Search in sources :

Example 26 with SamlToken

use of org.apache.wss4j.policy.model.SamlToken in project cxf by apache.

the class AsymmetricBindingHandler method doEncryption.

private WSSecBase doEncryption(AbstractTokenWrapper recToken, List<WSEncryptionPart> encrParts, boolean externalRef) {
    // Do encryption
    if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
        AbstractToken encrToken = recToken.getToken();
        assertPolicy(recToken);
        assertPolicy(encrToken);
        AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
        if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
            return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
        }
        try {
            WSSecEncrypt encr = new WSSecEncrypt(secHeader);
            encr.setEncryptionSerializer(new StaxSerializer());
            encr.setIdAllocator(wssConfig.getIdAllocator());
            encr.setCallbackLookup(callbackLookup);
            encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
            encr.setStoreBytesInAttachment(storeBytesInAttachment);
            encr.setExpandXopInclude(isExpandXopInclude());
            encr.setWsDocInfo(wsDocInfo);
            Crypto crypto = getEncryptionCrypto();
            SecurityToken securityToken = getSecurityToken();
            if (!isRequestor() && securityToken != null && recToken.getToken() instanceof SamlToken) {
                String tokenType = securityToken.getTokenType();
                if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                    encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                    encr.setCustomEKTokenId(securityToken.getId());
                } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                    encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
                    encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                    encr.setCustomEKTokenId(securityToken.getId());
                } else {
                    setKeyIdentifierType(encr, encrToken);
                }
            } else {
                setKeyIdentifierType(encr, encrToken);
            }
            // 
            if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) {
                encr.setUseThisCert(securityToken.getX509Certificate());
            } else if (!isRequestor() && securityToken != null && securityToken.getKey() instanceof PublicKey) {
                encr.setUseThisPublicKey((PublicKey) securityToken.getKey());
            } else {
                setEncryptionUser(encr, encrToken, false, crypto);
            }
            if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
                unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
            }
            AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
            encr.setSymmetricEncAlgorithm(algType.getEncryption());
            encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
            encr.setMGFAlgorithm(algType.getMGFAlgo());
            encr.setDigestAlgorithm(algType.getEncryptionDigest());
            encr.prepare(crypto);
            Element encryptedKeyElement = encr.getEncryptedKeyElement();
            List<Element> attachments = encr.getAttachmentEncryptedDataElements();
            // Encrypt, get hold of the ref list and add it
            if (externalRef) {
                Element refList = encr.encryptForRef(null, encrParts);
                if (refList != null) {
                    insertBeforeBottomUp(refList);
                }
                if (attachments != null) {
                    for (Element attachment : attachments) {
                        this.insertBeforeBottomUp(attachment);
                    }
                }
                if (refList != null || (attachments != null && !attachments.isEmpty())) {
                    this.addEncryptedKeyElement(encryptedKeyElement);
                }
            } else {
                Element refList = encr.encryptForRef(null, encrParts);
                if (refList != null || (attachments != null && !attachments.isEmpty())) {
                    this.addEncryptedKeyElement(encryptedKeyElement);
                }
                // Add internal refs
                if (refList != null) {
                    encryptedKeyElement.appendChild(refList);
                }
                if (attachments != null) {
                    for (Element attachment : attachments) {
                        this.addEncryptedKeyElement(attachment);
                    }
                }
            }
            // Put BST before EncryptedKey element
            if (encr.getBSTTokenId() != null) {
                encr.prependBSTElementToHeader();
            }
            return encr;
        } catch (WSSecurityException e) {
            LOG.log(Level.FINE, e.getMessage(), e);
            unassertPolicy(recToken, e);
        }
    }
    return null;
}
Also used : WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) SamlToken(org.apache.wss4j.policy.model.SamlToken) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) PublicKey(java.security.PublicKey) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) Crypto(org.apache.wss4j.common.crypto.Crypto) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Aggregations

SamlToken (org.apache.wss4j.policy.model.SamlToken)26 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)20 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)18 X509Token (org.apache.wss4j.policy.model.X509Token)14 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)13 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)13 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)13 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)13 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)12 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)12 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)11 Element (org.w3c.dom.Element)11 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)10 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8 QName (javax.xml.namespace.QName)7 Fault (org.apache.cxf.interceptor.Fault)7 SOAPException (javax.xml.soap.SOAPException)6 TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)5 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)5