Example 1 with KeyInfoBean
use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project jbossws-cxf by jbossws.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=jbws-cxf-sts.com";
String subjectQualifier = "www.jbws-cxf-sts.org";
SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
String file = "META-INF/alice.properties";
Crypto crypto = CryptoFactory.getInstance(file);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("alice");
callback.setIssuerKeyPassword("password");
callback.setSignAssertion(signed);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 2 with KeyInfoBean
use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project testcases by coheigea.
the class SamlCallbackHandler method createKeyInfo.
protected KeyInfoBean createKeyInfo() throws Exception {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(cryptoAlias);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
KeyInfoBean keyInfo = new KeyInfoBean();
keyInfo.setCertIdentifer(keyInfoIdentifier);
if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) {
keyInfo.setCertificate(certs[0]);
} else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) {
keyInfo.setPublicKey(certs[0].getPublicKey());
}
return keyInfo;
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with KeyInfoBean
use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.
the class AbstractSAMLCallbackHandler method createKeyInfo.
protected KeyInfoBean createKeyInfo() throws Exception {
KeyInfoBean keyInfo = new KeyInfoBean();
if (statement == Statement.AUTHN) {
keyInfo.setCertificate(certs[0]);
keyInfo.setCertIdentifer(certIdentifier);
} else if (statement == Statement.ATTR) {
// Build a new Document
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
// Create an Encrypted Key
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
SecretKey symmetricKey = keyGen.generateKey();
encrKey.prepare(null, symmetricKey);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
Element keyInfoElement = doc.createElementNS(WSS4JConstants.SIG_NS, WSS4JConstants.SIG_PREFIX + ":" + WSS4JConstants.KEYINFO_LN);
keyInfoElement.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:" + WSS4JConstants.SIG_PREFIX, WSS4JConstants.SIG_NS);
keyInfoElement.appendChild(encryptedKeyElement);
keyInfo.setElement(keyInfoElement);
}
return keyInfo;
}
Also used :
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
SecretKey(javax.crypto.SecretKey)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
WSSecEncryptedKey(org.apache.wss4j.dom.message.WSSecEncryptedKey)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
KeyGenerator(javax.crypto.KeyGenerator)
Example 4 with KeyInfoBean
use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
if (conditions != null) {
callback.setConditions(conditions);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
callback.setSignatureAlgorithm(signatureAlgorithm);
callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(cryptoAlias);
callback.setIssuerKeyPassword(cryptoPassword);
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 5 with KeyInfoBean
use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (!saml2) {
callback.setSamlVersion(Version.SAML_11);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
String subjectConfMethod = confirmationMethod;
if (subjectConfMethod == null && !saml2) {
subjectConfMethod = SAML1Constants.CONF_BEARER;
} else if (subjectConfMethod == null && saml2) {
subjectConfMethod = SAML2Constants.CONF_BEARER;
}
SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(subjectConfMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
String file = "alice.properties";
Crypto crypto = CryptoFactory.getInstance(file);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("alice");
callback.setIssuerKeyPassword("password");
callback.setSignAssertion(signed);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Aggregations
KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)22
Crypto (org.apache.wss4j.common.crypto.Crypto)15
SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)12
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)11
IOException (java.io.IOException)10
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)10
X509Certificate (java.security.cert.X509Certificate)7
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)7
AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)7
CryptoType (org.apache.wss4j.common.crypto.CryptoType)6
Element (org.w3c.dom.Element)4
KeyGenerator (javax.crypto.KeyGenerator)3
SecretKey (javax.crypto.SecretKey)3
WSSecEncryptedKey (org.apache.wss4j.dom.message.WSSecEncryptedKey)3
DocumentBuilder (javax.xml.parsers.DocumentBuilder)2
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)2
Document (org.w3c.dom.Document)2
InputStream (java.io.InputStream)1
Principal (java.security.Principal)1
