/** * Add a BinarySecurityToken */ private void addBST(X509Certificate cert) throws WSSecurityException { bstToken = new X509Security(getDocument()); ((X509Security) bstToken).setX509Certificate(cert); bstAddedToSecurityHeader = false; bstToken.setID(IDGenerator.generateID(null)); }
try { X509Certificate cert = ((X509Security)binarySecurityToken).getX509Certificate(null); if (cert != null && cert.getVersion() == 3) { return true; try { X509Security token = new X509Security(keyIdentifier, new BSPEnforcer(true)); X509Certificate cert = token.getX509Certificate(null); if (cert != null && cert.getVersion() == 3) { return true;
/** * This constructor creates a new X509 certificate object and initializes * it from the data contained in the element. * * @param elem the element containing the X509 certificate data * @param bspEnforcer a BSPEnforcer instance to enforce BSP rules * @throws WSSecurityException */ public X509Security(Element elem, BSPEnforcer bspEnforcer) throws WSSecurityException { super(elem, bspEnforcer); String valueType = getValueType(); if (!X509_V3_TYPE.equals(valueType)) { bspEnforcer.handleBSPRule(BSPRule.R3033); } }
binarySecurity = new X509Security(doc); binarySecurity.setEncodingType(encodingType); binarySecurity.setValueType(binarySecurityType.getValueType()); try { Document doc = DOMUtils.getEmptyDocument(); binarySecurity = new X509Security(doc); binarySecurity.setEncodingType(BASE64_ENCODING); X509Data x509Data = new X509Data((Element)validateTarget.getToken(), ""); if (x509Data.containsCertificate()) { X509Certificate cert = x509Data.itemCertificate(0).getX509Certificate(); ((X509Security)binarySecurity).setX509Certificate(cert); credential.setBinarySecurityToken(binarySecurity); if (crypto != null) { X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(crypto); credential.setCertificates(new X509Certificate[]{cert});
SoapMessage soapMessage = (SoapMessage) message; SOAPMessage doc = getSOAPMessage(soapMessage); Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), ""); // get a BinarySignature tag Node binarySignatureTag = elem.getFirstChild(); BinarySecurity token = new X509Security((Element) binarySignatureTag); // a X509Certificate construction InputStream in = new ByteArrayInputStream(token.getToken()); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);
/** * Extracts the certificate(s) from the Binary Security token reference. * * @param token The BinarySecurity instance corresponding to either X509Security or * PKIPathSecurity * @return The X509Certificates associated with this reference * @throws WSSecurityException */ private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto crypto) throws WSSecurityException { if (token instanceof PKIPathSecurity) { return ((PKIPathSecurity) token).getX509Certificates(crypto); } else if (token instanceof X509Security) { X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); return new X509Certificate[]{cert}; } return null; }
/** * Sets the X509Certificate. * This functions takes the X509 certificate, gets the data from it as * encoded bytes, and sets the data as base 64 encoded data in the text * node of the element * * @param cert the X509 certificate to store in the element * @throws WSSecurityException */ public void setX509Certificate(X509Certificate cert) throws WSSecurityException { if (cert == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCert"); } cachedCert = cert; try { setToken(cert.getEncoded()); } catch (CertificateEncodingException e) { throw new WSSecurityException( WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError" ); } } }
/** * Gets the X509Certificate certificate. * * @return the X509 certificate converted from the base 64 encoded element data * @throws WSSecurityException */ public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException { if (cachedCert != null) { return cachedCert; } Crypto certCrypto = crypto; if (certCrypto == null) { certCrypto = new Merlin(); } byte[] data = getToken(); if (data == null) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[] {"0"}); } try (InputStream in = new ByteArrayInputStream(data)) { cachedCert = certCrypto.loadCertificate(in); return cachedCert; } catch (IOException e) { throw new WSSecurityException( WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "parseError" ); } }
binarySecurity = new X509Security(doc); binarySecurity.setEncodingType(encodingType); binarySecurity.setValueType(binarySecurityType.getValueType()); try { Document doc = DOMUtils.getEmptyDocument(); binarySecurity = new X509Security(doc); binarySecurity.setEncodingType(BASE64_ENCODING); X509Data x509Data = new X509Data((Element)validateTarget.getToken(), ""); if (x509Data.containsCertificate()) { X509Certificate cert = x509Data.itemCertificate(0).getX509Certificate(); ((X509Security)binarySecurity).setX509Certificate(cert); credential.setBinarySecurityToken(binarySecurity); if (crypto != null) { X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(crypto); credential.setCertificates(new X509Certificate[]{cert});
BinarySecurity token = null; if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, data.getBSPEnforcer()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, data.getBSPEnforcer());
((PKIPathSecurity) binarySecurity).setX509Certificates(certs, crypto); } else { binarySecurity = new X509Security(getDocument()); ((X509Security) binarySecurity).setX509Certificate(certs[0]);
try { X509Certificate cert = ((X509Security)binarySecurityToken).getX509Certificate(null); if (cert != null && cert.getVersion() == 3) { return true; try { X509Security token = new X509Security(keyIdentifier, new BSPEnforcer(true)); X509Certificate cert = token.getX509Certificate(null); if (cert != null && cert.getVersion() == 3) { return true;
private Element convertToDOM( BinarySecurityTokenType binarySecurityTokenType, byte[] securityTokenData ) throws WSSecurityException { Document doc = DOMUtils.getEmptyDocument(); BinarySecurity binarySecurity = null; if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new X509Security(doc); } else if (WSSConstants.NS_X509_PKIPATH_V1.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new PKIPathSecurity(doc); } else if (WSSConstants.NS_GSS_KERBEROS5_AP_REQ.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new KerberosSecurity(doc); } else { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN); } binarySecurity.addWSSENamespace(); binarySecurity.addWSUNamespace(); binarySecurity.setEncodingType(binarySecurityTokenType.getEncodingType()); binarySecurity.setValueType(binarySecurityTokenType.getValueType()); binarySecurity.setID(binarySecurityTokenType.getId()); binarySecurity.setToken(securityTokenData); return binarySecurity.getElement(); } }
String certUri = IDGenerator.generateID(null); ref.setURI("#" + certUri); bstToken = new X509Security(getDocument()); ((X509Security) bstToken).setX509Certificate(remoteCert); bstToken.setID(certUri); ref.setValueType(bstToken.getValueType());
X509Security token = new X509Security(elem, new BSPEnforcer(true)); X509Certificate cert = token.getX509Certificate(crypto); return new X509Certificate[]{cert}; } else if (SKI_URI.equals(value)) {
private Element convertToDOM( BinarySecurityTokenType binarySecurityTokenType, byte[] securityTokenData ) throws WSSecurityException { Document doc = DOMUtils.getEmptyDocument(); BinarySecurity binarySecurity = null; if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new X509Security(doc); } else if (WSSConstants.NS_X509_PKIPATH_V1.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new PKIPathSecurity(doc); } else if (WSSConstants.NS_GSS_KERBEROS5_AP_REQ.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new KerberosSecurity(doc); } else { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN); } binarySecurity.addWSSENamespace(); binarySecurity.addWSUNamespace(); binarySecurity.setEncodingType(binarySecurityTokenType.getEncodingType()); binarySecurity.setValueType(binarySecurityTokenType.getValueType()); binarySecurity.setID(binarySecurityTokenType.getId()); binarySecurity.setToken(securityTokenData); return binarySecurity.getElement(); } }
Reference ref = new Reference(getDocument()); ref.setURI("#" + certUri); BinarySecurity binarySecurity = new X509Security(getDocument()); ((X509Security) binarySecurity).setX509Certificate(cert); binarySecurity.setID(certUri); bstToken = binarySecurity.getElement();
X509Security token = new X509Security(bstElement, data.getBSPEnforcer()); STRParserUtil.checkBinarySecurityBSPCompliance(secRef, token, data.getBSPEnforcer()); parserResult.setCerts(new X509Certificate[]{token.getX509Certificate(crypto)}); } else { throw new WSSecurityException(
BinarySecurity bstToken = new X509Security(saaj.getSOAPPart()); ((X509Security)bstToken).setX509Certificate(encCert); bstToken.addWSUNamespace(); bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert));
BinarySecurity bstToken = new X509Security(saaj.getSOAPPart()); ((X509Security)bstToken).setX509Certificate(encCert); bstToken.addWSUNamespace(); bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert));