Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#setSHA1()
The following examples show how to use
org.apache.cxf.ws.security.tokenstore.SecurityToken#setSHA1() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken() throws Exception {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Requesting Kerberos ticket for " + serviceName
+ " using JAAS Login Module: " + getContextName());
}
KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName);
bst.addWSUNamespace();
bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
token.setWsuId(bst.getID());
SecretKey secretKey = bst.getSecretKey();
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
return token;
}
Example 2
| Source File: PassThroughKerberosClient.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
@Override
public SecurityToken requestSecurityToken() throws Exception {
KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
bst.setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
bst.setToken(token);
bst.addWSUNamespace();
bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst));
SecurityToken securityToken = new SecurityToken(bst.getID());
securityToken.setToken(bst.getElement());
securityToken.setWsuId(bst.getID());
securityToken.setSecret(bst.getToken());
String sha1 = Base64.getEncoder().encodeToString(KeyUtils.generateDigest(bst.getToken()));
securityToken.setSHA1(sha1);
securityToken.setTokenType(bst.getValueType());
return securityToken;
}
Example 3
| Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
|
private SecurityToken getEncryptedKey() {
WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
if (encryptedKeyResult != null) {
// Store it in the cache
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires);
securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
return securityToken;
}
return null;
}
Example 4
| Source File: TokenStoreCallbackHandler.java From cxf with Apache License 2.0 | 6 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callback;
String id = pc.getIdentifier();
SecurityToken tok = store.getToken(id);
if (tok != null && !tok.isExpired()) {
if (tok.getSHA1() == null && pc.getKey() != null) {
tok.setSHA1(getSHA1(pc.getKey()));
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval
store.add(tok.getSHA1(), tok);
}
pc.setKey(tok.getSecret());
pc.setKey(tok.getKey());
pc.setCustomToken(tok.getToken());
return;
}
}
}
if (internal != null) {
internal.handle(callbacks);
}
}
Example 5
| Source File: KerberosTokenInterceptorProvider.java From cxf with Apache License 2.0 | 6 votes |
|
private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken)
throws TokenStoreException {
SecurityToken token = new SecurityToken(kerberosToken.getId());
token.setTokenType(kerberosToken.getKerberosTokenValueType());
SecretKey secretKey = getSecretKeyFromToken(kerberosToken);
token.setKey(secretKey);
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
byte[] ticket = kerberosToken.getBinaryContent();
try {
token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket)));
} catch (WSSecurityException e) {
// Just consume this for now as it isn't critical...
}
TokenStoreUtils.getTokenStore(message).add(token);
message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
}
Example 6
| Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken() throws Exception {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Requesting Kerberos ticket for " + serviceName
+ " using JAAS Login Module: " + getContextName());
}
KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName);
bst.addWSUNamespace();
bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
token.setWsuId(bst.getID());
SecretKey secretKey = bst.getSecretKey();
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
return token;
}
Example 7
| Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken() throws Exception {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Requesting Kerberos ticket for " + serviceName
+ " using JAAS Login Module: " + getContextName());
}
KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName);
bst.addWSUNamespace();
bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
token.setWsuId(bst.getID());
SecretKey secretKey = bst.getSecretKey();
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
return token;
}
Example 8
| Source File: KerberosClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken() throws Exception {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Requesting Kerberos ticket for " + serviceName
+ " using JAAS Login Module: " + getContextName());
}
KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument());
bst.retrieveServiceTicket(getContextName(), callbackHandler, serviceName);
bst.addWSUNamespace();
bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
token.setWsuId(bst.getID());
SecretKey secretKey = bst.getSecretKey();
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
return token;
}
Example 9
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
String id = encrKey.getId();
byte[] secret = encrKey.getEphemeralKey();
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
created,
expires);
tempTok.setSecret(secret);
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
tokenStore.add(tempTok);
String bstTokenId = encrKey.getBSTTokenId();
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
encrKey.prependBSTElementToHeader(secHeader);
}
return id;
}
Example 10
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String getEncryptedKey() {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
&& encryptedKeyID != null
&& encryptedKeyID.length() != 0) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(getSHA1((byte[])wser
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
return encryptedKeyID;
}
}
}
return null;
}
Example 11
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String getEncryptedKey() {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
&& encryptedKeyID != null
&& encryptedKeyID.length() != 0) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(getSHA1((byte[])wser
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
return encryptedKeyID;
}
}
}
return null;
}
Example 12
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
String id = encrKey.getId();
byte[] secret = encrKey.getEphemeralKey();
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
created,
expires);
tempTok.setSecret(secret);
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
tokenStore.add(tempTok);
String bstTokenId = encrKey.getBSTTokenId();
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
encrKey.prependBSTElementToHeader(secHeader);
}
return id;
}
Example 13
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String getEncryptedKey() {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
&& encryptedKeyID != null
&& encryptedKeyID.length() != 0) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(getSHA1((byte[])wser
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
return encryptedKeyID;
}
}
}
return null;
}
Example 14
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
String id = encrKey.getId();
byte[] secret = encrKey.getEphemeralKey();
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
created,
expires);
tempTok.setSecret(secret);
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
tokenStore.add(tempTok);
String bstTokenId = encrKey.getBSTTokenId();
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
encrKey.prependBSTElementToHeader(secHeader);
}
return id;
}
Example 15
| Source File: KerberosTokenPolicyValidator.java From cxf with Apache License 2.0 | 5 votes |
|
private SecurityToken createSecurityToken(KerberosSecurity binarySecurityToken) {
SecurityToken token = new SecurityToken(binarySecurityToken.getID());
token.setToken(binarySecurityToken.getElement());
token.setTokenType(binarySecurityToken.getValueType());
byte[] tokenBytes = binarySecurityToken.getToken();
try {
token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(tokenBytes)));
} catch (WSSecurityException e) {
// Just consume this for now as it isn't critical...
}
return token;
}
Example 16
| Source File: SymmetricBindingHandler.java From cxf with Apache License 2.0 | 5 votes |
|
private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
SecretKey symmetricKey = keyGen.generateKey();
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken, symmetricKey);
assertTokenWrapper(wrapper);
String id = encrKey.getId();
byte[] secret = symmetricKey.getEncoded();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
created,
expires);
tempTok.setSecret(secret);
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
tempTok.setSHA1(encrKey.getEncryptedKeySHA1());
tokenStore.add(tempTok);
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval
tokenStore.add(tempTok.getSHA1(), tempTok);
String bstTokenId = encrKey.getBSTTokenId();
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
encrKey.prependBSTElementToHeader();
}
return id;
}
Example 17
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String getEncryptedKey() {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
&& encryptedKeyID != null
&& encryptedKeyID.length() != 0) {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(getSHA1((byte[])wser
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
return encryptedKeyID;
}
}
}
return null;
}
Example 18
| Source File: SymmetricBindingHandler.java From steady with Apache License 2.0 | 5 votes |
|
private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
String id = encrKey.getId();
byte[] secret = encrKey.getEphemeralKey();
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
created,
expires);
tempTok.setSecret(secret);
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
tokenStore.add(tempTok);
String bstTokenId = encrKey.getBSTTokenId();
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
encrKey.prependBSTElementToHeader(secHeader);
}
return id;
}
Example 19
| Source File: WSS4JUtils.java From cxf with Apache License 2.0 | 4 votes |
|
public static String parseAndStoreStreamingSecurityToken(
org.apache.xml.security.stax.securityToken.SecurityToken securityToken,
Message message
) throws XMLSecurityException, TokenStoreException {
if (securityToken == null) {
return null;
}
SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
if (existingToken == null || existingToken.isExpired()) {
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken cachedTok =
new SecurityToken(securityToken.getId(), created, expires);
cachedTok.setSHA1(securityToken.getSha1Identifier());
if (securityToken.getTokenType() != null) {
if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) {
cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.KERBEROS_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_GSS_KERBEROS5_AP_REQ);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_11_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_20_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN
|| securityToken.getTokenType() == WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_WSC_05_02);
}
}
for (Map.Entry<String, Key> entry : securityToken.getSecretKey().entrySet()) {
if (entry.getValue() != null) {
cachedTok.setKey(entry.getValue());
if (entry.getValue() instanceof SecretKey) {
cachedTok.setSecret(entry.getValue().getEncoded());
}
break;
}
}
TokenStoreUtils.getTokenStore(message).add(cachedTok);
return cachedTok.getId();
}
return existingToken.getId();
}
