protected String decodePasswordType(RequestData reqData) throws WSSecurityException { String type = getString(WSHandlerConstants.PASSWORD_TYPE, reqData.getMsgContext()); if (type != null) { if (WSConstants.PW_TEXT.equals(type)) { return WSConstants.PASSWORD_TEXT; } else if (WSConstants.PW_DIGEST.equals(type)) { return WSConstants.PASSWORD_DIGEST; } } return null; }
/** * Get the Validator instance corresponding to the QName * @param qName the QName with which to find a Validator instance * @return the Validator instance corresponding to the QName * @throws WSSecurityException */ public Validator getValidator(QName qName) throws WSSecurityException { // Check the custom Validator Map first if (getMsgContext() instanceof Map<?,?>) { @SuppressWarnings("unchecked") Map<QName, Validator> validatorMap = (Map<QName, Validator>)((Map<?,?>)getMsgContext()).get(ConfigurationConstants.VALIDATOR_MAP); if (validatorMap != null && validatorMap.containsKey(qName)) { return validatorMap.get(qName); } } if (wssConfig != null) { return wssConfig.getValidator(qName); } return null; }
@Override protected Crypto loadCryptoFromPropertiesFile( String propFilename, RequestData reqData ) throws WSSecurityException { Message message = (Message)reqData.getMsgContext(); ClassLoader classLoader = this.getClassLoader(reqData.getMsgContext()); PasswordEncryptor passwordEncryptor = getPasswordEncryptor(reqData); return WSS4JUtils.loadCryptoFromPropertiesFile( message, propFilename, classLoader, passwordEncryptor ); }
/** * Decode the FutureTimeToLive parameter for either a Timestamp or a UsernameToken Created * element, depending on the boolean argument */ protected int decodeFutureTimeToLive(RequestData reqData, boolean timestamp) { String tag = WSHandlerConstants.TTL_FUTURE_TIMESTAMP; if (!timestamp) { tag = WSHandlerConstants.TTL_FUTURE_USERNAMETOKEN; } String ttl = getString(tag, reqData.getMsgContext()); int defaultFutureTimeToLive = 60; if (ttl != null) { try { int ttlI = Integer.parseInt(ttl); if (ttlI < 0) { return defaultFutureTimeToLive; } return ttlI; } catch (NumberFormatException e) { return defaultFutureTimeToLive; } } return defaultFutureTimeToLive; }
@Override protected Crypto loadCryptoFromPropertiesFile( String propFilename, RequestData reqData ) throws WSSecurityException { Message message = (Message)reqData.getMsgContext(); ClassLoader classLoader = this.getClassLoader(reqData.getMsgContext()); PasswordEncryptor passwordEncryptor = getPasswordEncryptor(reqData); return WSS4JUtils.loadCryptoFromPropertiesFile( message, propFilename, classLoader, passwordEncryptor ); }
/** * Decode the TimeToLive parameter for either a Timestamp or a UsernameToken Created element, * depending on the boolean argument */ public int decodeTimeToLive(RequestData reqData, boolean timestamp) { String tag = WSHandlerConstants.TTL_TIMESTAMP; if (!timestamp) { tag = WSHandlerConstants.TTL_USERNAMETOKEN; } String ttl = getString(tag, reqData.getMsgContext()); int defaultTimeToLive = 300; if (ttl != null) { try { int ttlI = Integer.parseInt(ttl); if (ttlI < 0) { return defaultTimeToLive; } return ttlI; } catch (NumberFormatException e) { return defaultTimeToLive; } } return defaultTimeToLive; }
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (isValidatedLocally(credential, data)) { return credential; } return validateWithSTS(credential, (Message)data.getMsgContext()); }
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (isValidatedLocally(credential, data)) { return credential; } return validateWithSTS(credential, (Message)data.getMsgContext()); }
protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException { Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, (SoapMessage)reqData.getMsgContext()); CallbackHandler cbHandler = null; try { cbHandler = SecurityUtils.getCallbackHandler(o); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } if (cbHandler == null) { try { cbHandler = getPasswordCallbackHandler(reqData); } catch (WSSecurityException sec) { Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().getEndpoint(); if (ep != null && ep.getEndpointInfo() != null) { TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); return new TokenStoreCallbackHandler(null, store); } throw sec; } } Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().getEndpoint(); if (ep != null && ep.getEndpointInfo() != null) { TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); return new TokenStoreCallbackHandler(cbHandler, store); } return cbHandler; }
protected CallbackHandler getCallback(RequestData reqData) throws WSSecurityException { Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, (SoapMessage)reqData.getMsgContext()); CallbackHandler cbHandler = null; try { cbHandler = SecurityUtils.getCallbackHandler(o); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } if (cbHandler == null) { try { cbHandler = getPasswordCallbackHandler(reqData); } catch (WSSecurityException sec) { Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().getEndpoint(); if (ep != null && ep.getEndpointInfo() != null) { TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); return new TokenStoreCallbackHandler(null, store); } throw sec; } } Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().getEndpoint(); if (ep != null && ep.getEndpointInfo() != null) { TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext()); return new TokenStoreCallbackHandler(cbHandler, store); } return cbHandler; }
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); // Assert the IssuedToken policy SoapMessage message = (SoapMessage)data.getMsgContext(); AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN); for (AssertionInfo ai : ais) { ai.setAsserted(true); } return validatedCredential; }
/** * A hook to allow subclass to load Crypto instances from property files in a different * way. * @param propFilename The property file name * @param reqData The RequestData object * @return A Crypto instance that has been loaded */ protected Crypto loadCryptoFromPropertiesFile( String propFilename, RequestData reqData ) throws WSSecurityException { ClassLoader classLoader = this.getClassLoader(reqData.getMsgContext()); Properties properties = CryptoFactory.getProperties(propFilename, classLoader); return CryptoFactory.getInstance( properties, classLoader, getPasswordEncryptor(reqData) ); }
try { cbClass = Loader.loadClass(getClassLoader(requestData.getMsgContext()), callbackHandlerClass, CallbackHandler.class);
reqData.getMsgContext(), WSHandlerConstants.ENABLE_REVOCATION, false ); reqData.setEnableRevocation(enableRevocation); getString(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, reqData.getMsgContext()); if (certConstraints != null) { Collection<Pattern> subjectCertConstraints = getCertConstraints(certConstraints); getString(WSHandlerConstants.SIG_ISSUER_CERT_CONSTRAINTS, reqData.getMsgContext()); if (issuerCertConstraintsStringValue != null) { Collection<Pattern> issuerCertConstraints = getCertConstraints(issuerCertConstraintsStringValue); String value = getString(WSHandlerConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, reqData.getMsgContext()); boolean expandXOP = false; if (value != null) { expandXOP = decodeBooleanConfigValue( reqData.getMsgContext(), WSHandlerConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, true ); } else { expandXOP = decodeBooleanConfigValue( reqData.getMsgContext(), WSHandlerConstants.EXPAND_XOP_INCLUDE, true );
protected void decodeDecryptionParameter(RequestData reqData) throws WSSecurityException { if (reqData.getDecCrypto() == null) { reqData.setDecCrypto(loadDecryptionCrypto(reqData)); } boolean allowRsa15 = decodeBooleanConfigValue( reqData.getMsgContext(), WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, false ); reqData.setAllowRSA15KeyTransportAlgorithm(allowRsa15); }
/** * Get a CallbackHandler instance. First try to get an instance via the * callbackHandlerRef on the message context. Failing that, try to load a new * instance of the CallbackHandler via the callbackHandlerClass argument. * * @param callbackHandlerClass The class name of the CallbackHandler instance * @param callbackHandlerRef The reference name of the CallbackHandler instance * @param requestData The RequestData which supplies the message context * @return a CallbackHandler instance * @throws WSSecurityException */ public CallbackHandler getCallbackHandler( String callbackHandlerClass, String callbackHandlerRef, RequestData requestData ) throws WSSecurityException { Object mc = requestData.getMsgContext(); CallbackHandler cbHandler = (CallbackHandler) getOption(callbackHandlerRef); if (cbHandler == null) { cbHandler = (CallbackHandler) getProperty(mc, callbackHandlerRef); } if (cbHandler == null) { String callback = getString(callbackHandlerClass, mc); if (callback != null) { cbHandler = loadCallbackHandler(callback, requestData); } } return cbHandler; }
protected void decodeAlgorithmSuite(RequestData reqData) throws WSSecurityException { Object mc = reqData.getMsgContext(); if (mc == null || reqData.getAlgorithmSuite() != null) { return; } AlgorithmSuite algorithmSuite = new AlgorithmSuite(); String signatureAlgorithm = getString(WSHandlerConstants.SIG_ALGO, mc); if (signatureAlgorithm != null && !"".equals(signatureAlgorithm)) { algorithmSuite.addSignatureMethod(signatureAlgorithm); } String signatureDigestAlgorithm = getString(WSHandlerConstants.SIG_DIGEST_ALGO, mc); if (signatureDigestAlgorithm != null && !"".equals(signatureDigestAlgorithm)) { algorithmSuite.addDigestAlgorithm(signatureDigestAlgorithm); } String encrAlgorithm = getString(WSHandlerConstants.ENC_SYM_ALGO, mc); if (encrAlgorithm != null && !"".equals(encrAlgorithm)) { algorithmSuite.addEncryptionMethod(encrAlgorithm); } String transportAlgorithm = getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc); if (transportAlgorithm != null && !"".equals(transportAlgorithm)) { algorithmSuite.addKeyWrapAlgorithm(transportAlgorithm); } reqData.setAlgorithmSuite(algorithmSuite); }
protected PasswordEncryptor getPasswordEncryptor(RequestData requestData) { PasswordEncryptor passwordEncryptor = requestData.getPasswordEncryptor(); if (passwordEncryptor == null) { Object o = getOption(WSHandlerConstants.PASSWORD_ENCRYPTOR_INSTANCE); if (o instanceof PasswordEncryptor) { passwordEncryptor = (PasswordEncryptor) o; } } if (passwordEncryptor == null) { Object mc = requestData.getMsgContext(); Object o = getProperty(mc, WSHandlerConstants.PASSWORD_ENCRYPTOR_INSTANCE); if (o instanceof PasswordEncryptor) { passwordEncryptor = (PasswordEncryptor) o; } } if (passwordEncryptor == null) { CallbackHandler callbackHandler = requestData.getCallbackHandler(); if (callbackHandler != null) { passwordEncryptor = new JasyptPasswordEncryptor(callbackHandler); } } return passwordEncryptor; }
protected void decodeUTParameter(RequestData reqData) throws WSSecurityException { Object mc = reqData.getMsgContext();
String password = getPassword(requestData.getMsgContext()); if (password == null) { String err = "provided null or empty password";