Java Code Examples for org.apache.ws.security.WSConstants#ST_SIGNED
The following examples show how to use
org.apache.ws.security.WSConstants#ST_SIGNED .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
private List<AssertionWrapper> findSamlTokenResults(
List<WSSecurityEngineResult> wsSecEngineResults
) {
List<AssertionWrapper> results = new ArrayList<AssertionWrapper>();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
results.add((AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
}
}
return results;
}
Example 2
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
private List<AssertionWrapper> findSamlTokenResults(
List<WSSecurityEngineResult> wsSecEngineResults
) {
List<AssertionWrapper> results = new ArrayList<AssertionWrapper>();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
results.add((AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
}
}
return results;
}
Example 3
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
private List<AssertionWrapper> findSamlTokenResults(
List<WSSecurityEngineResult> wsSecEngineResults
) {
List<AssertionWrapper> results = new ArrayList<AssertionWrapper>();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
results.add((AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
}
}
return results;
}
Example 4
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
private List<AssertionWrapper> findSamlTokenResults(
List<WSSecurityEngineResult> wsSecEngineResults
) {
List<AssertionWrapper> results = new ArrayList<AssertionWrapper>();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
results.add((AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
}
}
return results;
}
Example 5
| Source File: AbstractSupportingTokenPolicyValidator.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Check that a WSSecurityEngineResult corresponding to a signature or encryption uses the same
* signing/encrypting credential as one of the tokens.
* @param signatureResult a WSSecurityEngineResult corresponding to a signature or encryption
* @param tokenResult A list of WSSecurityEngineResults corresponding to tokens
* @return
*/
private boolean checkSignatureOrEncryptionResult(
WSSecurityEngineResult result,
List<WSSecurityEngineResult> tokenResult
) {
// See what was used to sign/encrypt this result
X509Certificate cert =
(X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
PublicKey publicKey =
(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
// Now see if the same credential exists in the tokenResult list
for (WSSecurityEngineResult token : tokenResult) {
Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
BinarySecurity binarySecurity =
(BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (binarySecurity instanceof X509Security
|| binarySecurity instanceof PKIPathSecurity) {
X509Certificate foundCert =
(X509Certificate)token.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (foundCert.equals(cert)) {
return true;
}
} else if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)token.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (samlKeyInfo != null) {
X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
byte[] subjectSecretKey = samlKeyInfo.getSecret();
PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
|| (subjectSecretKey != null && Arrays.equals(subjectSecretKey, secret))
|| (subjectPublicKey != null && subjectPublicKey.equals(publicKey))) {
return true;
}
}
} else if (publicKey != null) {
PublicKey foundPublicKey =
(PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (publicKey.equals(foundPublicKey)) {
return true;
}
} else {
byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
byte[] derivedKey =
(byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY);
if ((foundSecret != null && Arrays.equals(foundSecret, secret))
|| (derivedKey != null && Arrays.equals(derivedKey, secret))) {
return true;
}
}
}
return false;
}
Example 6
| Source File: AbstractSupportingTokenPolicyValidator.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Check that a WSSecurityEngineResult corresponding to a signature or encryption uses the same
* signing/encrypting credential as one of the tokens.
* @param signatureResult a WSSecurityEngineResult corresponding to a signature or encryption
* @param tokenResult A list of WSSecurityEngineResults corresponding to tokens
* @return
*/
private boolean checkSignatureOrEncryptionResult(
WSSecurityEngineResult result,
List<WSSecurityEngineResult> tokenResult
) {
// See what was used to sign/encrypt this result
X509Certificate cert =
(X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
PublicKey publicKey =
(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
// Now see if the same credential exists in the tokenResult list
for (WSSecurityEngineResult token : tokenResult) {
Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
BinarySecurity binarySecurity =
(BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (binarySecurity instanceof X509Security
|| binarySecurity instanceof PKIPathSecurity) {
X509Certificate foundCert =
(X509Certificate)token.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (foundCert.equals(cert)) {
return true;
}
} else if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)token.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (samlKeyInfo != null) {
X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
byte[] subjectSecretKey = samlKeyInfo.getSecret();
PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
|| (subjectSecretKey != null && Arrays.equals(subjectSecretKey, secret))
|| (subjectPublicKey != null && subjectPublicKey.equals(publicKey))) {
return true;
}
}
} else if (publicKey != null) {
PublicKey foundPublicKey =
(PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (publicKey.equals(foundPublicKey)) {
return true;
}
} else {
byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
byte[] derivedKey =
(byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY);
if ((foundSecret != null && Arrays.equals(foundSecret, secret))
|| (derivedKey != null && Arrays.equals(derivedKey, secret))) {
return true;
}
}
}
return false;
}
Example 7
| Source File: AbstractSupportingTokenPolicyValidator.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Check that a WSSecurityEngineResult corresponding to a signature or encryption uses the same
* signing/encrypting credential as one of the tokens.
* @param signatureResult a WSSecurityEngineResult corresponding to a signature or encryption
* @param tokenResult A list of WSSecurityEngineResults corresponding to tokens
* @return
*/
private boolean checkSignatureOrEncryptionResult(
WSSecurityEngineResult result,
List<WSSecurityEngineResult> tokenResult
) {
// See what was used to sign/encrypt this result
X509Certificate cert =
(X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
PublicKey publicKey =
(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
// Now see if the same credential exists in the tokenResult list
for (WSSecurityEngineResult token : tokenResult) {
Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
BinarySecurity binarySecurity =
(BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (binarySecurity instanceof X509Security
|| binarySecurity instanceof PKIPathSecurity) {
X509Certificate foundCert =
(X509Certificate)token.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (foundCert.equals(cert)) {
return true;
}
} else if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)token.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (samlKeyInfo != null) {
X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
byte[] subjectSecretKey = samlKeyInfo.getSecret();
PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
|| (subjectSecretKey != null && Arrays.equals(subjectSecretKey, secret))
|| (subjectPublicKey != null && subjectPublicKey.equals(publicKey))) {
return true;
}
}
} else if (publicKey != null) {
PublicKey foundPublicKey =
(PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (publicKey.equals(foundPublicKey)) {
return true;
}
} else {
byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
byte[] derivedKey =
(byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY);
if ((foundSecret != null && Arrays.equals(foundSecret, secret))
|| (derivedKey != null && Arrays.equals(derivedKey, secret))) {
return true;
}
}
}
return false;
}
Example 8
| Source File: AbstractSupportingTokenPolicyValidator.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Check that a WSSecurityEngineResult corresponding to a signature or encryption uses the same
* signing/encrypting credential as one of the tokens.
* @param signatureResult a WSSecurityEngineResult corresponding to a signature or encryption
* @param tokenResult A list of WSSecurityEngineResults corresponding to tokens
* @return
*/
private boolean checkSignatureOrEncryptionResult(
WSSecurityEngineResult result,
List<WSSecurityEngineResult> tokenResult
) {
// See what was used to sign/encrypt this result
X509Certificate cert =
(X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
PublicKey publicKey =
(PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
// Now see if the same credential exists in the tokenResult list
for (WSSecurityEngineResult token : tokenResult) {
Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
BinarySecurity binarySecurity =
(BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (binarySecurity instanceof X509Security
|| binarySecurity instanceof PKIPathSecurity) {
X509Certificate foundCert =
(X509Certificate)token.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (foundCert.equals(cert)) {
return true;
}
} else if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)token.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (samlKeyInfo != null) {
X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
byte[] subjectSecretKey = samlKeyInfo.getSecret();
PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
|| (subjectSecretKey != null && Arrays.equals(subjectSecretKey, secret))
|| (subjectPublicKey != null && subjectPublicKey.equals(publicKey))) {
return true;
}
}
} else if (publicKey != null) {
PublicKey foundPublicKey =
(PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (publicKey.equals(foundPublicKey)) {
return true;
}
} else {
byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
byte[] derivedKey =
(byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY);
if ((foundSecret != null && Arrays.equals(foundSecret, secret))
|| (derivedKey != null && Arrays.equals(derivedKey, secret))) {
return true;
}
}
}
return false;
}
