRef = new SecurityTokenReference(doc);
    strUri = "STRId-" + secRef.hashCode();
    secRef.setID(strUri);

    /*
     * Prepare and setup the token references for this Signature
View Full Code Here
TOP

Related Classes of org.apache.ws.security.message.token.SecurityTokenReference

  • org.apache.axis2.security.trust.token.CancelTarget
  • org.apache.cxf.ws.security.policy.interceptors.SecureConversationInInterceptor$STSInvoker
  • org.apache.cxf.ws.security.policy.interceptors.SecureConversationTokenInterceptorProvider
  • org.apache.cxf.ws.security.policy.interceptors.STSInvoker
  • org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder
  • org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler
  • org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler
  • org.apache.rahas.RahasData
  • org.apache.rahas.TrustUtil
  • org.apache.rampart.builder.BindingBuilder
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.