keyInfo.addUnknownElement(getEncryptedKeyElement()); } else if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); if (customReferenceValue != null) { secToken.setKeyIdentifierEncKeySHA1(customReferenceValue); } else { byte[] encodedBytes = WSSecurityUtil.generateDigest(encryptedEphemeralKey); secToken.setKeyIdentifierEncKeySHA1(Base64.encode(encodedBytes)); secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); keyInfo.addUnknownElement(secToken.getElement()); } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) { keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName); } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); secToken.setKeyIdentifier(WSConstants.WSS_SAML_KI_VALUE_TYPE, encKeyId); keyInfo.addUnknownElement(secToken.getElement()); } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, encKeyId); keyInfo.addUnknownElement(secToken.getElement()); } else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) { SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace();
if (secRef.containsReference()) { if (log.isDebugEnabled()) { log.debug("STR: Reference"); return secRef.getTokenElement(doc, wsDocInfo, null); else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) { if (log.isDebugEnabled()) { log.debug("STR: IssuerSerial"); secRef.getX509IssuerSerial(wsDocInfo.getCrypto()); if (certs == null || certs.length == 0 || certs[0] == null) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK); return createBSTX509(doc, certs[0], secRef.getElement(), secRef.getKeyIdentifierEncodingType()); else if (secRef.containsKeyIdentifier()) { if (log.isDebugEnabled()) { log.debug("STR: KeyIdentifier"); if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { return secRef.getTokenElement(doc, wsDocInfo, null); } else { X509Certificate[] certs = secRef.getKeyIdentifier(wsDocInfo.getCrypto()); if (certs == null || certs.length == 0 || certs[0] == null) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK); return createBSTX509(doc, certs[0], secRef.getElement());
if (!getReference().equals(tokenReference.getReference())) { return false; return false; if (!compare(getKeyIdentifierEncodingType(), tokenReference.getKeyIdentifierEncodingType())) { return false; if (!compare(getKeyIdentifierValueType(), tokenReference.getKeyIdentifierValueType())) { return false; if (!compare(getKeyIdentifierValue(), tokenReference.getKeyIdentifierValue())) { return false; if (!compare(getTokenType(), tokenReference.getTokenType())) { return false; if (!Arrays.equals(getSKIBytes(), tokenReference.getSKIBytes())) { return false; if (getIssuerSerial() != null && tokenReference.getIssuerSerial() != null) { if (!compare(getIssuerSerial().getIssuer(), tokenReference.getIssuerSerial().getIssuer())) { return false; if (!compare(getIssuerSerial().getSerialNumber(), tokenReference.getIssuerSerial().getSerialNumber())) { return false;
public String getKeyIdentifierEncodingType() { if (containsKeyIdentifier()) { Element elem = getFirstElement(); return elem.getAttributeNS(null, "EncodingType"); } return null; }
/** * Create a wsse:Reference element with the given URI and the value type * * @param doc * @param refUri * @param refValueType * @return Element */ public static Element createSecurityTokenReference(Document doc, String refUri, String refValueType) { Reference ref = new Reference(doc); ref.setURI(refUri); if (refValueType != null) { ref.setValueType(refValueType); } SecurityTokenReference str = new SecurityTokenReference(doc); str.setReference(ref); return str.getElement(); }
SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant); if (secRef.containsReference()) { uri = secRef.getReference().getURI(); if (uri.charAt(0) == '#') { uri = uri.substring(1); } else if (secRef.containsKeyIdentifier()) { uri = secRef.getKeyIdentifierValue(); if (SecurityTokenReference.THUMB_URI.equals(secRef.getKeyIdentifierValueType())) { referenceType = REFERENCE_TYPE.THUMBPRINT_SHA1; } else { if (result != null) { processPreviousResult(result, secRef, data, wsDocInfo, bspCompliant); } else if (secRef.containsKeyIdentifier()) { if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( certs = secRef.getKeyIdentifier(crypto); } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) { referenceType = REFERENCE_TYPE.ISSUER_SERIAL; certs = secRef.getX509IssuerSerial(crypto); } else if (secRef.containsReference()) { Element bstElement = secRef.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler());
SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.setKeyIdentifier(remoteCert); break; secToken.setKeyIdentifierSKI(remoteCert, crypto); break; secToken.setKeyIdentifierThumb(remoteCert); break; ); DOMX509Data domX509Data = new DOMX509Data(document, domIssuerSerial); secToken.setX509Data(domX509Data); break; bstToken.setID(certUri); ref.setValueType(bstToken.getValueType()); secToken.setReference(ref); break; Reference refCust = new Reference(document); if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) { secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); refCust.setValueType(customEKTokenValueType); } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) { secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) { secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
secRef = new SecurityTokenReference(doc); strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef); secRef.addWSSENamespace(); secRef.addWSUNamespace(); secRef.setID(strUri); bstToken = new PKIPathSecurity(document); ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto); secRef.addTokenType(PKIPathSecurity.PKI_TYPE); } else { bstToken = new X509Security(document); secRef.setReference(ref); bstToken.setID(certUri); wsDocInfo.addTokenElement(bstToken.getElement(), false); new DOMX509IssuerSerial(doc, issuer, serialNumber); DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial); secRef.setX509Data(domX509Data); break; secRef.setKeyIdentifier(certs[0]); break; secRef.setKeyIdentifierSKI(certs[0], crypto); break; secRef.setKeyIdentifierThumb(certs[0]); break;
SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant); if (secRef.containsReference()) { uri = secRef.getReference().getURI(); if (uri.charAt(0) == '#') { uri = uri.substring(1); } else if (secRef.containsKeyIdentifier()) { uri = secRef.getKeyIdentifierValue(); if (result != null) { processPreviousResult(result, secRef, data, wsDocInfo, bspCompliant); } else if (secRef.containsReference()) { } else if (secRef.containsKeyIdentifier()) { String keyIdentifierValueType = secRef.getKeyIdentifierValueType(); if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(keyIdentifierValueType)) { secretKey = getSecretKeyFromToken( secRef.getKeyIdentifierValue(), keyIdentifierValueType, WSPasswordCallback.SECRET_KEY, data ); if (secretKey == null) { byte[] keyBytes = secRef.getSKIBytes(); List<WSSecurityEngineResult> resultsList = wsDocInfo.getResultsByTag(WSConstants.BST); X509Certificate[] certs = secRef.getKeyIdentifier(crypto); if (certs == null || certs.length < 1 || certs[0] == null) {
SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant); if (secRef.containsReference()) { uri = secRef.getReference().getURI(); if (uri.charAt(0) == '#') { uri = uri.substring(1); } else if (secRef.containsKeyIdentifier()) { uri = secRef.getKeyIdentifierValue(); } else if (secRef.containsReference()) { Reference reference = secRef.getReference(); secRef.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler()); QName el = new QName(token.getNamespaceURI(), token.getLocalName()); if (el.equals(WSSecurityEngine.BINARY_TOKEN)) { } else if (secRef.containsKeyIdentifier()) { String valueType = secRef.getKeyIdentifierValueType(); if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(valueType) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(valueType)) { secretKey = getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, data); if (secretKey == null) { AssertionWrapper assertion = getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, data); if (secretKey == null) { byte[] keyBytes = secRef.getSKIBytes();
BinarySecurity token ) throws WSSecurityException { if (secRef.containsReference()) { String valueType = secRef.getReference().getValueType(); if (((token instanceof X509Security) && !X509Security.X509_V3_TYPE.equals(valueType)) || ((token instanceof PKIPathSecurity) && !PKIPathSecurity.PKI_TYPE.equals(valueType)) ); } else if (secRef.containsKeyIdentifier()) { String valueType = secRef.getKeyIdentifierValueType(); if (!SecurityTokenReference.SKI_URI.equals(valueType) && !SecurityTokenReference.THUMB_URI.equals(valueType) String tokenType = secRef.getTokenType(); if (!PKIPathSecurity.PKI_TYPE.equals(tokenType)) { throw new WSSecurityException(
Document doc, WSDocInfo docInfo, CallbackHandler cb ) throws WSSecurityException { Reference ref = getReference(); String uri = null; String valueType = null; valueType = ref.getValueType(); } else { uri = getKeyIdentifierValue(); valueType = getKeyIdentifierValueType(); findProcessedTokenElement(doc, docInfo, cb, uri, valueType); if (tokElement == null) { tokElement = findUnprocessedTokenElement(doc, docInfo, cb, uri, valueType);
SecurityTokenReference str = new SecurityTokenReference((Element)elem); if (str.containsReference()) { tokenId = str.getReference().getURI(); } else if(str.containsKeyIdentifier()){ tokenId = str.getKeyIdentifierValue(); if(str.containsKeyIdentifier()){ tokenId = str.getKeyIdentifierValue();
SecurityTokenReference secRef = new SecurityTokenReference(document); String strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef); secRef.setID(strUri); secRef.setKeyIdentifier(customValueType, tokenIdentifier); if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); ref.setValueType(customValueType); } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); ref.setValueType(customValueType); } else if (KerberosSecurity.isKerberosToken(customValueType)) { secRef.addTokenType(customValueType); ref.setValueType(customValueType); } else if (WSConstants.WSC_SCT.equals(customValueType) ref.setValueType(customValueType); } else if (!WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE.equals(customValueType)) { secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); secRef.setReference(ref);
SecurityTokenReference tokenRef = new SecurityTokenReference(doc); if(encrTok instanceof EncryptedKeyToken) { tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)encrTok).getSHA1()); dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement()); tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this
/** * Create a KeyInfo object * @throws ConversationException */ private KeyInfo createKeyInfo() throws WSSecurityException, ConversationException { KeyInfo keyInfo = new KeyInfo(document); SecurityTokenReference secToken = new SecurityTokenReference(document); secToken.addWSSENamespace(); Reference ref = new Reference(document); ref.setURI("#" + dktId); String ns = ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN; ref.setValueType(ns); secToken.setReference(ref); keyInfo.addUnknownElement(secToken.getElement()); Element keyInfoElement = keyInfo.getElement(); keyInfoElement.setAttributeNS( WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS ); return keyInfo; }
secRef = new SecurityTokenReference(doc); strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef); secRef.setID(strUri); + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN; ref.setValueType(ns); secRef.setReference(ref); XMLStructure structure = new DOMStructure(secRef.getElement()); wsDocInfo.addTokenElement(secRef.getElement(), false); keyInfo = keyInfoFactory.newKeyInfo(
/** * Sets the security token reference of the derived key token * This is the reference to the shared secret used in the conversation/context * * @param ref Security token reference */ public void setSecurityTokenReference(SecurityTokenReference ref) { elementSecurityTokenReference = ref.getElement(); WSSecurityUtil.prependChildElement(element, ref.getElement()); }
/** * Create a WSDerivedKeyTokenPrincipal from this DerivedKeyToken object */ public Principal createPrincipal() throws WSSecurityException { WSDerivedKeyTokenPrincipal principal = new WSDerivedKeyTokenPrincipal(getID()); principal.setNonce(getNonce()); principal.setLabel(getLabel()); principal.setLength(getLength()); principal.setOffset(getOffset()); principal.setAlgorithm(getAlgorithm()); String basetokenId = null; SecurityTokenReference securityTokenReference = getSecurityTokenReference(); if (securityTokenReference.containsReference()) { basetokenId = securityTokenReference.getReference().getURI(); if (basetokenId.charAt(0) == '#') { basetokenId = basetokenId.substring(1); } } else { // KeyIdentifier basetokenId = securityTokenReference.getKeyIdentifierValue(); } principal.setBasetokenId(basetokenId); return principal; }
boolean bspCompliant ) throws WSSecurityException { String valueType = secRef.getKeyIdentifierValueType(); secretKey = getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, data); if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data, wsDocInfo ); if (bspCompliant) {