/** * Do whatever is necessary to determine the action for the incoming message and * do whatever other setup work is necessary. * * @param msg * @param reqData */ protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException { // // Try to get Crypto Provider from message context properties. // It gives a possibility to use external Crypto Provider // Crypto encCrypto = (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, msg); if (encCrypto != null) { reqData.setDecCrypto(encCrypto); } Crypto sigCrypto = (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, msg); if (sigCrypto != null) { reqData.setSigVerCrypto(sigCrypto); } }
/** * Do whatever is necessary to determine the action for the incoming message and * do whatever other setup work is necessary. * * @param msg * @param reqData */ protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException { // // Try to get Crypto Provider from message context properties. // It gives a possibility to use external Crypto Provider // Crypto encCrypto = (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, msg); if (encCrypto != null) { reqData.setDecCrypto(encCrypto); } Crypto sigCrypto = (Crypto)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, msg); if (sigCrypto != null) { reqData.setSigVerCrypto(sigCrypto); } }
/** Verifies the trust of a certificate. * @param result*/ protected void verifyCertificateTrust(WSHandlerResult result) throws WSSecurityException { List<WSSecurityEngineResult> results = result.getActionResults().get(WSConstants.SIGN); if (!CollectionUtils.isEmpty(results)) { WSSecurityEngineResult actionResult = results.get(0); X509Certificate returnCert = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); Credential credential = new Credential(); credential.setCertificates(new X509Certificate[] { returnCert}); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setEnableRevocation(enableRevocation); SignatureTrustValidator validator = new SignatureTrustValidator(); validator.validate(credential, requestData); } }
/** Verifies the trust of a certificate. * @param result*/ protected void verifyCertificateTrust(WSHandlerResult result) throws WSSecurityException { List<WSSecurityEngineResult> results = result.getActionResults().get(WSConstants.SIGN); if (!CollectionUtils.isEmpty(results)) { WSSecurityEngineResult actionResult = results.get(0); X509Certificate returnCert = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); Credential credential = new Credential(); credential.setCertificates(new X509Certificate[] { returnCert}); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setEnableRevocation(enableRevocation); SignatureTrustValidator validator = new SignatureTrustValidator(); validator.validate(credential, requestData); } }
/** Verifies the trust of a certificate. * @param result*/ protected void verifyCertificateTrust(WSHandlerResult result) throws WSSecurityException { List<WSSecurityEngineResult> results = result.getActionResults().get(WSConstants.SIGN); if (!CollectionUtils.isEmpty(results)) { WSSecurityEngineResult actionResult = results.get(0); X509Certificate returnCert = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); Credential credential = new Credential(); credential.setCertificates(new X509Certificate[] { returnCert}); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setEnableRevocation(enableRevocation); SignatureTrustValidator validator = new SignatureTrustValidator(); validator.validate(credential, requestData); } }
public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey, Collection<Pattern> subjectCertConstraints) throws WSSecurityException { SignatureTrustValidator validator = new SignatureTrustValidator(); RequestData data = new RequestData(); data.setSigVerCrypto(crypto); data.setSubjectCertConstraints(subjectCertConstraints); Credential trustCredential = new Credential(); trustCredential.setPublicKey(publicKey); if (cert != null) { trustCredential.setCertificates(new X509Certificate[]{cert}); } validator.validate(trustCredential, data); } }
public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey, Collection<Pattern> subjectCertConstraints) throws WSSecurityException { SignatureTrustValidator validator = new SignatureTrustValidator(); RequestData data = new RequestData(); data.setSigVerCrypto(crypto); data.setSubjectCertConstraints(subjectCertConstraints); Credential trustCredential = new Credential(); trustCredential.setPublicKey(publicKey); if (cert != null) { trustCredential.setCertificates(new X509Certificate[]{cert}); } validator.validate(trustCredential, data); } }
private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) throws WSSecurityException { RequestData data = new CXFRequestData(); Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); try { data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); data.setSigVerCrypto(getCrypto(null, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES, message)); WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); data.setWsDocInfo(wsDocInfo); SAMLTokenProcessor p = new SAMLTokenProcessor(); return p.handleToken(tokenElement, data); }
private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) throws WSSecurityException { RequestData data = new CXFRequestData(); Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); try { data.setCallbackHandler(SecurityUtils.getCallbackHandler(o)); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } data.setMsgContext(message); data.setWssConfig(WSSConfig.getNewInstance()); data.setSigVerCrypto(getCrypto(null, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES, message)); WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); data.setWsDocInfo(wsDocInfo); SAMLTokenProcessor p = new SAMLTokenProcessor(); return p.handleToken(tokenElement, data); }
/** * Creates and initializes a request data for the given message context. * * @param messageContext the message context * @return the request data */ protected RequestData initializeValidationRequestData(MessageContext messageContext) { RequestData requestData = new RequestData(); requestData.setMsgContext(messageContext); requestData.setWssConfig(wssConfig); requestData.setDecCrypto(validationDecryptionCrypto); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setCallbackHandler(validationCallbackHandler); messageContext.setProperty(WSHandlerConstants.TTL_TIMESTAMP, Integer.toString(validationTimeToLive)); requestData.setAllowRSA15KeyTransportAlgorithm(allowRSA15KeyTransportAlgorithm); requestData.setDisableBSPEnforcement(!bspCompliant); if (requestData.getBSPEnforcer() != null) { requestData.getBSPEnforcer().setDisableBSPRules(!bspCompliant); } // allow for qualified password types for .Net interoperability requestData.setAllowNamespaceQualifiedPasswordTypes(true); return requestData; }
/** * Creates and initializes a request data for the given message context. * * @param messageContext the message context * @return the request data */ protected RequestData initializeValidationRequestData(MessageContext messageContext) { RequestData requestData = new RequestData(); requestData.setMsgContext(messageContext); requestData.setWssConfig(wssConfig); requestData.setDecCrypto(validationDecryptionCrypto); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setCallbackHandler(validationCallbackHandler); messageContext.setProperty(WSHandlerConstants.TTL_TIMESTAMP, Integer.toString(validationTimeToLive)); requestData.setAllowRSA15KeyTransportAlgorithm(allowRSA15KeyTransportAlgorithm); requestData.setDisableBSPEnforcement(!bspCompliant); if (requestData.getBSPEnforcer() != null) { requestData.getBSPEnforcer().setDisableBSPRules(!bspCompliant); } // allow for qualified password types for .Net interoperability requestData.setAllowNamespaceQualifiedPasswordTypes(true); return requestData; }
/** * Creates and initializes a request data for the given message context. * * @param messageContext the message context * @return the request data */ protected RequestData initializeValidationRequestData(MessageContext messageContext) { RequestData requestData = new RequestData(); requestData.setMsgContext(messageContext); requestData.setWssConfig(wssConfig); requestData.setDecCrypto(validationDecryptionCrypto); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setCallbackHandler(validationCallbackHandler); messageContext.setProperty(WSHandlerConstants.TTL_TIMESTAMP, Integer.toString(validationTimeToLive)); requestData.setAllowRSA15KeyTransportAlgorithm(allowRSA15KeyTransportAlgorithm); requestData.setDisableBSPEnforcement(!bspCompliant); if (requestData.getBSPEnforcer() != null) { requestData.getBSPEnforcer().setDisableBSPRules(!bspCompliant); } // allow for qualified password types for .Net interoperability requestData.setAllowNamespaceQualifiedPasswordTypes(true); return requestData; }
) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig);
) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig);
throws WSSecurityException { if (reqData.getSigVerCrypto() == null) { reqData.setSigVerCrypto(loadSignatureVerificationCrypto(reqData)); reqData.setSigVerCrypto(loadSignatureCrypto(reqData));
data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass())); try { data.setSigVerCrypto(new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES));
data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass())); try { data.setSigVerCrypto(new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES));
data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass())); try { data.setSigVerCrypto(new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES));
reqData.setSigVerCrypto(certManager.getWSS4JCrypto(org.holodeckb2b.security.Action.VERIFY)); reqData.setEnableRevocation(false); wssConfig.setEnableSignatureConfirmation(false);
public void validateSignature(Signature signature, Document doc) throws SignatureException { RequestData requestData = new RequestData(); requestData.setWsDocInfo(new WSDocInfo(doc)); requestData.setSigVerCrypto(crypto.getSignatureCrypto()); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig);