Examples with GenericOutboundSecurityToken org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken used on opensource projects

Example 1 with GenericOutboundSecurityToken

use of org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken in project cxf by apache.

the class AbstractStaxBindingHandler method storeSecurityToken.

protected void storeSecurityToken(AbstractToken policyToken, SecurityToken tok) {
    SecurityTokenConstants.TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken;
    if (tok.getTokenType() != null) {
        if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
            tokenType = WSSecurityTokenConstants.KERBEROS_TOKEN;
        } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE) || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) {
            tokenType = WSSecurityTokenConstants.SAML_11_TOKEN;
        } else if (tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_02) || tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_12)) {
            tokenType = WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN;
        }
    }
    final Key key = tok.getKey();
    final byte[] secret = tok.getSecret();
    final X509Certificate[] certs = new X509Certificate[1];
    if (tok.getX509Certificate() != null) {
        certs[0] = tok.getX509Certificate();
    }
    final GenericOutboundSecurityToken encryptedKeySecurityToken = new GenericOutboundSecurityToken(tok.getId(), tokenType, key, certs) {

        @Override
        public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
            if (secret != null && algorithmURI != null && !"".equals(algorithmURI)) {
                return KeyUtils.prepareSecretKey(algorithmURI, secret);
            }
            if (key != null) {
                return key;
            }
            if (secret != null) {
                String jceAlg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
                if (jceAlg == null || "".equals(jceAlg)) {
                    jceAlg = "HmacSHA1";
                }
                return new SecretKeySpec(secret, jceAlg);
            }
            return super.getSecretKey(algorithmURI);
        }
    };
    // Store a DOM Element reference if it exists
    Element ref;
    if (isTokenRequired(policyToken.getIncludeTokenType())) {
        ref = tok.getAttachedReference();
    } else {
        ref = tok.getUnattachedReference();
    }
    if (ref != null && policyToken instanceof IssuedToken) {
        encryptedKeySecurityToken.setCustomTokenReference(ref);
    }
    final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider = new SecurityTokenProvider<OutboundSecurityToken>() {

        @Override
        public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
            return encryptedKeySecurityToken;
        }

        @Override
        public String getId() {
            return encryptedKeySecurityToken.getId();
        }
    };
    encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1());
    outboundSecurityContext.registerSecurityTokenProvider(encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider);
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, encryptedKeySecurityTokenProvider.getId());
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, encryptedKeySecurityTokenProvider.getId());
    outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, encryptedKeySecurityTokenProvider.getId());
}