Search in sources :

Example 1 with SecurityTokenReference

use of org.apache.wss4j.common.token.SecurityTokenReference in project cxf by apache.

the class SymmetricBindingHandler method doEncryptionDerived.

private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, SecurityToken encrTok, AbstractToken encrToken, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) {
    try {
        WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
        dkEncr.setEncryptionSerializer(new StaxSerializer());
        dkEncr.setIdAllocator(wssConfig.getIdAllocator());
        dkEncr.setCallbackLookup(callbackLookup);
        dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
        dkEncr.setExpandXopInclude(isExpandXopInclude());
        dkEncr.setWsDocInfo(wsDocInfo);
        if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
            dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
        }
        if (attached && encrTok.getAttachedReference() != null) {
            dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getAttachedReference()));
        } else if (encrTok.getUnattachedReference() != null) {
            dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference()));
        } else if (!isRequestor() && encrTok.getSHA1() != null) {
            // If the Encrypted key used to create the derived key is not
            // attached use key identifier as defined in WSS1.1 section
            // 7.7 Encrypted Key reference
            SecurityTokenReference tokenRef = new SecurityTokenReference(saaj.getSOAPPart());
            String tokenType = encrTok.getTokenType();
            if (encrToken instanceof KerberosToken) {
                tokenRef.setKeyIdentifier(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE, encrTok.getSHA1(), true);
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_GSS_KRB_V5_AP_REQ;
                }
            } else {
                tokenRef.setKeyIdentifierEncKeySHA1(encrTok.getSHA1());
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
                }
            }
            tokenRef.addTokenType(tokenType);
            dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
        } else {
            if (attached) {
                String id = encrTok.getWsuId();
                if (id == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
                    dkEncr.setTokenIdDirectId(true);
                    id = encrTok.getId();
                } else if (id == null) {
                    id = encrTok.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
                dkEncr.setExternalKey(encrTok.getSecret(), id);
            } else {
                dkEncr.setTokenIdDirectId(true);
                dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
            }
        }
        if (encrTok.getSHA1() != null) {
            String tokenType = encrTok.getTokenType();
            if (tokenType == null) {
                tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
            }
            dkEncr.setCustomValueType(tokenType);
        } else {
            String tokenType = encrTok.getTokenType();
            if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
            } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
            } else if (encrToken instanceof UsernameToken) {
                dkEncr.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
            } else {
                dkEncr.setCustomValueType(tokenType);
            }
        }
        AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
        dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
        dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
        dkEncr.prepare();
        Element encrDKTokenElem = null;
        encrDKTokenElem = dkEncr.getdktElement();
        addDerivedKeyElement(encrDKTokenElem);
        Element refList = dkEncr.encryptForExternalRef(null, encrParts);
        List<Element> attachments = dkEncr.getAttachmentEncryptedDataElements();
        addAttachmentsForEncryption(atEnd, refList, attachments);
        return dkEncr;
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        unassertPolicy(recToken, e);
    }
    return null;
}
Also used : AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Example 2 with SecurityTokenReference

use of org.apache.wss4j.common.token.SecurityTokenReference in project cxf by apache.

the class SymmetricBindingHandler method doEncryption.

private WSSecBase doEncryption(AbstractTokenWrapper recToken, SecurityToken encrTok, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) {
    // Do encryption
    if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
        AbstractToken encrToken = recToken.getToken();
        assertPolicy(recToken);
        assertPolicy(encrToken);
        AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
        if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
            return doEncryptionDerived(recToken, encrTok, encrToken, attached, encrParts, atEnd);
        }
        try {
            WSSecEncrypt encr = new WSSecEncrypt(secHeader);
            encr.setEncryptionSerializer(new StaxSerializer());
            encr.setIdAllocator(wssConfig.getIdAllocator());
            encr.setCallbackLookup(callbackLookup);
            encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
            encr.setStoreBytesInAttachment(storeBytesInAttachment);
            encr.setExpandXopInclude(isExpandXopInclude());
            encr.setWsDocInfo(wsDocInfo);
            String encrTokId = encrTok.getId();
            if (attached) {
                encrTokId = encrTok.getWsuId();
                if (encrTokId == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
                    encr.setEncKeyIdDirectId(true);
                    encrTokId = encrTok.getId();
                } else if (encrTokId == null) {
                    encrTokId = encrTok.getId();
                }
                if (encrTokId.startsWith("#")) {
                    encrTokId = encrTokId.substring(1);
                }
            } else {
                encr.setEncKeyIdDirectId(true);
            }
            if (encrTok.getTokenType() != null) {
                encr.setCustomReferenceValue(encrTok.getTokenType());
            }
            encr.setEncKeyId(encrTokId);
            encr.setEphemeralKey(encrTok.getSecret());
            Crypto crypto = getEncryptionCrypto();
            if (crypto != null) {
                setEncryptionUser(encr, encrToken, false, crypto);
            }
            encr.setEncryptSymmKey(false);
            encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
            encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
            encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
            if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken || encrToken instanceof SecureConversationToken) {
                // Setting the AttachedReference or the UnattachedReference according to the flag
                Element ref;
                if (attached) {
                    ref = encrTok.getAttachedReference();
                } else {
                    ref = encrTok.getUnattachedReference();
                }
                String tokenType = encrTok.getTokenType();
                if (ref != null) {
                    SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
                    encr.setSecurityTokenReference(secRef);
                } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                    encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                    encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                } else {
                    encr.setCustomReferenceValue(tokenType);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                }
            } else if (encrToken instanceof UsernameToken) {
                encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
            } else if (encrToken instanceof KerberosToken && !isRequestor()) {
                encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
                encr.setEncKeyId(encrTok.getSHA1());
            } else if (!isRequestor() && encrTok.getSHA1() != null) {
                encr.setCustomReferenceValue(encrTok.getSHA1());
                encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
            }
            encr.prepare(crypto);
            if (encr.getBSTTokenId() != null) {
                encr.prependBSTElementToHeader();
            }
            Element refList = encr.encryptForRef(null, encrParts);
            List<Element> attachments = encr.getAttachmentEncryptedDataElements();
            addAttachmentsForEncryption(atEnd, refList, attachments);
            return encr;
        } catch (WSSecurityException e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            unassertPolicy(recToken, e);
        }
    }
    return null;
}
Also used : WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) Crypto(org.apache.wss4j.common.crypto.Crypto) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Example 3 with SecurityTokenReference

use of org.apache.wss4j.common.token.SecurityTokenReference in project cxf by apache.

the class TransportBindingHandler method doSignature.

private byte[] doSignature(boolean tokenIncluded, SecurityToken secTok, AbstractToken token, SupportingTokens wrapper, List<WSEncryptionPart> sigParts) throws Exception {
    WSSecSignature sig = new WSSecSignature(secHeader);
    sig.setIdAllocator(wssConfig.getIdAllocator());
    sig.setCallbackLookup(callbackLookup);
    sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
    sig.setStoreBytesInAttachment(storeBytesInAttachment);
    sig.setExpandXopInclude(isExpandXopInclude());
    sig.setWsDocInfo(wsDocInfo);
    // Setting the AttachedReference or the UnattachedReference according to the flag
    Element ref;
    if (tokenIncluded) {
        ref = secTok.getAttachedReference();
    } else {
        ref = secTok.getUnattachedReference();
    }
    if (ref != null) {
        SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
        sig.setSecurityTokenReference(secRef);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else if (token instanceof UsernameToken) {
        sig.setCustomTokenId(secTok.getId());
        sig.setCustomTokenValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        int type = tokenIncluded ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
        sig.setKeyIdentifierType(type);
    } else if (secTok.getTokenType() == null) {
        sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
    } else {
        String id = secTok.getWsuId();
        if (id == null) {
            sig.setCustomTokenId(secTok.getId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
        } else {
            sig.setCustomTokenId(secTok.getWsuId());
            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
        }
        String tokenType = secTok.getTokenType();
        if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
        } else {
            sig.setCustomTokenValueType(tokenType);
        }
    }
    Crypto crypto = null;
    if (secTok.getSecret() == null) {
        sig.setX509Certificate(secTok.getX509Certificate());
        crypto = secTok.getCrypto();
        if (crypto == null) {
            crypto = getSignatureCrypto();
        }
        if (crypto == null) {
            LOG.fine("No signature Crypto properties are available");
            Exception ex = new Exception("No signature Crypto properties are available");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
        }
        String uname = crypto.getX509Identifier(secTok.getX509Certificate());
        if (uname == null) {
            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
            uname = (String) SecurityUtils.getSecurityPropertyValue(userNameKey, message);
        }
        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
        sig.setUserInfo(uname, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
    } else {
        crypto = getSignatureCrypto();
        sig.setSecretKey(secTok.getSecret());
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
    }
    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
    AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
    sig.setDigestAlgo(algType.getDigest());
    sig.prepare(crypto);
    sig.getParts().addAll(sigParts);
    List<Reference> referenceList = sig.addReferencesToSign(sigParts);
    // Do signature
    if (bottomUpElement == null) {
        sig.computeSignature(referenceList, false, null);
    } else {
        sig.computeSignature(referenceList, true, bottomUpElement);
    }
    bottomUpElement = sig.getSignatureElement();
    mainSigId = sig.getId();
    return sig.getSignatureValue();
}
Also used : AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) Reference(javax.xml.crypto.dsig.Reference) WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Crypto(org.apache.wss4j.common.crypto.Crypto) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Example 4 with SecurityTokenReference

use of org.apache.wss4j.common.token.SecurityTokenReference in project cxf by apache.

the class STSInvoker method writeSecurityTokenReference.

Element writeSecurityTokenReference(W3CDOMStreamWriter writer, String id, String instance, String refValueType) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.addWSSENamespace();
    str.setReference(ref);
    if (instance != null) {
        try {
            Element firstChildElement = str.getFirstElement();
            if (firstChildElement != null) {
                int version = NegotiationUtils.getWSCVersion(refValueType);
                String ns = ConversationConstants.getWSCNs(version);
                firstChildElement.setAttributeNS(ns, "wsc:" + ConversationConstants.INSTANCE_LN, instance);
            }
        } catch (WSSecurityException e) {
        // just return without wsc:Instance
        }
    }
    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
Also used : SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) Reference(org.apache.wss4j.common.token.Reference) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 5 with SecurityTokenReference

use of org.apache.wss4j.common.token.SecurityTokenReference in project cxf by apache.

the class SymmetricBindingHandler method doEncryption.

private WSSecEncrypt doEncryption(AbstractTokenWrapper recToken, SecurityToken encrTok, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd, SecretKey symmetricKey) {
    AbstractToken encrToken = recToken.getToken();
    assertPolicy(recToken);
    assertPolicy(encrToken);
    try {
        WSSecEncrypt encr = new WSSecEncrypt(secHeader);
        encr.setEncryptionSerializer(new StaxSerializer());
        encr.setIdAllocator(wssConfig.getIdAllocator());
        encr.setCallbackLookup(callbackLookup);
        encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        encr.setStoreBytesInAttachment(storeBytesInAttachment);
        encr.setExpandXopInclude(isExpandXopInclude());
        encr.setWsDocInfo(wsDocInfo);
        String encrTokId = encrTok.getId();
        if (attached) {
            encrTokId = encrTok.getWsuId();
            if (encrTokId == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
                encr.setEncKeyIdDirectId(true);
                encrTokId = encrTok.getId();
            } else if (encrTokId == null) {
                encrTokId = encrTok.getId();
            }
            if (encrTokId.startsWith("#")) {
                encrTokId = encrTokId.substring(1);
            }
        } else {
            encr.setEncKeyIdDirectId(true);
        }
        if (encrTok.getTokenType() != null) {
            encr.setCustomReferenceValue(encrTok.getTokenType());
        }
        encr.setEncKeyId(encrTokId);
        AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
        encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
        Crypto crypto = getEncryptionCrypto();
        if (crypto != null) {
            setEncryptionUser(encr, encrToken, false, crypto);
        }
        encr.setEncryptSymmKey(false);
        encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
        encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
        if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken || encrToken instanceof SecureConversationToken) {
            // Setting the AttachedReference or the UnattachedReference according to the flag
            Element ref;
            if (attached) {
                ref = encrTok.getAttachedReference();
            } else {
                ref = encrTok.getUnattachedReference();
            }
            String tokenType = encrTok.getTokenType();
            if (ref != null) {
                SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
                encr.setSecurityTokenReference(secRef);
            } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
                encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
                encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            } else {
                encr.setCustomReferenceValue(tokenType);
                encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
            }
        } else if (encrToken instanceof UsernameToken) {
            encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
        } else if (encrToken instanceof KerberosToken && !isRequestor()) {
            encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
            encr.setEncKeyId(encrTok.getSHA1());
        } else if (!isRequestor() && encrTok.getSHA1() != null) {
            encr.setCustomReferenceValue(encrTok.getSHA1());
            encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
        }
        encr.prepare(crypto, symmetricKey);
        if (encr.getBSTTokenId() != null) {
            encr.prependBSTElementToHeader();
        }
        Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
        List<Element> attachments = encr.getAttachmentEncryptedDataElements();
        addAttachmentsForEncryption(atEnd, refList, attachments);
        return encr;
    } catch (InvalidCanonicalizerException | WSSecurityException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        unassertPolicy(recToken, e);
    }
    return null;
}
Also used : WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) Crypto(org.apache.wss4j.common.crypto.Crypto) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Aggregations

SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)15 Element (org.w3c.dom.Element)15 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)10 AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)9 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)9 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)8 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)8 BSPEnforcer (org.apache.wss4j.common.bsp.BSPEnforcer)7 Reference (javax.xml.crypto.dsig.Reference)6 Crypto (org.apache.wss4j.common.crypto.Crypto)6 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)6 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)6 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)6 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)5 WSSecSignature (org.apache.wss4j.dom.message.WSSecSignature)5 SOAPException (javax.xml.soap.SOAPException)4 StaxSerializer (org.apache.cxf.ws.security.wss4j.StaxSerializer)4 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)3 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)3 Document (org.w3c.dom.Document)3