Example 1 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class XmlSecInInterceptor method configureSecurityEventListener.
protected SecurityEventListener configureSecurityEventListener(final Crypto sigCrypto, final Message msg, XMLSecurityProperties securityProperties) {
final List<SecurityEvent> incomingSecurityEventList = new LinkedList<>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
if (securityEvent.getSecurityEventType() == SecurityEventConstants.AlgorithmSuite) {
if (encryptionProperties != null) {
checkEncryptionAlgorithms((AlgorithmSuiteSecurityEvent) securityEvent);
}
if (sigProps != null) {
checkSignatureAlgorithms((AlgorithmSuiteSecurityEvent) securityEvent);
}
} else if (securityEvent.getSecurityEventType() != SecurityEventConstants.EncryptedKeyToken && securityEvent instanceof TokenSecurityEvent<?>) {
checkSignatureTrust(sigCrypto, msg, (TokenSecurityEvent<?>) securityEvent);
}
incomingSecurityEventList.add(securityEvent);
}
};
msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
return securityEventListener;
}
Also used :
AlgorithmSuiteSecurityEvent(org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent)
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
LinkedList(java.util.LinkedList)
SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener)
Example 2 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class XmlSecOutInterceptor method configureEncryption.
private void configureEncryption(Message message, XMLSecurityProperties properties) throws Exception {
String symEncAlgo = encryptionProperties.getEncryptionSymmetricKeyAlgo() == null ? XMLCipher.AES_256 : encryptionProperties.getEncryptionSymmetricKeyAlgo();
properties.setEncryptionSymAlgorithm(symEncAlgo);
properties.setEncryptionKey(getSymmetricKey(symEncAlgo));
if (encryptSymmetricKey) {
X509Certificate sendingCert = null;
String userName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName) && !MessageUtils.isRequestor(message)) {
sendingCert = message.getExchange().getInMessage().getContent(X509Certificate.class);
if (sendingCert == null) {
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in");
sendingCert = getUseReqSigCert(incomingSecurityEventList);
}
} else {
CryptoLoader loader = new CryptoLoader();
Crypto crypto = loader.getCrypto(message, SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
userName = RSSecurityUtils.getUserName(crypto, userName);
if (StringUtils.isEmpty(userName)) {
throw new Exception("User name is not available");
}
sendingCert = getCertificateFromCrypto(crypto, userName);
}
if (sendingCert == null) {
throw new Exception("Sending certificate is not available");
}
properties.setEncryptionUseThisCertificate(sendingCert);
properties.setEncryptionKeyIdentifier(convertKeyIdentifier(encryptionProperties.getEncryptionKeyIdType()));
properties.setEncryptionKeyName(encryptionProperties.getEncryptionKeyName());
if (encryptionProperties.getEncryptionKeyTransportAlgo() != null) {
properties.setEncryptionKeyTransportAlgorithm(encryptionProperties.getEncryptionKeyTransportAlgo());
}
if (encryptionProperties.getEncryptionDigestAlgo() != null) {
properties.setEncryptionKeyTransportDigestAlgorithm(encryptionProperties.getEncryptionDigestAlgo());
}
}
properties.addAction(XMLSecurityConstants.ENCRYPT);
if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) {
LOG.fine("No Elements to encrypt are specified, so the entire request is encrypt");
SecurePart securePart = new SecurePart((QName) null, SecurePart.Modifier.Element);
securePart.setSecureEntireRequest(true);
properties.addEncryptionPart(securePart);
} else {
for (QName element : elementsToEncrypt) {
SecurePart securePart = new SecurePart(element, SecurePart.Modifier.Element);
properties.addEncryptionPart(securePart);
}
}
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
Crypto(org.apache.wss4j.common.crypto.Crypto)
QName(javax.xml.namespace.QName)
CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader)
ArrayList(java.util.ArrayList)
List(java.util.List)
X509Certificate(java.security.cert.X509Certificate)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Example 3 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
List<SecurityEvent> results = new ArrayList<>();
if (incomingSecurityEventList != null) {
// Get all Signed/Encrypted Results
results.addAll(getEventFromResults(WSSecurityEventConstants.SIGNED_PART, incomingSecurityEventList));
results.addAll(getEventFromResults(WSSecurityEventConstants.SignedElement, incomingSecurityEventList));
if (encryptBody || encryptUsernameToken) {
results.addAll(getEventFromResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList));
results.addAll(getEventFromResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList));
}
}
try {
checkSignedBody(results);
checkEncryptedBody(results);
if (signTimestamp) {
// We only insist on the Timestamp being signed if it is actually present in the message
List<SecurityEvent> timestampResults = getEventFromResults(WSSecurityEventConstants.TIMESTAMP, incomingSecurityEventList);
if (!timestampResults.isEmpty()) {
checkSignedTimestamp(results);
}
}
if (signAddressingHeaders) {
AddressingProperties addressingProperties = (AddressingProperties) soapMessage.get("javax.xml.ws.addressing.context.inbound");
checkSignedAddressing(results, addressingProperties);
}
if (signUsernameToken || encryptUsernameToken) {
// We only insist on the UsernameToken being signed/encrypted if it is actually
// present in the message
List<SecurityEvent> usernameTokenResults = getEventFromResults(WSSecurityEventConstants.USERNAME_TOKEN, incomingSecurityEventList);
if (!usernameTokenResults.isEmpty()) {
if (signUsernameToken) {
checkSignedUsernameToken(results);
}
if (encryptUsernameToken) {
checkEncryptedUsernameToken(results);
}
}
}
} catch (WSSecurityException e) {
throw createSoapFault(soapMessage.getVersion(), e);
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 4 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkSignedTimestamp.
private void checkSignedTimestamp(List<SecurityEvent> results) throws WSSecurityException {
if (!signTimestamp) {
return;
}
boolean isTimestampSigned = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isSigned()) {
continue;
}
List<QName> signedPath = securedEvent.getElementPath();
if (isTimestamp(signedPath)) {
isTimestampSigned = true;
break;
}
}
if (!isTimestampSigned) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The Timestamp is not signed"));
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
QName(javax.xml.namespace.QName)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 5 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project santuario-java by apache.
the class DecryptionTest method checkMultipleEncryptedElementSecurityEvents.
protected void checkMultipleEncryptedElementSecurityEvents(TestSecurityEventListener securityEventListener) {
List<SecurityEvent> encryptedElements = securityEventListener.getSecurityEvents(SecurityEventConstants.EncryptedElement);
assertTrue(encryptedElements.size() == 2);
EncryptedElementSecurityEvent encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(0);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 2);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertEquals("{urn:example:po}ShippingAddress", encryptedElementEvent.getElementPath().get(1).toString());
assertTrue(encryptedElementEvent.isEncrypted());
encryptedElementEvent = (EncryptedElementSecurityEvent) encryptedElements.get(1);
assertNotNull(encryptedElementEvent);
assertEquals(encryptedElementEvent.getElementPath().size(), 2);
assertEquals("{urn:example:po}PurchaseOrder", encryptedElementEvent.getElementPath().get(0).toString());
assertEquals("{urn:example:po}PaymentInfo", encryptedElementEvent.getElementPath().get(1).toString());
assertTrue(encryptedElementEvent.isEncrypted());
}
Also used :
AlgorithmSuiteSecurityEvent(org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent)
EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent)
ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)
EncryptedKeyTokenSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent)
DefaultTokenSecurityEvent(org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
EncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent)
ContentEncryptedElementSecurityEvent(org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)
Aggregations
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)20
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
AbstractSecuredElementSecurityEvent (org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)8
List (java.util.List)7
QName (javax.xml.namespace.QName)7
LinkedList (java.util.LinkedList)5
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)5
SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)5
TokenSecurityEvent (org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)4
ArrayList (java.util.ArrayList)3
XMLStreamException (javax.xml.stream.XMLStreamException)3
AlgorithmSuiteSecurityEvent (org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent)3
X509Certificate (java.security.cert.X509Certificate)2
SecurityContext (org.apache.cxf.security.SecurityContext)2
WSSPolicyException (org.apache.wss4j.common.WSSPolicyException)2
Crypto (org.apache.wss4j.common.crypto.Crypto)2
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)2
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)2
ContentEncryptedElementSecurityEvent (org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent)2
DefaultTokenSecurityEvent (org.apache.xml.security.stax.securityEvent.DefaultTokenSecurityEvent)2
