Search in sources :

Example 1 with IncludeTokenType

use of org.apache.wss4j.policy.SPConstants.IncludeTokenType in project cxf by apache.

the class AbstractStaxBindingHandler method addKerberosToken.

protected SecurePart addKerberosToken(KerberosToken token, boolean signed, boolean endorsing, boolean encrypting) throws WSSecurityException, TokenStoreException {
    assertToken(token);
    IncludeTokenType includeToken = token.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    final SecurityToken secToken = getSecurityToken();
    if (secToken == null) {
        unassertPolicy(token, "Could not find KerberosToken");
    }
    // Get the kerberos token from the element
    byte[] data = null;
    if (secToken.getToken() != null) {
        String text = XMLUtils.getElementText(secToken.getToken());
        if (text != null) {
            data = org.apache.xml.security.utils.XMLUtils.decode(text);
        }
    }
    // Convert to WSS4J token
    final KerberosClientSecurityToken wss4jToken = new KerberosClientSecurityToken(data, secToken.getKey(), secToken.getId()) {

        @Override
        public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
            if (secToken.getSecret() != null && algorithmURI != null && !"".equals(algorithmURI)) {
                return KeyUtils.prepareSecretKey(algorithmURI, secToken.getSecret());
            }
            return secToken.getKey();
        }
    };
    wss4jToken.setSha1Identifier(secToken.getSHA1());
    final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider = new SecurityTokenProvider<OutboundSecurityToken>() {

        @Override
        public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
            return wss4jToken;
        }

        @Override
        public String getId() {
            return wss4jToken.getId();
        }
    };
    outboundSecurityContext.registerSecurityTokenProvider(kerberosSecurityTokenProvider.getId(), kerberosSecurityTokenProvider);
    outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, kerberosSecurityTokenProvider.getId());
    if (encrypting) {
        outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, kerberosSecurityTokenProvider.getId());
    }
    if (endorsing) {
        outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, kerberosSecurityTokenProvider.getId());
    }
    // Action
    properties.addAction(WSSConstants.KERBEROS_TOKEN);
    /*
        if (endorsing) {
            String action = (String)config.get(ConfigurationConstants.ACTION);
            config.put(ConfigurationConstants.ACTION,
                ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN  + " " + action);
            // config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
        }
        */
    SecurePart securePart = new SecurePart(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN, Modifier.Element);
    securePart.setIdToSecure(wss4jToken.getId());
    return securePart;
}
Also used : GenericOutboundSecurityToken(org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) KerberosClientSecurityToken(org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken) SecurePart(org.apache.xml.security.stax.ext.SecurePart) GenericOutboundSecurityToken(org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) KerberosClientSecurityToken(org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken) SecurityTokenProvider(org.apache.xml.security.stax.securityToken.SecurityTokenProvider)

Example 2 with IncludeTokenType

use of org.apache.wss4j.policy.SPConstants.IncludeTokenType in project cxf by apache.

the class AbstractStaxBindingHandler method addSamlToken.

protected SecurePart addSamlToken(SamlToken token, boolean signed, boolean endorsing) throws WSSecurityException {
    assertToken(token);
    IncludeTokenType includeToken = token.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    // 
    // Get the SAML CallbackHandler
    // 
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
    try {
        CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            unassertPolicy(token, "No SAML CallbackHandler available");
            return null;
        }
        properties.setSamlCallbackHandler(handler);
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    // Action
    WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
    if (signed || endorsing) {
        actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
    }
    properties.addAction(actionToPerform);
    QName qname = WSSConstants.TAG_SAML2_ASSERTION;
    SamlTokenType tokenType = token.getSamlTokenType();
    if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
        qname = WSSConstants.TAG_SAML_ASSERTION;
    }
    return new SecurePart(qname, Modifier.Element);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType) CallbackHandler(javax.security.auth.callback.CallbackHandler) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) QName(javax.xml.namespace.QName) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) IOException(java.io.IOException)

Example 3 with IncludeTokenType

use of org.apache.wss4j.policy.SPConstants.IncludeTokenType in project cxf by apache.

the class AbstractStaxBindingHandler method addUsernameToken.

protected SecurePart addUsernameToken(UsernameToken usernameToken) {
    assertToken(usernameToken);
    IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    // Action
    properties.addAction(WSSConstants.USERNAMETOKEN);
    // Password Type
    PasswordType passwordType = usernameToken.getPasswordType();
    if (passwordType == PasswordType.HashPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
    } else if (passwordType == PasswordType.NoPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
    } else {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
    }
    // Nonce + Created
    if (usernameToken.isNonce()) {
        properties.setAddUsernameTokenNonce(true);
    }
    if (usernameToken.isCreated()) {
        properties.setAddUsernameTokenCreated(true);
    }
    // Check if a CallbackHandler was specified
    if (properties.getCallbackHandler() == null) {
        String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
        if (password != null) {
            String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
            UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
            properties.setCallbackHandler(callbackHandler);
        }
    }
    return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) UsernameTokenPasswordType(org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Aggregations

IncludeTokenType (org.apache.wss4j.policy.SPConstants.IncludeTokenType)3 SecurePart (org.apache.xml.security.stax.ext.SecurePart)3 IOException (java.io.IOException)1 CallbackHandler (javax.security.auth.callback.CallbackHandler)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 QName (javax.xml.namespace.QName)1 SOAPException (javax.xml.soap.SOAPException)1 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)1 TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 SamlTokenType (org.apache.wss4j.policy.model.SamlToken.SamlTokenType)1 PasswordType (org.apache.wss4j.policy.model.UsernameToken.PasswordType)1 WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)1 UsernameTokenPasswordType (org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType)1 KerberosClientSecurityToken (org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 GenericOutboundSecurityToken (org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken)1 OutboundSecurityToken (org.apache.xml.security.stax.securityToken.OutboundSecurityToken)1 SecurityTokenProvider (org.apache.xml.security.stax.securityToken.SecurityTokenProvider)1