Search in sources :

Example 1 with WSSecBase

use of org.apache.wss4j.dom.message.WSSecBase in project cxf by apache.

the class AsymmetricBindingHandler method doSignBeforeEncrypt.

private void doSignBeforeEncrypt() {
    try {
        AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
        if (initiatorWrapper == null) {
            initiatorWrapper = abinding.getInitiatorToken();
        }
        assertTokenWrapper(initiatorWrapper);
        boolean attached = false;
        if (initiatorWrapper != null) {
            AbstractToken initiatorToken = initiatorWrapper.getToken();
            if (initiatorToken instanceof IssuedToken) {
                SecurityToken secToken = getSecurityToken();
                if (secToken == null) {
                    unassertPolicy(initiatorToken, "Security token is not found or expired");
                    return;
                } else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                    Element el = secToken.getToken();
                    this.addEncryptedKeyElement(cloneElement(el));
                    attached = true;
                }
            } else if (initiatorToken instanceof SamlToken && isRequestor()) {
                SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) initiatorToken);
                if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType())) {
                    Element envelope = saaj.getSOAPPart().getEnvelope();
                    envelope = (Element) DOMUtils.getDomElement(envelope);
                    addSupportingElement(assertionWrapper.toDOM(envelope.getOwnerDocument()));
                    storeAssertionAsSecurityToken(assertionWrapper);
                }
            } else if (initiatorToken instanceof SamlToken) {
                String tokenId = getSAMLToken();
                if (tokenId == null) {
                    unassertPolicy(initiatorToken, "Security token is not found or expired");
                    return;
                }
            }
            assertToken(initiatorToken);
        }
        // Add timestamp
        List<WSEncryptionPart> sigs = new ArrayList<>();
        if (timestampEl != null) {
            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
            sigs.add(timestampPart);
        }
        addSupportingTokens(sigs);
        sigs.addAll(this.getSignedParts(null));
        if (isRequestor() && initiatorWrapper != null) {
            doSignature(initiatorWrapper, sigs, attached);
            doEndorse();
        } else if (!isRequestor()) {
            // confirm sig
            addSignatureConfirmation(sigs);
            AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
            if (recipientSignatureToken == null) {
                recipientSignatureToken = abinding.getRecipientToken();
            }
            if (recipientSignatureToken != null) {
                assertTokenWrapper(recipientSignatureToken);
                assertToken(recipientSignatureToken.getToken());
                doSignature(recipientSignatureToken, sigs, attached);
            }
        }
        List<WSEncryptionPart> enc = getEncryptedParts();
        // Check for signature protection
        if (abinding.isEncryptSignature()) {
            if (mainSigId != null) {
                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                sigPart.setElement(bottomUpElement);
                enc.add(sigPart);
            }
            if (sigConfList != null && !sigConfList.isEmpty()) {
                enc.addAll(sigConfList);
            }
            assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }
        // Do encryption
        AbstractTokenWrapper encToken;
        if (isRequestor()) {
            enc.addAll(encryptedTokensList);
            encToken = abinding.getRecipientEncryptionToken();
            if (encToken == null) {
                encToken = abinding.getRecipientToken();
            }
        } else {
            encToken = abinding.getInitiatorEncryptionToken();
            if (encToken == null) {
                encToken = abinding.getInitiatorToken();
            }
        }
        if (encToken != null) {
            if (encToken.getToken() != null && !enc.isEmpty()) {
                final WSSecBase encr;
                if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    encr = doEncryptionDerived(encToken, enc);
                } else {
                    String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
                    KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
                    SecretKey symmetricKey = keyGen.generateKey();
                    encr = doEncryption(encToken, enc, false, symmetricKey);
                }
                encr.clean();
            }
            assertTokenWrapper(encToken);
            assertToken(encToken.getToken());
        }
    } catch (Exception e) {
        String reason = e.getMessage();
        LOG.log(Level.WARNING, "Sign before encryption failed due to : " + reason);
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SamlToken(org.apache.wss4j.policy.model.SamlToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Fault(org.apache.cxf.interceptor.Fault) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) SecretKey(javax.crypto.SecretKey) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper) KeyGenerator(javax.crypto.KeyGenerator)

Example 2 with WSSecBase

use of org.apache.wss4j.dom.message.WSSecBase in project cxf by apache.

the class SymmetricBindingHandler method doSignBeforeEncrypt.

private void doSignBeforeEncrypt() {
    AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
    assertTokenWrapper(sigAbstractTokenWrapper);
    AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
    String sigTokId = null;
    try {
        SecurityToken sigTok = null;
        if (sigToken != null) {
            if (sigToken instanceof SecureConversationToken || sigToken instanceof SecurityContextToken || sigToken instanceof IssuedToken || sigToken instanceof KerberosToken || sigToken instanceof SpnegoContextToken) {
                sigTok = getSecurityToken();
            } else if (sigToken instanceof X509Token) {
                if (isRequestor()) {
                    sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                } else {
                    sigTok = getEncryptedKey();
                }
            } else if (sigToken instanceof UsernameToken) {
                if (isRequestor()) {
                    sigTokId = setupUTDerivedKey((UsernameToken) sigToken);
                } else {
                    sigTok = getUTDerivedKey();
                }
            }
        } else {
            unassertPolicy(sbinding, "No signature token");
            return;
        }
        if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
            unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
            return;
        }
        assertPolicy(sigAbstractTokenWrapper);
        if (sigTok == null) {
            sigTok = tokenStore.getToken(sigTokId);
        }
        // if (sigTok == null) {
        // REVISIT - no token?
        // }
        boolean tokIncluded = true;
        if (isTokenRequired(sigToken.getIncludeTokenType())) {
            Element el = sigTok.getToken();
            Element sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else if (isRequestor() && sigToken instanceof X509Token) {
            Element el = sigTok.getToken();
            Element sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else {
            tokIncluded = false;
        }
        // Add timestamp
        List<WSEncryptionPart> sigs = new ArrayList<>();
        if (timestampEl != null) {
            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
            sigs.add(timestampPart);
        }
        addSupportingTokens(sigs);
        sigs.addAll(getSignedParts(null));
        if (isRequestor()) {
            if (!sigs.isEmpty()) {
                addSig(doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded));
            }
            doEndorse();
        } else {
            // confirm sig
            addSignatureConfirmation(sigs);
            if (!sigs.isEmpty()) {
                doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded);
            }
        }
        // Encryption
        AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
        AbstractToken encrToken = encrAbstractTokenWrapper.getToken();
        final SecurityToken encrTok;
        if (sigToken.equals(encrToken)) {
            // Use the same token
            encrTok = sigTok;
        } else {
            unassertPolicy(sbinding, "Encryption token does not equal signature token");
            return;
        }
        List<WSEncryptionPart> enc = getEncryptedParts();
        // Check for signature protection
        if (sbinding.isEncryptSignature()) {
            if (mainSigId != null) {
                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                sigPart.setElement(bottomUpElement);
                enc.add(sigPart);
            }
            if (sigConfList != null && !sigConfList.isEmpty()) {
                enc.addAll(sigConfList);
            }
            assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }
        if (isRequestor()) {
            enc.addAll(encryptedTokensList);
        }
        if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
            final WSSecBase encr;
            if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                encr = doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
            } else {
                byte[] ephemeralKey = encrTok.getSecret();
                final SecretKey symmetricKey;
                String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
                if (ephemeralKey != null) {
                    symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
                } else {
                    KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
                    symmetricKey = keyGen.generateKey();
                }
                encr = doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
            }
            encr.clean();
        }
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) SecretKey(javax.crypto.SecretKey) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper) KeyGenerator(javax.crypto.KeyGenerator)

Example 3 with WSSecBase

use of org.apache.wss4j.dom.message.WSSecBase in project cxf by apache.

the class SymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() {
    try {
        AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
        assertTokenWrapper(encryptionWrapper);
        AbstractToken encryptionToken = encryptionWrapper.getToken();
        if (encryptionToken != null) {
            // The encryption token can be an IssuedToken or a
            // SecureConversationToken
            String tokenId = null;
            SecurityToken tok = null;
            if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken || encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
                tok = getSecurityToken();
            } else if (encryptionToken instanceof X509Token) {
                if (isRequestor()) {
                    tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
                } else {
                    tok = getEncryptedKey();
                }
            } else if (encryptionToken instanceof UsernameToken) {
                if (isRequestor()) {
                    tokenId = setupUTDerivedKey((UsernameToken) encryptionToken);
                } else {
                    tok = getUTDerivedKey();
                }
            }
            if (tok == null) {
                // }
                if (tokenId != null && tokenId.startsWith("#")) {
                    tokenId = tokenId.substring(1);
                }
                /*
                     * Get hold of the token from the token storage
                     */
                tok = tokenStore.getToken(tokenId);
            }
            boolean attached = false;
            if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            } else if (encryptionToken instanceof X509Token && isRequestor()) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            }
            List<WSEncryptionPart> sigParts = new ArrayList<>();
            if (timestampEl != null) {
                WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
                sigParts.add(timestampPart);
            }
            addSupportingTokens(sigParts);
            sigParts.addAll(this.getSignedParts(null));
            List<WSEncryptionPart> encrParts = getEncryptedParts();
            WSSecBase encr = null;
            SecretKey symmetricKey = null;
            if (encryptionWrapper.getToken() != null && !encrParts.isEmpty()) {
                if (encryptionWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    encr = doEncryptionDerived(encryptionWrapper, tok, attached, encrParts, true);
                } else {
                    byte[] ephemeralKey = tok.getSecret();
                    String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
                    if (ephemeralKey != null) {
                        symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
                    } else {
                        KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
                        symmetricKey = keyGen.generateKey();
                    }
                    encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true, symmetricKey);
                }
            }
            handleEncryptedSignedHeaders(encrParts, sigParts);
            if (!isRequestor()) {
                addSignatureConfirmation(sigParts);
            }
            // We should use the same key in the case of EncryptBeforeSig
            if (!sigParts.isEmpty()) {
                addSig(this.doSignature(sigParts, encryptionWrapper, encryptionToken, tok, attached));
            }
            if (isRequestor()) {
                this.doEndorse();
            }
            // Check for signature protection and encryption of UsernameToken
            if (sbinding.isEncryptSignature() || !encryptedTokensList.isEmpty() && isRequestor()) {
                List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
                // Now encrypt the signature using the above token
                if (sbinding.isEncryptSignature()) {
                    if (this.mainSigId != null) {
                        WSEncryptionPart sigPart = new WSEncryptionPart(this.mainSigId, "Element");
                        sigPart.setElement(bottomUpElement);
                        secondEncrParts.add(sigPart);
                    }
                    if (sigConfList != null && !sigConfList.isEmpty()) {
                        secondEncrParts.addAll(sigConfList);
                    }
                    assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                }
                if (isRequestor()) {
                    secondEncrParts.addAll(encryptedTokensList);
                }
                if (!secondEncrParts.isEmpty()) {
                    final Element secondRefList;
                    if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                        secondRefList = ((WSSecDKEncrypt) encr).encryptForExternalRef(null, secondEncrParts);
                    } else {
                        // Encrypt, get hold of the ref list and add it
                        secondRefList = ((WSSecEncrypt) encr).encryptForRef(null, secondEncrParts, symmetricKey);
                    }
                    if (secondRefList != null) {
                        this.addDerivedKeyElement(secondRefList);
                    }
                }
            }
            if (encr != null) {
                encr.clean();
            }
        }
    } catch (RuntimeException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw ex;
    } catch (Exception ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) SecretKey(javax.crypto.SecretKey) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper) KeyGenerator(javax.crypto.KeyGenerator)

Example 4 with WSSecBase

use of org.apache.wss4j.dom.message.WSSecBase in project cxf by apache.

the class AsymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() throws TokenStoreException {
    AbstractTokenWrapper wrapper = getEncryptBeforeSignWrapper();
    AbstractToken encryptionToken = null;
    if (wrapper != null) {
        encryptionToken = wrapper.getToken();
        assertToken(encryptionToken);
    }
    AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
    if (initiatorWrapper == null) {
        initiatorWrapper = abinding.getInitiatorToken();
    }
    assertTokenWrapper(initiatorWrapper);
    boolean attached = false;
    if (initiatorWrapper != null) {
        AbstractToken initiatorToken = initiatorWrapper.getToken();
        if (initiatorToken instanceof IssuedToken) {
            SecurityToken secToken = getSecurityToken();
            if (secToken == null) {
                unassertPolicy(initiatorToken, "Security token is not found or expired");
                return;
            } else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                Element el = secToken.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            }
        } else if (initiatorToken instanceof SamlToken && isRequestor()) {
            try {
                SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) initiatorToken);
                if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType())) {
                    Element envelope = saaj.getSOAPPart().getEnvelope();
                    envelope = (Element) DOMUtils.getDomElement(envelope);
                    addSupportingElement(assertionWrapper.toDOM(envelope.getOwnerDocument()));
                    storeAssertionAsSecurityToken(assertionWrapper);
                }
            } catch (Exception e) {
                String reason = e.getMessage();
                LOG.log(Level.WARNING, "Encrypt before sign failed due to : " + reason);
                LOG.log(Level.FINE, e.getMessage(), e);
                throw new Fault(e);
            }
        } else if (initiatorToken instanceof SamlToken) {
            String tokenId = getSAMLToken();
            if (tokenId == null) {
                unassertPolicy(initiatorToken, "Security token is not found or expired");
                return;
            }
        }
    }
    List<WSEncryptionPart> sigParts = new ArrayList<>();
    if (timestampEl != null) {
        WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
        sigParts.add(timestampPart);
    }
    try {
        addSupportingTokens(sigParts);
    } catch (WSSecurityException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        unassertPolicy(encryptionToken, ex);
    }
    final List<WSEncryptionPart> encrParts;
    try {
        encrParts = getEncryptedParts();
        // Signed parts are determined before encryption because encrypted signed headers
        // will not be included otherwise
        sigParts.addAll(this.getSignedParts(null));
    } catch (SOAPException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
    WSSecBase encrBase = null;
    SecretKey symmetricKey = null;
    if (encryptionToken != null && !encrParts.isEmpty()) {
        if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
            encrBase = doEncryptionDerived(wrapper, encrParts);
        } else {
            String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
            try {
                KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
                symmetricKey = keyGen.generateKey();
                encrBase = doEncryption(wrapper, encrParts, true, symmetricKey);
            } catch (WSSecurityException ex) {
                LOG.log(Level.FINE, ex.getMessage(), ex);
                throw new Fault(ex);
            }
        }
    }
    if (!isRequestor()) {
        addSignatureConfirmation(sigParts);
    }
    try {
        if (!sigParts.isEmpty()) {
            if (initiatorWrapper != null && isRequestor()) {
                doSignature(initiatorWrapper, sigParts, attached);
            } else if (!isRequestor()) {
                AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
                if (recipientSignatureToken == null) {
                    recipientSignatureToken = abinding.getRecipientToken();
                }
                if (recipientSignatureToken != null) {
                    assertTokenWrapper(recipientSignatureToken);
                    assertToken(recipientSignatureToken.getToken());
                    doSignature(recipientSignatureToken, sigParts, attached);
                }
            }
        }
    } catch (WSSecurityException | SOAPException | TokenStoreException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
    if (isRequestor()) {
        doEndorse();
    }
    if (encrBase != null) {
        encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
        encrBase.clean();
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SamlToken(org.apache.wss4j.policy.model.SamlToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Fault(org.apache.cxf.interceptor.Fault) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) InvalidCanonicalizerException(org.apache.xml.security.c14n.InvalidCanonicalizerException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) SecretKey(javax.crypto.SecretKey) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SOAPException(javax.xml.soap.SOAPException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper) KeyGenerator(javax.crypto.KeyGenerator)

Aggregations

ArrayList (java.util.ArrayList)4 KeyGenerator (javax.crypto.KeyGenerator)4 SecretKey (javax.crypto.SecretKey)4 SOAPException (javax.xml.soap.SOAPException)4 Fault (org.apache.cxf.interceptor.Fault)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)4 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)4 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4 WSSecBase (org.apache.wss4j.dom.message.WSSecBase)4 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)4 AbstractTokenWrapper (org.apache.wss4j.policy.model.AbstractTokenWrapper)4 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)4 InvalidCanonicalizerException (org.apache.xml.security.c14n.InvalidCanonicalizerException)4 Element (org.w3c.dom.Element)4 QName (javax.xml.namespace.QName)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)2 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)2 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)2 SamlToken (org.apache.wss4j.policy.model.SamlToken)2