protected WSSecTimestamp createTimestamp() { if (binding.isIncludeTimestamp()) { Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL); int ttl = 300; //default is 300 seconds if (o instanceof Number) { ttl = ((Number)o).intValue(); } else if (o instanceof String) { ttl = Integer.parseInt((String)o); } if (ttl <= 0) { ttl = 300; } timestampEl = new WSSecTimestamp(secHeader); timestampEl.setIdAllocator(wssConfig.getIdAllocator()); timestampEl.setWsTimeSource(wssConfig.getCurrentTime()); timestampEl.setTimeToLive(ttl); timestampEl.prepare(); String namespace = binding.getName().getNamespaceURI(); PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.INCLUDE_TIMESTAMP)); } return timestampEl; }
protected WSSecTimestamp createTimestamp() { if (binding.isIncludeTimestamp()) { Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL); int ttl = 300; //default is 300 seconds if (o instanceof Number) { ttl = ((Number)o).intValue(); } else if (o instanceof String) { ttl = Integer.parseInt((String)o); } if (ttl <= 0) { ttl = 300; } timestampEl = new WSSecTimestamp(secHeader); timestampEl.setIdAllocator(wssConfig.getIdAllocator()); timestampEl.setWsTimeSource(wssConfig.getCurrentTime()); timestampEl.setTimeToLive(ttl); timestampEl.prepare(); String namespace = binding.getName().getNamespaceURI(); PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.INCLUDE_TIMESTAMP)); } return timestampEl; }
public void prepare(Crypto crypto) throws WSSecurityException { if (sct == null) { if (identifier != null) { sct = new SecurityContextToken(wscVersion, doc, identifier); } else { sct = new SecurityContextToken(wscVersion, doc); identifier = sct.getIdentifier(); } } // The wsu:Id of the wsc:SecurityContextToken if (sctId == null) { sctId = getWsConfig().getIdAllocator().createId("sctId-", sct); } sct.setID(sctId); }
private SecurityToken getUTDerivedKey() throws WSSecurityException { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getActionResults().get(WSConstants.UT_NOPASSWORD); if (wsSecEngineResults != null) { for (WSSecurityEngineResult wser : wsSecEngineResults) { String utID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (utID == null || utID.length() == 0) { utID = wssConfig.getIdAllocator().createId("UsernameToken-", null); } Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken securityToken = new SecurityToken(utID, created, expires); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); securityToken.setSecret(secret); return securityToken; } } } return null; }
private SecurityToken getUTDerivedKey() throws WSSecurityException { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getActionResults().get(WSConstants.UT_NOPASSWORD); if (wsSecEngineResults != null) { for (WSSecurityEngineResult wser : wsSecEngineResults) { String utID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (utID == null || utID.length() == 0) { utID = wssConfig.getIdAllocator().createId("UsernameToken-", null); } Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken securityToken = new SecurityToken(utID, created, expires); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); securityToken.setSecret(secret); return securityToken; } } } return null; }
ut.setID(config.getIdAllocator().createId("UsernameToken-", ut));
delegatedCredential); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
delegatedCredential); bst.addWSUNamespace(); bst.setID(wssConfig.getIdAllocator().createSecureId("BST-", bst));
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { NameCallback nameCallback = (NameCallback)callbacks[i]; nameCallback.setName("alice"); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback passwordCallback = (PasswordCallback)callbacks[i]; passwordCallback.setPassword("alice".toCharArray()); } else if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback wsPasswordCallback = (WSPasswordCallback)callbacks[i]; // Get a custom (Kerberos) token directly using the WSS4J APIs if (wsPasswordCallback.getUsage() == WSPasswordCallback.CUSTOM_TOKEN) { KerberosSecurity kerberosSecurity = new KerberosSecurity(DOMUtils.getEmptyDocument()); try { kerberosSecurity.retrieveServiceTicket("alice", this, "bob@service.ws.apache.org", false, false, null); kerberosSecurity.addWSUNamespace(); WSSConfig wssConfig = WSSConfig.getNewInstance(); kerberosSecurity.setID(wssConfig.getIdAllocator().createSecureId("BST-", kerberosSecurity)); wsPasswordCallback.setCustomToken(kerberosSecurity.getElement()); } catch (WSSecurityException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } } }
public void execute(WSHandler handler, SecurityActionToken actionToken, RequestData reqData) throws WSSecurityException { // // add the Timestamp to the SOAP Envelope // WSSecTimestamp timeStampBuilder = new WSSecTimestamp(reqData.getSecHeader()); timeStampBuilder.setIdAllocator(reqData.getWssConfig().getIdAllocator()); timeStampBuilder.setPrecisionInMilliSeconds(reqData.isPrecisionInMilliSeconds()); timeStampBuilder.setTimeToLive(reqData.getTimeStampTTL()); timeStampBuilder.setWsTimeSource(reqData.getWssConfig().getCurrentTime()); timeStampBuilder.setWsDocInfo(reqData.getWsDocInfo()); timeStampBuilder.setExpandXopInclude(reqData.isExpandXopInclude()); timeStampBuilder.build(); } }
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader); dkEncr.setEncryptionSerializer(new StaxSerializer()); dkEncr.setIdAllocator(wssConfig.getIdAllocator()); dkEncr.setCallbackLookup(callbackLookup); dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader); dkEncr.setEncryptionSerializer(new StaxSerializer()); dkEncr.setIdAllocator(wssConfig.getIdAllocator()); dkEncr.setCallbackLookup(callbackLookup); dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException { WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader); encrKey.setIdAllocator(wssConfig.getIdAllocator()); encrKey.setCallbackLookup(callbackLookup); encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); ((X509Security)bstToken).setX509Certificate(encCert); bstToken.addWSUNamespace(); bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert)); WSSecurityUtil.prependChildElement( secHeader.getSecurityHeaderElement(), bstToken.getElement()
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException { WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader); encrKey.setIdAllocator(wssConfig.getIdAllocator()); encrKey.setCallbackLookup(callbackLookup); encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); ((X509Security)bstToken).setX509Certificate(encCert); bstToken.addWSUNamespace(); bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert)); WSSecurityUtil.prependChildElement( secHeader.getSecurityHeaderElement(), bstToken.getElement()
protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) { assertToken(token); if (!isTokenRequired(token.getIncludeTokenType())) { return null; } String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); if (!StringUtils.isEmpty(userName)) { WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader); utBuilder.setIdAllocator(wssConfig.getIdAllocator()); utBuilder.setWsTimeSource(wssConfig.getCurrentTime()); String password = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN); } if (!StringUtils.isEmpty(password)) { // If the password is available then build the token utBuilder.setUserInfo(userName, password); utBuilder.addDerivedKey(useMac, null, 1000); utBuilder.prepare(); } else { unassertPolicy(token, "No password available"); return null; } return utBuilder; } unassertPolicy(token, "No username available"); return null; }
@Override public SecurityToken requestSecurityToken() throws Exception { KerberosSecurity bst = new KerberosSecurity(DOMUtils.createDocument()); bst.setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); bst.setToken(token); bst.addWSUNamespace(); bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst)); SecurityToken securityToken = new SecurityToken(bst.getID()); securityToken.setToken(bst.getElement()); securityToken.setWsuId(bst.getID()); securityToken.setData(bst.getToken()); String sha1 = Base64.encode(KeyUtils.generateDigest(bst.getToken())); securityToken.setSHA1(sha1); securityToken.setTokenType(bst.getValueType()); return securityToken; }
protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) { assertToken(token); if (!isTokenRequired(token.getIncludeTokenType())) { return null; } String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message); if (!StringUtils.isEmpty(userName)) { WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader); utBuilder.setIdAllocator(wssConfig.getIdAllocator()); utBuilder.setWsTimeSource(wssConfig.getCurrentTime()); String password = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN); } if (!StringUtils.isEmpty(password)) { // If the password is available then build the token utBuilder.setUserInfo(userName, password); utBuilder.addDerivedKey(useMac, null, 1000); utBuilder.prepare(); } else { unassertPolicy(token, "No password available"); return null; } return utBuilder; } unassertPolicy(token, "No username available"); return null; }
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) { client.setTrust(NegotiationUtils.getTrust10(aim)); client.setTrust(NegotiationUtils.getTrust13(aim)); Policy p = new Policy(); ExactlyOne ea = new ExactlyOne(); p.addPolicyComponent(ea); All all = new All(); all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false)); ea.addPolicyComponent(all); client.setPolicy(p); client.setSoap11(message.getVersion() == Soap11.getInstance()); client.setSpnego(true); WSSConfig config = WSSConfig.getNewInstance(); String context = config.getIdAllocator().createSecureId("_", null); client.setContext(context); String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString(); client.setLocation(s); AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim); if (suite != null) { client.setAlgorithmSuite(suite); int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength(); if (x < 256) { client.setKeySize(x); } } Map<String, Object> ctx = client.getRequestContext(); mapSecurityProps(message, ctx); return s; }
static String setupClient(STSClient client, SoapMessage message, AssertionInfoMap aim) { client.setTrust(NegotiationUtils.getTrust10(aim)); client.setTrust(NegotiationUtils.getTrust13(aim)); Policy p = new Policy(); ExactlyOne ea = new ExactlyOne(); p.addPolicyComponent(ea); All all = new All(); all.addPolicyComponent(NegotiationUtils.getAddressingPolicy(aim, false)); ea.addPolicyComponent(all); client.setPolicy(p); client.setSoap11(message.getVersion() == Soap11.getInstance()); client.setSpnego(true); WSSConfig config = WSSConfig.getNewInstance(); String context = config.getIdAllocator().createSecureId("_", null); client.setContext(context); String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString(); client.setLocation(s); AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim); if (suite != null) { client.setAlgorithmSuite(suite); int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength(); if (x < 256) { client.setKeySize(x); } } Map<String, Object> ctx = client.getRequestContext(); mapSecurityProps(message, ctx); return s; }
public void execute(WSHandler handler, SecurityActionToken actionToken, RequestData reqData) throws WSSecurityException { WSSecSAMLToken builder = new WSSecSAMLToken(reqData.getSecHeader()); builder.setIdAllocator(reqData.getWssConfig().getIdAllocator()); builder.setWsDocInfo(reqData.getWsDocInfo()); builder.setExpandXopInclude(reqData.isExpandXopInclude());