Package org.apache.xml.security.stax.securityToken

Examples of org.apache.xml.security.stax.securityToken.InboundSecurityToken


                @SuppressWarnings("unchecked")
                TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
                        ((TokenSecurityEvent<? extends InboundSecurityToken>) securityEvent);

                if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
                    InboundSecurityToken securityToken = WSSUtils.getRootToken(tokenSecurityEvent.getSecurityToken());

                    TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
                            WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
                    setTokenUsage(newTokenSecurityEvent, WSSecurityTokenConstants.TokenUsage_MainEncryption);
                    securityEvent = newTokenSecurityEvent;
View Full Code Here


        }

        //search the root tokens and create new TokenSecurityEvents if not already there...
        for (int i = 0; i < tokenSecurityEvents.size(); i++) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
            InboundSecurityToken securityToken = WSSUtils.getRootToken(tokenSecurityEvent.getSecurityToken());

            if (!containsSecurityToken(supportingTokens, securityToken)) {
                TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
                        WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
                supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
                securityEventDeque.offer(newTokenSecurityEvent);
            }
            //remove old TokenSecurityEvent so that only root tokens are in the queue
            securityEventDeque.remove(tokenSecurityEvent);
        }

        Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokensIterator = supportingTokens.iterator();
        while (supportingTokensIterator.hasNext()) {
            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = supportingTokensIterator.next();
            List<InboundSecurityToken> signingSecurityTokens = isSignedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);

            List<QName> signatureElementPath = new ArrayList<QName>(4);
            signatureElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            signatureElementPath.add(WSSConstants.TAG_dsig_Signature);
            boolean signsSignature = signsElement(tokenSecurityEvent, signatureElementPath, securityEventDeque);
            boolean encryptsSignature = encryptsElement(tokenSecurityEvent, signatureElementPath, securityEventDeque);

            List<QName> signatureConfirmationElementPath = new ArrayList<QName>(4);
            signatureConfirmationElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            signatureConfirmationElementPath.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
            boolean signsSignatureConfirmation = signsElement(tokenSecurityEvent, signatureConfirmationElementPath, securityEventDeque);
            boolean encryptsSignatureConfirmation = encryptsElement(tokenSecurityEvent, signatureConfirmationElementPath, securityEventDeque);

            List<QName> timestampElementPath = new ArrayList<QName>(4);
            timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            timestampElementPath.add(WSSConstants.TAG_wsu_Timestamp);
            boolean signsTimestamp = signsElement(tokenSecurityEvent, timestampElementPath, securityEventDeque);

            List<QName> usernameTokenElementPath = new ArrayList<QName>(4);
            usernameTokenElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
            usernameTokenElementPath.add(WSSConstants.TAG_wsse_UsernameToken);
            boolean encryptsUsernameToken = encryptsElement(tokenSecurityEvent, usernameTokenElementPath, securityEventDeque);

            boolean transportSecurityActive = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);

            List<InboundSecurityToken> encryptingSecurityTokens = isEncryptedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);

            boolean signatureUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature);
            boolean encryptionUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption);

            if (!transportSecurityActive && signsSignatureConfirmation && signsTimestamp && !signsSignature) {
                supportingTokensIterator.remove();
                messageSignatureTokens = addTokenSecurityEvent(tokenSecurityEvent, messageSignatureTokens);
                if (encryptionUsage) {
                    messageEncryptionTokens = addTokenSecurityEvent(tokenSecurityEvent, messageEncryptionTokens);
                }
            } else if (!transportSecurityActive && signsSignatureConfirmation && !signsSignature) {
                supportingTokensIterator.remove();
                messageSignatureTokens = addTokenSecurityEvent(tokenSecurityEvent, messageSignatureTokens);
                if (encryptionUsage) {
                    messageEncryptionTokens = addTokenSecurityEvent(tokenSecurityEvent, messageEncryptionTokens);
                }
            } else if (!transportSecurityActive && signsTimestamp && !signsSignature) {
                supportingTokensIterator.remove();
                messageSignatureTokens = addTokenSecurityEvent(tokenSecurityEvent, messageSignatureTokens);
                if (encryptionUsage) {
                    messageEncryptionTokens = addTokenSecurityEvent(tokenSecurityEvent, messageEncryptionTokens);
                }
            } else if (!transportSecurityActive &&
                    (encryptsSignature || encryptsSignatureConfirmation || encryptsUsernameToken)) {
                supportingTokensIterator.remove();
                messageEncryptionTokens = addTokenSecurityEvent(tokenSecurityEvent, messageEncryptionTokens);
            } else if (signsSignature && signingSecurityTokens.size() > 0 && encryptingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedEndorsingEncryptedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedEndorsingEncryptedSupportingTokens);
            } else if (transportSecurityActive && signsTimestamp && signingSecurityTokens.size() > 0 && encryptingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedEndorsingEncryptedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedEndorsingEncryptedSupportingTokens);
            } else if (signsSignature && signingSecurityTokens.size() == 0 && encryptingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                endorsingEncryptedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, endorsingEncryptedSupportingTokens);
            } else if (signsSignature && signingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedEndorsingSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedEndorsingSupportingTokens);
            } else if (signatureUsage && signingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedEndorsingSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedEndorsingSupportingTokens);
            } else if (signsSignature) {
                supportingTokensIterator.remove();
                endorsingSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, endorsingSupportingTokens);
            } else if (signingSecurityTokens.size() > 0 && encryptingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedEncryptedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedEncryptedSupportingTokens);
            } else if (signingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                signedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, signedSupportingTokens);
            } else if (encryptingSecurityTokens.size() > 0) {
                supportingTokensIterator.remove();
                encryptedSupportingTokens = addTokenSecurityEvent(tokenSecurityEvent, encryptedSupportingTokens);
            }
        }

        if (messageSignatureTokens.isEmpty()) {
            InboundSecurityToken messageSignatureToken = getSupportingTokenSigningToken(
                    signedSupportingTokens,
                    signedEndorsingSupportingTokens,
                    signedEncryptedSupportingTokens,
                    signedEndorsingEncryptedSupportingTokens,
                    securityEventDeque);
View Full Code Here

                    //first look if the token is included in the message (necessary for TokenInclusion policy)...
                    List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
                            inboundSecurityContext.getRegisteredSecurityTokenProviders();
                    for (int i = 0; i < securityTokenProviders.size(); i++) {
                        SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
                        InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
                        if (inboundSecurityToken instanceof X509SecurityToken) {
                            X509SecurityToken x509SecurityToken = (X509SecurityToken) inboundSecurityToken;

                            final X509Certificate x509Certificate = x509SecurityToken.getX509Certificates()[0];
                            if (x509Certificate.getSerialNumber().compareTo(x509IssuerSerialType.getX509SerialNumber()) == 0 &&
                                    x509Certificate.getIssuerX500Principal().equals(new X500Principal(x509IssuerSerialType.getX509IssuerName())))
                                return createSecurityTokenProxy(inboundSecurityToken,
                                        WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
                        }
                    }
                    //...then if none is found create a new SecurityToken instance
                    return new X509IssuerSerialTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, x509IssuerSerialType,
                            securityTokenReferenceType.getId(), securityProperties);
                }

                //Subject Key Identifier
                byte[] skiBytes =
                        XMLSecurityUtils.getQNameType(
                                x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
                                XMLSecurityConstants.TAG_dsig_X509SKI
                        );
                if (skiBytes != null) {
                    return new X509SKISecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, skiBytes,
                            securityTokenReferenceType.getId(), securityProperties);
                }

                //X509Certificate
                byte[] x509CertificateBytes = XMLSecurityUtils.getQNameType(
                        x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509Certificate);
                if (x509CertificateBytes != null) {
                    return new X509V3SecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler,
                            x509CertificateBytes, securityTokenReferenceType.getId(), securityProperties);
                }
            }
           
            String tokenType =
                    XMLSecurityUtils.getQNameAttribute(
                        securityTokenReferenceType.getOtherAttributes(),
                        WSSConstants.ATT_wsse11_TokenType);

            final KeyIdentifierType keyIdentifierType
                    = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_KeyIdentifier);
            if (keyIdentifierType != null) {
                String valueType = keyIdentifierType.getValueType();
                if (valueType == null) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3054);
                }
                String encodingType = keyIdentifierType.getEncodingType();

                byte[] binaryContent = null;
                if (WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(encodingType)) {
                    binaryContent = Base64.decodeBase64(keyIdentifierType.getValue());
                } else if (!WSSConstants.NS_SAML10_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TYPE.equals(valueType)) {
                    if (encodingType == null) {
                        ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3070);
                    } else {
                        ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3071);
                    }
                } else if (encodingType != null
                        && (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType))) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6604);
                }

                if (WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
                    return new X509V3SecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler,
                            binaryContent, securityTokenReferenceType.getId(), securityProperties);
                } else if (WSSConstants.NS_X509SubjectKeyIdentifier.equals(valueType)) {
                    return new X509SKISecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
                            securityTokenReferenceType.getId(), securityProperties);
                } else if (WSSConstants.NS_THUMBPRINT.equals(valueType)) {
                    try {
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                        //first look if the token is included in the message (necessary for TokenInclusion policy)...
                        List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
                                inboundSecurityContext.getRegisteredSecurityTokenProviders();
                        for (int i = 0; i < securityTokenProviders.size(); i++) {
                            SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
                            InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
                            if (inboundSecurityToken instanceof X509SecurityToken) {
                                X509SecurityToken x509SecurityToken = (X509SecurityToken)inboundSecurityToken;
                                byte[] tokenDigest = messageDigest.digest(x509SecurityToken.getX509Certificates()[0].getEncoded());

                                if (Arrays.equals(tokenDigest, binaryContent)) {
                                    return createSecurityTokenProxy(inboundSecurityToken,
                                            WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
                                }
                            }
                        }
                    } catch (NoSuchAlgorithmException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                    } catch (CertificateEncodingException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
                    }

                    //...then if none is found create a new SecurityToken instance
                    return new X509ThumbprintSHA1SecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
                            securityTokenReferenceType.getId(), securityProperties);
                } else if (WSSConstants.NS_ENCRYPTED_KEY_SHA1.equals(valueType)) {
                    return new EncryptedKeySha1SecurityTokenImpl(
                            (WSInboundSecurityContext) inboundSecurityContext, callbackHandler, keyIdentifierType.getValue(),
                            securityTokenReferenceType.getId());
                } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType)) {
                    if (WSSConstants.NS_SAML20_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType)) {
                        ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6617);
                    } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) && !WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE.equals(tokenType)) {
                        ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6611);
                    }
                    SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
                            inboundSecurityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
                    if (securityTokenProvider != null) {
                        return createSecurityTokenProxy(securityTokenProvider.getSecurityToken(),
                            WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                    }
                   
                    // Delegate to a CallbackHandler, in case the token is not in the request
                    return new SamlSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext,
                                                     keyIdentifierType.getValue(),
                                                     WSSecurityTokenConstants.KeyIdentifier_ExternalReference,
                                                     securityProperties);
                } else if (WSSConstants.NS_Kerberos5_AP_REQ_SHA1.equals(valueType)) {
                    SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
                            inboundSecurityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
                    if (securityTokenProvider != null) {
                        return createSecurityTokenProxy(securityTokenProvider.getSecurityToken(),
                                WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                    }
                   
                    try {
                        //ok we have to find the token via digesting...
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                        List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
                                inboundSecurityContext.getRegisteredSecurityTokenProviders();
                        for (int i = 0; i < securityTokenProviders.size(); i++) {
                            SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
                            InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
                            if (inboundSecurityToken instanceof KerberosServiceSecurityToken) {
                                KerberosServiceSecurityToken kerberosSecurityToken = (KerberosServiceSecurityToken)inboundSecurityToken;
                                byte[] tokenDigest = messageDigest.digest(kerberosSecurityToken.getBinaryContent());
                                if (Arrays.equals(tokenDigest, binaryContent)) {
                                    return createSecurityTokenProxy(inboundSecurityToken,
View Full Code Here

        @Override
        protected InboundSecurityToken retrieveSecurityToken(SignatureType signatureType,
                                                      XMLSecurityProperties securityProperties,
                                                      InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {

            InboundSecurityToken inboundSecurityToken = SecurityTokenFactory.getInstance().getSecurityToken(
                    signatureType.getKeyInfo(), WSSecurityTokenConstants.KeyUsage_Signature_Verification,
                    securityProperties, inboundSecurityContext);

            SignatureTokenValidator signatureTokenValidator = ((WSSSecurityProperties) securityProperties).getValidator(WSSConstants.TAG_dsig_Signature);
            if (signatureTokenValidator == null) {
                signatureTokenValidator = new SignatureTokenValidatorImpl();
            }
            signatureTokenValidator.validate(inboundSecurityToken, (WSSSecurityProperties) securityProperties);

            //we have to emit a TokenSecurityEvent here too since it could be an embedded token
            inboundSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
            TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent
                = WSSUtils.createTokenSecurityEvent(inboundSecurityToken, signatureType.getId());
            inboundSecurityContext.registerSecurityEvent(tokenSecurityEvent);

            return inboundSecurityToken;
View Full Code Here

                                    return this.securityToken;
                                }

                                SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
                                        inputProcessorChain.getSecurityContext().getSecurityTokenProvider(attributeValue);
                                InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                                return this.securityToken = new SecurityTokenReferenceImpl(
                                        securityToken,
                                        xmlSecEventList,
                                        (WSInboundSecurityContext) inputProcessorChain.getSecurityContext(),
                                        securityTokenReferenceId,
View Full Code Here

            int sigKeyInfoIdx = getSignatureKeyInfoIndex(eventQueue);
            if (sigKeyInfoIdx < 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
            }
            InboundSecurityToken sigSecurityToken = parseKeyInfo(inputProcessorChain, securityProperties, eventQueue, sigKeyInfoIdx);

            if (sigSecurityToken == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
            }

            samlTokenValidator.validate(sigSecurityToken, wssSecurityProperties);

            BasicX509Credential credential = new BasicX509Credential();
            if (sigSecurityToken.getX509Certificates() != null) {
                credential.setEntityCertificate(sigSecurityToken.getX509Certificates()[0]);
            } else if (sigSecurityToken.getPublicKey() != null) {
                credential.setPublicKey(sigSecurityToken.getPublicKey());
            } else {
                throw new WSSecurityException(
                        WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                        "cannot get certificate or key"
                );
            }
            SignatureValidator sigValidator = new SignatureValidator(credential);
            try {
                sigValidator.validate(signature);
            } catch (ValidationException ex) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty", ex, "SAML signature validation failed");
            }
        }

        String confirmMethod = null;
        List<String> methods = samlAssertionWrapper.getConfirmationMethods();
        if (methods != null && methods.size() > 0) {
            confirmMethod = methods.get(0);
        }

        final InboundSecurityToken subjectSecurityToken;

        if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {

            // First try to get the credential from a CallbackHandler
            final byte[] subjectSecretKey = SAMLUtil.getSecretKeyFromCallbackHandler(
View Full Code Here

        BinarySecurityTokenValidator binarySecurityTokenValidator =
                wssSecurityProperties.getValidator(WSSConstants.TAG_wsse_BinarySecurityToken);
        if (binarySecurityTokenValidator == null) {
            binarySecurityTokenValidator = new BinarySecurityTokenValidatorImpl();
        }
        final InboundSecurityToken binarySecurityToken =
                binarySecurityTokenValidator.validate(binarySecurityTokenType, tokenContext);

        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() {
            @Override
            public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return binarySecurityToken;
            }

            @Override
            public String getId() {
                return binarySecurityToken.getId();
            }
        };

        wsInboundSecurityContext.registerSecurityTokenProvider(binarySecurityTokenType.getId(), securityTokenProvider);
View Full Code Here

                    @Override
                    protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
                                         String correlationID) throws XMLSecurityException {
                        byte[] secret;
                        InboundSecurityToken referencedSecurityToken = getReferencedSecurityToken();
                        if (referencedSecurityToken != null) {
                            if (referencedSecurityToken instanceof UsernameSecurityToken) {
                                UsernameSecurityToken usernameSecurityToken = (UsernameSecurityToken) referencedSecurityToken;
                                secret = usernameSecurityToken.generateDerivedKey();
                            } else {
                                secret = referencedSecurityToken.getSecretKey(algorithmURI, algorithmUsage, correlationID).getEncoded();
                            }
                        } else {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedKeyId");
                        }
                        byte[] nonce = derivedKeyTokenType.getNonce();
View Full Code Here

        SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName);
        if (securityContextTokenValidator == null) {
            securityContextTokenValidator = new SecurityContextTokenValidatorImpl();
        }
        final InboundSecurityToken securityContextToken =
                securityContextTokenValidator.validate(securityContextTokenType, identifier, tokenContext);

        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider =
                new SecurityTokenProvider<InboundSecurityToken>() {
View Full Code Here

                        }
                       
                        // Now try message signatures
                        for (int j = 0; j < securityTokenProviders.size(); j++) {
                            SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider = securityTokenProviders.get(j);
                            InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                            // Don't compare to the original SAML Token credentials...
                            if (securityToken == httpsSecurityToken || securityToken == subjectSecurityToken
                                || !(securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature)
                                    || securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature)
                                    || securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens)
                                    || securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens)
                                    || securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens)
                                    || securityToken.getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens))) {
                                continue;
                            }
                            X509Certificate[] x509Certificates = securityToken.getX509Certificates();
                            PublicKey publicKey = securityToken.getPublicKey();
                            Map<String, Key> keyMap = securityToken.getSecretKey();
                            if (x509Certificates != null && x509Certificates.length > 0
                                && subjectCertificates != null && subjectCertificates.length > 0 &&
                                subjectCertificates[0].equals(x509Certificates[0])) {
                                return;
                            }
View Full Code Here

TOP

Related Classes of org.apache.xml.security.stax.securityToken.InboundSecurityToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.