Examples with KeyValueToken org.apache.wss4j.policy.model.KeyValueToken used on opensource projects

Search in sources :

Example 1 with KeyValueToken

use of org.apache.wss4j.policy.model.KeyValueToken in project cxf by apache.

the class AbstractBindingBuilder method setKeyIdentifierType.

public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) {
    boolean tokenTypeSet = false;
    if (token instanceof X509Token) {
        X509Token x509Token = (X509Token) token;
        if (x509Token.isRequireIssuerSerialReference()) {
            secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            tokenTypeSet = true;
        } else if (x509Token.isRequireKeyIdentifierReference()) {
            secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
            tokenTypeSet = true;
        } else if (x509Token.isRequireThumbprintReference()) {
            secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            tokenTypeSet = true;
        }
    } else if (token instanceof KeyValueToken) {
        secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
        tokenTypeSet = true;
    }
    assertToken(token);
    if (!tokenTypeSet) {
        boolean requestor = isRequestor();
        if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER || token instanceof X509Token && ((token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT && !requestor) || (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR && requestor))) {
            Wss10 wss = getWss10();
            assertPolicy(wss);
            if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
                secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
            } else if (wss.isMustSupportRefIssuerSerial()) {
                secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            } else if (wss instanceof Wss11 && ((Wss11) wss).isMustSupportRefThumbprint()) {
                secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            } else {
                secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            }
        } else {
            secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        }
    }
}
Also used : X509Token(org.apache.wss4j.policy.model.X509Token) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) Wss11(org.apache.wss4j.policy.model.Wss11) Wss10(org.apache.wss4j.policy.model.Wss10)

Example 2 with KeyValueToken

use of org.apache.wss4j.policy.model.KeyValueToken in project cxf by apache.

the class AbstractCommonBindingHandler method assertToken.

protected void assertToken(AbstractToken token) {
    if (token == null) {
        return;
    }
    assertPolicy(token.getName());
    String namespace = token.getName().getNamespaceURI();
    if (token.getDerivedKeys() != null) {
        assertPolicy(new QName(namespace, token.getDerivedKeys().name()));
    }
    if (token instanceof X509Token) {
        X509Token x509Token = (X509Token) token;
        assertX509Token(x509Token);
    } else if (token instanceof HttpsToken) {
        HttpsToken httpsToken = (HttpsToken) token;
        if (httpsToken.getAuthenticationType() != null) {
            assertPolicy(new QName(namespace, httpsToken.getAuthenticationType().name()));
        }
    } else if (token instanceof KeyValueToken) {
        KeyValueToken keyValueToken = (KeyValueToken) token;
        if (keyValueToken.isRsaKeyValue()) {
            assertPolicy(new QName(namespace, SPConstants.RSA_KEY_VALUE));
        }
    } else if (token instanceof UsernameToken) {
        UsernameToken usernameToken = (UsernameToken) token;
        assertUsernameToken(usernameToken);
    } else if (token instanceof SecureConversationToken) {
        SecureConversationToken scToken = (SecureConversationToken) token;
        assertSecureConversationToken(scToken);
    } else if (token instanceof SecurityContextToken) {
        SecurityContextToken scToken = (SecurityContextToken) token;
        assertSecurityContextToken(scToken);
    } else if (token instanceof SpnegoContextToken) {
        SpnegoContextToken scToken = (SpnegoContextToken) token;
        assertSpnegoContextToken(scToken);
    } else if (token instanceof IssuedToken) {
        IssuedToken issuedToken = (IssuedToken) token;
        assertIssuedToken(issuedToken);
    } else if (token instanceof KerberosToken) {
        KerberosToken kerberosToken = (KerberosToken) token;
        assertKerberosToken(kerberosToken);
    } else if (token instanceof SamlToken) {
        SamlToken samlToken = (SamlToken) token;
        assertSamlToken(samlToken);
    }
}
Also used : HttpsToken(org.apache.wss4j.policy.model.HttpsToken) X509Token(org.apache.wss4j.policy.model.X509Token) SamlToken(org.apache.wss4j.policy.model.SamlToken) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) QName(javax.xml.namespace.QName) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)

Example 3 with KeyValueToken

use of org.apache.wss4j.policy.model.KeyValueToken in project cxf by apache.

the class EndorsingTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
                assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
                continue;
            }
            DerivedKeys derivedKeys = token.getDerivedKeys();
            boolean derived = derivedKeys == DerivedKeys.RequireDerivedKeys;
            boolean processingFailed = false;
            if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the endorsing supporting token requirement");
                continue;
            }
            if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) DerivedKeys(org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)

Example 4 with KeyValueToken

use of org.apache.wss4j.policy.model.KeyValueToken in project cxf by apache.

the class SignedEndorsingTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
                assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
                continue;
            }
            DerivedKeys derivedKeys = token.getDerivedKeys();
            boolean derived = derivedKeys == DerivedKeys.RequireDerivedKeys;
            boolean processingFailed = false;
            if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed endorsing supporting token requirement");
                continue;
            }
            if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) DerivedKeys(org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)

Example 5 with KeyValueToken

use of org.apache.wss4j.policy.model.KeyValueToken in project cxf by apache.

the class SignedTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                continue;
            }
            boolean processingFailed = false;
            if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken) {
                if (!processSCTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed supporting token requirement");
                continue;
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SamlToken(org.apache.wss4j.policy.model.SamlToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken)

Aggregations

KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)13 X509Token (org.apache.wss4j.policy.model.X509Token)13 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)12 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)12 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)12 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)11 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)9 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)8 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)8 DerivedKeys (org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)4 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)2 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)2 Element (org.w3c.dom.Element)2 Instant (java.time.Instant)1 QName (javax.xml.namespace.QName)1 SOAPException (javax.xml.soap.SOAPException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial