Example 1 with TokenType
use of org.apache.wss4j.policy.model.X509Token.TokenType in project cxf by apache.
the class AbstractBindingBuilder method checkForX509PkiPath.
private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token) {
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
TokenType tokenType = x509Token.getTokenType();
if (tokenType == TokenType.WssX509PkiPathV1Token10 || tokenType == TokenType.WssX509PkiPathV1Token11) {
sig.setUseSingleCertificate(false);
}
}
}
Also used :
TokenType(org.apache.wss4j.policy.model.X509Token.TokenType)
IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType)
SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType)
X509Token(org.apache.wss4j.policy.model.X509Token)
Example 2 with TokenType
use of org.apache.wss4j.policy.model.X509Token.TokenType in project cxf by apache.
the class AbstractStaxBindingHandler method configureSignature.
protected void configureSignature(AbstractToken token, boolean attached) throws WSSecurityException {
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
TokenType tokenType = x509Token.getTokenType();
if (tokenType == TokenType.WssX509PkiPathV1Token10 || tokenType == TokenType.WssX509PkiPathV1Token11) {
properties.setUseSingleCert(false);
}
}
properties.setSignatureKeyIdentifier(getKeyIdentifierType(token));
// Find out do we also need to include the token as per the Inclusion requirement
WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getSignatureKeyIdentifier();
if (token instanceof X509Token && isTokenRequired(token.getIncludeTokenType()) && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER.equals(keyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(keyIdentifier))) {
properties.setIncludeSignatureToken(true);
} else {
properties.setIncludeSignatureToken(false);
}
String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
if (binding instanceof SymmetricBinding) {
userNameKey = SecurityConstants.ENCRYPT_USERNAME;
properties.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
} else {
properties.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
}
properties.setSignatureCanonicalizationAlgorithm(binding.getAlgorithmSuite().getC14n().getValue());
String sigUser = (String) SecurityUtils.getSecurityPropertyValue(userNameKey, message);
if (sigUser == null) {
sigUser = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
}
if (sigUser != null && properties.getSignatureUser() == null) {
properties.setSignatureUser(sigUser);
}
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
// sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
boolean includePrefixes = MessageUtils.getContextualBoolean(message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true);
properties.setAddExcC14NInclusivePrefixes(includePrefixes);
}
Also used :
SymmetricBinding(org.apache.wss4j.policy.model.SymmetricBinding)
TokenType(org.apache.wss4j.policy.model.X509Token.TokenType)
IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType)
SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType)
X509Token(org.apache.wss4j.policy.model.X509Token)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
WSSecurityTokenConstants(org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants)
Example 3 with TokenType
use of org.apache.wss4j.policy.model.X509Token.TokenType in project cxf by apache.
the class X509TokenPolicyValidator method assertToken.
private void assertToken(X509Token token, AssertionInfoMap aim) {
String namespace = token.getName().getNamespaceURI();
// Assert references
if (token.isRequireIssuerSerialReference()) {
PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE));
}
if (token.isRequireThumbprintReference()) {
PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.REQUIRE_THUMBPRINT_REFERENCE));
}
if (token.isRequireEmbeddedTokenReference()) {
PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE));
}
if (token.isRequireKeyIdentifierReference()) {
PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
}
// Assert TokenType
TokenType tokenType = token.getTokenType();
if (tokenType != null) {
PolicyUtils.assertPolicy(aim, new QName(namespace, tokenType.name()));
}
}Aggregations
TokenType (org.apache.wss4j.policy.model.X509Token.TokenType)3
IncludeTokenType (org.apache.wss4j.policy.SPConstants.IncludeTokenType)2
SamlTokenType (org.apache.wss4j.policy.model.SamlToken.SamlTokenType)2
X509Token (org.apache.wss4j.policy.model.X509Token)2
QName (javax.xml.namespace.QName)1
AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)1
SymmetricBinding (org.apache.wss4j.policy.model.SymmetricBinding)1
WSSecurityTokenConstants (org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants)1
