/** * Process the security header given the soap envelope as W3C document. * <p/> * This is the main entry point to verify or decrypt a SOAP envelope. * First check if a <code>wsse:Security</code> is available with the * defined actor. * * @param doc the SOAP envelope as {@link Document} * @param actor the engine works on behalf of this <code>actor</code>. Refer * to the SOAP specification about <code>actor</code> or <code>role * </code> * @param cb a callback hander to the caller to resolve passwords during * encryption and UsernameToken handling * @param crypto the object that implements the access to the keystore and the * handling of certificates. * @return a WSHandlerResult Object containing the results of processing the security header * @throws WSSecurityException * @see WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, * Crypto sigVerCrypto, Crypto decCrypto) */ public WSHandlerResult processSecurityHeader( Document doc, String actor, CallbackHandler cb, Crypto crypto ) throws WSSecurityException { return processSecurityHeader(doc, actor, cb, crypto, crypto); }
/** * Create a {@link WSSecurityEngine} by default. */ public Wss4jSecurityInterceptor() { this.securityEngine = new WSSecurityEngine(); }
/** * Sets the web service specification settings. * <p> * The default settings follow the latest OASIS and changing anything might violate the OASIS specs. * * @param config web service security configuration or {@code null} to use default settings */ public void setWssConfig(WSSConfig config) { securityEngine.setWssConfig(config); wssConfig = config; }
WSSecurityEngine engine; if (config != null) { engine = new WSSecurityEngine(); engine.setWssConfig(config); } else { engine = getSecurityEngine(utWithCallbacks); if (engine == null) { engine = new WSSecurityEngine(); config = engine.getWssConfig(); engine.setCallbackLookup(new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody)); originalNode = elem.cloneNode(true); WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData); importNewDomToSAAJ(doc, elem, originalNode, wsResult); Element header = SAAJUtils.getHeader(doc);
@Override protected WSSecurityEngine getSecurityEngine(boolean utNoCallbacks) { WSSConfig config = WSSConfig.getNewInstance(); config.setValidator(WSConstants.USERNAME_TOKEN, new CustomValidator()); WSSecurityEngine ret = new WSSecurityEngine(); ret.setWssConfig(config); return ret; }
SOAPMessage soapMessage = MessageFactory.newInstance().createMessage(null, new ByteArrayInputStream(soapRequest.getBytes())); FileInputStream is = new FileInputStream(keyStore); KeyPair keypair = null; KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, keyStorePwd.toCharArray()); Certificate cert = null; Key key = keystore.getKey(alias, keyStorePwd.toCharArray()); if (key instanceof PrivateKey) { cert = keystore.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); keypair = new KeyPair(publicKey, (PrivateKey) key); } Properties properties = new Properties(); properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"); Crypto crypto = CryptoFactory.getInstance(properties); keystore.setKeyEntry(alias, keypair.getPrivate(), keyStorePwd.toCharArray(), new Certificate[]{cert}); ((Merlin) crypto).setKeyStore(keystore); crypto.loadCertificate(new ByteArrayInputStream(cert.getEncoded())); WSSecurityEngine engine = new WSSecurityEngine(); WSSConfig config = WSSConfig.getNewInstance(); config.setWsiBSPCompliant(false); engine.setWssConfig(config); List<WSSecurityEngineResult> res = engine.processSecurityHeader(toDocument(soapMessage), null, null, crypto); for (WSSecurityEngineResult ers : res) { LOG.trace("Details of security header after validation {}" , ers.toString()); } LOG.debug("Validation code executed");
final WSSecurityEngine aSecurityEngine = new WSSecurityEngine (); List <WSSecurityEngineResult> aResults = null; aResults = aSecurityEngine.processSecurityHeader (aSOAPDoc, aRequestData).getResults ();
RequestData data = new RequestData(); data.setActor(actor); data.setWssConfig(getWssConfig()); data.setDecCrypto(decCrypto); data.setSigVerCrypto(sigVerCrypto); data.setCallbackHandler(cb); return processSecurityHeader(securityHeader, data);
requestData.setWssConfig(getWssConfig()); requestData.setWsDocInfo(wsDocInfo); final WSSConfig cfg = getWssConfig(); Node node = securityHeader.getFirstChild();
WSSecurityEngine engine; if (config != null) { engine = new WSSecurityEngine(); engine.setWssConfig(config); } else { engine = getSecurityEngine(utWithCallbacks); if (engine == null) { engine = new WSSecurityEngine(); config = engine.getWssConfig(); engine.setCallbackLookup(new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody)); originalNode = elem.cloneNode(true); WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData); importNewDomToSAAJ(doc, elem, originalNode, wsResult); Element header = SAAJUtils.getHeader(doc);
@Override protected WSSecurityEngine getSecurityEngine(boolean utNoCallbacks) { WSSConfig config = WSSConfig.getNewInstance(); config.setValidator(WSConstants.USERNAME_TOKEN, new CustomValidator()); WSSecurityEngine ret = new WSSecurityEngine(); ret.setWssConfig(config); return ret; }
/** * @return the WSSecurityEngine in use by this interceptor. * This engine is defined to be the secEngineOverride * instance, if defined in this class (and supplied through * construction); otherwise, it is taken to be the default * WSSecEngine instance (currently defined in the WSHandler * base class). */ protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) { if (secEngineOverride != null) { return secEngineOverride; } if (!utWithCallbacks) { WSSConfig config = WSSConfig.getNewInstance(); config.setValidator(WSConstants.USERNAME_TOKEN, new NoOpValidator()); WSSecurityEngine ret = new WSSecurityEngine(); ret.setWssConfig(config); return ret; } return null; }
if (elem != null) { LOG.debug("Processing WS-Security header for '{}' actor.", actor); wsResult = processSecurityHeader(elem, actor, cb, sigVerCrypto, decCrypto);
/** * Create a {@link WSSecurityEngine} by default. */ public Wss4jSecurityInterceptor() { this.securityEngine = new WSSecurityEngine(); }
/** * Sets the web service specification settings. * <p> * The default settings follow the latest OASIS and changing anything might violate the OASIS specs. * * @param config web service security configuration or {@code null} to use default settings */ public void setWssConfig(WSSConfig config) { securityEngine.setWssConfig(config); wssConfig = config; }
/** * @return the WSSecurityEngine in use by this interceptor. * This engine is defined to be the secEngineOverride * instance, if defined in this class (and supplied through * construction); otherwise, it is taken to be the default * WSSecEngine instance (currently defined in the WSHandler * base class). */ protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) { if (secEngineOverride != null) { return secEngineOverride; } if (!utWithCallbacks) { WSSConfig config = WSSConfig.getNewInstance(); config.setValidator(WSConstants.USERNAME_TOKEN, new NoOpValidator()); WSSecurityEngine ret = new WSSecurityEngine(); ret.setWssConfig(config); return ret; } return null; }
LOG.debug("Processing WS-Security header for '" + actor + "' actor."); wsResult = processSecurityHeader(elem, requestData);
/** * Create a {@link WSSecurityEngine} by default. */ public Wss4jSecurityInterceptor() { this.securityEngine = new WSSecurityEngine(); }
/** * Sets the web service specification settings. * <p> * The default settings follow the latest OASIS and changing anything might violate the OASIS specs. * * @param config web service security configuration or {@code null} to use default settings */ public void setWssConfig(WSSConfig config) { securityEngine.setWssConfig(config); wssConfig = config; }
secEngineOverride = new WSSecurityEngine(); secEngineOverride.setWssConfig(config);