Refine search
Credential credential = new Credential(); credential.setBinarySecurityToken(token); credential.setCertificates(certs); result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey()); if (returnedCredential.getTransformedToken() != null) { result.put( WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN, returnedCredential.getTransformedToken() ); if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else { SAMLTokenPrincipalImpl samlPrincipal = new SAMLTokenPrincipalImpl(credential.getTransformedToken()); result.put(WSSecurityEngineResult.TAG_PRINCIPAL, samlPrincipal); } else if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else if (certs != null && certs[0] != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, certs[0].getSubjectX500Principal()); result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject()); if (credential.getDelegationCredential() != null) { result.put(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL, credential.getDelegationCredential());
protected boolean isValidatedLocally(Credential credential, RequestData data) throws WSSecurityException { if (!alwaysValidateToSts && credential.getSamlAssertion() != null) { try { samlValidator.validate(credential, data); return samlValidator.isTrustVerificationSucceeded(); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "invalidSAMLsecurity"); } } return false; }
public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey, Collection<Pattern> subjectCertConstraints) throws WSSecurityException { SignatureTrustValidator validator = new SignatureTrustValidator(); RequestData data = new RequestData(); data.setSigVerCrypto(crypto); data.setSubjectCertConstraints(subjectCertConstraints); Credential trustCredential = new Credential(); trustCredential.setPublicKey(publicKey); if (cert != null) { trustCredential.setCertificates(new X509Certificate[]{cert}); } validator.validate(trustCredential, data); } }
public static Urlshortener newUrlshortener() { Credential credential = new Credential(); credential.setAccessToken("{accessToken}"); return new Urlshortener.Builder(new UrlFetchTransport(), new JacksonFactory(), credential) .build(); }
public Credential handleSAMLToken( SamlAssertionWrapper samlAssertion, RequestData data, Validator validator ) throws WSSecurityException { // Parse the subject if it exists samlAssertion.parseSubject( new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler() ); // Now delegate the rest of the verification to the Validator Credential credential = new Credential(); credential.setSamlAssertion(samlAssertion); if (validator != null) { return validator.validate(credential, data); } return credential; }
REFERENCE_TYPE referenceType = null; Credential credential = new Credential(); Validator validator = data.getValidator(WSConstants.SIGNATURE); if (keyInfoElement == null) { certs = getDefaultCerts(data.getSigVerCrypto()); principal = certs[0].getSubjectX500Principal(); } else { int result = 0; Node node = keyInfoElement.getFirstChild(); Element child = null; while (node != null) { data.getBSPEnforcer().handleBSPRule(BSPRule.R5402); credential.setPublicKey(publicKey); principal = new PublicKeyPrincipalImpl(publicKey); credential.setPrincipal(principal); credential = validator.validate(credential, data); credential.setPublicKey(publicKey); credential.setCertificates(certs); credential.setPrincipal(principal); credential = validator.validate(credential, data); result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE); if (credential != null) { result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject());
RequestData requestData = new RequestData(); requestData.setSigVerCrypto(crypto); requestData.setWssConfig(WSSConfig.getNewInstance()); requestData.setCallbackHandler(callbackHandler); requestData.setMsgContext(tokenParameters.getMessageContext()); binarySecurity.getElement().appendChild(textNode); } else if (validateTarget.isDOMElement()) { try { Credential credential = new Credential(); credential.setBinarySecurityToken(binarySecurity); if (crypto != null) { X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(crypto); credential.setCertificates(new X509Certificate[]{cert}); Principal principal = returnedCredential.getPrincipal(); if (principal == null) { principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName())); samlAssertion = credential.getSamlAssertion(); if (LOG.isDebugEnabled()) { LOG.debug("SAML Assertion issuer " + samlAssertion.getIssuerString()); if (credential.getTransformedToken() != null) { result.put( WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN, credential.getTransformedToken() ); if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else { SAMLTokenPrincipalImpl samlPrincipal = new SAMLTokenPrincipalImpl(credential.getTransformedToken()); result.put(WSSecurityEngineResult.TAG_PRINCIPAL, samlPrincipal); } else if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, new SAMLTokenPrincipalImpl(samlAssertion)); result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject()); data.getWsDocInfo().addResult(result);
data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName())); if (validator != null) { Credential credential = new Credential(); credential.setSecurityContextToken(sct); result.put(WSSecurityEngineResult.TAG_ID, tokenId); result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey()); } else { String id = sct.getID(); secret = getSecret(data.getCallbackHandler(), sct.getIdentifier()); } catch (WSSecurityException ex) { secret = getSecret(data.getCallbackHandler(), id);
protected void validateToken(Message message, SamlAssertionWrapper assertion) { try { RequestData data = new RequestData(); if (assertion.isSigned()) { WSSConfig cfg = WSSConfig.getNewInstance(); data.setWssConfig(cfg); data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass())); try { data.setSigVerCrypto(new CryptoLoader().getCrypto(message, WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument()); data.setWsDocInfo(docInfo); KeyInfo keyInfo = sig.getKeyInfo(); Credential credential = new Credential(); credential.setSamlAssertion(assertion); samlValidator.validate(credential, data);
CallbackHandler callbackHandler = stsProperties.getCallbackHandler(); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig); requestData.setCallbackHandler(callbackHandler); requestData.setMsgContext(tokenParameters.getMessageContext()); ); marshaller.marshal(tokenType, rootElement); usernameTokenElement = (Element)rootElement.getFirstChild(); } catch (JAXBException ex) { LOG.log(Level.WARNING, "", ex); Credential credential = new Credential(); credential.setUsernametoken(ut); credential = validator.validate(credential, requestData); principal = credential.getPrincipal(); if (credential.getSubject() != null && roleParser != null) { roleParser.parseRolesFromSubject(principal, credential.getSubject()); response.setRoles(roles);
RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig); requestData.setCallbackHandler(callbackHandler); requestData.setMsgContext(tokenParameters.getMessageContext()); requestData.setSubjectCertConstraints(certConstraints.getCompiledSubjectContraints()); requestData.setWsDocInfo(new WSDocInfo(validateTargetElement.getOwnerDocument())); Credential trustCredential = new Credential(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); principal = trustCredential.getPrincipal(); if (trustCredential.getCertificates() != null) { cert = trustCredential.getCertificates()[0];
@Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); String text = attributeValueElement.getTextContent(); if ("authenticated-client".equals(text)) { authenticatedClient = true;
boolean signedResponse ) throws WSSecurityException { Credential credential = new Credential(); credential.setSamlAssertion(assertion); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig); requestData.setCallbackHandler(callbackHandler); assertion.getSaml1().getDOM().setIdAttributeNS(null, "AssertionID", true); } else { assertion.getSaml2().getDOM().setIdAttributeNS(null, "ID", true); WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument()); requestData.setWsDocInfo(docInfo); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); assertionValidator.validate(credential, requestData); } catch (WSSecurityException ex) { LOG.log(Level.FINE, "Assertion validation failed: " + ex.getMessage(), ex); throw ex;
Crypto sigCrypto ) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig); if (keyInfo != null) { try { Document doc = signature.getDOM().getOwnerDocument(); samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( ); } catch (WSSecurityException ex) { LOG.debug("Error in getting KeyInfo from SAML AuthnRequest: {}", ex.getMessage(), ex); throw ex; throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); Credential trustCredential = new Credential(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); signatureValidator.validate(trustCredential, requestData); } catch (WSSecurityException e) { LOG.debug("Error in validating signature on SAML AuthnRequest: {}", e.getMessage(), e); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
LOG.debug("Found UsernameToken list element"); Validator validator = data.getValidator(WSConstants.USERNAME_TOKEN); Credential credential = handleUsernameToken(elem, validator, data); UsernameToken token = credential.getUsernametoken(); if (credential.getTransformedToken() != null) { result.put( WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN, credential.getTransformedToken() ); if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else { SAMLTokenPrincipalImpl samlPrincipal = new SAMLTokenPrincipalImpl(credential.getTransformedToken()); result.put(WSSecurityEngineResult.TAG_PRINCIPAL, samlPrincipal); } else if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); } else { WSUsernameTokenPrincipalImpl principal = result.put(WSSecurityEngineResult.TAG_PRINCIPAL, principal); result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject());
CallbackHandler callbackHandler ) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setSigVerCrypto(sigCrypto); WSSConfig wssConfig = WSSConfig.getNewInstance(); requestData.setWssConfig(wssConfig); requestData.setCallbackHandler(callbackHandler); requestData.setWsDocInfo(new WSDocInfo(doc)); ); } catch (WSSecurityException ex) { LOG.log(Level.FINE, "Error in getting KeyInfo from SAML Response: " + ex.getMessage(), ex); throw ex; throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); Credential trustCredential = new Credential(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); LOG.log(Level.FINE, "Error in validating signature on SAML Response: " + e.getMessage(), e); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
Credential credential = new Credential(); credential.setUsernametoken(token); RequestData data = new RequestData(); Message message = PhaseInterceptorChain.getCurrentMessage(); if (message != null) { message.put(SecurityConstants.STS_CLIENT, stsClient); data.setMsgContext(message); } else { TokenStore tokenStore = configureTokenStore();
/** Verifies the trust of a certificate. * @param result*/ protected void verifyCertificateTrust(WSHandlerResult result) throws WSSecurityException { List<WSSecurityEngineResult> results = result.getActionResults().get(WSConstants.SIGN); if (!CollectionUtils.isEmpty(results)) { WSSecurityEngineResult actionResult = results.get(0); X509Certificate returnCert = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); Credential credential = new Credential(); credential.setCertificates(new X509Certificate[] { returnCert}); RequestData requestData = new RequestData(); requestData.setSigVerCrypto(validationSignatureCrypto); requestData.setEnableRevocation(enableRevocation); SignatureTrustValidator validator = new SignatureTrustValidator(); validator.validate(credential, requestData); } }
/** Verifies the timestamp. * @param result*/ protected void verifyTimestamp(WSHandlerResult result) throws WSSecurityException { List<WSSecurityEngineResult> results = result.getActionResults().get(WSConstants.TS); if (!CollectionUtils.isEmpty(results)) { WSSecurityEngineResult actionResult = results.get(0); Timestamp timestamp = (Timestamp) actionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP); if (timestamp != null && timestampStrict) { Credential credential = new Credential(); credential.setTimestamp(timestamp); RequestData requestData = new RequestData(); requestData.setWssConfig(WSSConfig.getNewInstance()); requestData.setTimeStampTTL(validationTimeToLive); requestData.setTimeStampStrict(timestampStrict); requestData.setTimeStampFutureTTL(futureTimeToLive); TimestampValidator validator = new TimestampValidator(); validator.validate(credential, requestData); } } }