Example 21 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class KerberosClientPasswordCallback method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nameCallback = (NameCallback) callbacks[i];
nameCallback.setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
passwordCallback.setPassword(password.toCharArray());
} else if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callbacks[i];
// Get a custom (Kerberos) token directly using the WSS4J APIs
if (wsPasswordCallback.getUsage() == WSPasswordCallback.CUSTOM_TOKEN) {
KerberosSecurity kerberosSecurity = new KerberosSecurity(DOMUtils.getEmptyDocument());
try {
kerberosSecurity.retrieveServiceTicket(username, this, servicePrincipal, false, false, null);
kerberosSecurity.addWSUNamespace();
WSSConfig wssConfig = WSSConfig.getNewInstance();
kerberosSecurity.setID(wssConfig.getIdAllocator().createSecureId("BST-", kerberosSecurity));
wsPasswordCallback.setCustomToken(kerberosSecurity.getElement());
} catch (WSSecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
}
Also used :
KerberosSecurity(org.apache.wss4j.dom.message.token.KerberosSecurity)
NameCallback(javax.security.auth.callback.NameCallback)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 22 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class KeystorePasswordCallback method handle.
/**
* It attempts to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
pc.setPassword("this-is-a-secret");
} else {
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
pc.setPassword("password");
}
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 23 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class KeystorePasswordCallback method handle.
/**
* It attempts to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
pc.setPassword("this-is-a-secret");
} else {
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
pc.setPassword("password");
}
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 24 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class SamlRedirectBindingFilter method signRequest.
/**
* Sign a request according to the redirect binding spec for Web SSO
*/
private void signRequest(String authnRequest, String relayState, UriBuilder ub) throws Exception {
Crypto crypto = getSignatureCrypto();
if (crypto == null) {
LOG.warning("No crypto instance of properties file configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
String signatureUser = getSignatureUsername();
if (signatureUser == null) {
LOG.warning("No user configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CallbackHandler callbackHandler = getCallbackHandler();
if (callbackHandler == null) {
LOG.warning("No CallbackHandler configured to supply a password for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(signatureUser);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
throw new Exception("No issuer certs were found to sign the request using name: " + signatureUser);
}
String sigAlgo = getSignatureAlgorithm();
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
sigAlgo = SSOConstants.DSA_SHA1;
}
LOG.fine("Using Signature algorithm " + sigAlgo);
ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name()));
// Get the password
WSPasswordCallback[] cb = { new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE) };
callbackHandler.handle(cb);
String password = cb[0].getPassword();
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
// Sign the request
String jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + authnRequest + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name());
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
// Clean the private key from memory when we're done
try {
privateKey.destroy();
} catch (DestroyFailedException ex) {
// ignore
}
ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()));
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DestroyFailedException(javax.security.auth.DestroyFailedException)
PrivateKey(java.security.PrivateKey)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
X509Certificate(java.security.cert.X509Certificate)
DestroyFailedException(javax.security.auth.DestroyFailedException)
IOException(java.io.IOException)
Crypto(org.apache.wss4j.common.crypto.Crypto)
Signature(java.security.Signature)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 25 with WSPasswordCallback
use of org.apache.wss4j.common.ext.WSPasswordCallback in project cxf by apache.
the class KeystorePasswordCallback method handle.
/**
* It attempts to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
}
}
Also used :
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Aggregations
WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)69
Callback (javax.security.auth.callback.Callback)22
CallbackHandler (javax.security.auth.callback.CallbackHandler)20
IOException (java.io.IOException)17
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)14
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
ArrayList (java.util.ArrayList)8
HashMap (java.util.HashMap)8
WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)8
QName (javax.xml.namespace.QName)7
Endpoint (org.apache.cxf.endpoint.Endpoint)7
Test (org.junit.Test)7
URL (java.net.URL)6
Service (javax.xml.ws.Service)6
SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)6
Client (org.apache.cxf.endpoint.Client)6
Crypto (org.apache.wss4j.common.crypto.Crypto)6
PrivateKey (java.security.PrivateKey)3
X509Certificate (java.security.cert.X509Certificate)3
DestroyFailedException (javax.security.auth.DestroyFailedException)3
