Examples of org.picketlink.identity.federation.ws.trust.EntropyType

• org.picketlink.identity.federation.ws.trust.EntropyType
  3.org/2001/XMLSchema}anyType"> <sequence> <any/> </sequence> </restriction> </complexContent> </complexType>

        // get the key wrap algorithm.
        URI keyWrapAlgo = request.getKeyWrapAlgorithm();

        // create proof-of-possession token and server entropy (if needed).
        RequestedProofTokenType requestedProofToken = null;
        EntropyType serverEntropy = null;

        if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equalsIgnoreCase(keyType.toString())) {
            // symmetric key case: if client entropy is found, compute a key. If not, generate a new key.
            requestedProofToken = new RequestedProofTokenType();

            byte[] serverSecret = WSTrustUtil.createRandomSecret((int) keySize / 8);
            BinarySecretType serverBinarySecret = new BinarySecretType();
            serverBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
            serverBinarySecret.setValue(Base64.encodeBytes(serverSecret).getBytes());

            byte[] clientSecret = null;
            EntropyType clientEntropy = request.getEntropy();
            if (clientEntropy != null) {
                clientSecret = Base64.decode(new String(WSTrustUtil.getBinarySecret(clientEntropy)));
                serverEntropy = new EntropyType();
                serverEntropy.addAny(serverBinarySecret);
            }

            if (clientSecret != null && clientSecret.length != 0) {
                // client secret has been specified - combine it with the sts secret.

                    } catch (NumberFormatException e) {
                        throw logger.parserException(e);
                    }
                } else if (tag.equals(WSTrustConstants.ENTROPY)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    EntropyType entropy = new EntropyType();
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    if (StaxParserUtil.matches(subEvent, WSTrustConstants.BINARY_SECRET)) {
                        BinarySecretType binarySecret = new BinarySecretType();
                        Attribute typeAttribute = subEvent.getAttributeByName(new QName("", "Type"));
                        if (typeAttribute != null) {
                            binarySecret.setType(StaxParserUtil.getAttributeValue(typeAttribute));
                        }

                        if (!StaxParserUtil.hasTextAhead(xmlEventReader))
                            throw logger.parserExpectedTextValue("binary secret value");

                        binarySecret.setValue(StaxParserUtil.getElementText(xmlEventReader).getBytes());
                        entropy.addAny(binarySecret);
                    }
                    responseToken.setEntropy(entropy);
                    EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(endElement, WSTrustConstants.ENTROPY);
                } else if (tag.equals(WSTrustConstants.USE_KEY)) {

        if (keyType != null) {
            StaxUtil.writeStartElement(writer, PREFIX, WSTrustConstants.KEY_TYPE, BASE_NAMESPACE);
            StaxUtil.writeCharacters(writer, keyType.toString());
            StaxUtil.writeEndElement(writer);
        }
        EntropyType entropy = requestToken.getEntropy();
        if (entropy != null) {
            writeEntropyType(entropy);
        }

        URI computedKeyAlgorithm = requestToken.getComputedKeyAlgorithm();

                    } catch (NumberFormatException e) {
                        throw new ParsingException(e);
                    }
                } else if (tag.equals(WSTrustConstants.ENTROPY)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    EntropyType entropy = new EntropyType();
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    if (StaxParserUtil.matches(subEvent, WSTrustConstants.BINARY_SECRET)) {
                        BinarySecretType binarySecret = new BinarySecretType();
                        Attribute typeAttribute = subEvent.getAttributeByName(new QName("", "Type"));
                        binarySecret.setType(StaxParserUtil.getAttributeValue(typeAttribute));

                        if (!StaxParserUtil.hasTextAhead(xmlEventReader))
                            throw new ParsingException(ErrorCodes.EXPECTED_TEXT_VALUE + "binary secret value");

                        binarySecret.setValue(StaxParserUtil.getElementText(xmlEventReader).getBytes());
                        entropy.addAny(binarySecret);
                    }
                    requestToken.setEntropy(entropy);
                    EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(endElement, WSTrustConstants.ENTROPY);
                } else if (tag.equals(WSTrustConstants.ISSUER)) {

            StaxUtil.writeEndElement(this.writer);
        }

        // write the server entropy, if available.
        if (response.getEntropy() != null) {
            EntropyType entropy = response.getEntropy();
            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.ENTROPY,
                    WSTrustConstants.BASE_NAMESPACE);

            List<Object> entropyList = entropy.getAny();
            if (entropyList != null && entropyList.size() != 0) {
                for (Object entropyObj : entropyList) {
                    if (entropyObj instanceof BinarySecretType) {
                        BinarySecretType binarySecret = (BinarySecretType) entropyObj;
                        StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.BINARY_SECRET,

        BinarySecretType clientBinarySecret = new BinarySecretType();
        clientBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
        clientBinarySecret.setValue(Base64.encodeBytes(clientSecret).getBytes());

        // set the client secret in the client entropy.
        EntropyType clientEntropy = new EntropyType();
        clientEntropy.addAny(clientBinarySecret);

        // create a token request specifying the key type, key size, and client entropy.
        RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
                "http://services.testcorp.org/provider2");
        request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_SYMMETRIC));
        request.setEntropy(clientEntropy);
        request.setKeySize(64);

        // invoke the token service.
        Source requestMessage = this.createSourceFromRequest(request);
        Source responseMessage = this.tokenService.invoke(requestMessage);
        BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
                .parse(DocumentUtil.getSourceAsStream(responseMessage));

        // validate the security token response.
        AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
                SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
        // validate the holder of key contents.
        SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        RequestedProofTokenType proofToken = response.getRequestedProofToken();
        assertNotNull("Unexpected null proof token", proofToken);
        assertTrue(proofToken.getAny().get(0) instanceof ComputedKeyType);
        ComputedKeyType computedKey = (ComputedKeyType) proofToken.getAny().get(0);
        assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, computedKey.getAlgorithm());

        // server entropy must have been included in the response to allow reconstruction of the computed key.
        EntropyType serverEntropy = response.getEntropy();
        assertNotNull("Unexpected null server entropy");
        assertEquals("Invalid number of elements in server entropy", 1, serverEntropy.getAny().size());
        BinarySecretType serverBinarySecret = (BinarySecretType) serverEntropy.getAny().get(0);
        assertEquals("Unexpected binary secret type", WSTrustConstants.BS_TYPE_NONCE, serverBinarySecret.getType());
        assertNotNull("Unexpected null secret value", serverBinarySecret.getValue());
        // get the base64 decoded
        byte[] encodedSecret = serverBinarySecret.getValue();
        assertEquals("Unexpected secret size", 8, Base64.decode(encodedSecret, 0, encodedSecret.length).length);

        EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0);
        assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());

        assertEquals(WSTrustConstants.BS_TYPE_SYMMETRIC, requestToken.getKeyType().toASCIIString());

        EntropyType entropy = requestToken.getEntropy();
        BinarySecretType binarySecret = (BinarySecretType) entropy.getAny().get(0);

        assertEquals(WSTrustConstants.BS_TYPE_NONCE, binarySecret.getType());
        assertEquals("M0/7qLpV49c=", new String(binarySecret.getValue()));

        // Now for the writing part