Search in sources :

Example 11 with WSEncryptionPart

use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.

the class SymmetricBindingHandler method doSignBeforeEncrypt.

private void doSignBeforeEncrypt() {
    AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
    assertTokenWrapper(sigAbstractTokenWrapper);
    AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
    String sigTokId = null;
    Element sigTokElem = null;
    try {
        SecurityToken sigTok = null;
        if (sigToken != null) {
            if (sigToken instanceof SecureConversationToken || sigToken instanceof SecurityContextToken || sigToken instanceof IssuedToken || sigToken instanceof KerberosToken || sigToken instanceof SpnegoContextToken) {
                sigTok = getSecurityToken();
            } else if (sigToken instanceof X509Token) {
                if (isRequestor()) {
                    sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                } else {
                    sigTok = getEncryptedKey();
                }
            } else if (sigToken instanceof UsernameToken) {
                if (isRequestor()) {
                    sigTokId = setupUTDerivedKey((UsernameToken) sigToken);
                } else {
                    sigTok = getUTDerivedKey();
                }
            }
        } else {
            unassertPolicy(sbinding, "No signature token");
            return;
        }
        if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
            unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
            return;
        }
        assertPolicy(sigAbstractTokenWrapper);
        if (sigTok == null) {
            sigTok = tokenStore.getToken(sigTokId);
        }
        // if (sigTok == null) {
        // REVISIT - no token?
        // }
        boolean tokIncluded = true;
        if (isTokenRequired(sigToken.getIncludeTokenType())) {
            Element el = sigTok.getToken();
            sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else if (isRequestor() && sigToken instanceof X509Token) {
            Element el = sigTok.getToken();
            sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else {
            tokIncluded = false;
        }
        // Add timestamp
        List<WSEncryptionPart> sigs = new ArrayList<>();
        if (timestampEl != null) {
            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
            sigs.add(timestampPart);
        }
        addSupportingTokens(sigs);
        sigs.addAll(getSignedParts(null));
        if (isRequestor()) {
            if (!sigs.isEmpty()) {
                addSig(doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded));
            }
            doEndorse();
        } else {
            // confirm sig
            addSignatureConfirmation(sigs);
            if (!sigs.isEmpty()) {
                doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded);
            }
        }
        // Encryption
        AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
        AbstractToken encrToken = encrAbstractTokenWrapper.getToken();
        SecurityToken encrTok = null;
        if (sigToken.equals(encrToken)) {
            // Use the same token
            encrTok = sigTok;
        } else {
            unassertPolicy(sbinding, "Encryption token does not equal signature token");
            return;
        }
        List<WSEncryptionPart> enc = getEncryptedParts();
        // Check for signature protection
        if (sbinding.isEncryptSignature()) {
            if (mainSigId != null) {
                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                sigPart.setElement(bottomUpElement);
                enc.add(sigPart);
            }
            if (sigConfList != null && !sigConfList.isEmpty()) {
                enc.addAll(sigConfList);
            }
            assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }
        if (isRequestor()) {
            enc.addAll(encryptedTokensList);
        }
        doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Example 12 with WSEncryptionPart

use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.

the class SymmetricBindingHandler method doSignatureDK.

private byte[] doSignatureDK(List<WSEncryptionPart> sigs, AbstractTokenWrapper policyAbstractTokenWrapper, AbstractToken policyToken, SecurityToken tok, boolean included) throws WSSecurityException {
    Document doc = saaj.getSOAPPart();
    WSSecDKSign dkSign = new WSSecDKSign(secHeader);
    dkSign.setIdAllocator(wssConfig.getIdAllocator());
    dkSign.setCallbackLookup(callbackLookup);
    dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
    dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
    dkSign.setExpandXopInclude(isExpandXopInclude());
    dkSign.setWsDocInfo(wsDocInfo);
    if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
        dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
    }
    // Check for whether the token is attached in the message or not
    boolean attached = false;
    if (isTokenRequired(policyToken.getIncludeTokenType())) {
        attached = true;
    }
    // Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (attached) {
        ref = tok.getAttachedReference();
    } else {
        ref = tok.getUnattachedReference();
    }
    if (ref != null) {
        dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
    } else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {
        // If the Encrypted key used to create the derived key is not
        // attached use key identifier as defined in WSS1.1 section
        // 7.7 Encrypted Key reference
        SecurityTokenReference tokenRef = new SecurityTokenReference(doc);
        if (tok.getSHA1() != null) {
            String tokenType = tok.getTokenType();
            if (policyToken instanceof KerberosToken) {
                tokenRef.setKeyIdentifier(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE, tok.getSHA1(), true);
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_GSS_KRB_V5_AP_REQ;
                }
            } else {
                tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
                }
            }
            tokenRef.addTokenType(tokenType);
        }
        dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
    } else {
        if ((!attached && !isRequestor()) || policyToken instanceof SecureConversationToken || policyToken instanceof SecurityContextToken) {
            dkSign.setTokenIdDirectId(true);
        }
        dkSign.setExternalKey(tok.getSecret(), tok.getId());
    }
    // Set the algo info
    dkSign.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
    dkSign.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
    AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
    dkSign.setDigestAlgorithm(algType.getDigest());
    dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
    boolean includePrefixes = MessageUtils.getContextualBoolean(message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true);
    dkSign.setAddInclusivePrefixes(includePrefixes);
    if (tok.getSHA1() != null) {
        // Set the value type of the reference
        String tokenType = tok.getTokenType();
        if (tokenType == null) {
            tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
        }
        dkSign.setCustomValueType(tokenType);
    } else {
        String tokenType = tok.getTokenType();
        if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
            dkSign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            dkSign.setCustomValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
        } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            dkSign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            dkSign.setCustomValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
        } else if (policyToken instanceof UsernameToken) {
            dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        } else {
            dkSign.setCustomValueType(tokenType);
        }
    }
    dkSign.prepare();
    if (sbinding.isProtectTokens()) {
        String sigTokId = tok.getId();
        if (included) {
            sigTokId = tok.getWsuId();
            if (sigTokId == null) {
                sigTokId = tok.getId();
            }
            if (sigTokId.startsWith("#")) {
                sigTokId = sigTokId.substring(1);
            }
        }
        sigs.add(new WSEncryptionPart(sigTokId));
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
    }
    dkSign.getParts().addAll(sigs);
    List<Reference> referenceList = dkSign.addReferencesToSign(sigs);
    if (!referenceList.isEmpty()) {
        // Add elements to header
        Element el = dkSign.getdktElement();
        addDerivedKeyElement(el);
        // Do signature
        if (bottomUpElement == null) {
            dkSign.computeSignature(referenceList, false, null);
        } else {
            dkSign.computeSignature(referenceList, true, bottomUpElement);
        }
        bottomUpElement = dkSign.getSignatureElement();
        this.mainSigId = dkSign.getSignatureId();
        return dkSign.getSignatureValue();
    }
    return null;
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) Reference(javax.xml.crypto.dsig.Reference) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) Document(org.w3c.dom.Document) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) WSSecDKSign(org.apache.wss4j.dom.message.WSSecDKSign) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Example 13 with WSEncryptionPart

use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.

the class SymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() {
    try {
        AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
        assertTokenWrapper(encryptionWrapper);
        AbstractToken encryptionToken = encryptionWrapper.getToken();
        if (encryptionToken != null) {
            // The encryption token can be an IssuedToken or a
            // SecureConversationToken
            String tokenId = null;
            SecurityToken tok = null;
            if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken || encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
                tok = getSecurityToken();
            } else if (encryptionToken instanceof X509Token) {
                if (isRequestor()) {
                    tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
                } else {
                    tok = getEncryptedKey();
                }
            } else if (encryptionToken instanceof UsernameToken) {
                if (isRequestor()) {
                    tokenId = setupUTDerivedKey((UsernameToken) encryptionToken);
                } else {
                    tok = getUTDerivedKey();
                }
            }
            if (tok == null) {
                // }
                if (tokenId != null && tokenId.startsWith("#")) {
                    tokenId = tokenId.substring(1);
                }
                /*
                     * Get hold of the token from the token storage
                     */
                tok = tokenStore.getToken(tokenId);
            }
            boolean attached = false;
            if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            } else if (encryptionToken instanceof X509Token && isRequestor()) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            }
            List<WSEncryptionPart> sigParts = new ArrayList<>();
            if (timestampEl != null) {
                WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
                sigParts.add(timestampPart);
            }
            addSupportingTokens(sigParts);
            sigParts.addAll(this.getSignedParts(null));
            List<WSEncryptionPart> encrParts = getEncryptedParts();
            WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
            handleEncryptedSignedHeaders(encrParts, sigParts);
            if (!isRequestor()) {
                addSignatureConfirmation(sigParts);
            }
            // We should use the same key in the case of EncryptBeforeSig
            if (!sigParts.isEmpty()) {
                addSig(this.doSignature(sigParts, encryptionWrapper, encryptionToken, tok, attached));
            }
            if (isRequestor()) {
                this.doEndorse();
            }
            // Check for signature protection and encryption of UsernameToken
            if (sbinding.isEncryptSignature() || !encryptedTokensList.isEmpty() && isRequestor()) {
                List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
                // Now encrypt the signature using the above token
                if (sbinding.isEncryptSignature()) {
                    if (this.mainSigId != null) {
                        WSEncryptionPart sigPart = new WSEncryptionPart(this.mainSigId, "Element");
                        sigPart.setElement(bottomUpElement);
                        secondEncrParts.add(sigPart);
                    }
                    if (sigConfList != null && !sigConfList.isEmpty()) {
                        secondEncrParts.addAll(sigConfList);
                    }
                    assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                }
                if (isRequestor()) {
                    secondEncrParts.addAll(encryptedTokensList);
                }
                Element secondRefList = null;
                if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && !secondEncrParts.isEmpty()) {
                    secondRefList = ((WSSecDKEncrypt) encr).encryptForExternalRef(null, secondEncrParts);
                } else if (!secondEncrParts.isEmpty()) {
                    // Encrypt, get hold of the ref list and add it
                    secondRefList = ((WSSecEncrypt) encr).encryptForRef(null, secondEncrParts);
                }
                if (secondRefList != null) {
                    this.addDerivedKeyElement(secondRefList);
                }
            }
        }
    } catch (RuntimeException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw ex;
    } catch (Exception ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Example 14 with WSEncryptionPart

use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.

the class TransportBindingHandler method doIssuedTokenSignature.

private byte[] doIssuedTokenSignature(final AbstractToken token, final SupportingTokens wrapper) throws Exception {
    boolean tokenIncluded = false;
    // Get the issued token
    SecurityToken secTok = getSecurityToken();
    if (secTok == null) {
        LOG.fine("The retrieved SecurityToken was null");
        Exception ex = new Exception("The retrieved SecurityToken was null");
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    if (isTokenRequired(token.getIncludeTokenType())) {
        // Add the token
        Element el = cloneElement(secTok.getToken());
        // if (securityTok != null) {
        // do we need to sign this as well?
        // String id = addWsuIdToElement(el);
        // sigParts.add(new WSEncryptionPart(id));
        // }
        addEncryptedKeyElement(el);
        tokenIncluded = true;
    }
    List<WSEncryptionPart> sigParts = signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
    if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        return doDerivedKeySignature(tokenIncluded, secTok, token, sigParts);
    }
    return doSignature(tokenIncluded, secTok, token, wrapper, sigParts);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 15 with WSEncryptionPart

use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.

the class TransportBindingHandler method doX509TokenSignature.

private byte[] doX509TokenSignature(AbstractToken token, SupportingTokens wrapper) throws Exception {
    List<WSEncryptionPart> sigParts = signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
    if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(token);
        assertPolicy(wrapper);
        Element bstElem = encrKey.getBinarySecurityTokenElement();
        if (bstElem != null) {
            addTopDownElement(bstElem);
        }
        encrKey.appendToHeader();
        WSSecDKSign dkSig = new WSSecDKSign(secHeader);
        dkSig.setIdAllocator(wssConfig.getIdAllocator());
        dkSig.setCallbackLookup(callbackLookup);
        if (token.getVersion() == SPConstants.SPVersion.SP11) {
            dkSig.setWscVersion(ConversationConstants.VERSION_05_02);
        }
        dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
        dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
        dkSig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        dkSig.setStoreBytesInAttachment(storeBytesInAttachment);
        dkSig.setExpandXopInclude(isExpandXopInclude());
        dkSig.setWsDocInfo(wsDocInfo);
        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
        dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
        dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
        dkSig.prepare();
        dkSig.getParts().addAll(sigParts);
        List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
        // Do signature
        dkSig.appendDKElementToHeader();
        dkSig.computeSignature(referenceList, false, null);
        return dkSig.getSignatureValue();
    }
    WSSecSignature sig = getSignatureBuilder(token, false, false);
    assertPolicy(wrapper);
    if (sig != null) {
        sig.prependBSTElementToHeader();
        List<Reference> referenceList = sig.addReferencesToSign(sigParts);
        if (bottomUpElement == null) {
            sig.computeSignature(referenceList, false, null);
        } else {
            sig.computeSignature(referenceList, true, bottomUpElement);
        }
        bottomUpElement = sig.getSignatureElement();
        mainSigId = sig.getId();
        return sig.getSignatureValue();
    }
    return new byte[0];
}
Also used : WSSecDKSign(org.apache.wss4j.dom.message.WSSecDKSign) WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecEncryptedKey(org.apache.wss4j.dom.message.WSSecEncryptedKey) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) Reference(javax.xml.crypto.dsig.Reference) Element(org.w3c.dom.Element) WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Aggregations

WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)25 Element (org.w3c.dom.Element)17 ArrayList (java.util.ArrayList)13 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)10 QName (javax.xml.namespace.QName)8 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)8 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)8 SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)8 Reference (javax.xml.crypto.dsig.Reference)7 SOAPException (javax.xml.soap.SOAPException)7 WSSecSignature (org.apache.wss4j.dom.message.WSSecSignature)7 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)7 Fault (org.apache.cxf.interceptor.Fault)6 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)6 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)6 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)6 AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)5 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)5 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)5 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)5