Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#getCrypto()

The following examples show how to use org.apache.cxf.ws.security.tokenstore.SecurityToken#getCrypto() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TransportBindingHandler.java    From steady with Apache License 2.0 4 votes vote down vote up
private byte[] doSignature(
    boolean tokenIncluded,
    SecurityToken secTok,
    Token token,
    TokenWrapper wrapper,
    List<WSEncryptionPart> sigParts
) throws Exception {
    WSSecSignature sig = new WSSecSignature(wssConfig);
    
    //Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (tokenIncluded) {
        ref = secTok.getAttachedReference();
    } else {
        ref = secTok.getUnattachedReference();
    }
    
    if (ref != null) {
        SecurityTokenReference secRef = 
            new SecurityTokenReference(cloneElement(ref), false);
        sig.setSecurityTokenReference(secRef);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else if (token instanceof UsernameToken) {
        sig.setCustomTokenId(secTok.getId());
        sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING 
                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
        sig.setKeyIdentifierType(type);
    } else if (secTok.getTokenType() == null) {
        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else {
        String id = secTok.getWsuId();
        if (id == null) {
            sig.setCustomTokenId(secTok.getId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
        } else {
            sig.setCustomTokenId(secTok.getWsuId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
        }
        String tokenType = secTok.getTokenType();
        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML2_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else {
            sig.setCustomTokenValueType(tokenType);
        }
    }
    Crypto crypto = null;
    if (secTok.getSecret() == null) {
        sig.setX509Certificate(secTok.getX509Certificate());

        crypto = secTok.getCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto(wrapper);
        }
        String uname = crypto.getX509Identifier(secTok.getX509Certificate());
        if (uname == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            uname = (String)message.getContextualProperty(userNameKey);
        }
        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
        if (password == null) {
            password = "";
        }
        sig.setUserInfo(uname, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
    } else {
        crypto = getSignatureCrypto(wrapper);
        sig.setSecretKey(secTok.getSecret());
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
    }
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());

    Document doc = saaj.getSOAPPart();
    sig.prepare(doc, crypto, secHeader);

    sig.setParts(sigParts);
    List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);

    //Do signature
    if (bottomUpElement == null) {
        sig.computeSignature(referenceList, false, null);
    } else {
        sig.computeSignature(referenceList, true, bottomUpElement);
    }
    bottomUpElement = sig.getSignatureElement();
    mainSigId = sig.getId();

    return sig.getSignatureValue();
}
 
Example 2
Source File: TransportBindingHandler.java    From steady with Apache License 2.0 4 votes vote down vote up
private byte[] doSignature(
    boolean tokenIncluded,
    SecurityToken secTok,
    Token token,
    TokenWrapper wrapper,
    List<WSEncryptionPart> sigParts
) throws Exception {
    WSSecSignature sig = new WSSecSignature(wssConfig);
    
    //Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (tokenIncluded) {
        ref = secTok.getAttachedReference();
    } else {
        ref = secTok.getUnattachedReference();
    }
    
    if (ref != null) {
        SecurityTokenReference secRef = 
            new SecurityTokenReference(cloneElement(ref), false);
        sig.setSecurityTokenReference(secRef);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else if (token instanceof UsernameToken) {
        sig.setCustomTokenId(secTok.getId());
        sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING 
                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
        sig.setKeyIdentifierType(type);
    } else if (secTok.getTokenType() == null) {
        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else {
        String id = secTok.getWsuId();
        if (id == null) {
            sig.setCustomTokenId(secTok.getId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
        } else {
            sig.setCustomTokenId(secTok.getWsuId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
        }
        String tokenType = secTok.getTokenType();
        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML2_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else {
            sig.setCustomTokenValueType(tokenType);
        }
    }
    Crypto crypto = null;
    if (secTok.getSecret() == null) {
        sig.setX509Certificate(secTok.getX509Certificate());

        crypto = secTok.getCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto(wrapper);
        }
        String uname = crypto.getX509Identifier(secTok.getX509Certificate());
        if (uname == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            uname = (String)message.getContextualProperty(userNameKey);
        }
        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
        if (password == null) {
            password = "";
        }
        sig.setUserInfo(uname, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
    } else {
        crypto = getSignatureCrypto(wrapper);
        sig.setSecretKey(secTok.getSecret());
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
    }
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());

    Document doc = saaj.getSOAPPart();
    sig.prepare(doc, crypto, secHeader);

    sig.setParts(sigParts);
    List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);

    //Do signature
    if (bottomUpElement == null) {
        sig.computeSignature(referenceList, false, null);
    } else {
        sig.computeSignature(referenceList, true, bottomUpElement);
    }
    bottomUpElement = sig.getSignatureElement();
    mainSigId = sig.getId();

    return sig.getSignatureValue();
}
 
Example 3
Source File: TransportBindingHandler.java    From steady with Apache License 2.0 4 votes vote down vote up
private byte[] doSignature(
    boolean tokenIncluded,
    SecurityToken secTok,
    Token token,
    TokenWrapper wrapper,
    List<WSEncryptionPart> sigParts
) throws Exception {
    WSSecSignature sig = new WSSecSignature(wssConfig);
    
    //Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (tokenIncluded) {
        ref = secTok.getAttachedReference();
    } else {
        ref = secTok.getUnattachedReference();
    }
    
    if (ref != null) {
        SecurityTokenReference secRef = 
            new SecurityTokenReference(cloneElement(ref), false);
        sig.setSecurityTokenReference(secRef);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else if (token instanceof UsernameToken) {
        sig.setCustomTokenId(secTok.getId());
        sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING 
                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
        sig.setKeyIdentifierType(type);
    } else if (secTok.getTokenType() == null) {
        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else {
        String id = secTok.getWsuId();
        if (id == null) {
            sig.setCustomTokenId(secTok.getId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
        } else {
            sig.setCustomTokenId(secTok.getWsuId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
        }
        String tokenType = secTok.getTokenType();
        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML2_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else {
            sig.setCustomTokenValueType(tokenType);
        }
    }
    Crypto crypto = null;
    if (secTok.getSecret() == null) {
        sig.setX509Certificate(secTok.getX509Certificate());

        crypto = secTok.getCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto(wrapper);
        }
        String uname = crypto.getX509Identifier(secTok.getX509Certificate());
        if (uname == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            uname = (String)message.getContextualProperty(userNameKey);
        }
        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
        if (password == null) {
            password = "";
        }
        sig.setUserInfo(uname, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
    } else {
        crypto = getSignatureCrypto(wrapper);
        sig.setSecretKey(secTok.getSecret());
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
    }
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());

    Document doc = saaj.getSOAPPart();
    sig.prepare(doc, crypto, secHeader);

    sig.setParts(sigParts);
    List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);

    //Do signature
    if (bottomUpElement == null) {
        sig.computeSignature(referenceList, false, null);
    } else {
        sig.computeSignature(referenceList, true, bottomUpElement);
    }
    bottomUpElement = sig.getSignatureElement();
    mainSigId = sig.getId();

    return sig.getSignatureValue();
}
 
Example 4
Source File: TransportBindingHandler.java    From steady with Apache License 2.0 4 votes vote down vote up
private byte[] doSignature(
    boolean tokenIncluded,
    SecurityToken secTok,
    Token token,
    TokenWrapper wrapper,
    List<WSEncryptionPart> sigParts
) throws Exception {
    WSSecSignature sig = new WSSecSignature(wssConfig);
    
    //Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (tokenIncluded) {
        ref = secTok.getAttachedReference();
    } else {
        ref = secTok.getUnattachedReference();
    }
    
    if (ref != null) {
        SecurityTokenReference secRef = 
            new SecurityTokenReference(cloneElement(ref), false);
        sig.setSecurityTokenReference(secRef);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else if (token instanceof UsernameToken) {
        sig.setCustomTokenId(secTok.getId());
        sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING 
                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
        sig.setKeyIdentifierType(type);
    } else if (secTok.getTokenType() == null) {
        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else {
        String id = secTok.getWsuId();
        if (id == null) {
            sig.setCustomTokenId(secTok.getId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
        } else {
            sig.setCustomTokenId(secTok.getWsuId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
        }
        String tokenType = secTok.getTokenType();
        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
            || WSConstants.SAML2_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else {
            sig.setCustomTokenValueType(tokenType);
        }
    }
    Crypto crypto = null;
    if (secTok.getSecret() == null) {
        sig.setX509Certificate(secTok.getX509Certificate());

        crypto = secTok.getCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto(wrapper);
        }
        String uname = crypto.getX509Identifier(secTok.getX509Certificate());
        if (uname == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            uname = (String)message.getContextualProperty(userNameKey);
        }
        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
        if (password == null) {
            password = "";
        }
        sig.setUserInfo(uname, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
    } else {
        crypto = getSignatureCrypto(wrapper);
        sig.setSecretKey(secTok.getSecret());
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
    }
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());

    Document doc = saaj.getSOAPPart();
    sig.prepare(doc, crypto, secHeader);

    sig.setParts(sigParts);
    List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);

    //Do signature
    if (bottomUpElement == null) {
        sig.computeSignature(referenceList, false, null);
    } else {
        sig.computeSignature(referenceList, true, bottomUpElement);
    }
    bottomUpElement = sig.getSignatureElement();
    mainSigId = sig.getId();

    return sig.getSignatureValue();
}
 
Example 5
Source File: AbstractBindingBuilder.java    From cxf with Apache License 2.0 4 votes vote down vote up
private SupportingToken signSupportingToken(SecurityToken secToken, String id,
                                            AbstractToken token, SupportingTokens suppTokens)
    throws SOAPException {
    WSSecSignature sig = new WSSecSignature(secHeader);
    sig.setIdAllocator(wssConfig.getIdAllocator());
    sig.setCallbackLookup(callbackLookup);
    sig.setX509Certificate(secToken.getX509Certificate());
    sig.setCustomTokenId(id);
    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    sig.setWsDocInfo(wsDocInfo);
    sig.setExpandXopInclude(isExpandXopInclude());
    sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
    sig.setStoreBytesInAttachment(storeBytesInAttachment);

    String tokenType = secToken.getTokenType();
    if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
        || WSS4JConstants.SAML_NS.equals(tokenType)) {
        sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
    } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
        || WSS4JConstants.SAML2_NS.equals(tokenType)) {
        sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
    } else if (tokenType != null) {
        sig.setCustomTokenValueType(tokenType);
    } else {
        sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
    }
    sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());

    Crypto crypto = secToken.getCrypto();
    String uname = null;
    try {
        uname = crypto.getX509Identifier(secToken.getX509Certificate());
    } catch (WSSecurityException e1) {
        LOG.log(Level.FINE, e1.getMessage(), e1);
        throw new Fault(e1);
    }

    String password =
        (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
    if (StringUtils.isEmpty(password)) {
        password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
    }
    sig.setUserInfo(uname, password);
    try {
        sig.prepare(secToken.getCrypto());
    } catch (WSSecurityException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }

    return new SupportingToken(token, sig, getSignedParts(suppTokens));
}