Examples with SecurityTokenReferenceType org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType used on opensource projects

Search in sources :

Example 1 with SecurityTokenReferenceType

use of org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType in project cxf by apache.

the class AbstractOperation method createRequestedReference.

/**
 * Create a RequestedReferenceType object using a TokenReference object
 */
protected static RequestedReferenceType createRequestedReference(TokenReference tokenReference, boolean attached) {
    RequestedReferenceType requestedReferenceType = QNameConstants.WS_TRUST_FACTORY.createRequestedReferenceType();
    SecurityTokenReferenceType securityTokenReferenceType = QNameConstants.WSSE_FACTORY.createSecurityTokenReferenceType();
    // TokenType
    String tokenType = tokenReference.getWsse11TokenType();
    if (tokenType != null) {
        securityTokenReferenceType.getOtherAttributes().put(TOKEN_TYPE, tokenType);
    }
    if (tokenReference.isUseKeyIdentifier()) {
        String identifier = XMLUtils.getIDFromReference(tokenReference.getIdentifier());
        KeyIdentifierType keyIdentifierType = QNameConstants.WSSE_FACTORY.createKeyIdentifierType();
        keyIdentifierType.setValue(identifier);
        String valueType = tokenReference.getWsseValueType();
        if (valueType != null) {
            keyIdentifierType.setValueType(valueType);
        }
        JAXBElement<KeyIdentifierType> keyIdentifier = QNameConstants.WSSE_FACTORY.createKeyIdentifier(keyIdentifierType);
        securityTokenReferenceType.getAny().add(keyIdentifier);
    } else if (tokenReference.isUseDirectReference()) {
        String identifier = tokenReference.getIdentifier();
        if (attached && identifier.charAt(0) != '#') {
            identifier = "#" + identifier;
        } else if (!attached && identifier.charAt(0) == '#') {
            identifier = identifier.substring(1);
        }
        ReferenceType referenceType = QNameConstants.WSSE_FACTORY.createReferenceType();
        referenceType.setURI(identifier);
        String valueType = tokenReference.getWsseValueType();
        if (valueType != null) {
            referenceType.setValueType(valueType);
        }
        JAXBElement<ReferenceType> reference = QNameConstants.WSSE_FACTORY.createReference(referenceType);
        securityTokenReferenceType.getAny().add(reference);
    }
    requestedReferenceType.setSecurityTokenReference(securityTokenReferenceType);
    return requestedReferenceType;
}
Also used : RequestedReferenceType(org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType) KeyIdentifierType(org.apache.cxf.ws.security.sts.provider.model.secext.KeyIdentifierType) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType) JAXBElement(javax.xml.bind.JAXBElement) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType) RequestedReferenceType(org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType) ReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType)

Example 2 with SecurityTokenReferenceType

use of org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType in project cxf by apache.

the class RequestParser method isTokenReferenced.

/**
 * Method to check if the passed token is a SecurityTokenReference
 */
private static boolean isTokenReferenced(Object targetToken) {
    if (targetToken instanceof Element) {
        Element tokenElement = (Element) targetToken;
        String namespace = tokenElement.getNamespaceURI();
        String localname = tokenElement.getLocalName();
        if (STSConstants.WSSE_EXT_04_01.equals(namespace) && "SecurityTokenReference".equals(localname)) {
            return true;
        }
    } else if (targetToken instanceof SecurityTokenReferenceType) {
        return true;
    }
    return false;
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)

Example 3 with SecurityTokenReferenceType

use of org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType in project cxf by apache.

the class RequestParser method parseUseKey.

/**
 * Parse the UseKey structure to get a ReceivedKey containing a cert/public-key/secret-key.
 * @param useKey The UseKey object
 * @param messageContext The message context object
 * @return the ReceivedKey that has been parsed
 * @throws STSException
 */
private static ReceivedKey parseUseKey(UseKeyType useKey, Map<String, Object> messageContext) throws STSException {
    byte[] x509 = null;
    if (useKey.getAny() instanceof JAXBElement<?>) {
        JAXBElement<?> useKeyJaxb = (JAXBElement<?>) useKey.getAny();
        Object obj = useKeyJaxb.getValue();
        if (KeyInfoType.class == useKeyJaxb.getDeclaredType() || obj instanceof KeyInfoType) {
            KeyInfoType keyInfoType = KeyInfoType.class.cast(useKeyJaxb.getValue());
            LOG.fine("Found KeyInfo UseKey type");
            for (Object keyInfoContent : keyInfoType.getContent()) {
                X509DataType x509DataType = extractType(keyInfoContent, X509DataType.class);
                if (null != x509DataType) {
                    LOG.fine("Found X509Data KeyInfo type");
                    for (Object x509Object : x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
                        x509 = extractType(x509Object, byte[].class);
                        if (null != x509) {
                            LOG.fine("Found X509Certificate UseKey type");
                            break;
                        }
                    }
                }
            }
        } else if (SecurityTokenReferenceType.class == useKeyJaxb.getDeclaredType() || obj instanceof SecurityTokenReferenceType) {
            SecurityTokenReferenceType strType = SecurityTokenReferenceType.class.cast(useKeyJaxb.getValue());
            Element token = fetchTokenElementFromReference(strType, messageContext);
            try {
                x509 = Base64Utility.decode(token.getTextContent().trim());
                LOG.fine("Found X509Certificate UseKey type via reference");
            } catch (Exception e) {
                LOG.log(Level.WARNING, "", e);
                throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
            }
        }
    } else if (useKey.getAny() instanceof Element) {
        if (isTokenReferenced(useKey.getAny())) {
            Element token = fetchTokenElementFromReference(useKey.getAny(), messageContext);
            try {
                x509 = Base64Utility.decode(token.getTextContent().trim());
                LOG.fine("Found X509Certificate UseKey type via reference");
            } catch (Exception e) {
                LOG.log(Level.WARNING, "", e);
                throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
            }
        } else {
            Element element = (Element) useKey.getAny();
            if ("KeyInfo".equals(element.getLocalName())) {
                return parseKeyInfoElement((Element) useKey.getAny());
            }
            NodeList x509CertData = element.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE);
            if (x509CertData != null && x509CertData.getLength() > 0) {
                try {
                    x509 = Base64Utility.decode(x509CertData.item(0).getTextContent().trim());
                    LOG.fine("Found X509Certificate UseKey type");
                } catch (Exception e) {
                    LOG.log(Level.WARNING, "", e);
                    throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
                }
            }
        }
    } else {
        LOG.log(Level.WARNING, "An unknown element was received");
        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
    }
    if (x509 != null) {
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(x509));
            LOG.fine("Successfully parsed X509 Certificate from UseKey");
            ReceivedKey receivedKey = new ReceivedKey();
            receivedKey.setX509Cert(cert);
            return receivedKey;
        } catch (CertificateException ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in parsing certificate: ", ex, STSException.INVALID_REQUEST);
        }
    }
    return null;
}
Also used : X509DataType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) STSException(org.apache.cxf.ws.security.sts.provider.STSException) CertificateException(java.security.cert.CertificateException) JAXBElement(javax.xml.bind.JAXBElement) CertificateFactory(java.security.cert.CertificateFactory) KeyException(java.security.KeyException) URISyntaxException(java.net.URISyntaxException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) MarshalException(javax.xml.crypto.MarshalException) CertificateException(java.security.cert.CertificateException) STSException(org.apache.cxf.ws.security.sts.provider.STSException) NoSuchProviderException(java.security.NoSuchProviderException) X509Certificate(java.security.cert.X509Certificate) KeyInfoType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType) ByteArrayInputStream(java.io.ByteArrayInputStream) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)

Example 4 with SecurityTokenReferenceType

use of org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType in project cxf by apache.

the class RequestParser method fetchTokenElementFromReference.

/**
 * Method to fetch token from the SecurityTokenReference
 */
private static Element fetchTokenElementFromReference(Object targetToken, Map<String, Object> messageContext) {
    // Get the reference URI
    String referenceURI = null;
    if (targetToken instanceof Element) {
        Element tokenElement = (Element) targetToken;
        NodeList refList = tokenElement.getElementsByTagNameNS(STSConstants.WSSE_EXT_04_01, "Reference");
        if (refList.getLength() == 0) {
            throw new STSException("Cannot find Reference element in the SecurityTokenReference.", STSException.REQUEST_FAILED);
        }
        referenceURI = refList.item(0).getNodeValue();
    } else if (targetToken instanceof SecurityTokenReferenceType) {
        Iterator<?> iterator = ((SecurityTokenReferenceType) targetToken).getAny().iterator();
        while (iterator.hasNext()) {
            JAXBElement<?> jaxbElement = (JAXBElement<?>) iterator.next();
            if (jaxbElement.getValue() instanceof ReferenceType) {
                referenceURI = ((ReferenceType) jaxbElement.getValue()).getURI();
            }
        }
    }
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Reference URI found " + referenceURI);
    }
    if (referenceURI == null) {
        LOG.log(Level.WARNING, "No Reference URI was received");
        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
    }
    // Find processed token corresponding to the URI
    referenceURI = XMLUtils.getIDFromReference(referenceURI);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
    if (handlerResults != null && !handlerResults.isEmpty()) {
        WSHandlerResult handlerResult = handlerResults.get(0);
        List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
        for (WSSecurityEngineResult engineResult : engineResults) {
            Integer actInt = (Integer) engineResult.get(WSSecurityEngineResult.TAG_ACTION);
            String id = (String) engineResult.get(WSSecurityEngineResult.TAG_ID);
            if (referenceURI.equals(id)) {
                Element tokenElement = (Element) engineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
                if (tokenElement == null) {
                    throw new STSException("Cannot retrieve token from reference", STSException.INVALID_REQUEST);
                }
                return tokenElement;
            } else if (actInt == WSConstants.SCT) {
                // Need to check special case of SecurityContextToken Identifier separately
                SecurityContextToken sct = (SecurityContextToken) engineResult.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                if (referenceURI.equals(sct.getIdentifier())) {
                    return sct.getElement();
                }
            }
        }
    }
    throw new STSException("Cannot retreive token from reference", STSException.REQUEST_FAILED);
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JAXBElement(javax.xml.bind.JAXBElement) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType) ReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType) SecurityContextToken(org.apache.wss4j.dom.message.token.SecurityContextToken) Iterator(java.util.Iterator) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)

Aggregations

JAXBElement (javax.xml.bind.JAXBElement)4 SecurityTokenReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)4 Element (org.w3c.dom.Element)3 STSException (org.apache.cxf.ws.security.sts.provider.STSException)2 ReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType)2 NodeList (org.w3c.dom.NodeList)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 URISyntaxException (java.net.URISyntaxException)1 KeyException (java.security.KeyException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CertificateException (java.security.cert.CertificateException)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 Iterator (java.util.Iterator)1 MarshalException (javax.xml.crypto.MarshalException)1 RequestedReferenceType (org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType)1 KeyIdentifierType (org.apache.cxf.ws.security.sts.provider.model.secext.KeyIdentifierType)1 KeyInfoType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType)1 X509DataType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial