Example 21 with WSEncryptionPart
use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.
the class AbstractBindingBuilder method handleSupportingTokens.
protected List<SupportingToken> handleSupportingTokens(SupportingTokens suppTokens, boolean endorse, List<SupportingToken> ret) throws WSSecurityException, SOAPException {
if (suppTokens == null) {
return ret;
}
for (AbstractToken token : suppTokens.getTokens()) {
assertToken(token);
if (!isTokenRequired(token.getIncludeTokenType())) {
// Check for any SignedParts so as *not* to sign them
getSignedParts(suppTokens);
continue;
}
if (token instanceof UsernameToken) {
handleUsernameTokenSupportingToken((UsernameToken) token, endorse, suppTokens.isEncryptedToken(), ret);
} else if (token instanceof IssuedToken || token instanceof SecureConversationToken || token instanceof SecurityContextToken || token instanceof KerberosToken || token instanceof SpnegoContextToken) {
// ws-trust/ws-sc stuff.......
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
unassertPolicy(token, "Could not find IssuedToken");
}
Element clone = cloneElement(secToken.getToken());
secToken.setToken(clone);
addSupportingElement(clone);
String id = XMLUtils.getIDFromReference(secToken.getId());
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(id, "Element");
part.setElement(clone);
encryptedTokensList.add(part);
}
if (secToken.getX509Certificate() == null) {
ret.add(new SupportingToken(token, new WSSecurityTokenHolder(secToken, secHeader), getSignedParts(suppTokens)));
} else {
ret.add(signSupportingToken(secToken, id, token, suppTokens));
}
} else if (token instanceof X509Token) {
// We have to use a cert. Prepare X509 signature
WSSecSignature sig = getSignatureBuilder(token, false, endorse);
assertPolicy(suppTokens);
Element bstElem = sig.getBinarySecurityTokenElement();
if (bstElem != null) {
if (lastEncryptedKeyElement != null) {
if (lastEncryptedKeyElement.getNextSibling() != null) {
secHeader.getSecurityHeaderElement().insertBefore(bstElem, lastEncryptedKeyElement.getNextSibling());
} else {
secHeader.getSecurityHeaderElement().appendChild(bstElem);
}
} else {
sig.prependBSTElementToHeader();
}
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
part.setElement(bstElem);
encryptedTokensList.add(part);
}
}
ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
} else if (token instanceof KeyValueToken) {
WSSecSignature sig = getSignatureBuilder(token, false, endorse);
assertPolicy(suppTokens);
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
encryptedTokensList.add(part);
}
ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
} else if (token instanceof SamlToken) {
SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) token);
if (assertionWrapper != null) {
Element envelope = saaj.getSOAPPart().getEnvelope();
envelope = (Element) DOMUtils.getDomElement(envelope);
Element assertionElement = assertionWrapper.toDOM(envelope.getOwnerDocument());
addSupportingElement(assertionElement);
ret.add(new SupportingToken(token, assertionWrapper, getSignedParts(suppTokens)));
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(assertionWrapper.getId(), "Element");
part.setElement(assertionElement);
encryptedTokensList.add(part);
}
}
}
}
return ret;
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)
Example 22 with WSEncryptionPart
use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.
the class AsymmetricBindingHandler method doSignature.
private void doSignature(AbstractTokenWrapper wrapper, List<WSEncryptionPart> sigParts, boolean attached) throws WSSecurityException, SOAPException {
if (!isRequestor()) {
assertUnusedTokens(abinding.getInitiatorToken());
assertUnusedTokens(abinding.getInitiatorEncryptionToken());
assertUnusedTokens(abinding.getInitiatorSignatureToken());
} else {
assertUnusedTokens(abinding.getRecipientToken());
assertUnusedTokens(abinding.getRecipientEncryptionToken());
assertUnusedTokens(abinding.getRecipientSignatureToken());
}
AbstractToken sigToken = wrapper.getToken();
if (sigParts.isEmpty()) {
// Add the BST to the security header if required
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
sig.appendBSTElementToHeader();
}
return;
}
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
// Set up the encrypted key to use
setupEncryptedKey(wrapper, sigToken);
WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
dkSign.setExpandXopInclude(isExpandXopInclude());
dkSign.setWsDocInfo(wsDocInfo);
if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
dkSign.setSigCanonicalization(abinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDigestAlgorithm(algType.getDigest());
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
dkSign.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE);
boolean includePrefixes = MessageUtils.getContextualBoolean(message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true);
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
dkSign.prepare();
if (abinding.isProtectTokens()) {
assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
if (bstElement != null) {
WSEncryptionPart bstPart = new WSEncryptionPart(bstElement.getAttributeNS(WSS4JConstants.WSU_NS, "Id"));
bstPart.setElement(bstElement);
sigParts.add(bstPart);
} else {
WSEncryptionPart ekPart = new WSEncryptionPart(encrKey.getId());
ekPart.setElement(encrKey.getEncryptedKeyElement());
sigParts.add(ekPart);
}
}
dkSign.getParts().addAll(sigParts);
List<Reference> referenceList = dkSign.addReferencesToSign(sigParts);
if (!referenceList.isEmpty()) {
// Add elements to header
addDerivedKeyElement(dkSign.getdktElement());
// Do signature
if (bottomUpElement == null) {
dkSign.computeSignature(referenceList, false, null);
} else {
dkSign.computeSignature(referenceList, true, bottomUpElement);
}
bottomUpElement = dkSign.getSignatureElement();
addSig(dkSign.getSignatureValue());
mainSigId = dkSign.getSignatureId();
}
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
}
} else {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
if (abinding.isProtectTokens()) {
assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
if (sig.getCustomTokenId() != null && (sigToken instanceof SamlToken || sigToken instanceof IssuedToken)) {
WSEncryptionPart samlPart = new WSEncryptionPart(sig.getCustomTokenId());
sigParts.add(samlPart);
} else if (sig.getBSTTokenId() != null) {
// This action must occur before sig.prependBSTElementToHeader
WSEncryptionPart bstPart = new WSEncryptionPart(sig.getBSTTokenId());
bstPart.setElement(sig.getBinarySecurityTokenElement());
sigParts.add(bstPart);
sig.prependBSTElementToHeader();
}
}
List<Reference> referenceList = sig.addReferencesToSign(sigParts);
if (!referenceList.isEmpty()) {
// Do signature
if (bottomUpElement == null) {
sig.computeSignature(referenceList, false, null);
} else {
sig.computeSignature(referenceList, true, bottomUpElement);
}
bottomUpElement = sig.getSignatureElement();
if (!abinding.isProtectTokens()) {
Element bstElement = sig.getBinarySecurityTokenElement();
if (bstElement != null) {
secHeader.getSecurityHeaderElement().insertBefore(bstElement, bottomUpElement);
}
}
addSig(sig.getSignatureValue());
mainSigId = sig.getId();
}
}
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
QName(javax.xml.namespace.QName)
Reference(javax.xml.crypto.dsig.Reference)
WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
Fault(org.apache.cxf.interceptor.Fault)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecDKSign(org.apache.wss4j.dom.message.WSSecDKSign)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
Example 23 with WSEncryptionPart
use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.
the class AsymmetricBindingHandler method doEncryptBeforeSign.
private void doEncryptBeforeSign() {
AbstractTokenWrapper wrapper = getEncryptBeforeSignWrapper();
AbstractToken encryptionToken = null;
if (wrapper != null) {
encryptionToken = wrapper.getToken();
assertToken(encryptionToken);
}
AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
if (initiatorWrapper == null) {
initiatorWrapper = abinding.getInitiatorToken();
}
assertTokenWrapper(initiatorWrapper);
boolean attached = false;
if (initiatorWrapper != null) {
AbstractToken initiatorToken = initiatorWrapper.getToken();
if (initiatorToken instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
} else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
Element el = secToken.getToken();
this.addEncryptedKeyElement(cloneElement(el));
attached = true;
}
} else if (initiatorToken instanceof SamlToken && isRequestor()) {
try {
SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) initiatorToken);
if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType())) {
Element envelope = saaj.getSOAPPart().getEnvelope();
envelope = (Element) DOMUtils.getDomElement(envelope);
addSupportingElement(assertionWrapper.toDOM(envelope.getOwnerDocument()));
storeAssertionAsSecurityToken(assertionWrapper);
}
} catch (Exception e) {
String reason = e.getMessage();
LOG.log(Level.WARNING, "Encrypt before sign failed due to : " + reason);
LOG.log(Level.FINE, e.getMessage(), e);
throw new Fault(e);
}
} else if (initiatorToken instanceof SamlToken) {
String tokenId = getSAMLToken();
if (tokenId == null) {
unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
}
}
}
List<WSEncryptionPart> sigParts = new ArrayList<>();
if (timestampEl != null) {
WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
sigParts.add(timestampPart);
}
try {
addSupportingTokens(sigParts);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
unassertPolicy(encryptionToken, ex);
}
List<WSEncryptionPart> encrParts = null;
try {
encrParts = getEncryptedParts();
// Signed parts are determined before encryption because encrypted signed headers
// will not be included otherwise
sigParts.addAll(this.getSignedParts(null));
} catch (SOAPException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
}
WSSecBase encrBase = null;
if (encryptionToken != null && !encrParts.isEmpty()) {
encrBase = doEncryption(wrapper, encrParts, true);
handleEncryptedSignedHeaders(encrParts, sigParts);
}
if (!isRequestor()) {
addSignatureConfirmation(sigParts);
}
try {
if (!sigParts.isEmpty()) {
if (initiatorWrapper != null && isRequestor()) {
doSignature(initiatorWrapper, sigParts, attached);
} else if (!isRequestor()) {
AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
if (recipientSignatureToken == null) {
recipientSignatureToken = abinding.getRecipientToken();
}
if (recipientSignatureToken != null) {
assertTokenWrapper(recipientSignatureToken);
assertToken(recipientSignatureToken.getToken());
doSignature(recipientSignatureToken, sigParts, attached);
}
}
}
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
} catch (SOAPException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
}
if (isRequestor()) {
doEndorse();
}
if (encrBase != null) {
encryptTokensInSecurityHeader(encryptionToken, encrBase);
}
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
Fault(org.apache.cxf.interceptor.Fault)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
WSSecBase(org.apache.wss4j.dom.message.WSSecBase)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
SOAPException(javax.xml.soap.SOAPException)
AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)
Example 24 with WSEncryptionPart
use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.
the class SymmetricBindingHandler method doSignature.
private byte[] doSignature(List<WSEncryptionPart> sigs, AbstractTokenWrapper policyAbstractTokenWrapper, AbstractToken policyToken, SecurityToken tok, boolean included) throws WSSecurityException {
if (policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
}
WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
sig.setStoreBytesInAttachment(storeBytesInAttachment);
sig.setExpandXopInclude(isExpandXopInclude());
sig.setWsDocInfo(wsDocInfo);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
int type = included ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
String sigTokId = tok.getId();
if (policyToken instanceof X509Token) {
if (isRequestor()) {
sig.setCustomTokenValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE);
sig.setKeyIdentifierType(type);
} else {
// the tok has to be an EncryptedKey token
sig.setEncrKeySha1value(tok.getSHA1());
sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
} else if (policyToken instanceof UsernameToken) {
sig.setCustomTokenValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
sig.setKeyIdentifierType(type);
} else if (policyToken instanceof KerberosToken) {
if (isRequestor()) {
sig.setCustomTokenValueType(tok.getTokenType());
sig.setKeyIdentifierType(type);
} else {
sig.setCustomTokenValueType(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
sigTokId = tok.getSHA1();
}
} else {
// Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
if (included) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
}
if (ref != null) {
SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
sig.setSecurityTokenReference(secRef);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else {
String tokenType = tok.getTokenType();
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else {
sig.setCustomTokenValueType(tokenType);
sig.setKeyIdentifierType(type);
}
}
}
if (included) {
sigTokId = tok.getWsuId();
if (sigTokId == null) {
if (policyToken instanceof SecureConversationToken || policyToken instanceof SecurityContextToken) {
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
}
sigTokId = tok.getId();
}
if (sigTokId.startsWith("#")) {
sigTokId = sigTokId.substring(1);
}
}
if (sbinding.isProtectTokens()) {
assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
if (included) {
sigs.add(new WSEncryptionPart(sigTokId));
}
}
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
boolean includePrefixes = MessageUtils.getContextualBoolean(message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true);
sig.setAddInclusivePrefixes(includePrefixes);
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
Crypto crypto = null;
if (sbinding.getProtectionToken() != null) {
crypto = getEncryptionCrypto();
} else {
crypto = getSignatureCrypto();
}
this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
sig.prepare(crypto);
sig.getParts().addAll(sigs);
List<Reference> referenceList = sig.addReferencesToSign(sigs);
if (!referenceList.isEmpty()) {
// Do signature
if (bottomUpElement == null) {
sig.computeSignature(referenceList, false, null);
} else {
sig.computeSignature(referenceList, true, bottomUpElement);
}
bottomUpElement = sig.getSignatureElement();
this.mainSigId = sig.getId();
return sig.getSignatureValue();
}
return null;
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
QName(javax.xml.namespace.QName)
SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference)
Reference(javax.xml.crypto.dsig.Reference)
WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
Crypto(org.apache.wss4j.common.crypto.Crypto)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
Example 25 with WSEncryptionPart
use of org.apache.wss4j.common.WSEncryptionPart in project cxf by apache.
the class TransportBindingHandler method signPartsAndElements.
/**
* Identifies the portions of the message to be signed/encrypted.
*/
private List<WSEncryptionPart> signPartsAndElements(SignedParts signedParts, SignedElements signedElements) throws SOAPException {
List<WSEncryptionPart> result = new ArrayList<>();
List<Element> found = new ArrayList<>();
// Add timestamp
if (timestampEl != null) {
WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp", WSS4JConstants.WSU_NS, "Element");
String id = addWsuIdToElement(timestampEl.getElement());
timestampPart.setId(id);
timestampPart.setElement(timestampEl.getElement());
found.add(timestampPart.getElement());
result.add(timestampPart);
}
// Add SignedParts
if (signedParts != null) {
List<WSEncryptionPart> parts = new ArrayList<>();
boolean isSignBody = signedParts.isBody();
for (Header head : signedParts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(), head.getNamespace(), "Element");
parts.add(wep);
}
// Handle sign/enc parts
result.addAll(this.getParts(true, isSignBody, parts, found));
}
if (signedElements != null) {
// Handle SignedElements
result.addAll(this.getElements("Element", signedElements.getXPaths(), found, true));
}
return result;
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
Header(org.apache.wss4j.policy.model.Header)
WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Aggregations
WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)25
Element (org.w3c.dom.Element)17
ArrayList (java.util.ArrayList)13
WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)10
QName (javax.xml.namespace.QName)8
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)8
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)8
SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)8
Reference (javax.xml.crypto.dsig.Reference)7
SOAPException (javax.xml.soap.SOAPException)7
WSSecSignature (org.apache.wss4j.dom.message.WSSecSignature)7
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)7
Fault (org.apache.cxf.interceptor.Fault)6
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)6
AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)6
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)6
AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)5
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)5
SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)5
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)5
