@Override protected void verifyDigestPassword( org.apache.wss4j.dom.message.token.UsernameToken usernameToken, RequestData data ) throws WSSecurityException { if (!supportDigestPasswords) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } String user = usernameToken.getName(); String password = usernameToken.getPassword(); boolean isHashed = usernameToken.isHashed(); String nonce = usernameToken.getNonce(); String createdTime = usernameToken.getCreated(); AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject( user, password, isHashed, nonce, createdTime ); }
protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement, boolean bspCompliant) throws WSSecurityException, Base64DecodingException { BSPEnforcer bspEnforcer = new org.apache.wss4j.common.bsp.BSPEnforcer(!bspCompliant); org.apache.wss4j.dom.message.token.UsernameToken ut = new org.apache.wss4j.dom.message.token.UsernameToken(tokenElement, false, bspEnforcer); WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed()); if (ut.getNonce() != null) { principal.setNonce(XMLUtils.decode(ut.getNonce())); } principal.setPassword(ut.getPassword()); principal.setCreatedTime(ut.getCreated()); principal.setPasswordType(ut.getPasswordType()); return principal; }
private Element convertToDOM( String username, String password, String passwordType, String id ) { Document doc = DOMUtils.getEmptyDocument(); UsernameToken usernameToken = new UsernameToken(true, doc, passwordType); usernameToken.setName(username); usernameToken.setPassword(password); usernameToken.setID(id); usernameToken.addWSSENamespace(); usernameToken.addWSUNamespace(); return usernameToken.getElement(); }
private UsernameToken createWSSEUsernameToken(String username, Document doc) { UsernameToken usernameToken = new UsernameToken(true, doc, null); usernameToken.setName(username); usernameToken.addWSUNamespace(); usernameToken.addWSSENamespace(); usernameToken.setID("id-" + username); return usernameToken; }
/** * Creates a new <code>UsernameTokenProcessingResult</code> instance to indicate that processing of the username * token part was completed successfully. * * @param target The target of the WS-Security header this username token is part of * @param wss4jToken The WSS4J token that includes result of processing the username token */ public UsernameTokenProcessingResult(final SecurityHeaderTarget target, final UsernameToken wss4jToken) { super(target); this.username = wss4jToken.getName(); this.password = wss4jToken.getPassword(); this.passwordType = WSConstants.PASSWORD_DIGEST.equals(wss4jToken.getPasswordType()) ? UTPasswordType.DIGEST : UTPasswordType.TEXT; this.nonce = wss4jToken.getNonce(); this.created = wss4jToken.getCreated(); }
requestData.isAllowNamespaceQualifiedPasswordTypes(); UsernameToken ut = new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, new BSPEnforcer()); response.setPrincipal(new CustomTokenPrincipal(ut.getName())); if (ut.getPassword() == null) { return response; int hash = ut.hashCode(); SecurityToken secToken = null; if (tokenParameters.getTokenStore() != null) { principal = createPrincipal( ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated() ); secToken = new SecurityToken(ut.getID()); secToken.setToken(ut.getElement()); int hashCode = ut.hashCode(); String identifier = Integer.toString(hashCode); secToken.setTokenHash(hashCode);
user = usernameToken.getName(); String pwType = usernameToken.getPasswordType(); LOG.debug("UsernameToken user {}", usernameToken.getName()); LOG.debug("UsernameToken password type {}", pwType); if (usernameToken.isHashed()) { LOG.warn("Authentication failed as hashed username token not supported"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); password = usernameToken.getPassword();
if (!compare(usernameToken.getName(), getName())) { return false; if (!compare(usernameToken.getPassword(), getPassword())) { return false; if (!compare(usernameToken.getPasswordType(), getPasswordType())) { return false; if (!compare(usernameToken.getNonce(), getNonce())) { return false; if (!compare(usernameToken.getCreated(), getCreated())) { return false; byte[] salt = usernameToken.getSalt(); if (!Arrays.equals(salt, getSalt())) { return false; LOG.debug(ex.getMessage(), ex); int iteration = usernameToken.getIteration(); if (iteration != getIteration()) { return false;
if (token.getPassword() == null) { action = WSConstants.UT_NOPASSWORD; if (token.isDerivedKey()) { token.setRawPassword(data.getCallbackHandler()); secretKey = token.getDerivedKey(data.getBSPEnforcer()); String tokenId = token.getID(); if (!"".equals(tokenId)) { result.put(WSSecurityEngineResult.TAG_ID, tokenId); } else { WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(token.getName(), token.isHashed()); if (token.getNonce() != null) { principal.setNonce(XMLUtils.decode(token.getNonce())); principal.setPassword(token.getPassword()); principal.setCreatedTime(token.getCreated()); principal.setPasswordType(token.getPasswordType()); result.put(WSSecurityEngineResult.TAG_PRINCIPAL, principal);
String user = usernameToken.getName(); String password = usernameToken.getPassword(); String nonce = usernameToken.getNonce(); String createdTime = usernameToken.getCreated(); String pwType = usernameToken.getPasswordType(); boolean passwordsAreEncoded = usernameToken.getPasswordsAreEncoded(); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); if (usernameToken.isHashed()) { String passDigest; if (passwordsAreEncoded) { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, XMLUtils.decode(origPassword)); } else { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
private UsernameToken convertToToken(String username, String password) throws Exception { Document doc = DOMUtils.getEmptyDocument(); UsernameToken token = new UsernameToken(false, doc, WSS4JConstants.PASSWORD_TEXT); token.setName(username); token.setPassword(password); return token; }
@Override protected void verifyPlaintextPassword( org.apache.wss4j.dom.message.token.UsernameToken usernameToken, RequestData data ) throws WSSecurityException { AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject( usernameToken.getName(), usernameToken.getPassword(), false, null, null ); }
UsernameToken ut = new UsernameToken(true, doc, WSConstants.PASSWORD_TEXT); ut.setName(user); ut.setPassword(password); ut.setID(config.getIdAllocator().createId("UsernameToken-", ut)); response.setToken(ut.getElement()); response.setTokenId(ut.getID());
/** * Creates a Username token. * * The method prepares and initializes a WSSec UsernameToken structure after * the relevant information was set. A Before calling * <code>prepare()</code> all parameters such as user, password, * passwordType etc. must be set. A complete <code>UsernameToken</code> is * constructed. */ public void prepare() { ut = new UsernameToken(precisionInMilliSeconds, getDocument(), wsTimeSource, passwordType); ut.setPasswordsAreEncoded(passwordsAreEncoded); ut.setName(user); if (useDerivedKey) { saltValue = ut.addSalt(getDocument(), saltValue, useMac); ut.addIteration(getDocument(), iteration); } else { ut.setPassword(password); } if (nonce) { ut.addNonce(getDocument()); } if (created) { ut.addCreated(precisionInMilliSeconds, wsTimeSource, getDocument()); } ut.setID(getIdAllocator().createId("UsernameToken-", ut)); }
tokenElement = credential.getUsernametoken().getElement(); hash = credential.getUsernametoken().hashCode(); } else if (credential.getBinarySecurityToken() != null) { tokenElement = credential.getBinarySecurityToken().getElement(); } else if (useIssueBinding && !useOnBehalfOf && credential.getUsernametoken() != null) { c.getProperties().put(SecurityConstants.USERNAME, credential.getUsernametoken().getName()); c.getProperties().put(SecurityConstants.PASSWORD, credential.getUsernametoken().getPassword()); returnedToken = c.requestSecurityToken(); c.getProperties().remove(SecurityConstants.USERNAME);
/** * Set the raw (plain text) password used to compute secret key. */ public void setRawPassword(CallbackHandler callbackHandler) throws WSSecurityException { if (callbackHandler == null) { LOG.debug("CallbackHandler is null"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } WSPasswordCallback pwCb = new WSPasswordCallback( getName(), getPassword(), getPasswordType(), WSPasswordCallback.USERNAME_TOKEN ); try { callbackHandler.handle(new Callback[]{pwCb}); } catch (IOException | UnsupportedCallbackException e) { LOG.debug(e.getMessage(), e); throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e ); } rawPassword = pwCb.getPassword(); }
Text node = getFirstNode(elementPassword); try { if (hashed) { if (passwordsAreEncoded) { node.setData(doPasswordDigest(getNonce(), getCreated(), org.apache.xml.security.utils.XMLUtils.decode(pwd))); } else { node.setData(doPasswordDigest(getNonce(), getCreated(), pwd));
new UsernameToken(token, allowNamespaceQualifiedPasswordTypes, data.getBSPEnforcer()); if (replayCache != null && ut.getNonce() != null) { if (replayCache.contains(ut.getNonce())) { throw new WSSecurityException( WSSecurityException.ErrorCode.INVALID_SECURITY, Instant created = ut.getCreatedDate(); if (created == null || utTTL <= 0) { replayCache.add(ut.getNonce()); } else { replayCache.add(ut.getNonce(), utTTL + 1L); if (!ut.verifyCreated(utTTL, futureTimeToLive)) { throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
final WSPasswordCallback pwCb = new WSPasswordCallback(usernameToken.getName(), null, usernameToken.getPasswordType(), WSPasswordCallback.USERNAME_TOKEN); try { data.getCallbackHandler().handle(new Callback[]{pwCb}); final String user = usernameToken.getName(); final String password = pwCb.getPassword(); final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
@Override protected void verifyUnknownPassword( org.apache.wss4j.dom.message.token.UsernameToken usernameToken, RequestData data ) throws WSSecurityException { AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject( usernameToken.getName(), null, false, null, null ); }