Example 56 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxSymmetricBindingHandler method doEncryptBeforeSign.
private void doEncryptBeforeSign() {
try {
AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
assertTokenWrapper(encryptionWrapper);
AbstractToken encryptionToken = encryptionWrapper.getToken();
String tokenId = null;
SecurityToken tok = null;
if (encryptionToken instanceof KerberosToken) {
tok = getSecurityToken();
if (MessageUtils.isRequestor(message)) {
addKerberosToken((KerberosToken) encryptionToken, false, true, true);
}
} else if (encryptionToken instanceof IssuedToken) {
tok = getSecurityToken();
addIssuedToken(encryptionToken, tok, false, true);
if (tok == null && !isRequestor()) {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN);
tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
tok = getSecurityToken();
if (tok != null && isRequestor()) {
WSSSecurityProperties properties = getProperties();
WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
properties.addAction(actionToPerform);
} else if (tok == null && !isRequestor()) {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN);
tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof X509Token) {
if (isRequestor()) {
tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
} else {
org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findEncryptedKeyToken();
tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof UsernameToken) {
unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
return;
}
assertToken(encryptionToken);
if (tok == null) {
tokenId = XMLUtils.getIDFromReference(tokenId);
// Get hold of the token from the token storage
tok = TokenStoreUtils.getTokenStore(message).getToken(tokenId);
}
// Store key
if (!(MessageUtils.isRequestor(message) && encryptionToken instanceof KerberosToken)) {
storeSecurityToken(encryptionToken, tok);
}
List<SecurePart> encrParts = null;
List<SecurePart> sigParts = null;
try {
encrParts = getEncryptedParts();
// Signed parts are determined before encryption because encrypted signed headers
// will not be included otherwise
sigParts = getSignedParts();
} catch (SOAPException ex) {
throw new Fault(ex);
}
addSupportingTokens();
if (encryptionToken != null && !encrParts.isEmpty()) {
if (isRequestor()) {
encrParts.addAll(encryptedTokensList);
}
// Check for signature protection
if (sbinding.isEncryptSignature()) {
SecurePart part = new SecurePart(new QName(XMLSecurityConstants.NS_DSIG, "Signature"), Modifier.Element);
encrParts.add(part);
if (signatureConfirmationAdded) {
part = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
encrParts.add(part);
}
assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
}
doEncryption(encryptionWrapper, encrParts, true);
}
if (timestampAdded) {
SecurePart part = new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
sigParts.add(part);
}
sigParts.addAll(this.getSignedParts());
if (!sigParts.isEmpty()) {
AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
if (sigAbstractTokenWrapper != null) {
AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
if (isRequestor()) {
doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
} else {
addSignatureConfirmation(sigParts);
doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
}
}
}
removeSignatureIfSignedSAML();
enforceEncryptBeforeSigningWithSignedSAML();
prependSignatureToSC();
putCustomTokenAfterSignature();
} catch (RuntimeException ex) {
throw ex;
} catch (Exception ex) {
throw new Fault(ex);
}
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
QName(javax.xml.namespace.QName)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
Fault(org.apache.cxf.interceptor.Fault)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
SOAPException(javax.xml.soap.SOAPException)
AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)
Example 57 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxTransportBindingHandler method handleEndorsingToken.
private void handleEndorsingToken(AbstractToken token, SupportingTokens wrapper) throws Exception {
assertToken(token);
if (token != null && !isTokenRequired(token.getIncludeTokenType())) {
return;
}
if (token instanceof IssuedToken) {
SecurityToken securityToken = getSecurityToken();
addIssuedToken(token, securityToken, false, true);
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
WSSSecurityProperties properties = getProperties();
if (securityToken != null && securityToken.getSecret() != null) {
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getSymmetricSignature());
} else {
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getAsymmetricSignature());
}
properties.setSignatureCanonicalizationAlgorithm(tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
} else if (token instanceof SecureConversationToken || token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
SecurityToken securityToken = getSecurityToken();
addIssuedToken(token, securityToken, false, true);
WSSSecurityProperties properties = getProperties();
if (securityToken != null) {
storeSecurityToken(token, securityToken);
// Set up CallbackHandler which wraps the configured Handler
TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message));
properties.setCallbackHandler(callbackHandler);
}
doSignature(token, wrapper);
properties.setIncludeSignatureToken(true);
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getSymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
} else if (token instanceof X509Token || token instanceof KeyValueToken) {
doSignature(token, wrapper);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken) token, false, true);
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
WSSSecurityProperties properties = getProperties();
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getAsymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
} else if (token instanceof UsernameToken) {
throw new Exception("Endorsing UsernameTokens are not supported in the streaming code");
} else if (token instanceof KerberosToken) {
WSSSecurityProperties properties = getProperties();
properties.addAction(XMLSecurityConstants.SIGNATURE);
configureSignature(token, false);
addKerberosToken((KerberosToken) token, false, true, false);
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getSymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
}
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
SOAPException(javax.xml.soap.SOAPException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)
TokenStoreCallbackHandler(org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler)
Example 58 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxTransportBindingHandler method doSignature.
private void doSignature(AbstractToken token, SupportingTokens wrapper) throws Exception {
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
// Action
WSSSecurityProperties properties = getProperties();
WSSConstants.Action actionToPerform = XMLSecurityConstants.SIGNATURE;
if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
}
properties.addAction(actionToPerform);
configureSignature(token, false);
if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getSymmetricSignature());
}
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
Example 59 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxTransportBindingHandler method signPartsAndElements.
/**
* Identifies the portions of the message to be signed/encrypted.
*/
private void signPartsAndElements(SignedParts signedParts, SignedElements signedElements) throws SOAPException {
WSSSecurityProperties properties = getProperties();
List<SecurePart> signatureParts = properties.getSignatureSecureParts();
// Add timestamp
if (timestampAdded) {
SecurePart part = new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
signatureParts.add(part);
}
// Add SignedParts
if (signedParts != null) {
if (signedParts.isBody()) {
SecurePart part = new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), Modifier.Element);
signatureParts.add(part);
}
for (Header head : signedParts.getHeaders()) {
SecurePart part = new SecurePart(new QName(head.getNamespace(), head.getName()), Modifier.Element);
part.setRequired(false);
signatureParts.add(part);
}
}
// Handle SignedElements
if (signedElements != null && signedElements.getXPaths() != null) {
for (XPath xPath : signedElements.getXPaths()) {
List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
if (!qnames.isEmpty()) {
SecurePart part = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
signatureParts.add(part);
}
}
}
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
XPath(org.apache.wss4j.policy.model.XPath)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
Header(org.apache.wss4j.policy.model.Header)
QName(javax.xml.namespace.QName)
Example 60 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxToDOMSignatureIdentifierTest method testSignatureX509.
@Test
public void testSignatureX509() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
inProperties.put(ConfigurationConstants.IS_BSP_COMPLIANT, "false");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
actions.add(XMLSecurityConstants.SIGNATURE);
properties.setActions(actions);
properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
properties.setSignatureUser("myalias");
Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
properties.setSignatureCryptoProperties(cryptoProperties);
properties.setCallbackHandler(new TestPwdCallback());
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
Test(org.junit.Test)
Aggregations
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)107
Client (org.apache.cxf.endpoint.Client)90
LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)89
LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)89
Service (org.apache.cxf.service.Service)89
Test (org.junit.Test)89
WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)68
Properties (java.util.Properties)67
ArrayList (java.util.ArrayList)63
HashMap (java.util.HashMap)59
QName (javax.xml.namespace.QName)27
SecurePart (org.apache.xml.security.stax.ext.SecurePart)19
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)12
Echo (org.apache.cxf.ws.security.wss4j.Echo)12
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)9
WSS4JStaxOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)8
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)8
WSS4JStaxInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor)7
X509Token (org.apache.wss4j.policy.model.X509Token)7
WSS4JInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)6
