WSSecSignature sign = new WSSecSignature(); sign.setUserInfo(identities.get(merchantID).getKeyAlias(), password); sign.setDigestAlgo(DIGEST_ALGORITHM); sign.setSignatureAlgorithm(SIGNATURE_ALGORITHM); sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); sign.setUseSingleCertificate(true); sign.setParts(Collections.singletonList(msgBodyPart)); try { return sign.build(workingDocument, localKeyStoreHandler, secHeader); } catch (WSSecurityException e) { logger.log(Logger.LT_EXCEPTION, "Failed while signing requeest for , '" + merchantID + "'");
/** * This method adds references to the Signature. * * @param references The list of references to sign * @param secHeader The Security Header * @throws WSSecurityException */ public List<javax.xml.crypto.dsig.Reference> addReferencesToSign( List<WSEncryptionPart> references, WSSecHeader secHeader ) throws WSSecurityException { return addReferencesToSign( document, references, wsDocInfo, signatureFactory, secHeader, getWsConfig(), digestAlgo ); }
/** * Compute the Signature over the references. The signature element will be * prepended to the security header. * * This method can be called any time after the references were set. See * <code>addReferencesToSign()</code>. * * @param referenceList The list of references to sign * * @throws WSSecurityException */ public void computeSignature( List<javax.xml.crypto.dsig.Reference> referenceList ) throws WSSecurityException { computeSignature(referenceList, true, null); }
WSSecSignature sig = new WSSecSignature(); sig.setWsConfig(rmd.getConfig()); sig.setCustomTokenId(tok.getId().substring(1)); sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace()); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd .getRampartConfig(), rmd.getCustomClassLoader()), rmd.getSecHeader()); sig.setParts(sigParts); List<Reference> referenceList = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); sig.computeSignature(referenceList, false, this.getInsertionLocation()); this.setInsertionLocation(sig.getSignatureElement()); return sig.getSignatureValue();
WSPasswordCallback passwordCallback = handler.getPasswordCB(reqData.getSignatureUser(), actionToDo, callbackHandler, reqData); WSSecSignature wsSign = new WSSecSignature(reqData.getWssConfig()); wsSign.setKeyIdentifierType(reqData.getSigKeyId()); wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm()); wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm()); wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm()); wsSign.setUserInfo(reqData.getSignatureUser(), passwordCallback.getPassword()); wsSign.setUseSingleCertificate(reqData.isUseSingleCert()); if (reqData.getSignatureParts().size() > 0) { wsSign.setParts(reqData.getSignatureParts()); wsSign.setSecretKey(passwordCallback.getKey()); wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader()); for (WSEncryptionPart part : reqData.getSignatureParts()) { if ("STRTransform".equals(part.getName()) && part.getId() == null) { part.setId(wsSign.getSecurityTokenReferenceURI()); } else if (reqData.isAppendSignatureAfterTimestamp() && WSConstants.WSU_NS.equals(part.getNamespace()) wsSign.prependBSTElementToHeader(reqData.getSecHeader());
WSSecSignature sign = new WSSecSignature(reqData.getWssConfig()); sign.setCustomTokenValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken"); sign.setCustomTokenId(builder.getId()); sign.setSecretKey(builder.getSecretKey()); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); if (reqData.getSigDigestAlgorithm() != null) { sign.setDigestAlgo(reqData.getSigDigestAlgorithm()); sign.setSignatureAlgorithm(reqData.getSigAlgorithm()); } else { sign.setSignatureAlgorithm(WSConstants.HMAC_SHA1); sign.prepare(doc, null, reqData.getSecHeader()); sign.addReferencesToSign(parts, reqData.getSecHeader()); sign.computeSignature(referenceList); reqData.getSignatureValues().add(sign.getSignatureValue()); } catch (WSSecurityException e) { throw new WSSecurityException(
securityHeaderElement.appendChild(importedAssertionElement); WSSecSignature wsSecSignature = new WSSecSignature(); wsSecSignature.setSignatureAlgorithm(WSConstants.RSA); wsSecSignature.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); wsSecSignature .setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); wsSecSignature.setCustomTokenId(assertionId); Crypto crypto = new WSSecurityCrypto(this.privateKey, null); wsSecSignature.prepare(soapPart, crypto, wsSecHeader); Vector<WSEncryptionPart> signParts = new Vector<>(); SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(soapPart .getLocalPart(), soapConstants.getEnvelopeURI(), "Content")); signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId())); List<Reference> referenceList = wsSecSignature.addReferencesToSign( signParts, wsSecHeader); wsSecSignature.computeSignature(referenceList, false, null);
WSSConfig wssConfig = new WSSConfig(); wssConfig.setWsiBSPCompliant(false); WSSecSignature sign = new WSSecSignature(wssConfig); sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); sign.prepare(soapPart, crypto, wsSecHeader); String bstId = sign.getBSTTokenId(); sign.appendBSTElementToHeader(wsSecHeader); Vector<WSEncryptionPart> signParts = new Vector<>(); SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(soapPart signParts.add(new WSEncryptionPart(bstId)); signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId())); List<Reference> referenceList = sign.addReferencesToSign(signParts, wsSecHeader); sign.computeSignature(referenceList, false, null);
WSSecSignature sig = new WSSecSignature(); checkForX509PkiPath(sig, token); sig.setWsConfig(rmd.getConfig()); sig.setUserInfo(user, password); AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n()); sig.setDigestAlgo(algorithmSuite.getDigest()); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rampartConfig, rmd.getCustomClassLoader()), rmd.getSecHeader()); } catch (WSSecurityException e) {
Element bstElem = supportingSig.getBinarySecurityTokenElement(); if (bstElem != null) { bstElem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), bstElem); if (rmd.getPolicyData().isTokenProtection() && supportingSig.getBSTTokenId() != null) { supportingSigParts.add(new WSEncryptionPart(supportingSig.getBSTTokenId())); supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest()); = supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader()); supportingSig.computeSignature(referenceList, false, this.getInsertionLocation()); signatureValues.add(supportingSig.getSignatureValue());
prepare(doc, cr, secHeader); if (parts == null) { parts = new ArrayList<WSEncryptionPart>(1); addReferencesToSign(parts, secHeader); computeSignature(referenceList); prependBSTElementToHeader(secHeader);
WSSecSignature sig = (WSSecSignature) tempTok; if (rmd.getPolicyData().isTokenProtection() && sig.getBSTTokenId() != null) { sigParts.add(new WSEncryptionPart(sig.getBSTTokenId())); = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); sig.computeSignature(referenceList, false, this.getInsertionLocation()); this.setInsertionLocation(sig.getSignatureElement()); sigValues.add(sig.getSignatureValue());
sig.appendBSTElementToHeader(rmd.getSecHeader()); sigParts.add(new WSEncryptionPart(sig.getBSTTokenId())); = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); sig.computeSignature(referenceList, false, null); return sig.getSignatureValue(); } catch (WSSecurityException e) { throw new RampartException("errorInSignatureWithX509Token", e);
WSSecSignature sig = new WSSecSignature(); sig.setWsConfig(rmd.getConfig()); String tokId = tok.getId(); if (tokId.charAt(0) == '#') { tokId = tokId.substring(1); sig.setCustomTokenId(tokId); sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace()); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd .getRampartConfig(), rmd.getCustomClassLoader()), rmd.getSecHeader()); sig.setParts(sigParts); List<javax.xml.crypto.dsig.Reference> referenceList = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); sig.computeSignature(referenceList); rmd, this.getInsertionLocation(), sig.getSignatureElement())); return sig.getSignatureValue();
WSPasswordCallback passwordCallback = handler.getPasswordCB(reqData.getSignatureUser(), actionToDo, callbackHandler, reqData); WSSecSignature wsSign = new WSSecSignature(reqData.getWssConfig()); wsSign.setKeyIdentifierType(reqData.getSigKeyId()); wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm()); wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm()); wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm()); wsSign.setUserInfo(reqData.getSignatureUser(), passwordCallback.getPassword()); wsSign.setUseSingleCertificate(reqData.isUseSingleCert()); if (reqData.getSignatureParts().size() > 0) { wsSign.setParts(reqData.getSignatureParts()); wsSign.setSecretKey(passwordCallback.getKey()); wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader()); for (WSEncryptionPart part : reqData.getSignatureParts()) { if ("STRTransform".equals(part.getName()) && part.getId() == null) { part.setId(wsSign.getSecurityTokenReferenceURI()); } else if (reqData.isAppendSignatureAfterTimestamp() && WSConstants.WSU_NS.equals(part.getNamespace()) wsSign.prependBSTElementToHeader(reqData.getSecHeader());
WSSecSignature sign = new WSSecSignature(reqData.getWssConfig()); sign.setCustomTokenValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken"); sign.setCustomTokenId(builder.getId()); sign.setSecretKey(builder.getSecretKey()); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); if (reqData.getSigDigestAlgorithm() != null) { sign.setDigestAlgo(reqData.getSigDigestAlgorithm()); sign.setSignatureAlgorithm(reqData.getSigAlgorithm()); } else { sign.setSignatureAlgorithm(WSConstants.HMAC_SHA1); sign.prepare(doc, null, reqData.getSecHeader()); sign.addReferencesToSign(parts, reqData.getSecHeader()); sign.computeSignature(referenceList); reqData.getSignatureValues().add(sign.getSignatureValue()); } catch (WSSecurityException e) { throw new WSSecurityException(
WSSConfig wssConfig = new WSSConfig(); wssConfig.setWsiBSPCompliant(false); WSSecSignature sign = new WSSecSignature(wssConfig); sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); sign.prepare(soapPart, crypto, wsSecHeader); sign.appendBSTElementToHeader(wsSecHeader); Vector<WSEncryptionPart> signParts = new Vector<WSEncryptionPart>(); signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId())); .getLocalPart(), soapConstants.getEnvelopeURI(), "Content")); sign.addReferencesToSign(signParts, wsSecHeader); List<Reference> referenceList = sign.addReferencesToSign( signParts, wsSecHeader); sign.computeSignature(referenceList, false, null);
Element bstElem = sig.getBinarySecurityTokenElement(); if(bstElem != null) { bstElem = RampartUtil.insertSiblingAfter(rmd, this && sig.getBSTTokenId() != null) { sigParts.add(new WSEncryptionPart(sig.getBSTTokenId())); sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest()); = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); sig.computeSignature(referenceList, false, this.getInsertionLocation()); } else { sig.computeSignature(referenceList, true, this.refList); signatureElement = sig.getSignatureElement(); throw new RampartException("errorInSignatureWithX509Token", e); signatureValues.add(sig.getSignatureValue());
prepare(doc, cr, secHeader); if (parts == null) { parts = new ArrayList<WSEncryptionPart>(1); addReferencesToSign(parts, secHeader); computeSignature(referenceList); prependBSTElementToHeader(secHeader);
WSSecSignature sig = new WSSecSignature(); sig.setWsConfig(rmd.getConfig()); sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { sig.setEncrKeySha1value(((EncryptedKeyToken) tok).getSHA1()); sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); OMElement ref = tok.getAttachedReference(); if(ref == null) { sig.setCustomTokenId(sigTokId); sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); // TODO what is the correct algorith ? For sure one is redundant sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); sig.setDigestAlgo(algorithmSuite.getDigest()); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd .getRampartConfig(), rmd.getCustomClassLoader()), rmd.getSecHeader()); sig.setParts(sigParts); List<Reference> referenceList