Examples with WSPasswordCallback org.apache.wss4j.common.ext.WSPasswordCallback used on opensource projects

Search in sources :

Example 56 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class SamlPostBindingFilter method signAuthnRequest.

protected void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
    Crypto crypto = getSignatureCrypto();
    if (crypto == null) {
        LOG.warning("No crypto instance of properties file configured for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    String signatureUser = getSignatureUsername();
    if (signatureUser == null) {
        LOG.warning("No user configured for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    CallbackHandler callbackHandler = getCallbackHandler();
    if (callbackHandler == null) {
        LOG.warning("No CallbackHandler configured to supply a password for signature");
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(signatureUser);
    X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
    if (issuerCerts == null) {
        throw new Exception("No issuer certs were found to sign the request using name: " + signatureUser);
    }
    String sigAlgo = getSignatureAlgorithm();
    String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
    LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
    if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
        sigAlgo = SSOConstants.DSA_SHA1;
    }
    LOG.fine("Using Signature algorithm " + sigAlgo);
    // Get the password
    WSPasswordCallback[] cb = { new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE) };
    callbackHandler.handle(cb);
    String password = cb[0].getPassword();
    // Get the private key
    PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
    // Create the signature
    Signature signature = OpenSAMLUtil.buildSignature();
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
    kiFactory.setEmitEntityCertificate(true);
    try {
        KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
    } catch (org.opensaml.security.SecurityException ex) {
        throw new Exception("Error generating KeyInfo from signing credential", ex);
    }
    SignableSAMLObject signableObject = authnRequest;
    signableObject.setSignature(signature);
    signableObject.releaseDOM();
    signableObject.releaseChildrenDOM(true);
    // Clean the private key from memory when we're done
    try {
        privateKey.destroy();
    } catch (DestroyFailedException ex) {
    // ignore
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) DestroyFailedException(javax.security.auth.DestroyFailedException) PrivateKey(java.security.PrivateKey) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) DestroyFailedException(javax.security.auth.DestroyFailedException) IOException(java.io.IOException) Crypto(org.apache.wss4j.common.crypto.Crypto) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) Signature(org.opensaml.xmlsec.signature.Signature) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 57 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class MetadataService method getMetadata.

@GET
@Produces("text/xml")
public Document getMetadata() {
    try {
        MetadataWriter metadataWriter = new MetadataWriter();
        Crypto crypto = getSignatureCrypto();
        if (crypto == null) {
            LOG.fine("No crypto instance of properties file configured for signature");
            throw ExceptionUtils.toInternalServerErrorException(null, null);
        }
        String signatureUser = getSignatureUsername();
        if (signatureUser == null) {
            LOG.fine("No user configured for signature");
            throw ExceptionUtils.toInternalServerErrorException(null, null);
        }
        CallbackHandler callbackHandler = getCallbackHandler();
        if (callbackHandler == null) {
            LOG.fine("No CallbackHandler configured to supply a password for signature");
            throw ExceptionUtils.toInternalServerErrorException(null, null);
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(signatureUser);
        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
        if (issuerCerts == null) {
            throw new Exception("No issuer certs were found to sign the request using name: " + signatureUser);
        }
        // Get the password
        WSPasswordCallback[] cb = { new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE) };
        callbackHandler.handle(cb);
        String password = cb[0].getPassword();
        // Get the private key
        PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
        if (addEndpointAddressToContext) {
            Message message = JAXRSUtils.getCurrentMessage();
            String rawPath = (String) message.get("http.base.path");
            return metadataWriter.getMetaData(rawPath + serviceAddress, rawPath + assertionConsumerServiceAddress, rawPath + logoutServiceAddress, privateKey, issuerCerts[0], true);
        }
        Document metadata = metadataWriter.getMetaData(serviceAddress, assertionConsumerServiceAddress, logoutServiceAddress, privateKey, issuerCerts[0], true);
        // Clean the private key from memory when we're done
        try {
            privateKey.destroy();
        } catch (DestroyFailedException ex) {
        // ignore
        }
        return metadata;
    } catch (Exception ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw ExceptionUtils.toInternalServerErrorException(ex, null);
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) DestroyFailedException(javax.security.auth.DestroyFailedException) PrivateKey(java.security.PrivateKey) Message(org.apache.cxf.message.Message) CryptoType(org.apache.wss4j.common.crypto.CryptoType) Document(org.w3c.dom.Document) X509Certificate(java.security.cert.X509Certificate) DestroyFailedException(javax.security.auth.DestroyFailedException) Crypto(org.apache.wss4j.common.crypto.Crypto) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 58 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class XmlSecInInterceptor method configureDecryptionKeys.

private void configureDecryptionKeys(Message message, XMLSecurityProperties properties) throws IOException, UnsupportedCallbackException, WSSecurityException {
    final String cryptoKey;
    final String propKey;
    if (RSSecurityUtils.isSignedAndEncryptedTwoWay(message)) {
        cryptoKey = SecurityConstants.SIGNATURE_CRYPTO;
        propKey = SecurityConstants.SIGNATURE_PROPERTIES;
    } else {
        cryptoKey = SecurityConstants.ENCRYPT_CRYPTO;
        propKey = SecurityConstants.ENCRYPT_PROPERTIES;
    }
    Crypto crypto = null;
    try {
        crypto = new CryptoLoader().getCrypto(message, cryptoKey, propKey);
    } catch (Exception ex) {
        throwFault("Crypto can not be loaded", ex);
    }
    if (crypto != null) {
        String alias = decryptionAlias;
        if (alias == null) {
            alias = crypto.getDefaultX509Identifier();
        }
        if (alias != null) {
            CallbackHandler callback = RSSecurityUtils.getCallbackHandler(message, this.getClass());
            WSPasswordCallback passwordCallback = new WSPasswordCallback(alias, WSPasswordCallback.DECRYPT);
            callback.handle(new Callback[] { passwordCallback });
            Key privateKey = crypto.getPrivateKey(alias, passwordCallback.getPassword());
            properties.setDecryptionKey(privateKey);
        }
    }
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) CallbackHandler(javax.security.auth.callback.CallbackHandler) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) PatternSyntaxException(java.util.regex.PatternSyntaxException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) Key(java.security.Key) PublicKey(java.security.PublicKey)

Example 59 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class SCTSAMLTokenProvider method createSamlToken.

private SamlAssertionWrapper createSamlToken(TokenProviderParameters tokenParameters, byte[] secret, Document doc) throws Exception {
    SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, doc);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    if (signToken) {
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        // Get the password
        String alias = stsProperties.getSignatureUsername();
        WSPasswordCallback[] cb = { new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE) };
        LOG.fine("Creating SAML Token");
        stsProperties.getCallbackHandler().handle(cb);
        String password = cb[0].getPassword();
        LOG.fine("Signing SAML Token");
        boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
        assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
    }
    return assertion;
}
Also used : SamlCallbackHandler(org.apache.cxf.sts.token.provider.SamlCallbackHandler) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)

Example 60 with WSPasswordCallback

use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.

the class KerberosServicePasswordCallback method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            super.handle(new Callback[] { callbacks[i] });
        } else if (callbacks[i] instanceof KerberosContextAndServiceNameCallback) {
            KerberosContextAndServiceNameCallback pc = (KerberosContextAndServiceNameCallback) callbacks[i];
            pc.setContextName("bob");
            pc.setServiceName("bob@service.ws.apache.org");
        } else if (callbacks[i] instanceof NameCallback) {
            NameCallback nameCallback = (NameCallback) callbacks[i];
            nameCallback.setName(username);
        } else if (callbacks[i] instanceof PasswordCallback) {
            PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
            passwordCallback.setPassword(password.toCharArray());
        }
    }
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) KerberosContextAndServiceNameCallback(org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) KerberosContextAndServiceNameCallback(org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback)

Aggregations

WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)69 Callback (javax.security.auth.callback.Callback)22 CallbackHandler (javax.security.auth.callback.CallbackHandler)20 IOException (java.io.IOException)17 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)14 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11 ArrayList (java.util.ArrayList)8 HashMap (java.util.HashMap)8 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)8 QName (javax.xml.namespace.QName)7 Endpoint (org.apache.cxf.endpoint.Endpoint)7 Test (org.junit.Test)7 URL (java.net.URL)6 Service (javax.xml.ws.Service)6 SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)6 Client (org.apache.cxf.endpoint.Client)6 Crypto (org.apache.wss4j.common.crypto.Crypto)6 PrivateKey (java.security.PrivateKey)3 X509Certificate (java.security.cert.X509Certificate)3 DestroyFailedException (javax.security.auth.DestroyFailedException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial