/** * Checks the <code>element</code> and creates appropriate binary security object. * * @param element The XML element that contains either a <code>BinarySecurityToken * </code> or a <code>PKIPath</code> element. * @param config A WSSConfig instance * @return a BinarySecurity token element * @throws WSSecurityException */ private BinarySecurity createSecurityToken( Element element, WSSConfig config ) throws WSSecurityException { String type = element.getAttributeNS(null, "ValueType"); BinarySecurity token = null; if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, config.isWsiBSPCompliant()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, config.isWsiBSPCompliant()); } else if (KerberosSecurity.isKerberosToken(type)) { token = new KerberosSecurity(element, config.isWsiBSPCompliant()); } else { token = new BinarySecurity(element, config.isWsiBSPCompliant()); } return token; }
/** * Checks the <code>element</code> and creates appropriate binary security object. * * @param element The XML element that contains either a <code>BinarySecurityToken * </code> or a <code>PKIPath</code> element. * @param config A WSSConfig instance * @return a BinarySecurity token element * @throws WSSecurityException */ private BinarySecurity createSecurityToken( Element element, WSSConfig config ) throws WSSecurityException { String type = element.getAttributeNS(null, "ValueType"); BinarySecurity token = null; if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, config.isWsiBSPCompliant()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, config.isWsiBSPCompliant()); } else if (KerberosSecurity.isKerberosToken(type)) { token = new KerberosSecurity(element, config.isWsiBSPCompliant()); } else { token = new BinarySecurity(element, config.isWsiBSPCompliant()); } return token; }
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
new SecurityTokenReference( (Element)securityTokenReference, wssConfig.isWsiBSPCompliant() ); Element se = STRTransformUtil.dereferenceSTR(doc, secTokenRef, wsDocInfo);
new SecurityTokenReference( (Element)securityTokenReference, wssConfig.isWsiBSPCompliant() ); Element se = STRTransformUtil.dereferenceSTR(doc, secTokenRef, wsDocInfo);
String id = sigConf.getID(); if (data.getWssConfig().isWsiBSPCompliant() && (id == null || "".equals(id))) { throw new WSSecurityException( WSSecurityException.INVALID_SECURITY,
String id = sigConf.getID(); if (data.getWssConfig().isWsiBSPCompliant() && (id == null || "".equals(id))) { throw new WSSecurityException( WSSecurityException.INVALID_SECURITY,
Timestamp timestamp = new Timestamp(elem, config.isWsiBSPCompliant()); Credential credential = new Credential(); credential.setTimestamp(timestamp);
/** * Verify the signature of this assertion * * @throws ValidationException */ public void verifySignature( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key"} ); } SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()); verifySignature(samlKeyInfo); } else { LOG.debug("AssertionWrapper: no signature to validate"); } }
/** * Verify the signature of this assertion * * @throws ValidationException */ public void verifySignature( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key"} ); } SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()); verifySignature(samlKeyInfo); } else { LOG.debug("AssertionWrapper: no signature to validate"); } }
Timestamp timestamp = new Timestamp(elem, config.isWsiBSPCompliant()); Credential credential = new Credential(); credential.setTimestamp(timestamp);
/** * We use this method to prevent the singleton behavior of WSSConfig * @return WSSConfig object with the latest settings. */ public static WSSConfig getWSSConfigInstance() { WSSConfig defaultWssConfig = WSSConfig.getNewInstance(); WSSConfig wssConfig = WSSConfig.getNewInstance(); wssConfig.setEnableSignatureConfirmation(defaultWssConfig.isEnableSignatureConfirmation()); wssConfig.setTimeStampStrict(defaultWssConfig.isTimeStampStrict()); wssConfig.setWsiBSPCompliant(defaultWssConfig.isWsiBSPCompliant()); wssConfig.setPrecisionInMilliSeconds(defaultWssConfig.isPrecisionInMilliSeconds()); return wssConfig; }
if (getWsConfig().isWsiBSPCompliant() && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) { List<String> prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
if (getWsConfig().isWsiBSPCompliant() && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) { List<String> prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
) throws WSSecurityException { DerivedKeyToken dkt = new DerivedKeyToken(elem, data.getWssConfig().isWsiBSPCompliant());
) throws WSSecurityException { DerivedKeyToken dkt = new DerivedKeyToken(elem, data.getWssConfig().isWsiBSPCompliant());
keyInfo.getDOM(), data, wsDocInfo, data.getWssConfig().isWsiBSPCompliant() );
keyInfo.getDOM(), data, wsDocInfo, data.getWssConfig().isWsiBSPCompliant() );
allowNamespaceQualifiedPasswordTypes = wssConfig.getAllowNamespaceQualifiedPasswordTypes(); bspCompliant = wssConfig.isWsiBSPCompliant(); utTTL = wssConfig.getUtTTL(); futureTimeToLive = wssConfig.getUtFutureTTL();