Search in sources :

Example 6 with TokenStoreException

use of org.apache.cxf.ws.security.tokenstore.TokenStoreException in project cxf by apache.

the class StaxSymmetricBindingHandler method handleBinding.

public void handleBinding() {
    AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
    configureTimestamp(aim);
    assertPolicy(sbinding.getName());
    String asymSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
    if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
        sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
    }
    String symSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
    if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
        sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
    }
    // Set up CallbackHandler which wraps the configured Handler
    WSSSecurityProperties properties = getProperties();
    try {
        TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message));
        properties.setCallbackHandler(callbackHandler);
    } catch (TokenStoreException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
    if (sbinding.getProtectionOrder() == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
        doEncryptBeforeSign();
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
    } else {
        doSignBeforeEncrypt();
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
    }
    if (!isRequestor()) {
        properties.setEncryptSymmetricEncryptionKey(false);
    }
    configureLayout(aim);
    assertAlgorithmSuite(sbinding.getAlgorithmSuite());
    assertWSSProperties(sbinding.getName().getNamespaceURI());
    assertTrustProperties(sbinding.getName().getNamespaceURI());
    assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
    if (sbinding.isProtectTokens()) {
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) QName(javax.xml.namespace.QName) TokenStoreCallbackHandler(org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) Fault(org.apache.cxf.interceptor.Fault) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 7 with TokenStoreException

use of org.apache.cxf.ws.security.tokenstore.TokenStoreException in project cxf by apache.

the class AsymmetricBindingHandler method doEncryption.

private WSSecBase doEncryption(AbstractTokenWrapper recToken, List<WSEncryptionPart> encrParts, boolean externalRef, SecretKey symmetricKey) {
    AbstractToken encrToken = recToken.getToken();
    assertPolicy(recToken);
    assertPolicy(encrToken);
    try {
        WSSecEncrypt encr = new WSSecEncrypt(secHeader);
        encr.setEncryptionSerializer(new StaxSerializer());
        encr.setIdAllocator(wssConfig.getIdAllocator());
        encr.setCallbackLookup(callbackLookup);
        encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        encr.setStoreBytesInAttachment(storeBytesInAttachment);
        encr.setExpandXopInclude(isExpandXopInclude());
        encr.setWsDocInfo(wsDocInfo);
        Crypto crypto = getEncryptionCrypto();
        final SecurityToken securityToken;
        try {
            securityToken = getSecurityToken();
            if (!isRequestor() && securityToken != null && recToken.getToken() instanceof SamlToken) {
                String tokenType = securityToken.getTokenType();
                if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                    encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                    encr.setCustomEKTokenId(securityToken.getId());
                } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                    encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                    encr.setCustomEKTokenId(securityToken.getId());
                } else {
                    setKeyIdentifierType(encr, encrToken);
                }
            } else {
                setKeyIdentifierType(encr, encrToken);
            }
        } catch (TokenStoreException ex) {
            LOG.log(Level.FINE, ex.getMessage(), ex);
            throw new Fault(ex);
        }
        // 
        if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) {
            encr.setUseThisCert(securityToken.getX509Certificate());
        } else if (!isRequestor() && securityToken != null && securityToken.getKey() instanceof PublicKey) {
            encr.setUseThisPublicKey((PublicKey) securityToken.getKey());
            encr.setKeyIdentifierType(WSConstants.KEY_VALUE);
        } else {
            setEncryptionUser(encr, encrToken, false, crypto);
        }
        if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
            unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
        }
        AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
        AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
        encr.setSymmetricEncAlgorithm(algType.getEncryption());
        encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
        encr.setMGFAlgorithm(algType.getMGFAlgo());
        encr.setDigestAlgorithm(algType.getEncryptionDigest());
        encr.prepare(crypto, symmetricKey);
        Element encryptedKeyElement = encr.getEncryptedKeyElement();
        List<Element> attachments = encr.getAttachmentEncryptedDataElements();
        // Encrypt, get hold of the ref list and add it
        if (externalRef) {
            Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
            if (refList != null) {
                insertBeforeBottomUp(refList);
            }
            if (attachments != null) {
                for (Element attachment : attachments) {
                    this.insertBeforeBottomUp(attachment);
                }
            }
            if (refList != null || (attachments != null && !attachments.isEmpty())) {
                this.addEncryptedKeyElement(encryptedKeyElement);
            }
        } else {
            Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
            if (refList != null || (attachments != null && !attachments.isEmpty())) {
                this.addEncryptedKeyElement(encryptedKeyElement);
            }
            // Add internal refs
            if (refList != null) {
                encryptedKeyElement.appendChild(refList);
            }
            if (attachments != null) {
                for (Element attachment : attachments) {
                    this.addEncryptedKeyElement(attachment);
                }
            }
        }
        // Put BST before EncryptedKey element
        if (encr.getBSTTokenId() != null) {
            encr.prependBSTElementToHeader();
        }
        return encr;
    } catch (InvalidCanonicalizerException | WSSecurityException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        unassertPolicy(recToken, e);
    }
    return null;
}
Also used : WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) SamlToken(org.apache.wss4j.policy.model.SamlToken) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) PublicKey(java.security.PublicKey) Element(org.w3c.dom.Element) Fault(org.apache.cxf.interceptor.Fault) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) Crypto(org.apache.wss4j.common.crypto.Crypto) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException)

Example 8 with TokenStoreException

use of org.apache.cxf.ws.security.tokenstore.TokenStoreException in project cxf by apache.

the class AsymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() throws TokenStoreException {
    AbstractTokenWrapper wrapper = getEncryptBeforeSignWrapper();
    AbstractToken encryptionToken = null;
    if (wrapper != null) {
        encryptionToken = wrapper.getToken();
        assertToken(encryptionToken);
    }
    AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
    if (initiatorWrapper == null) {
        initiatorWrapper = abinding.getInitiatorToken();
    }
    assertTokenWrapper(initiatorWrapper);
    boolean attached = false;
    if (initiatorWrapper != null) {
        AbstractToken initiatorToken = initiatorWrapper.getToken();
        if (initiatorToken instanceof IssuedToken) {
            SecurityToken secToken = getSecurityToken();
            if (secToken == null) {
                unassertPolicy(initiatorToken, "Security token is not found or expired");
                return;
            } else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                Element el = secToken.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            }
        } else if (initiatorToken instanceof SamlToken && isRequestor()) {
            try {
                SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) initiatorToken);
                if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType())) {
                    Element envelope = saaj.getSOAPPart().getEnvelope();
                    envelope = (Element) DOMUtils.getDomElement(envelope);
                    addSupportingElement(assertionWrapper.toDOM(envelope.getOwnerDocument()));
                    storeAssertionAsSecurityToken(assertionWrapper);
                }
            } catch (Exception e) {
                String reason = e.getMessage();
                LOG.log(Level.WARNING, "Encrypt before sign failed due to : " + reason);
                LOG.log(Level.FINE, e.getMessage(), e);
                throw new Fault(e);
            }
        } else if (initiatorToken instanceof SamlToken) {
            String tokenId = getSAMLToken();
            if (tokenId == null) {
                unassertPolicy(initiatorToken, "Security token is not found or expired");
                return;
            }
        }
    }
    List<WSEncryptionPart> sigParts = new ArrayList<>();
    if (timestampEl != null) {
        WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
        sigParts.add(timestampPart);
    }
    try {
        addSupportingTokens(sigParts);
    } catch (WSSecurityException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        unassertPolicy(encryptionToken, ex);
    }
    final List<WSEncryptionPart> encrParts;
    try {
        encrParts = getEncryptedParts();
        // Signed parts are determined before encryption because encrypted signed headers
        // will not be included otherwise
        sigParts.addAll(this.getSignedParts(null));
    } catch (SOAPException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
    WSSecBase encrBase = null;
    SecretKey symmetricKey = null;
    if (encryptionToken != null && !encrParts.isEmpty()) {
        if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
            encrBase = doEncryptionDerived(wrapper, encrParts);
        } else {
            String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
            try {
                KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
                symmetricKey = keyGen.generateKey();
                encrBase = doEncryption(wrapper, encrParts, true, symmetricKey);
            } catch (WSSecurityException ex) {
                LOG.log(Level.FINE, ex.getMessage(), ex);
                throw new Fault(ex);
            }
        }
    }
    if (!isRequestor()) {
        addSignatureConfirmation(sigParts);
    }
    try {
        if (!sigParts.isEmpty()) {
            if (initiatorWrapper != null && isRequestor()) {
                doSignature(initiatorWrapper, sigParts, attached);
            } else if (!isRequestor()) {
                AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
                if (recipientSignatureToken == null) {
                    recipientSignatureToken = abinding.getRecipientToken();
                }
                if (recipientSignatureToken != null) {
                    assertTokenWrapper(recipientSignatureToken);
                    assertToken(recipientSignatureToken.getToken());
                    doSignature(recipientSignatureToken, sigParts, attached);
                }
            }
        }
    } catch (WSSecurityException | SOAPException | TokenStoreException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
    if (isRequestor()) {
        doEndorse();
    }
    if (encrBase != null) {
        encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
        encrBase.clean();
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SamlToken(org.apache.wss4j.policy.model.SamlToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Fault(org.apache.cxf.interceptor.Fault) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) SecretKey(javax.crypto.SecretKey) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SOAPException(javax.xml.soap.SOAPException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper) KeyGenerator(javax.crypto.KeyGenerator)

Example 9 with TokenStoreException

use of org.apache.cxf.ws.security.tokenstore.TokenStoreException in project cxf by apache.

the class AsymmetricBindingHandler method doSignature.

private void doSignature(AbstractTokenWrapper wrapper, List<WSEncryptionPart> sigParts, boolean attached) throws WSSecurityException, SOAPException, TokenStoreException {
    if (!isRequestor()) {
        assertUnusedTokens(abinding.getInitiatorToken());
        assertUnusedTokens(abinding.getInitiatorEncryptionToken());
        assertUnusedTokens(abinding.getInitiatorSignatureToken());
    } else {
        assertUnusedTokens(abinding.getRecipientToken());
        assertUnusedTokens(abinding.getRecipientEncryptionToken());
        assertUnusedTokens(abinding.getRecipientSignatureToken());
    }
    AbstractToken sigToken = wrapper.getToken();
    if (sigParts.isEmpty()) {
        // Add the BST to the security header if required
        if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
            WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
            sig.appendBSTElementToHeader();
            sig.clean();
        }
        return;
    }
    if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        // Set up the encrypted key to use
        setupEncryptedKey(sigToken);
        WSSecDKSign dkSign = new WSSecDKSign(secHeader);
        dkSign.setIdAllocator(wssConfig.getIdAllocator());
        dkSign.setCallbackLookup(callbackLookup);
        dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
        dkSign.setExpandXopInclude(isExpandXopInclude());
        dkSign.setWsDocInfo(wsDocInfo);
        if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
            dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
        }
        dkSign.setTokenIdentifier(this.encryptedKeyId);
        // Set the algo info
        dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
        dkSign.setSigCanonicalization(abinding.getAlgorithmSuite().getC14n().getValue());
        AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType();
        dkSign.setDigestAlgorithm(algType.getDigest());
        dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
        dkSign.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE);
        boolean includePrefixes = MessageUtils.getContextualBoolean(message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true);
        dkSign.setAddInclusivePrefixes(includePrefixes);
        try {
            dkSign.prepare(this.encryptedKeyValue);
            if (abinding.isProtectTokens()) {
                assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
                if (bstElement != null) {
                    WSEncryptionPart bstPart = new WSEncryptionPart(bstElement.getAttributeNS(WSS4JConstants.WSU_NS, "Id"));
                    bstPart.setElement(bstElement);
                    sigParts.add(bstPart);
                } else {
                    WSEncryptionPart ekPart = new WSEncryptionPart(encrKey.getId());
                    ekPart.setElement(encrKey.getEncryptedKeyElement());
                    sigParts.add(ekPart);
                }
            }
            dkSign.getParts().addAll(sigParts);
            List<Reference> referenceList = dkSign.addReferencesToSign(sigParts);
            if (!referenceList.isEmpty()) {
                // Add elements to header
                addDerivedKeyElement(dkSign.getdktElement());
                // Do signature
                if (bottomUpElement == null) {
                    dkSign.computeSignature(referenceList, false, null);
                } else {
                    dkSign.computeSignature(referenceList, true, bottomUpElement);
                }
                bottomUpElement = dkSign.getSignatureElement();
                addSig(dkSign.getSignatureValue());
                mainSigId = dkSign.getSignatureId();
            }
            dkSign.clean();
        } catch (Exception ex) {
            LOG.log(Level.FINE, ex.getMessage(), ex);
            throw new Fault(ex);
        }
    } else {
        WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
        if (abinding.isProtectTokens()) {
            assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
            if (sig.getCustomTokenId() != null && (sigToken instanceof SamlToken || sigToken instanceof IssuedToken)) {
                WSEncryptionPart samlPart = new WSEncryptionPart(sig.getCustomTokenId());
                sigParts.add(samlPart);
            } else if (sig.getBSTTokenId() != null) {
                // This action must occur before sig.prependBSTElementToHeader
                WSEncryptionPart bstPart = new WSEncryptionPart(sig.getBSTTokenId());
                bstPart.setElement(sig.getBinarySecurityTokenElement());
                sigParts.add(bstPart);
                sig.prependBSTElementToHeader();
            }
        }
        List<Reference> referenceList = sig.addReferencesToSign(sigParts);
        if (!referenceList.isEmpty()) {
            // Do signature
            if (bottomUpElement == null) {
                sig.computeSignature(referenceList, false, null);
            } else {
                sig.computeSignature(referenceList, true, bottomUpElement);
            }
            bottomUpElement = sig.getSignatureElement();
            if (!abinding.isProtectTokens()) {
                Element bstElement = sig.getBinarySecurityTokenElement();
                if (bstElement != null) {
                    secHeader.getSecurityHeaderElement().insertBefore(bstElement, bottomUpElement);
                }
            }
            addSig(sig.getSignatureValue());
            mainSigId = sig.getId();
        }
        sig.clean();
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SamlToken(org.apache.wss4j.policy.model.SamlToken) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) QName(javax.xml.namespace.QName) Reference(javax.xml.crypto.dsig.Reference) WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) Fault(org.apache.cxf.interceptor.Fault) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) WSSecDKSign(org.apache.wss4j.dom.message.WSSecDKSign) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Example 10 with TokenStoreException

use of org.apache.cxf.ws.security.tokenstore.TokenStoreException in project cxf by apache.

the class StaxTransportBindingHandler method handleBinding.

public void handleBinding() {
    AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
    configureTimestamp(aim);
    if (this.isRequestor()) {
        if (tbinding != null) {
            assertPolicy(tbinding.getName());
            String asymSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
            if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
                tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
            }
            String symSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
            if (symSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
                tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
            }
            TransportToken token = tbinding.getTransportToken();
            if (token.getToken() instanceof IssuedToken) {
                try {
                    SecurityToken secToken = getSecurityToken();
                    if (secToken == null) {
                        unassertPolicy(token.getToken(), "No transport token id");
                        return;
                    }
                    addIssuedToken(token.getToken(), secToken, false, false);
                } catch (TokenStoreException e) {
                    LOG.log(Level.FINE, e.getMessage(), e);
                    throw new Fault(e);
                }
            }
            assertToken(token.getToken());
            assertTokenWrapper(token);
        }
        try {
            handleNonEndorsingSupportingTokens(aim);
            handleEndorsingSupportingTokens(aim);
        } catch (Exception e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            throw new Fault(e);
        }
    } else {
        try {
            handleNonEndorsingSupportingTokens(aim);
        } catch (Exception e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            throw new Fault(e);
        }
        if (tbinding != null) {
            assertPolicy(tbinding.getName());
            if (tbinding.getTransportToken() != null) {
                assertTokenWrapper(tbinding.getTransportToken());
                assertToken(tbinding.getTransportToken().getToken());
                try {
                    handleEndorsingSupportingTokens(aim);
                } catch (Exception e) {
                    LOG.log(Level.FINE, e.getMessage(), e);
                    throw new Fault(e);
                }
            }
        }
        addSignatureConfirmation(null);
    }
    configureLayout(aim);
    if (tbinding != null) {
        assertAlgorithmSuite(tbinding.getAlgorithmSuite());
        assertWSSProperties(tbinding.getName().getNamespaceURI());
        assertTrustProperties(tbinding.getName().getNamespaceURI());
    }
    assertPolicy(SP12Constants.SIGNED_PARTS);
    assertPolicy(SP11Constants.SIGNED_PARTS);
    assertPolicy(SP12Constants.ENCRYPTED_PARTS);
    assertPolicy(SP11Constants.ENCRYPTED_PARTS);
    putCustomTokenAfterSignature();
}
Also used : TransportToken(org.apache.wss4j.policy.model.TransportToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) Fault(org.apache.cxf.interceptor.Fault) SOAPException(javax.xml.soap.SOAPException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)15 Fault (org.apache.cxf.interceptor.Fault)10 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 SOAPException (javax.xml.soap.SOAPException)5 QName (javax.xml.namespace.QName)4 InvalidCanonicalizerException (org.apache.xml.security.c14n.InvalidCanonicalizerException)4 Element (org.w3c.dom.Element)4 XMLStreamException (javax.xml.stream.XMLStreamException)3 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)3 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)3 AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)3 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)3 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)3 SamlToken (org.apache.wss4j.policy.model.SamlToken)3 LinkedList (java.util.LinkedList)2 CallbackHandler (javax.security.auth.callback.CallbackHandler)2 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)2 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)2 Crypto (org.apache.wss4j.common.crypto.Crypto)2