Examples with SecurityToken org.apache.xml.security.stax.securityToken.SecurityToken used on opensource projects

Search in sources :

Example 1 with SecurityToken

use of org.apache.xml.security.stax.securityToken.SecurityToken in project cxf by apache.

the class XmlSecInInterceptor method checkSignatureTrust.

private void checkSignatureTrust(Crypto sigCrypto, Message msg, TokenSecurityEvent<?> event) throws XMLSecurityException {
    SecurityToken token = event.getSecurityToken();
    if (token != null) {
        X509Certificate[] certs = token.getX509Certificates();
        if (certs == null && token.getPublicKey() == null && token instanceof KeyNameSecurityToken) {
            certs = getX509CertificatesForKeyName(sigCrypto, msg, (KeyNameSecurityToken) token);
        }
        PublicKey publicKey = token.getPublicKey();
        X509Certificate cert = null;
        if (certs != null && certs.length > 0) {
            cert = certs[0];
        }
        // validate trust
        try {
            new TrustValidator().validateTrust(sigCrypto, cert, publicKey, getSubjectContraints(msg));
        } catch (WSSecurityException e) {
            String error = "Signature validation failed";
            throw new XMLSecurityException("empty", new Object[] { error });
        }
        if (persistSignature) {
            msg.setContent(X509Certificate.class, cert);
        }
    }
}
Also used : SecurityToken(org.apache.xml.security.stax.securityToken.SecurityToken) KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken) TrustValidator(org.apache.cxf.rs.security.common.TrustValidator) PublicKey(java.security.PublicKey) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken) X509Certificate(java.security.cert.X509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Aggregations

PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 TrustValidator (org.apache.cxf.rs.security.common.TrustValidator)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 KeyNameSecurityToken (org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)1 SecurityToken (org.apache.xml.security.stax.securityToken.SecurityToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial