private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); PublicKey publickey = (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); X509Certificate cert = (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); return resultPriority == WSConstants.BST && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) || resultPriority == WSConstants.SIGN && publickey == null && cert == null; }
private boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); PublicKey publickey = (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); X509Certificate cert = (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); return resultPriority == WSConstants.BST && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) || resultPriority == WSConstants.SIGN && publickey == null && cert == null; }
protected boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); return resultPriority == WSConstants.BST && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity); }
protected boolean skipResult(Integer resultPriority, WSSecurityEngineResult result) { Object binarySecurity = result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); return resultPriority == WSConstants.BST && (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity); }
private List<WSSecurityEngineResult> findKerberosResults(List<WSSecurityEngineResult> bstResults) { List<WSSecurityEngineResult> results = new ArrayList<>(); if (bstResults != null) { for (WSSecurityEngineResult wser : bstResults) { BinarySecurity binarySecurity = (BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); if (binarySecurity instanceof KerberosSecurity) { results.add(wser); } } } return results; }
private List<WSSecurityEngineResult> findKerberosResults(List<WSSecurityEngineResult> bstResults) { List<WSSecurityEngineResult> results = new ArrayList<>(); if (bstResults != null) { for (WSSecurityEngineResult wser : bstResults) { BinarySecurity binarySecurity = (BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); if (binarySecurity instanceof KerberosSecurity) { results.add(wser); } } } return results; }
/** * Get a security result representing a Derived Key that has a secret key that * matches the parameter. */ private WSSecurityEngineResult getMatchingDerivedKey(byte[] secret, WSHandlerResult results) { for (WSSecurityEngineResult wser : results.getActionResults().get(WSConstants.DKT)) { byte[] dktSecret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); if (Arrays.equals(secret, dktSecret)) { return wser; } } return null; }
private boolean validateStrictSignatureTokenPlacement(List<WSSecurityEngineResult> results) { // Go through each Signature and check that the Signing Token appears before the Signature for (int i = 0; i < results.size(); i++) { WSSecurityEngineResult result = results.get(i); Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (actInt == WSConstants.SIGN) { int correspondingIndex = findCorrespondingTokenIndex(result, results); if (correspondingIndex > 0 && correspondingIndex < i) { return false; } } } return true; }
/** * Get a security result representing a Derived Key that has a secret key that * matches the parameter. */ private WSSecurityEngineResult getMatchingDerivedKey(byte[] secret, WSHandlerResult results) { for (WSSecurityEngineResult wser : results.getActionResults().get(WSConstants.DKT)) { byte[] dktSecret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); if (Arrays.equals(secret, dktSecret)) { return wser; } } return null; }
private boolean validateStrictSignatureTokenPlacement(List<WSSecurityEngineResult> results) { // Go through each Signature and check that the Signing Token appears before the Signature for (int i = 0; i < results.size(); i++) { WSSecurityEngineResult result = results.get(i); Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (actInt == WSConstants.SIGN) { int correspondingIndex = findCorrespondingTokenIndex(result, results); if (correspondingIndex > 0 && correspondingIndex < i) { return false; } } } return true; }
private void handleXopInclude(Element element, WSDocInfo wsDocInfo) { Map<Integer, List<WSSecurityEngineResult>> actionResults = wsDocInfo.getActionResults(); if (actionResults != null && actionResults.containsKey(WSConstants.BST)) { for (WSSecurityEngineResult result : actionResults.get(WSConstants.BST)) { Element token = (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); if (element.equals(token)) { BinarySecurity binarySecurity = (BinarySecurity)result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); binarySecurity.encodeRawToken(); return; } } } }
public void handleMessage(SoapMessage message) throws Fault { List<WSHandlerResult> results = CastUtils.cast((List<?>) message .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult wshr : results) { for (WSSecurityEngineResult wsser : wshr.getResults()) { PublicKey publicKey = wsser .get(WSSecurityEngineResult.TAG_PUBLIC_KEY); } } }
@PayloadRoot(localPart = "ValidateUserRequest", namespace = GET_TARGET_NAMESPACE) public @ResponsePayload ValidateUserResponse validateUser(@RequestPayload ValidateUserRequest request, MessageContext messageContext) throws WSSecurityException, CertificateException { List<WSHandlerResult> handlerResults = (List<WSHandlerResult>) messageContext.getProperty(WSHandlerConstants.RECV_RESULTS); WSHandlerResult rResult = handlerResults.get(0); List<WSSecurityEngineResult> results = rResult.getResults(); WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN); X509Certificate returnCert = null; if (actionResult != null) { returnCert = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); } // do stuff with the certificate and return values }
private boolean validatePolicy( AssertionInfo ai, AlgorithmSuite algorithmPolicy, List<WSSecurityEngineResult> results ) { for (WSSecurityEngineResult result : results) { Integer action = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (WSConstants.SIGN == action && !checkSignatureAlgorithms(result, algorithmPolicy, ai)) { return false; } else if (WSConstants.ENCR == action && !checkEncryptionAlgorithms(result, algorithmPolicy, ai)) { return false; } } return true; }
private boolean validatePolicy( AssertionInfo ai, AlgorithmSuite algorithmPolicy, List<WSSecurityEngineResult> results ) { for (WSSecurityEngineResult result : results) { Integer action = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (WSConstants.SIGN == action && !checkSignatureAlgorithms(result, algorithmPolicy, ai)) { return false; } else if (WSConstants.ENCR == action && !checkEncryptionAlgorithms(result, algorithmPolicy, ai)) { return false; } } return true; }
/** * Get a security result representing an EncryptedKey that matches the parameter. */ private WSSecurityEngineResult getMatchingEncryptedKey(X509Certificate cert, WSHandlerResult results) { if (results.getActionResults().containsKey(WSConstants.ENCR)) { for (WSSecurityEngineResult wser : results.getActionResults().get(WSConstants.ENCR)) { X509Certificate encrCert = (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); if (cert.equals(encrCert)) { return wser; } } } return null; }
private SecurityToken getEncryptedKey() { WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); if (encryptedKeyResult != null) { // Store it in the cache Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); return securityToken; } return null; }
private SecurityToken getEncryptedKey() { WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); if (encryptedKeyResult != null) { // Store it in the cache Instant created = Instant.now(); Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); return securityToken; } return null; }
protected WSSecurityEngineResult getEncryptedKeyResult() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> encryptedResults = rResult.getActionResults().get(WSConstants.ENCR); if (encryptedResults != null) { for (WSSecurityEngineResult wser : encryptedResults) { String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (encryptedKeyID != null && encryptedKeyID.length() != 0) { return wser; } } } } return null; }
protected WSSecurityEngineResult getEncryptedKeyResult() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> encryptedResults = rResult.getActionResults().get(WSConstants.ENCR); if (encryptedResults != null) { for (WSSecurityEngineResult wser : encryptedResults) { String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (encryptedKeyID != null && encryptedKeyID.length() != 0) { return wser; } } } } return null; }