Search in sources :

Example 11 with KerberosToken

use of org.apache.wss4j.policy.model.KerberosToken in project cxf by apache.

the class SignedEndorsingTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
                assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
                continue;
            }
            DerivedKeys derivedKeys = token.getDerivedKeys();
            boolean derived = derivedKeys == DerivedKeys.RequireDerivedKeys;
            boolean processingFailed = false;
            if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed endorsing supporting token requirement");
                continue;
            }
            if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) DerivedKeys(org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)

Example 12 with KerberosToken

use of org.apache.wss4j.policy.model.KerberosToken in project cxf by apache.

the class SignedTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                continue;
            }
            boolean processingFailed = false;
            if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken) {
                if (!processSCTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed supporting token requirement");
                continue;
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SamlToken(org.apache.wss4j.policy.model.SamlToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken)

Example 13 with KerberosToken

use of org.apache.wss4j.policy.model.KerberosToken in project cxf by apache.

the class AbstractBindingBuilder method handleSupportingTokens.

protected List<SupportingToken> handleSupportingTokens(SupportingTokens suppTokens, boolean endorse, List<SupportingToken> ret) throws WSSecurityException, SOAPException {
    if (suppTokens == null) {
        return ret;
    }
    for (AbstractToken token : suppTokens.getTokens()) {
        assertToken(token);
        if (!isTokenRequired(token.getIncludeTokenType())) {
            // Check for any SignedParts so as *not* to sign them
            getSignedParts(suppTokens);
            continue;
        }
        if (token instanceof UsernameToken) {
            handleUsernameTokenSupportingToken((UsernameToken) token, endorse, suppTokens.isEncryptedToken(), ret);
        } else if (token instanceof IssuedToken || token instanceof SecureConversationToken || token instanceof SecurityContextToken || token instanceof KerberosToken || token instanceof SpnegoContextToken) {
            // ws-trust/ws-sc stuff.......
            SecurityToken secToken = getSecurityToken();
            if (secToken == null) {
                unassertPolicy(token, "Could not find IssuedToken");
            }
            Element clone = cloneElement(secToken.getToken());
            secToken.setToken(clone);
            addSupportingElement(clone);
            String id = XMLUtils.getIDFromReference(secToken.getId());
            if (suppTokens.isEncryptedToken()) {
                WSEncryptionPart part = new WSEncryptionPart(id, "Element");
                part.setElement(clone);
                encryptedTokensList.add(part);
            }
            if (secToken.getX509Certificate() == null) {
                ret.add(new SupportingToken(token, new WSSecurityTokenHolder(secToken, secHeader), getSignedParts(suppTokens)));
            } else {
                ret.add(signSupportingToken(secToken, id, token, suppTokens));
            }
        } else if (token instanceof X509Token) {
            // We have to use a cert. Prepare X509 signature
            WSSecSignature sig = getSignatureBuilder(token, false, endorse);
            assertPolicy(suppTokens);
            Element bstElem = sig.getBinarySecurityTokenElement();
            if (bstElem != null) {
                if (lastEncryptedKeyElement != null) {
                    if (lastEncryptedKeyElement.getNextSibling() != null) {
                        secHeader.getSecurityHeaderElement().insertBefore(bstElem, lastEncryptedKeyElement.getNextSibling());
                    } else {
                        secHeader.getSecurityHeaderElement().appendChild(bstElem);
                    }
                } else {
                    sig.prependBSTElementToHeader();
                }
                if (suppTokens.isEncryptedToken()) {
                    WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
                    part.setElement(bstElem);
                    encryptedTokensList.add(part);
                }
            }
            ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
        } else if (token instanceof KeyValueToken) {
            WSSecSignature sig = getSignatureBuilder(token, false, endorse);
            assertPolicy(suppTokens);
            if (suppTokens.isEncryptedToken()) {
                WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
                encryptedTokensList.add(part);
            }
            ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
        } else if (token instanceof SamlToken) {
            SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) token);
            if (assertionWrapper != null) {
                Element envelope = saaj.getSOAPPart().getEnvelope();
                envelope = (Element) DOMUtils.getDomElement(envelope);
                Element assertionElement = assertionWrapper.toDOM(envelope.getOwnerDocument());
                addSupportingElement(assertionElement);
                ret.add(new SupportingToken(token, assertionWrapper, getSignedParts(suppTokens)));
                if (suppTokens.isEncryptedToken()) {
                    WSEncryptionPart part = new WSEncryptionPart(assertionWrapper.getId(), "Element");
                    part.setElement(assertionElement);
                    encryptedTokensList.add(part);
                }
            }
        }
    }
    return ret;
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)

Example 14 with KerberosToken

use of org.apache.wss4j.policy.model.KerberosToken in project cxf by apache.

the class StaxSymmetricBindingHandler method doSignBeforeEncrypt.

private void doSignBeforeEncrypt() {
    AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
    assertTokenWrapper(sigAbstractTokenWrapper);
    AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
    String sigTokId = null;
    try {
        SecurityToken sigTok = null;
        if (sigToken != null) {
            if (sigToken instanceof KerberosToken) {
                sigTok = getSecurityToken();
                if (isRequestor()) {
                    addKerberosToken((KerberosToken) sigToken, false, true, true);
                }
            } else if (sigToken instanceof IssuedToken) {
                sigTok = getSecurityToken();
                addIssuedToken(sigToken, sigTok, false, true);
                if (sigTok == null && !isRequestor()) {
                    org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN);
                    sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
                }
            } else if (sigToken instanceof SecureConversationToken || sigToken instanceof SecurityContextToken || sigToken instanceof SpnegoContextToken) {
                sigTok = getSecurityToken();
                if (sigTok != null && isRequestor()) {
                    WSSSecurityProperties properties = getProperties();
                    WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
                    properties.addAction(actionToPerform);
                } else if (sigTok == null && !isRequestor()) {
                    org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN);
                    sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
                }
            } else if (sigToken instanceof X509Token) {
                if (isRequestor()) {
                    sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                } else {
                    org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findEncryptedKeyToken();
                    sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
                }
            } else if (sigToken instanceof UsernameToken) {
                unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
                return;
            }
            assertToken(sigToken);
        } else {
            unassertPolicy(sbinding, "No signature token");
            return;
        }
        if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
            unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
            return;
        }
        if (sigTok == null) {
            sigTok = TokenStoreUtils.getTokenStore(message).getToken(sigTokId);
        }
        // Store key
        if (!(MessageUtils.isRequestor(message) && sigToken instanceof KerberosToken)) {
            storeSecurityToken(sigToken, sigTok);
        }
        // Add timestamp
        List<SecurePart> sigs = new ArrayList<>();
        if (timestampAdded) {
            SecurePart part = new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
            sigs.add(part);
        }
        sigs.addAll(this.getSignedParts());
        if (!isRequestor()) {
            addSignatureConfirmation(sigs);
        }
        if (!sigs.isEmpty()) {
            doSignature(sigAbstractTokenWrapper, sigToken, sigTok, sigs);
        }
        addSupportingTokens();
        removeSignatureIfSignedSAML();
        prependSignatureToSC();
        // Encryption
        List<SecurePart> enc = getEncryptedParts();
        // Check for signature protection
        if (sbinding.isEncryptSignature()) {
            SecurePart part = new SecurePart(new QName(XMLSecurityConstants.NS_DSIG, "Signature"), Modifier.Element);
            enc.add(part);
            if (signatureConfirmationAdded) {
                part = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
                enc.add(part);
            }
            assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }
        // Do encryption
        if (isRequestor()) {
            enc.addAll(encryptedTokensList);
        }
        AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
        doEncryption(encrAbstractTokenWrapper, enc, false);
        putCustomTokenAfterSignature();
    } catch (Exception e) {
        throw new Fault(e);
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) ArrayList(java.util.ArrayList) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurePart(org.apache.xml.security.stax.ext.SecurePart) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Example 15 with KerberosToken

use of org.apache.wss4j.policy.model.KerberosToken in project cxf by apache.

the class StaxSymmetricBindingHandler method doEncryptBeforeSign.

private void doEncryptBeforeSign() {
    try {
        AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
        assertTokenWrapper(encryptionWrapper);
        AbstractToken encryptionToken = encryptionWrapper.getToken();
        String tokenId = null;
        SecurityToken tok = null;
        if (encryptionToken instanceof KerberosToken) {
            tok = getSecurityToken();
            if (MessageUtils.isRequestor(message)) {
                addKerberosToken((KerberosToken) encryptionToken, false, true, true);
            }
        } else if (encryptionToken instanceof IssuedToken) {
            tok = getSecurityToken();
            addIssuedToken(encryptionToken, tok, false, true);
            if (tok == null && !isRequestor()) {
                org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN);
                tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
            }
        } else if (encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
            tok = getSecurityToken();
            if (tok != null && isRequestor()) {
                WSSSecurityProperties properties = getProperties();
                WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
                properties.addAction(actionToPerform);
            } else if (tok == null && !isRequestor()) {
                org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN);
                tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
            }
        } else if (encryptionToken instanceof X509Token) {
            if (isRequestor()) {
                tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
            } else {
                org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findEncryptedKeyToken();
                tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
            }
        } else if (encryptionToken instanceof UsernameToken) {
            unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
            return;
        }
        assertToken(encryptionToken);
        if (tok == null) {
            tokenId = XMLUtils.getIDFromReference(tokenId);
            // Get hold of the token from the token storage
            tok = TokenStoreUtils.getTokenStore(message).getToken(tokenId);
        }
        // Store key
        if (!(MessageUtils.isRequestor(message) && encryptionToken instanceof KerberosToken)) {
            storeSecurityToken(encryptionToken, tok);
        }
        List<SecurePart> encrParts = null;
        List<SecurePart> sigParts = null;
        try {
            encrParts = getEncryptedParts();
            // Signed parts are determined before encryption because encrypted signed headers
            // will not be included otherwise
            sigParts = getSignedParts();
        } catch (SOAPException ex) {
            throw new Fault(ex);
        }
        addSupportingTokens();
        if (encryptionToken != null && !encrParts.isEmpty()) {
            if (isRequestor()) {
                encrParts.addAll(encryptedTokensList);
            }
            // Check for signature protection
            if (sbinding.isEncryptSignature()) {
                SecurePart part = new SecurePart(new QName(XMLSecurityConstants.NS_DSIG, "Signature"), Modifier.Element);
                encrParts.add(part);
                if (signatureConfirmationAdded) {
                    part = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
                    encrParts.add(part);
                }
                assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
            }
            doEncryption(encryptionWrapper, encrParts, true);
        }
        if (timestampAdded) {
            SecurePart part = new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
            sigParts.add(part);
        }
        sigParts.addAll(this.getSignedParts());
        if (!sigParts.isEmpty()) {
            AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
            if (sigAbstractTokenWrapper != null) {
                AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
                if (isRequestor()) {
                    doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
                } else {
                    addSignatureConfirmation(sigParts);
                    doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
                }
            }
        }
        removeSignatureIfSignedSAML();
        enforceEncryptBeforeSigningWithSignedSAML();
        prependSignatureToSC();
        putCustomTokenAfterSignature();
    } catch (RuntimeException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new Fault(ex);
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) QName(javax.xml.namespace.QName) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) Fault(org.apache.cxf.interceptor.Fault) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurePart(org.apache.xml.security.stax.ext.SecurePart) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) SOAPException(javax.xml.soap.SOAPException) AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)

Aggregations

KerberosToken (org.apache.wss4j.policy.model.KerberosToken)24 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)22 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)21 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)20 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)19 X509Token (org.apache.wss4j.policy.model.X509Token)19 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)17 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)14 SamlToken (org.apache.wss4j.policy.model.SamlToken)13 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)12 QName (javax.xml.namespace.QName)9 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)9 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)9 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)9 Element (org.w3c.dom.Element)9 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)8 SOAPException (javax.xml.soap.SOAPException)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)6 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)5