Examples of SecurityTokenReference

• com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference
  @author Ashutosh.Shahi@sun.com
• com.sun.xml.ws.security.opt.impl.keyinfo.SecurityTokenReference
  @author Ashutosh.Shahi@sun.com
• com.sun.xml.ws.security.trust.elements.str.SecurityTokenReference
• com.sun.xml.wss.core.SecurityTokenReference
  @author Vishal Mahajan
• org.apache.ws.security.message.token.SecurityTokenReference
  Security Token Reference. @author Davanum Srinivas (dims@yahoo.com).
• org.apache.wss4j.dom.message.token.SecurityTokenReference
  Security Token Reference.
• org.apache.wss4j.stax.securityToken.SecurityTokenReference
• org.jboss.ws.extensions.security.element.SecurityTokenReference
  @author Jason T. Greene @version $Id: SecurityTokenReference.java 1757 2006-12-22 15:40:24Z thomas.diesler@jboss.com $
• org.opensaml.ws.wssecurity.SecurityTokenReference
  The <wsse:SecurityTokenReference> element. @see "WS-Security 2004, Chapter 7. Token References."

Examples of org.apache.ws.security.message.token.SecurityTokenReference

    keyInfo = sig.getKeyInfo();
    keyInfoUri = "KeyId-" + keyInfo.hashCode();
    keyInfo.setId(keyInfoUri);

    secRef = new SecurityTokenReference(doc);
    strUri = "STRId-" + secRef.hashCode();
    secRef.setID(strUri);

    /*
     * Prepare and setup the token references for this Signature

Examples of org.apache.ws.security.message.token.SecurityTokenReference

            }
            /*
             * The element to transform MUST be a SecurityTokenReference
             * element.
             */
            SecurityTokenReference secRef = new SecurityTokenReference(str);
            /*
             * Third and forth step are performed by derefenceSTR()
             */
            Element dereferencedToken = dereferenceSTR(thisDoc, secRef);
            /*

Examples of org.apache.ws.security.message.token.SecurityTokenReference

        keyInfo = sig.getKeyInfo();
        keyInfoUri = "KeyId-" + keyInfo.hashCode();
        keyInfo.setId(keyInfoUri);

        secRef = new SecurityTokenReference(doc);
        strUri = "STRId-" + secRef.hashCode();
        secRef.setID(strUri);

        certUri = "CertId-" + certs[0].hashCode();

        /*
         * If the sender vouches, then we must sign the SAML token _and_ at
         * least one part of the message (usually the SOAP body). To do so we
         * need to - put in a reference to the SAML token. Thus we create a STR
         * and insert it into the wsse:Security header - set a reference of the
         * created STR to the signature and use STR Transfrom during the
         * signature
         */
        Transforms transforms = null;

        try {
            if (senderVouches) {
                secRefSaml = new SecurityTokenReference(doc);
                String strSamlUri = "STRSAMLId-" + secRefSaml.hashCode();
                secRefSaml.setID(strSamlUri);

                // Decouple Reference/KeyInfo setup - quick shot here
                Reference ref = new Reference(doc);

Examples of org.apache.ws.security.message.token.SecurityTokenReference

   * @throws WSSecurityException
   */
  private SecretKey getKeyFromReference(Element secRefToken, String algorithm)
      throws WSSecurityException {

    SecurityTokenReference secRef = new SecurityTokenReference(secRefToken);
    byte[] decryptedData = null;

    if (secRef.containsReference()) {
      Reference reference = secRef.getReference();
      String uri = reference.getURI();
      String id = uri.substring(1);
      Processor p = wsDocInfo.getProcessor(id);
      if (p == null || (!(p instanceof EncryptedKeyProcessor) && !(p instanceof DerivedKeyTokenProcessor))) {
        throw new WSSecurityException(

Examples of org.apache.ws.security.message.token.SecurityTokenReference

//                }
                if (secRefToken == null) {
                    throw new WSSecurityException
                            (WSSecurityException.INVALID_SECURITY, "noSecTokRef");
                }
                SecurityTokenReference secRef = new SecurityTokenReference(secRefToken);
                /*
         * Well, at this point there are several ways to get the key.
         * Try to handle all of them :-).
         */
                alias = null;
                /*
                * handle X509IssuerSerial here. First check if all elements are available,
                * get the appropriate data, check if all data is available.
                * If all is ok up to that point, look up the certificate alias according
                * to issuer name and serial number.
                * This method is recommended by OASIS WS-S specification, X509 profile
                */
                if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
                    alias = secRef.getX509IssuerSerialAlias(crypto);
                    if (log.isDebugEnabled()) {
                        log.debug("X509IssuerSerial alias: " + alias);
                    }
                }
                /*
                * If wsse:KeyIdentifier found, then the public key of the attached cert was used to
                * encrypt the session (symmetric) key that encrypts the data. Extract the certificate
                * using the BinarySecurity token (was enhanced to handle KeyIdentifier too).
                * This method is _not_ recommended by OASIS WS-S specification, X509 profile
                */
                else if (secRef.containsKeyIdentifier()) {
                    X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
                    if (certs == null || certs.length < 1 || certs[0] == null) {
                        throw new WSSecurityException(WSSecurityException.FAILURE,
                                "invalidX509Data", new Object[]{"for decryption (KeyId)"});
                    }
                    /*
                    * Here we have the certificate. Now find the alias for it. Needed to identify
                    * the private key associated with this certificate
                    */
                    alias = crypto.getAliasForX509Cert(certs[0]);
                    if (log.isDebugEnabled()) {
                        log.debug("cert: " + certs[0]);
                        log.debug("KeyIdentifier Alias: " + alias);
                    }
                } else if (secRef.containsReference()) {
                    Element bstElement = secRef.getTokenElement(doc, null);

                    // at this point ... check token type: Binary
                    QName el =
                            new QName(bstElement.getNamespaceURI(),
                                    bstElement.getLocalName());

Examples of org.apache.ws.security.message.token.SecurityTokenReference

    public Element encryptForExternalRef(Element dataRef, Vector references)
            throws WSSecurityException {

        //Create the SecurityTokenRef to the DKT
        KeyInfo keyInfo = new KeyInfo(document);
        SecurityTokenReference secToken = new SecurityTokenReference(document);
        Reference ref = new Reference(document);
        ref.setURI("#" + dktId);
        secToken.setReference(ref);

        keyInfo.addUnknownElement(secToken.getElement());

        Vector encDataRefs = doEncryption(document, derivedKeyBytes, keyInfo,
                references);
        Element referenceList = dataRef;
        if (referenceList == null) {

Examples of org.apache.ws.security.message.token.SecurityTokenReference

     */
    public Element encryptForExternalRef(Element dataRef, Vector references)
            throws WSSecurityException {

        KeyInfo keyInfo = new KeyInfo(document);
        SecurityTokenReference secToken = new SecurityTokenReference(document);
        Reference ref = new Reference(document);
        ref.setURI("#" + encKeyId);
        secToken.setReference(ref);

        keyInfo.addUnknownElement(secToken.getElement());

        Vector encDataRefs = doEncryption(document, this.symmetricKey,
                keyInfo, references);
        Element referenceList = dataRef;
        if (referenceList == null) {

Examples of org.apache.ws.security.message.token.SecurityTokenReference

        this.encKeyId = "EncKeyId-" + encryptedKeyElement.hashCode();
        encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);

        KeyInfo keyInfo = new KeyInfo(document);

        SecurityTokenReference secToken = new SecurityTokenReference(document);

        switch (keyIdentifierType) {
        case WSConstants.X509_KEY_IDENTIFIER:
            secToken.setKeyIdentifier(remoteCert);
            break;

        case WSConstants.SKI_KEY_IDENTIFIER:
            secToken.setKeyIdentifierSKI(remoteCert, crypto);
            break;

        case WSConstants.THUMBPRINT_IDENTIFIER:
            secToken.setKeyIdentifierThumb(remoteCert);
            break;

        case WSConstants.ISSUER_SERIAL:
            XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
                    remoteCert);
            X509Data x509Data = new X509Data(document);
            x509Data.add(data);
            secToken.setX509IssuerSerial(x509Data);
            break;

        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(document);
            ref.setURI("#" + certUri);
            bstToken = new X509Security(document);
            ((X509Security) bstToken).setX509Certificate(remoteCert);
            bstToken.setID(certUri);
            ref.setValueType(bstToken.getValueType());
            secToken.setReference(ref);
            break;

        default:
            throw new WSSecurityException(WSSecurityException.FAILURE,
                    "unsupportedKeyId");
        }
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(document, encryptedKeyElement,
                keyInfo.getElement());

        Element xencCipherValue = createCipherValue(document,
                encryptedKeyElement);

Examples of org.apache.ws.security.message.token.SecurityTokenReference

        keyInfo = sig.getKeyInfo();
        keyInfoUri = "KeyId-" + keyInfo.hashCode();
        keyInfo.setId(keyInfoUri);

        secRef = new SecurityTokenReference(doc);
        strUri = "STRId-" + secRef.hashCode();
        secRef.setID(strUri);

        Reference refUt = new Reference(document);
        refUt.setURI("#" + this.dktId);

Examples of org.apache.ws.security.message.token.SecurityTokenReference

        dkt.setOffset(offset);
        dkt.setID(dktId);

        if(this.strElem == null) {
            //Create the SecurityTokenRef to the Encrypted Key
            SecurityTokenReference strEncKey = new SecurityTokenReference(document);
            Reference ref = new Reference(document);
            ref.setURI("#" + this.tokenIdentifier);
            strEncKey.setReference(ref);
            dkt.setSecuityTokenReference(strEncKey);
        } else {
            dkt.setSecuityTokenReference(this.strElem);
        }
    }