Example 26 with SamlToken
use of org.apache.wss4j.policy.model.SamlToken in project cxf by apache.
the class AsymmetricBindingHandler method doEncryption.
private WSSecBase doEncryption(AbstractTokenWrapper recToken, List<WSEncryptionPart> encrParts, boolean externalRef) {
// Do encryption
if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
AbstractToken encrToken = recToken.getToken();
assertPolicy(recToken);
assertPolicy(encrToken);
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
}
try {
WSSecEncrypt encr = new WSSecEncrypt(secHeader);
encr.setEncryptionSerializer(new StaxSerializer());
encr.setIdAllocator(wssConfig.getIdAllocator());
encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setStoreBytesInAttachment(storeBytesInAttachment);
encr.setExpandXopInclude(isExpandXopInclude());
encr.setWsDocInfo(wsDocInfo);
Crypto crypto = getEncryptionCrypto();
SecurityToken securityToken = getSecurityToken();
if (!isRequestor() && securityToken != null && recToken.getToken() instanceof SamlToken) {
String tokenType = securityToken.getTokenType();
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
encr.setCustomEKTokenId(securityToken.getId());
} else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
encr.setCustomEKTokenId(securityToken.getId());
} else {
setKeyIdentifierType(encr, encrToken);
}
} else {
setKeyIdentifierType(encr, encrToken);
}
//
if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) {
encr.setUseThisCert(securityToken.getX509Certificate());
} else if (!isRequestor() && securityToken != null && securityToken.getKey() instanceof PublicKey) {
encr.setUseThisPublicKey((PublicKey) securityToken.getKey());
} else {
setEncryptionUser(encr, encrToken, false, crypto);
}
if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
}
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
encr.setSymmetricEncAlgorithm(algType.getEncryption());
encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encr.setMGFAlgorithm(algType.getMGFAlgo());
encr.setDigestAlgorithm(algType.getEncryptionDigest());
encr.prepare(crypto);
Element encryptedKeyElement = encr.getEncryptedKeyElement();
List<Element> attachments = encr.getAttachmentEncryptedDataElements();
// Encrypt, get hold of the ref list and add it
if (externalRef) {
Element refList = encr.encryptForRef(null, encrParts);
if (refList != null) {
insertBeforeBottomUp(refList);
}
if (attachments != null) {
for (Element attachment : attachments) {
this.insertBeforeBottomUp(attachment);
}
}
if (refList != null || (attachments != null && !attachments.isEmpty())) {
this.addEncryptedKeyElement(encryptedKeyElement);
}
} else {
Element refList = encr.encryptForRef(null, encrParts);
if (refList != null || (attachments != null && !attachments.isEmpty())) {
this.addEncryptedKeyElement(encryptedKeyElement);
}
// Add internal refs
if (refList != null) {
encryptedKeyElement.appendChild(refList);
}
if (attachments != null) {
for (Element attachment : attachments) {
this.addEncryptedKeyElement(attachment);
}
}
}
// Put BST before EncryptedKey element
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader();
}
return encr;
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
}
return null;
}
Also used :
WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
PublicKey(java.security.PublicKey)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer)
Crypto(org.apache.wss4j.common.crypto.Crypto)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
Aggregations
SamlToken (org.apache.wss4j.policy.model.SamlToken)26
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)20
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)18
X509Token (org.apache.wss4j.policy.model.X509Token)14
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)13
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)13
SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)13
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)13
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)12
KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)12
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)11
Element (org.w3c.dom.Element)11
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)10
SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8
QName (javax.xml.namespace.QName)7
Fault (org.apache.cxf.interceptor.Fault)7
SOAPException (javax.xml.soap.SOAPException)6
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)5
AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)5
