Search in sources :

Example 6 with AbstractToken

use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.

the class StaxSymmetricBindingHandler method doSignature.

private void doSignature(AbstractTokenWrapper wrapper, AbstractToken policyToken, SecurityToken tok, List<SecurePart> sigParts) throws WSSecurityException, SOAPException {
    // Action
    WSSSecurityProperties properties = getProperties();
    WSSConstants.Action actionToPerform = XMLSecurityConstants.SIGNATURE;
    if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
        if (MessageUtils.isRequestor(message) && policyToken instanceof X509Token) {
            properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
        } else {
            properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
        }
        AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
        properties.setDerivedSignatureKeyLength(algSuiteType.getSignatureDerivedKeyLength() / 8);
    }
    if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
        properties.setUse200512Namespace(true);
    }
    List<WSSConstants.Action> actionList = properties.getActions();
    // Add a Signature directly before Kerberos, otherwise just append it
    boolean actionAdded = false;
    for (int i = 0; i < actionList.size(); i++) {
        WSSConstants.Action action = actionList.get(i);
        if (action.equals(WSSConstants.KERBEROS_TOKEN)) {
            actionList.add(i, actionToPerform);
            actionAdded = true;
            break;
        }
    }
    if (!actionAdded) {
        actionList.add(actionToPerform);
    }
    properties.getSignatureSecureParts().addAll(sigParts);
    AbstractToken sigToken = wrapper.getToken();
    if (sbinding.isProtectTokens() && sigToken instanceof X509Token && isRequestor()) {
        SecurePart securePart = new SecurePart(new QName(XMLSecurityConstants.NS_XMLENC, "EncryptedKey"), Modifier.Element);
        properties.addSignaturePart(securePart);
    }
    configureSignature(sigToken, false);
    if (policyToken instanceof X509Token) {
        properties.setIncludeSignatureToken(false);
        if (isRequestor()) {
            properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_EncryptedKey);
        } else {
            properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
            if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
                properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
            }
        }
    } else if (policyToken instanceof KerberosToken) {
        if (isRequestor()) {
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else {
            if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
            } else {
                properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            }
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
        }
    } else if (policyToken instanceof IssuedToken || policyToken instanceof SecurityContextToken || policyToken instanceof SecureConversationToken || policyToken instanceof SpnegoContextToken) {
        if (!isRequestor()) {
            properties.setIncludeSignatureToken(false);
        } else {
            properties.setIncludeSignatureToken(true);
        }
        properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
    }
    if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        properties.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) QName(javax.xml.namespace.QName) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SecurePart(org.apache.xml.security.stax.ext.SecurePart) X509Token(org.apache.wss4j.policy.model.X509Token) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)

Example 7 with AbstractToken

use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.

the class StaxSymmetricBindingHandler method doEncryption.

private void doEncryption(AbstractTokenWrapper recToken, List<SecurePart> encrParts, boolean externalRef) throws SOAPException {
    // Do encryption
    if (recToken != null && recToken.getToken() != null) {
        AbstractToken encrToken = recToken.getToken();
        AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
        // Action
        WSSSecurityProperties properties = getProperties();
        WSSConstants.Action actionToPerform = XMLSecurityConstants.ENCRYPT;
        if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
            actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
            if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof X509Token) {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
            } else {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
            }
            AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
            properties.setDerivedEncryptionKeyLength(algSuiteType.getEncryptionDerivedKeyLength() / 8);
        }
        if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
            properties.setUse200512Namespace(true);
        }
        properties.getEncryptionSecureParts().addAll(encrParts);
        properties.addAction(actionToPerform);
        if (isRequestor()) {
            properties.setEncryptionKeyIdentifier(getKeyIdentifierType(encrToken));
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else if (recToken.getToken() instanceof KerberosToken && !isRequestor()) {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
            }
        } else if ((recToken.getToken() instanceof IssuedToken || recToken.getToken() instanceof SecureConversationToken || recToken.getToken() instanceof SpnegoContextToken) && !isRequestor()) {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
            if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
                properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
                properties.setEncryptSymmetricEncryptionKey(false);
            }
        }
        // Find out do we also need to include the token as per the Inclusion requirement
        WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getEncryptionKeyIdentifier();
        if (encrToken instanceof X509Token && isTokenRequired(encrToken.getIncludeTokenType()) && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER.equals(keyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(keyIdentifier))) {
            properties.setIncludeEncryptionToken(true);
        } else {
            properties.setIncludeEncryptionToken(false);
        }
        properties.setEncryptionKeyTransportAlgorithm(algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
        properties.setEncryptionSymAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
        properties.setEncryptionKeyTransportDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
        properties.setEncryptionKeyTransportMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
        String encUser = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
        if (encUser == null) {
            encUser = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
        }
        if (encUser != null && properties.getEncryptionUser() == null) {
            properties.setEncryptionUser(encUser);
        }
        if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encUser)) {
            properties.setUseReqSigCertForEncryption(true);
        }
        if (encrToken instanceof KerberosToken || encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken || encrToken instanceof SecurityContextToken || encrToken instanceof SecureConversationToken) {
            properties.setEncryptSymmetricEncryptionKey(false);
        }
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) WSSecurityTokenConstants(org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)

Example 8 with AbstractToken

use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.

the class StaxTransportBindingHandler method handleEndorsingSupportingTokens.

/**
 * Handle the endorsing supporting tokens
 */
private void handleEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception {
    Collection<AssertionInfo> ais;
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens sgndSuppTokens = null;
        for (AssertionInfo ai : ais) {
            sgndSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (sgndSuppTokens != null) {
            for (AbstractToken token : sgndSuppTokens.getTokens()) {
                handleEndorsingToken(token, sgndSuppTokens);
            }
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken)

Example 9 with AbstractToken

use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.

the class SymmetricBindingHandler method doSignBeforeEncrypt.

private void doSignBeforeEncrypt() {
    AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
    assertTokenWrapper(sigAbstractTokenWrapper);
    AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
    String sigTokId = null;
    Element sigTokElem = null;
    try {
        SecurityToken sigTok = null;
        if (sigToken != null) {
            if (sigToken instanceof SecureConversationToken || sigToken instanceof SecurityContextToken || sigToken instanceof IssuedToken || sigToken instanceof KerberosToken || sigToken instanceof SpnegoContextToken) {
                sigTok = getSecurityToken();
            } else if (sigToken instanceof X509Token) {
                if (isRequestor()) {
                    sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                } else {
                    sigTok = getEncryptedKey();
                }
            } else if (sigToken instanceof UsernameToken) {
                if (isRequestor()) {
                    sigTokId = setupUTDerivedKey((UsernameToken) sigToken);
                } else {
                    sigTok = getUTDerivedKey();
                }
            }
        } else {
            unassertPolicy(sbinding, "No signature token");
            return;
        }
        if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
            unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
            return;
        }
        assertPolicy(sigAbstractTokenWrapper);
        if (sigTok == null) {
            sigTok = tokenStore.getToken(sigTokId);
        }
        // if (sigTok == null) {
        // REVISIT - no token?
        // }
        boolean tokIncluded = true;
        if (isTokenRequired(sigToken.getIncludeTokenType())) {
            Element el = sigTok.getToken();
            sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else if (isRequestor() && sigToken instanceof X509Token) {
            Element el = sigTok.getToken();
            sigTokElem = cloneElement(el);
            this.addEncryptedKeyElement(sigTokElem);
        } else {
            tokIncluded = false;
        }
        // Add timestamp
        List<WSEncryptionPart> sigs = new ArrayList<>();
        if (timestampEl != null) {
            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
            sigs.add(timestampPart);
        }
        addSupportingTokens(sigs);
        sigs.addAll(getSignedParts(null));
        if (isRequestor()) {
            if (!sigs.isEmpty()) {
                addSig(doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded));
            }
            doEndorse();
        } else {
            // confirm sig
            addSignatureConfirmation(sigs);
            if (!sigs.isEmpty()) {
                doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded);
            }
        }
        // Encryption
        AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
        AbstractToken encrToken = encrAbstractTokenWrapper.getToken();
        SecurityToken encrTok = null;
        if (sigToken.equals(encrToken)) {
            // Use the same token
            encrTok = sigTok;
        } else {
            unassertPolicy(sbinding, "Encryption token does not equal signature token");
            return;
        }
        List<WSEncryptionPart> enc = getEncryptedParts();
        // Check for signature protection
        if (sbinding.isEncryptSignature()) {
            if (mainSigId != null) {
                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                sigPart.setElement(bottomUpElement);
                enc.add(sigPart);
            }
            if (sigConfList != null && !sigConfList.isEmpty()) {
                enc.addAll(sigConfList);
            }
            assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }
        if (isRequestor()) {
            enc.addAll(encryptedTokensList);
        }
        doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Example 10 with AbstractToken

use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.

the class SymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() {
    try {
        AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
        assertTokenWrapper(encryptionWrapper);
        AbstractToken encryptionToken = encryptionWrapper.getToken();
        if (encryptionToken != null) {
            // The encryption token can be an IssuedToken or a
            // SecureConversationToken
            String tokenId = null;
            SecurityToken tok = null;
            if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken || encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
                tok = getSecurityToken();
            } else if (encryptionToken instanceof X509Token) {
                if (isRequestor()) {
                    tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
                } else {
                    tok = getEncryptedKey();
                }
            } else if (encryptionToken instanceof UsernameToken) {
                if (isRequestor()) {
                    tokenId = setupUTDerivedKey((UsernameToken) encryptionToken);
                } else {
                    tok = getUTDerivedKey();
                }
            }
            if (tok == null) {
                // }
                if (tokenId != null && tokenId.startsWith("#")) {
                    tokenId = tokenId.substring(1);
                }
                /*
                     * Get hold of the token from the token storage
                     */
                tok = tokenStore.getToken(tokenId);
            }
            boolean attached = false;
            if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            } else if (encryptionToken instanceof X509Token && isRequestor()) {
                Element el = tok.getToken();
                this.addEncryptedKeyElement(cloneElement(el));
                attached = true;
            }
            List<WSEncryptionPart> sigParts = new ArrayList<>();
            if (timestampEl != null) {
                WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
                sigParts.add(timestampPart);
            }
            addSupportingTokens(sigParts);
            sigParts.addAll(this.getSignedParts(null));
            List<WSEncryptionPart> encrParts = getEncryptedParts();
            WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
            handleEncryptedSignedHeaders(encrParts, sigParts);
            if (!isRequestor()) {
                addSignatureConfirmation(sigParts);
            }
            // We should use the same key in the case of EncryptBeforeSig
            if (!sigParts.isEmpty()) {
                addSig(this.doSignature(sigParts, encryptionWrapper, encryptionToken, tok, attached));
            }
            if (isRequestor()) {
                this.doEndorse();
            }
            // Check for signature protection and encryption of UsernameToken
            if (sbinding.isEncryptSignature() || !encryptedTokensList.isEmpty() && isRequestor()) {
                List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
                // Now encrypt the signature using the above token
                if (sbinding.isEncryptSignature()) {
                    if (this.mainSigId != null) {
                        WSEncryptionPart sigPart = new WSEncryptionPart(this.mainSigId, "Element");
                        sigPart.setElement(bottomUpElement);
                        secondEncrParts.add(sigPart);
                    }
                    if (sigConfList != null && !sigConfList.isEmpty()) {
                        secondEncrParts.addAll(sigConfList);
                    }
                    assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                }
                if (isRequestor()) {
                    secondEncrParts.addAll(encryptedTokensList);
                }
                Element secondRefList = null;
                if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && !secondEncrParts.isEmpty()) {
                    secondRefList = ((WSSecDKEncrypt) encr).encryptForExternalRef(null, secondEncrParts);
                } else if (!secondEncrParts.isEmpty()) {
                    // Encrypt, get hold of the ref list and add it
                    secondRefList = ((WSSecEncrypt) encr).encryptForRef(null, secondEncrParts);
                }
                if (secondRefList != null) {
                    this.addDerivedKeyElement(secondRefList);
                }
            }
        }
    } catch (RuntimeException ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw ex;
    } catch (Exception ex) {
        LOG.log(Level.FINE, ex.getMessage(), ex);
        throw new Fault(ex);
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) WSSecBase(org.apache.wss4j.dom.message.WSSecBase) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Aggregations

AbstractToken (org.apache.wss4j.policy.model.AbstractToken)33 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)25 X509Token (org.apache.wss4j.policy.model.X509Token)19 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)17 SamlToken (org.apache.wss4j.policy.model.SamlToken)17 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)17 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)17 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)15 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)12 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 QName (javax.xml.namespace.QName)11 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)11 SOAPException (javax.xml.soap.SOAPException)10 Fault (org.apache.cxf.interceptor.Fault)10 Element (org.w3c.dom.Element)10 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)9 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)9 AbstractTokenWrapper (org.apache.wss4j.policy.model.AbstractTokenWrapper)8 WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)8