Example 16 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class WSS4JStaxOutInterceptor method configureSecurityEventListener.
protected SecurityEventListener configureSecurityEventListener(final SoapMessage msg, WSSSecurityProperties securityProperties) throws WSSPolicyException {
final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<>();
msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
final SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN) {
// Store SAML keys in case we need them on the inbound side
TokenSecurityEvent<?> tokenSecurityEvent = (TokenSecurityEvent<?>) securityEvent;
WSS4JUtils.parseAndStoreStreamingSecurityToken(tokenSecurityEvent.getSecurityToken(), msg);
} else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue) {
// Required for Signature Confirmation
outgoingSecurityEventList.add(securityEvent);
}
}
};
return securityEventListener;
}
Also used :
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
LinkedList(java.util.LinkedList)
SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener)
Example 17 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class TokenProviderUtils method getReqSigCert.
/**
* Get the X509Certificate associated with the signature that was received. This cert is to be used
* for encrypting the issued token.
*/
public static X509Certificate getReqSigCert(Map<String, Object> messageContext) {
@SuppressWarnings("unchecked") List<WSHandlerResult> results = (List<WSHandlerResult>) messageContext.get(WSHandlerConstants.RECV_RESULTS);
// DOM
X509Certificate cert = WSS4JUtils.getReqSigCert(results);
if (cert != null) {
return cert;
}
// Streaming
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingEventList = (List<SecurityEvent>) messageContext.get(SecurityEvent.class.getName() + ".in");
if (incomingEventList != null) {
for (SecurityEvent incomingEvent : incomingEventList) {
if (WSSecurityEventConstants.SIGNED_PART == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == incomingEvent.getSecurityEventType()) {
org.apache.xml.security.stax.securityToken.SecurityToken token = ((AbstractSecuredElementSecurityEvent) incomingEvent).getSecurityToken();
try {
if (token != null && token.getX509Certificates() != null && token.getX509Certificates().length > 0) {
return token.getX509Certificates()[0];
}
} catch (XMLSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
return null;
}
}
}
}
return null;
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
X509Certificate(java.security.cert.X509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
List(java.util.List)
Example 18 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class PolicyBasedWSS4JStaxInInterceptor method checkTransportBinding.
private void checkTransportBinding(AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties) throws XMLSecurityException {
boolean transportPolicyInEffect = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING) != null;
if (!transportPolicyInEffect && !(PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING) == null && PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING) == null)) {
return;
}
// Add a HttpsSecurityEvent so the policy verification code knows TLS is in use
if (isRequestor(message)) {
HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication);
HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl();
try {
httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
} catch (XMLSecurityException e) {
LOG.fine(e.getMessage());
}
httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
List<SecurityEvent> securityEvents = getSecurityEventList(message);
securityEvents.add(httpsTokenSecurityEvent);
}
Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
securityProperties.setDecryptionCrypto(signCrypto);
}
if (encrCrypto != null) {
securityProperties.setSignatureVerificationCrypto(encrCrypto);
} else if (signCrypto != null) {
securityProperties.setSignatureVerificationCrypto(signCrypto);
}
}
Also used :
HttpsTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
Crypto(org.apache.wss4j.common.crypto.Crypto)
HttpsTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent)
HttpsSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Aggregations
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)18
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
AbstractSecuredElementSecurityEvent (org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)8
List (java.util.List)7
QName (javax.xml.namespace.QName)7
LinkedList (java.util.LinkedList)5
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)5
SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)5
TokenSecurityEvent (org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)4
ArrayList (java.util.ArrayList)3
XMLStreamException (javax.xml.stream.XMLStreamException)3
X509Certificate (java.security.cert.X509Certificate)2
SecurityContext (org.apache.cxf.security.SecurityContext)2
WSSPolicyException (org.apache.wss4j.common.WSSPolicyException)2
Crypto (org.apache.wss4j.common.crypto.Crypto)2
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)2
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)2
Event (org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)2
OutputStream (java.io.OutputStream)1
Principal (java.security.Principal)1
