Examples of org.apache.wss4j.dom.message.token.SecurityContextToken

• org.apache.wss4j.dom.message.token.SecurityContextToken

        }

        if (validateTarget.isDOMElement()) {
            try {
                Element validateTargetElement = (Element)validateTarget.getToken();
                SecurityContextToken sct = new SecurityContextToken(validateTargetElement);
                String identifier = sct.getIdentifier();
                SecurityToken token = tokenParameters.getTokenStore().getToken(identifier);
                if (token == null) {
                    LOG.fine("Identifier: " + identifier + " is not found in the cache");
                    return response;
                }

        SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
        keyHandler.createSymmetricKey();

        try {
            Document doc = DOMUtils.createDocument();
            SecurityContextToken sct =
                new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc);

            TokenProviderResponse response = new TokenProviderResponse();
            response.setToken(sct.getElement());
            response.setTokenId(sct.getIdentifier());
            if (returnEntropy) {
                response.setEntropy(keyHandler.getEntropyBytes());
            }
            long keySize = keyHandler.getKeySize();
            response.setKeySize(keySize);
            response.setComputedKey(keyHandler.isComputedKey());

            // putting the secret key into the cache
            Date currentDate = new Date();
            response.setCreated(currentDate);
            Date expires = null;
            if (lifetime > 0) {
                expires = new Date();
                long currentTime = currentDate.getTime();
                expires.setTime(currentTime + (lifetime * 1000L));
            }
            response.setExpires(expires);

            SecurityToken token = new SecurityToken(sct.getIdentifier(), currentDate, expires);
            token.setSecret(keyHandler.getSecret());
            token.setPrincipal(tokenParameters.getPrincipal());

            Properties props = token.getProperties();
            if (props == null) {
                props = new Properties();
            }
            token.setProperties(props);
            if (tokenParameters.getRealm() != null) {
                props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
            }

            // Handle Renewing logic
            Renewing renewing = tokenParameters.getTokenRequirements().getRenewing();
            if (renewing != null) {
                props.put(
                    STSConstants.TOKEN_RENEWING_ALLOW,
                    String.valueOf(renewing.isAllowRenewing())
                );
                props.put(
                    STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY,
                    String.valueOf(renewing.isAllowRenewingAfterExpiry())
                );
            } else {
                props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
                props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
            }

            tokenParameters.getTokenStore().add(token);

            // Create the references
            TokenReference attachedReference = new TokenReference();
            attachedReference.setIdentifier(sct.getID());
            attachedReference.setUseDirectReference(true);
            attachedReference.setWsseValueType(tokenRequirements.getTokenType());
            response.setAttachedReference(attachedReference);

            TokenReference unAttachedReference = new TokenReference();
            unAttachedReference.setIdentifier(sct.getIdentifier());
            unAttachedReference.setUseDirectReference(true);
            unAttachedReference.setWsseValueType(tokenRequirements.getTokenType());
            response.setUnattachedReference(unAttachedReference);

            return response;

        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

        Element token = providerResponse.getToken();
        SecurityContextToken sctToken = new SecurityContextToken(token);
        String identifier = sctToken.getIdentifier();
        assertNotNull(tokenStore.getToken(identifier));
        assertNull(tokenStore.getToken(identifier + "1234"));
    }

        response.setToken(cancelTarget);

        if (cancelTarget.isDOMElement()) {
            try {
                Element cancelTargetElement = (Element)cancelTarget.getToken();
                SecurityContextToken sct = new SecurityContextToken(cancelTargetElement);
                String identifier = sct.getIdentifier();
                SecurityToken token = tokenParameters.getTokenStore().getToken(identifier);
                if (token == null) {
                    LOG.fine("Identifier: " + identifier + " is not found in the cache");
                    return response;
                }

    public List<WSSecurityEngineResult> handleToken(
        Element elem,
        RequestData data,
        WSDocInfo wsDocInfo
    ) throws WSSecurityException {
        SecurityContextToken sct = new SecurityContextToken(elem);

        Validator validator =
            data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName()));

        WSSecurityEngineResult result =
            new WSSecurityEngineResult(WSConstants.SCT, sct);
        if (validator != null) {
            // Hook to allow the user to validate the SecurityContextToken
            Credential credential = new Credential();
            credential.setSecurityContextToken(sct);

            Credential returnedCredential = validator.validate(credential, data);
            result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
            result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
            result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
        } else {
            String id = sct.getID();
            if (id.charAt(0) == '#') {
                id = id.substring(1);
            }
            byte[] secret = null;
            try {
                secret = getSecret(data.getCallbackHandler(), sct.getIdentifier());
            } catch (WSSecurityException ex) {
                secret = getSecret(data.getCallbackHandler(), id);
            }
            if (secret == null || secret.length == 0) {
                secret = getSecret(data.getCallbackHandler(), id);
            }
            result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
            result.put(WSSecurityEngineResult.TAG_SECRET, secret);
        }

        wsDocInfo.addTokenElement(elem);
        wsDocInfo.addResult(result);

                int version = ConversationConstants.VERSION_05_12;
                if (!reqData.isUse200512Namespace()) {
                    version = ConversationConstants.VERSION_05_02;
                }

                SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
                return sct.getElement();
            }
        } else {
            // DirectReference

            if (signatureToken.getDerivedKeyIdentifier() != 0) {

            writer.writeEndElement();

            writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);

            // SecurityContextToken
            SecurityContextToken sct =
                new SecurityContextToken(
                    NegotiationUtils.getWSCVersion(tokenType), writer.getDocument()
                );

            // Lifetime
            Date created = new Date();
            Date expires = new Date();
            expires.setTime(created.getTime() + 300000L);

            SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
            token.setToken(sct.getElement());
            token.setTokenType(sct.getTokenType());

            SecurityContext sc = exchange.getInMessage().get(SecurityContext.class);
            if (sc != null) {
                token.setSecurityContext(sc);
            }

            writer.getCurrentNode().appendChild(sct.getElement());
            writer.writeEndElement();

            // References
            writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
            token.setAttachedReference(
                writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
            );
            writer.writeEndElement();

            writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
            token.setUnattachedReference(
                writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
            );
            writer.writeEndElement();

            writeLifetime(writer, created, expires, prefix, namespace);

    private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
        Element childElement = DOMUtils.getFirstElement(el);
        String uri = "";
        if ("SecurityContextToken".equals(childElement.getLocalName())) {
            SecurityContextToken sct = new SecurityContextToken(childElement);
            uri = sct.getIdentifier();
        } else {
            SecurityTokenReference ref =
                new SecurityTokenReference(childElement, new BSPEnforcer());
            uri = ref.getReference().getURI();
        }

            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();

            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                if (actInt.intValue() == WSConstants.SCT) {
                    SecurityContextToken tok =
                        (SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                    message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());

                    SecurityToken token = getTokenStore(message).getToken(tok.getIdentifier());
                    if (token == null || token.isExpired()) {
                        byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
                        if (secret != null) {
                            token = new SecurityToken(tok.getIdentifier());
                            token.setToken(tok.getElement());
                            token.setSecret(secret);
                            token.setTokenType(tok.getTokenType());
                            getTokenStore(message).add(token);
                        }
                    }
                    final SecurityContext sc = token.getSecurityContext();
                    if (sc != null) {

            if (keySize < 128 || keySize > 512) {
                keySize = 256;
            }

            writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
            SecurityContextToken sct =
                new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());

            Date created = new Date();
            Date expires = new Date();
            expires.setTime(created.getTime() + ttl);

            SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
            token.setToken(sct.getElement());
            token.setTokenType(sct.getTokenType());

            writer.getCurrentNode().appendChild(sct.getElement());
            writer.writeEndElement();

            writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
            token.setAttachedReference(
                writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
            );
            writer.writeEndElement();

            writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
            token.setUnattachedReference(
                writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
            );
            writer.writeEndElement();

            writeLifetime(writer, created, expires, prefix, namespace);