/** * Store a token element for later retrieval. Before storing the token, we check for a * previously processed token with the same (wsu/SAML) Id. * @param element is the token element to store */ public void addTokenElement(Element element) throws WSSecurityException { addTokenElement(element, true); }
public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo) throws WSSecurityException { verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN)); }
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
/** * Creates a Username token. * * The method prepares and initializes a WSSec UsernameToken structure after * the relevant information was set. A Before calling * <code>prepare()</code> all parameters such as user, password, * passwordType etc. must be set. A complete <code>UsernameToken</code> is * constructed. */ public void prepare() { ut = new UsernameToken(precisionInMilliSeconds, getDocument(), wsTimeSource, passwordType); ut.setPasswordsAreEncoded(passwordsAreEncoded); ut.setName(user); if (useDerivedKey) { saltValue = ut.addSalt(getDocument(), saltValue, useMac); ut.addIteration(getDocument(), iteration); } else { ut.setPassword(password); } if (nonce) { ut.addNonce(getDocument()); } if (created) { ut.addCreated(precisionInMilliSeconds, wsTimeSource, getDocument()); } ut.setID(getIdAllocator().createId("UsernameToken-", ut)); }
public void prepare(Crypto crypto) throws WSSecurityException { if (sct == null) { if (identifier != null) { sct = new SecurityContextToken(wscVersion, doc, identifier); } else { sct = new SecurityContextToken(wscVersion, doc); identifier = sct.getIdentifier(); } } // The wsu:Id of the wsc:SecurityContextToken if (sctId == null) { sctId = getWsConfig().getIdAllocator().createId("sctId-", sct); } sct.setID(sctId); }
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults) throws WSSecurityException { if (signedResults != null) { for (WSSecurityEngineResult signedResult : signedResults) { @SuppressWarnings("unchecked") List<WSDataRef> dataRefs = (List<WSDataRef>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) { return; } } } } } throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_CHECK, "elementNotSigned", new Object[] {elem}); }
private void handleXopInclude(Element element, WSDocInfo wsDocInfo) { Map<Integer, List<WSSecurityEngineResult>> actionResults = wsDocInfo.getActionResults(); if (actionResults != null && actionResults.containsKey(WSConstants.BST)) { for (WSSecurityEngineResult result : actionResults.get(WSConstants.BST)) { Element token = (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); if (element.equals(token)) { BinarySecurity binarySecurity = (BinarySecurity)result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); binarySecurity.encodeRawToken(); return; } } } }
/** * Creates a SignatureConfimation element. * * The method prepares and initializes a WSSec SignatureConfirmation structure after * the relevant information was set. Before calling <code>prepare()</code> the * filed <code>signatureValue</code> must be set */ public void prepare() { sc = new SignatureConfirmation(getDocument(), signatureValue); sc.setID(getIdAllocator().createId("SC-", sc)); }
/** * Creates a Timestamp element. * * The method prepares and initializes a WSSec Timestamp structure after the * relevant information was set. Before calling <code>prepare()</code> the * parameter such as <code>timeToLive</code> can be set if the default * value is not suitable. */ public void prepare() { ts = new Timestamp(precisionInMilliSeconds, getDocument(), wsTimeSource, timeToLive); String tsId = getIdAllocator().createId("TS-", ts); ts.setID(tsId); }
/** * Set all stored tokens on the DOMCryptoContext argument * @param context */ public void setTokensOnContext(DOMCryptoContext context) { if (!tokens.isEmpty() && context != null) { for (Map.Entry<String, TokenValue> entry : tokens.entrySet()) { TokenValue tokenValue = entry.getValue(); context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(), tokenValue.getIdName()); } } }
public static String getSOAPNamespace(Element startElement) { return getSOAPConstants(startElement).getEnvelopeURI(); }
public static SOAPConstants getSOAPConstants(Element startElement) { Document doc = startElement.getOwnerDocument(); String ns = doc.getDocumentElement().getNamespaceURI(); if (WSConstants.URI_SOAP12_ENV.equals(ns)) { return new SOAP12Constants(); } return new SOAP11Constants(); }
private Element findMatchingExpandedElement(Element element) { Element matchingElement = null; if (element.hasAttributeNS(WSConstants.WSU_NS, "Id")) { String id = element.getAttributeNS(WSConstants.WSU_NS, "Id"); matchingElement = wsDocInfo.getTokenElement(id); } if (matchingElement == null && element.hasAttributeNS(null, "Id")) { String id = element.getAttributeNS(null, "Id"); matchingElement = wsDocInfo.getTokenElement(id); } // Check the Elements are the same if (matchingElement != null && matchingElement.getNamespaceURI().equals(element.getNamespaceURI()) && matchingElement.getLocalName().equals(element.getLocalName())) { return matchingElement; } return null; }
/** * Get a token Element for the given Id. The Id can be either a wsu:Id or a * SAML AssertionID/ID. * @param uri is the (relative) uri of the id * @return the token element or null if nothing found */ public Element getTokenElement(String uri) { String id = XMLUtils.getIDFromReference(uri); if (id == null) { return null; } TokenValue token = tokens.get(id); if (token != null) { return token.getToken(); } return null; }
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
public void setTokenOnContext(String uri, DOMCryptoContext context) { String id = XMLUtils.getIDFromReference(uri); if (id == null || context == null) { return; } TokenValue tokenValue = tokens.get(id); if (tokenValue != null) { context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(), tokenValue.getIdName()); } }
/** * Return true if a token was signed, false otherwise. */ private boolean isTokenSigned(Element token, List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement() || isEncryptedTokenSigned(token, dataRef, encryptedResults)) { return true; } } } return false; }
/** * Return true if a token was signed, false otherwise. */ private boolean isTokenSigned(Element token, List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement() || isEncryptedTokenSigned(token, dataRef, encryptedResults)) { return true; } } } return false; }