List of usage examples for org.w3c.dom Document importNode
public Node importNode(Node importedNode, boolean deep) throws DOMException;
From source file:org.apache.rampart.builder.SymmetricBindingBuilder.java
private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException { long t0 = 0, t1 = 0, t2 = 0; RampartPolicyData rpd = rmd.getPolicyData(); Vector signatureValues = new Vector(); if (tlog.isDebugEnabled()) { t0 = System.currentTimeMillis(); }//ww w. j ava 2 s . c o m Token encryptionToken = rpd.getEncryptionToken(); Vector encrParts = RampartUtil.getEncryptedParts(rmd); Vector sigParts = RampartUtil.getSignedParts(rmd); if (encryptionToken == null && encrParts.size() > 0) { throw new RampartException("encryptionTokenMissing"); } if (encryptionToken != null && encrParts.size() > 0) { // The encryption token can be an IssuedToken or a // SecureConversationToken String tokenId = null; org.apache.rahas.Token tok = null; if (encryptionToken instanceof IssuedToken) { tokenId = rmd.getIssuedEncryptionTokenId(); if (log.isDebugEnabled()) { log.debug("Issued EncryptionToken Id : " + tokenId); } } else if (encryptionToken instanceof SecureConversationToken) { tokenId = rmd.getSecConvTokenId(); if (log.isDebugEnabled()) { log.debug("SCT Id : " + tokenId); } } else if (encryptionToken instanceof X509Token) { if (rmd.isInitiator()) { tokenId = setupEncryptedKey(rmd, encryptionToken); } else { tokenId = getEncryptedKey(rmd); } } // TODO SAMLToken if (tokenId == null || tokenId.length() == 0) { throw new RampartException("noSecurityToken"); } // Hack to handle reference id issues // TODO Need a better fix if (tokenId.startsWith("#")) { tokenId = tokenId.substring(1); } /* * Get hold of the token from the token storage */ tok = this.getToken(rmd, tokenId); /* * Attach the token into the message based on token inclusion values */ boolean attached = false; Element encrTokenElement = null; Element refList = null; WSSecDKEncrypt dkEncr = null; WSSecEncrypt encr = null; Element encrDKTokenElem = null; if (SPConstants.INCLUDE_TOEKN_ALWAYS == encryptionToken.getInclusion() || SPConstants.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion() || (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encryptionToken.getInclusion())) { encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken()); attached = true; } else if (encryptionToken instanceof X509Token && rmd.isInitiator()) { encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken()); } Document doc = rmd.getDocument(); AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); if (encryptionToken.isDerivedKeys()) { log.debug("Use drived keys"); dkEncr = new WSSecDKEncrypt(); if (attached && tok.getAttachedReference() != null) { dkEncr.setExternalKey(tok.getSecret(), (Element) doc.importNode((Element) tok.getAttachedReference(), true)); } else if (tok.getUnattachedReference() != null) { dkEncr.setExternalKey(tok.getSecret(), (Element) doc.importNode((Element) tok.getUnattachedReference(), true)); } else { dkEncr.setExternalKey(tok.getSecret(), tok.getId()); } try { dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength() / 8); dkEncr.prepare(doc); encrDKTokenElem = dkEncr.getdktElement(); RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem); refList = dkEncr.encryptForExternalRef(null, encrParts); } catch (WSSecurityException e) { throw new RampartException("errorInDKEncr"); } catch (ConversationException e) { throw new RampartException("errorInDKEncr"); } } else { log.debug("NO derived keys, use the shared secret"); encr = new WSSecEncrypt(); encr.setWsConfig(rmd.getConfig()); encr.setEncKeyId(tokenId); RampartUtil.setEncryptionUser(rmd, encr); encr.setEphemeralKey(tok.getSecret()); encr.setDocument(doc); encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); // SymmKey is already encrypted, no need to do it again encr.setEncryptSymmKey(false); if (!rmd.isInitiator() && tok instanceof EncryptedKeyToken) { encr.setUseKeyIdentifier(true); encr.setCustomReferenceValue(((EncryptedKeyToken) tok).getSHA1()); encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } try { encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); // Encrypt, get hold of the ref list and add it refList = encr.encryptForExternalRef(null, encrParts); } catch (WSSecurityException e) { throw new RampartException("errorInEncryption", e); } } this.mainRefListElement = RampartUtil.appendChildToSecHeader(rmd, refList); if (tlog.isDebugEnabled()) { t1 = System.currentTimeMillis(); } // Sometimes encryption token is not included in the the message if (encrTokenElement != null) { this.setInsertionLocation(encrTokenElement); } else if (timestampElement != null) { this.setInsertionLocation(timestampElement); } RampartUtil.handleEncryptedSignedHeaders(encrParts, sigParts, doc); HashMap sigSuppTokMap = null; HashMap endSuppTokMap = null; HashMap sgndEndSuppTokMap = null; HashMap sgndEncSuppTokMap = null; HashMap endEncSuppTokMap = null; HashMap sgndEndEncSuppTokMap = null; if (this.timestampElement != null) { sigParts.add( new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement))); } if (rmd.isInitiator()) { // Now add the supporting tokens SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); Vector supportingToks = rpd.getSupportingTokensList(); for (int i = 0; i < supportingToks.size(); i++) { this.handleSupportingTokens(rmd, (SupportingToken) supportingToks.get(i)); } SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); this.handleSupportingTokens(rmd, encryptedSupportingToks); // Setup signature parts sigParts = addSignatureParts(sigSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts); } else { addSignatureConfirmation(rmd, sigParts); } // Sign the message // We should use the same key in the case of EncryptBeforeSig if (sigParts.size() > 0) { signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts)); this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) this.getInsertionLocation()); } if (rmd.isInitiator()) { endSuppTokMap.putAll(endEncSuppTokMap); // Do endorsed signatures Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap); for (Iterator iter = endSigVals.iterator(); iter.hasNext();) { signatureValues.add(iter.next()); } sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap); // Do signed endorsing signatures Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap); for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) { signatureValues.add(iter.next()); } } if (tlog.isDebugEnabled()) { t2 = System.currentTimeMillis(); tlog.debug("Encryption took :" + (t1 - t0) + ", Signature tool :" + (t2 - t1)); } // Check for signature protection and encryption of UsernameToken if (rpd.isSignatureProtection() && this.mainSigId != null || encryptedTokensIdList.size() > 0 && rmd.isInitiator()) { long t3 = 0, t4 = 0; if (tlog.isDebugEnabled()) { t3 = System.currentTimeMillis(); } log.debug("Signature protection"); Vector secondEncrParts = new Vector(); // Now encrypt the signature using the above token if (rpd.isSignatureProtection()) { secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element")); } if (rmd.isInitiator()) { for (int i = 0; i < encryptedTokensIdList.size(); i++) { secondEncrParts.add(new WSEncryptionPart((String) encryptedTokensIdList.get(i), "Element")); } } Element secondRefList = null; if (encryptionToken.isDerivedKeys()) { try { secondRefList = dkEncr.encryptForExternalRef(null, secondEncrParts); RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem, secondRefList); } catch (WSSecurityException e) { throw new RampartException("errorInDKEncr"); } } else { try { // Encrypt, get hold of the ref list and add it secondRefList = encr.encryptForExternalRef(null, encrParts); RampartUtil.insertSiblingAfter(rmd, encrTokenElement, secondRefList); } catch (WSSecurityException e) { throw new RampartException("errorInEncryption", e); } } if (tlog.isDebugEnabled()) { t4 = System.currentTimeMillis(); tlog.debug("Signature protection took :" + (t4 - t3)); } } } else { throw new RampartException("encryptionTokenMissing"); } }
From source file:org.apache.rampart.builder.SymmetricBindingBuilder.java
private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException { long t0 = 0, t1 = 0, t2 = 0; RampartPolicyData rpd = rmd.getPolicyData(); Document doc = rmd.getDocument(); if (tlog.isDebugEnabled()) { t0 = System.currentTimeMillis(); }//from ww w . j av a2 s.c om Token sigToken = rpd.getSignatureToken(); String encrTokId = null; String sigTokId = null; org.apache.rahas.Token encrTok = null; org.apache.rahas.Token sigTok = null; WSSecKerberosToken krbToken = null; Element sigTokElem = null; Vector signatureValues = new Vector(); if (sigToken != null) { if (sigToken instanceof SecureConversationToken) { sigTokId = rmd.getSecConvTokenId(); } else if (sigToken instanceof IssuedToken) { sigTokId = rmd.getIssuedSignatureTokenId(); } else if (sigToken instanceof X509Token) { if (rmd.isInitiator()) { sigTokId = setupEncryptedKey(rmd, sigToken); } else { sigTokId = getEncryptedKey(rmd); } } else if (sigToken instanceof KerberosToken) { Date created = new Date(); Date expires = new Date(); // TODO make this lifetime configurable ??? expires.setTime(System.currentTimeMillis() + 300000); krbToken = getKerberosTokenBuilder(rmd, sigToken); sigTokId = krbToken.getBSTTokenId(); if (rmd.isInitiator()) { sigTokElem = krbToken.getBinarySecurityTokenElement(); } sigTok = new EncryptedKeyToken(sigTokId, created, expires); sigTok.setSecret(krbToken.getSessionKey().getEncoded()); } } else { throw new RampartException("signatureTokenMissing"); } if (sigTokId == null || sigTokId.length() == 0) { throw new RampartException("noSecurityToken"); } if (!(sigToken instanceof KerberosToken)) { sigTok = this.getToken(rmd, sigTokId); if (SPConstants.INCLUDE_TOEKN_ALWAYS == sigToken.getInclusion() || SPConstants.INCLUDE_TOKEN_ONCE == sigToken.getInclusion() || (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == sigToken.getInclusion())) { sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken()); } else if ((rmd.isInitiator() && sigToken instanceof X509Token) || sigToken instanceof SecureConversationToken) { sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken()); } } if (sigTokElem != null) { // Set the insertion location this.setInsertionLocation(sigTokElem); } HashMap sigSuppTokMap = null; HashMap endSuppTokMap = null; HashMap sgndEndSuppTokMap = null; HashMap sgndEncSuppTokMap = null; HashMap endEncSuppTokMap = null; HashMap sgndEndEncSuppTokMap = null; Vector sigParts = RampartUtil.getSignedParts(rmd); if (this.timestampElement != null) { sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement))); } if (rmd.isInitiator()) { // Now add the supporting tokens SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); Vector supportingToks = rpd.getSupportingTokensList(); for (int i = 0; i < supportingToks.size(); i++) { this.handleSupportingTokens(rmd, (SupportingToken) supportingToks.get(i)); } SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); this.handleSupportingTokens(rmd, encryptedSupportingToks); // Setup signature parts sigParts = addSignatureParts(sigSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts); sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts); } else { addSignatureConfirmation(rmd, sigParts); } if (sigParts.size() > 0) { if (sigToken instanceof KerberosToken) { krbToken.setParts(sigParts); try { krbToken.signMessage(); } catch (WSSecurityException e) { throw new RampartException("errorInSignatureWithKerberosToken"); } this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), krbToken.getSignatureElement())); signatureValues.add(krbToken.getSignatureValue()); } else { // Sign the message signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts)); } this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) this.getInsertionLocation()); } if (rmd.isInitiator()) { // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens endSuppTokMap.putAll(endEncSuppTokMap); // Do endorsed signatures Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap); for (Iterator iter = endSigVals.iterator(); iter.hasNext();) { signatureValues.add(iter.next()); } // Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap); // Do signed endorsing signatures Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap); for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) { signatureValues.add(iter.next()); } } if (tlog.isDebugEnabled()) { t1 = System.currentTimeMillis(); } // Encryption Token encrToken = rpd.getEncryptionToken(); boolean isIssuedToken = false; if (encrToken instanceof IssuedToken) { isIssuedToken = true; } Element encrTokElem = null; if (sigToken.equals(encrToken)) { // Use the same token encrTokId = sigTokId; encrTok = sigTok; encrTokElem = sigTokElem; } else { encrTokId = rmd.getIssuedEncryptionTokenId(); encrTok = this.getToken(rmd, encrTokId); if (SPConstants.INCLUDE_TOEKN_ALWAYS == encrToken.getInclusion() || SPConstants.INCLUDE_TOKEN_ONCE == encrToken.getInclusion() || (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encrToken.getInclusion())) { encrTokElem = (Element) encrTok.getToken(); // Add the encrToken element before the sigToken element RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem); } } Vector encrParts = RampartUtil.getEncryptedParts(rmd); // Check for signature protection if (rpd.isSignatureProtection() && this.mainSigId != null) { // Now encrypt the signature using the above token encrParts.add(new WSEncryptionPart(this.mainSigId, "Element")); } if (rmd.isInitiator()) { for (int i = 0; i < encryptedTokensIdList.size(); i++) { encrParts.add(new WSEncryptionPart((String) encryptedTokensIdList.get(i), "Element")); } } Element refList = null; if (encrParts.size() > 0) { // The sec conv token can be used without derived keys if (encrToken.isDerivedKeys()) { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); // Check whether it is security policy 1.2 and use the secure conversation // accordingly if (SPConstants.SP_V12 == encrToken.getVersion()) { dkEncr.setWscVersion(ConversationConstants.VERSION_05_12); } if (encrTokElem != null && encrTok.getAttachedReference() != null) { dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc.importNode((Element) encrTok.getAttachedReference(), true)); } else if (encrTok.getUnattachedReference() != null) { dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc.importNode((Element) encrTok.getUnattachedReference(), true)); } else if (!rmd.isInitiator() && encrToken.isDerivedKeys()) { // If the Encrypted key used to create the derived key is not // attached use key identifier as defined in WSS1.1 section // 7.7 Encrypted Key reference SecurityTokenReference tokenRef = new SecurityTokenReference(doc); if (encrTok instanceof EncryptedKeyToken) { tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken) encrTok).getSHA1()); } dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement()); } else { dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId()); } if (encrTok instanceof EncryptedKeyToken) { dkEncr.setCustomValueType( WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE); } dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength() / 8); dkEncr.prepare(doc); Element encrDKTokenElem = null; encrDKTokenElem = dkEncr.getdktElement(); if (encrTokElem != null) { RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem); } else if (timestampElement != null) { RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem); } else { RampartUtil.insertSiblingBefore(rmd, this.getInsertionLocation(), encrDKTokenElem); } refList = dkEncr.encryptForExternalRef(null, encrParts); RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem, refList); } catch (WSSecurityException e) { throw new RampartException("errorInDKEncr"); } catch (ConversationException e) { throw new RampartException("errorInDKEncr"); } } else { try { WSSecEncrypt encr = new WSSecEncrypt(); encr.setWsConfig(rmd.getConfig()); // Hack to handle reference id issues // TODO Need a better fix if (encrTokId.startsWith("#")) { encrTokId = encrTokId.substring(1); } encr.setEncKeyId(encrTokId); if (krbToken == null) { encr.setEphemeralKey(encrTok.getSecret()); RampartUtil.setEncryptionUser(rmd, encr); encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); } else { if (encrTok != null) { byte[] secret = encrTok.getSecret(); int factor = 0; if (rmd.getPolicyData().getRampartConfig() != null) { KerberosConfig config = null; String fac = null; config = rmd.getPolicyData().getRampartConfig().getKerberosConfig(); if ((fac = config.getProp() .getProperty(KerberosConfig.KDC_DES_AES_FACTOR)) != null) { try { factor = Integer.parseInt(fac); } catch (Exception e) { factor = 0; } } } if (factor > 1) { byte[] newSecret = new byte[secret.length * 4]; int j = 0; for (int i = 0; i < newSecret.length; i++) { newSecret[i] = secret[j++]; if (j == secret.length) j = 0; } encr.setEphemeralKey(newSecret); encrTok.setSecret(newSecret); } else { encr.setEphemeralKey(secret); encrTok.setSecret(secret); } ((EncryptedKeyToken) encrTok).setSHA1(krbToken.getKrbSession().getThumbPrintEncoded()); try { rmd.getTokenStorage().add(sigTok); } catch (TrustException e) { throw new RampartException("errorAddingKerbTokenToStore"); } } } encr.setDocument(doc); encr.setEncryptSymmKey(false); // Use key identifier in the KeyInfo in server side if (!rmd.isInitiator()) { if (krbToken != null) { encr.setUseKeyIdentifier(true); encr.setKeyIdentifierType(WSConstants.KERBEROS_KEY_IDENTIFIER); } else if (encrTok instanceof EncryptedKeyToken) { encr.setUseKeyIdentifier(true); encr.setCustomReferenceValue(((EncryptedKeyToken) encrTok).getSHA1()); encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } else if (isIssuedToken) { encr.setUseKeyIdentifier(true); encr.setCustomReferenceValue(encrTokId); encr.setKeyIdentifierType(WSConstants.SAML_ASSERTION_IDENTIFIER); try { // RampartUtil.insertSiblingAfter(rmd,this.timestampElement,getLLOMfromOM(encrTok.getToken())); } catch (Exception e) { log.debug("error while converting SAML issued token to a dom element"); } } } encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); // Encrypt, get hold of the ref list and add it refList = encr.encryptForExternalRef(null, encrParts); if (encrTokElem != null) { RampartUtil.insertSiblingAfter(rmd, encrTokElem, refList); } else { RampartUtil.insertSiblingBeforeOrPrepend(rmd, this.getInsertionLocation(), refList); } } catch (WSSecurityException e) { throw new RampartException("errorInEncryption", e); } } } if (tlog.isDebugEnabled()) { t2 = System.currentTimeMillis(); tlog.debug("Signature took :" + (t1 - t0) + ", Encryption took :" + (t2 - t1)); } }
From source file:org.apache.rampart.builder.TransportBindingBuilder.java
/** * IssuedToken signature//from w w w . j a v a 2 s. c om * @param rmd * @param token * @param signdParts * @throws RampartException */ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException { RampartPolicyData rpd = rmd.getPolicyData(); Document doc = rmd.getDocument(); //Get the issued token String id = RampartUtil.getIssuedToken(rmd, (IssuedToken) token); int inclusion = token.getInclusion(); org.apache.rahas.Token tok = null; try { tok = rmd.getTokenStorage().getToken(id); } catch (TrustException e) { throw new RampartException("errorExtractingToken", new String[] { id }, e); } boolean tokenIncluded = false; if (inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS || ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT || inclusion == SPConstants.INCLUDE_TOKEN_ONCE) && rmd.isInitiator())) { //Add the token rmd.getSecHeader().getSecurityHeader().appendChild(doc.importNode((Element) tok.getToken(), true)); tokenIncluded = true; } Vector sigParts = new Vector(); if (this.timestampElement != null) { sigParts.add(new WSEncryptionPart(rmd.getTimestampId())); } if (rpd.isTokenProtection() && tokenIncluded) { sigParts.add(new WSEncryptionPart(id)); } if (signdParts != null) { if (signdParts.isBody()) { SOAPEnvelope env = rmd.getMsgContext().getEnvelope(); sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody()))); } ArrayList headers = signdParts.getHeaders(); for (Iterator iterator = headers.iterator(); iterator.hasNext();) { Header header = (Header) iterator.next(); WSEncryptionPart wep = new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"); sigParts.add(wep); } } //check for derived keys AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); if (token.isDerivedKeys()) { //Create a derived key and add try { //Do Signature with derived keys WSSecDKSign dkSign = new WSSecDKSign(); // Setting the AttachedReference or the UnattachedReference according to the flag OMElement ref; if (tokenIncluded == true) { ref = tok.getAttachedReference(); } else { ref = tok.getUnattachedReference(); } if (ref != null) { dkSign.setExternalKey(tok.getSecret(), (Element) doc.importNode((Element) ref, true)); } else { dkSign.setExternalKey(tok.getSecret(), tok.getId()); } //Set the algo info dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()); dkSign.prepare(doc); dkSign.appendDKElementToHeader(rmd.getSecHeader()); dkSign.setParts(sigParts); dkSign.addReferencesToSign(sigParts, rmd.getSecHeader()); //Do signature dkSign.computeSignature(); dkSign.appendSigToHeader(rmd.getSecHeader()); return dkSign.getSignatureValue(); } catch (ConversationException e) { throw new RampartException("errorInDerivedKeyTokenSignature", e); } catch (WSSecurityException e) { throw new RampartException("errorInDerivedKeyTokenSignature", e); } } else { try { WSSecSignature sig = new WSSecSignature(); sig.setWsConfig(rmd.getConfig()); String tokId = tok.getId(); if (tokId.charAt(0) == '#') { tokId = tokId.substring(1); } sig.setCustomTokenId(tokId); sig.setCustomTokenValueType( "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID"); if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" .equals(((IssuedToken) token).getRstTokenType())) { sig.setCustomTokenValueType( "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"); } else { sig.setCustomTokenValueType( "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID"); } sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()), rmd.getSecHeader()); sig.setParts(sigParts); sig.addReferencesToSign(sigParts, rmd.getSecHeader()); //Do signature sig.computeSignature(); //Add elements to header this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), sig.getSignatureElement())); return sig.getSignatureValue(); } catch (WSSecurityException e) { throw new RampartException("errorInSignatureWithACustomToken", e); } } }
From source file:org.apache.rampart.builder.TransportBindingBuilder.java
private byte[] doSecureConversationSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException { RampartPolicyData rpd = rmd.getPolicyData(); Document doc = rmd.getDocument(); //Get the issued token String id = rmd.getSecConvTokenId(); int inclusion = token.getInclusion(); org.apache.rahas.Token tok = null;//from ww w . j a v a 2s . c o m try { tok = rmd.getTokenStorage().getToken(id); } catch (TrustException e) { throw new RampartException("errorExtractingToken", new String[] { id }, e); } boolean tokenIncluded = false; if (inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS || ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT || inclusion == SPConstants.INCLUDE_TOKEN_ONCE) && rmd.isInitiator())) { //Add the token rmd.getSecHeader().getSecurityHeader().appendChild(doc.importNode((Element) tok.getToken(), true)); tokenIncluded = true; } Vector sigParts = new Vector(); if (this.timestampElement != null) { sigParts.add(new WSEncryptionPart(rmd.getTimestampId())); } if (rpd.isTokenProtection() && tokenIncluded) { sigParts.add(new WSEncryptionPart(id)); } if (signdParts != null) { if (signdParts.isBody()) { SOAPEnvelope env = rmd.getMsgContext().getEnvelope(); sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody()))); } ArrayList headers = signdParts.getHeaders(); for (Iterator iterator = headers.iterator(); iterator.hasNext();) { Header header = (Header) iterator.next(); WSEncryptionPart wep = new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"); sigParts.add(wep); } } //check for derived keys AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); if (token.isDerivedKeys()) { //Create a derived key and add try { //Do Signature with derived keys WSSecDKSign dkSign = new WSSecDKSign(); // Setting the AttachedReference or the UnattachedReference according to the flag OMElement ref; if (tokenIncluded == true) { ref = tok.getAttachedReference(); } else { ref = tok.getUnattachedReference(); } if (ref != null) { dkSign.setExternalKey(tok.getSecret(), (Element) doc.importNode((Element) ref, true)); } else { dkSign.setExternalKey(tok.getSecret(), tok.getId()); } //Set the algo info dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()); dkSign.prepare(doc); dkSign.appendDKElementToHeader(rmd.getSecHeader()); dkSign.setParts(sigParts); dkSign.addReferencesToSign(sigParts, rmd.getSecHeader()); //Do signature dkSign.computeSignature(); dkSign.appendSigToHeader(rmd.getSecHeader()); return dkSign.getSignatureValue(); } catch (ConversationException e) { throw new RampartException("errorInDerivedKeyTokenSignature", e); } catch (WSSecurityException e) { throw new RampartException("errorInDerivedKeyTokenSignature", e); } } else { try { WSSecSignature sig = new WSSecSignature(); sig.setWsConfig(rmd.getConfig()); sig.setCustomTokenId(tok.getId().substring(1)); if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" .equals(((IssuedToken) token).getRstTokenType())) { sig.setCustomTokenValueType( "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"); } else { sig.setCustomTokenValueType( "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID"); } sig.setSecretKey(tok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()), rmd.getSecHeader()); sig.setParts(sigParts); sig.addReferencesToSign(sigParts, rmd.getSecHeader()); //Do signature sig.computeSignature(); //Add elements to header this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), sig.getSignatureElement())); return sig.getSignatureValue(); } catch (WSSecurityException e) { throw new RampartException("errorInSignatureWithACustomToken", e); } } }
From source file:org.apache.servicemix.jbi.deployer.utils.ManagementSupport.java
public static String createFrameworkMessage(Message fmkMsg, List<Element> componentResults) { try {//from ww w . j ava2 s . c o m Document doc = createDocument(); Element jbiTask = createChild(doc, JBI_TASK); jbiTask.setAttribute(XMLNS, HTTP_JAVA_SUN_COM_XML_NS_JBI_MANAGEMENT_MESSAGE); jbiTask.setAttribute(VERSION, DEFAULT_VERSION); Element jbiTaskResult = createChild(jbiTask, JBI_TASK_RESULT); Element frmkTaskResult = createChild(jbiTaskResult, FRMWK_TASK_RESULT); Element frmkTaskResultDetails = createChild(frmkTaskResult, FRMWK_TASK_RESULT_DETAILS); appendTaskResultDetails(frmkTaskResultDetails, fmkMsg); if (fmkMsg.getLocale() != null) { createChild(frmkTaskResult, LOCALE, fmkMsg.getLocale()); } if (componentResults != null) { for (Element element : componentResults) { jbiTaskResult.appendChild(doc.importNode(element, true)); } } return DOMUtil.asIndentedXML(doc); } catch (Exception e) { LOG.error("Error", e); return null; } }
From source file:org.apache.sling.stanbol.ui.StanbolResourceViewer.java
private void setContent(Node jcrNode, String newContent) throws IOException, RepositoryException { try {//from w w w . j av a2 s . c o m Document doc = Utils.getXMLDocument(jcrNode); Element docElem = doc.getDocumentElement(); if (docElem.getNodeName().equalsIgnoreCase("html")) { Element newBody = parseBody(newContent); Element body = (Element) doc.getElementsByTagName("body").item(0); org.w3c.dom.Node importedNewBody = doc.importNode(newBody, true); body.getParentNode().replaceChild(importedNewBody, body); } else { InputSource inputSource = new InputSource(new StringReader(newContent)); Document newContentDoc = DocumentBuilderFactory.newInstance().newDocumentBuilder() .parse(inputSource); docElem = newContentDoc.getDocumentElement(); } DOMSource domSource = new DOMSource(docElem); TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.setOutputProperty(OutputKeys.ENCODING, "utf-8"); transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //StringWriter out = new StringWriter(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); StreamResult streamResult = new StreamResult(baos); transformer.transform(domSource, streamResult); //jcrNode.setProperty("jcr:content/jcr:data", out.toString()); jcrNode.getProperty("jcr:content/jcr:data").setValue(new String(baos.toByteArray(), "utf-8")); jcrNode.save(); } catch (SAXException e) { throw new RuntimeException(e); } catch (ParserConfigurationException e) { throw new RuntimeException(e); } catch (TransformerConfigurationException e) { throw new RuntimeException(e); } catch (TransformerException e) { throw new RuntimeException(e); } }
From source file:org.apache.tuscany.sca.implementation.bpel.ode.ODEExternalService.java
private Message createResponseMessage(PartnerRoleMessageExchange partnerRoleMessageExchange, Operation operation, Element invocationResult) { Document dom = DOMUtils.newDocument(); String operationName = operation.getName(); Part bpelOperationOutputPart = (Part) ((WSDLInterface) operation.getInterface()).getPortType() .getOperation(operationName, null, null).getOutput().getMessage().getParts().values().iterator() .next();//from w ww. j av a 2s. c om Element contentMessage = dom.createElement("message"); Element contentPart = dom.createElement(bpelOperationOutputPart.getName()); contentPart.appendChild(dom.importNode(invocationResult, true)); contentMessage.appendChild(contentPart); dom.appendChild(contentMessage); if (__log.isDebugEnabled()) { __log.debug("Creating result message:"); __log.debug(">>>" + DOMUtils.domToString(dom.getDocumentElement())); } QName id = partnerRoleMessageExchange.getOperation().getOutput().getMessage().getQName(); Message response = partnerRoleMessageExchange.createMessage(id); response.setMessage(dom.getDocumentElement()); return response; }
From source file:org.apache.tuscany.sca.implementation.bpel.ode.provider.BPELInvoker.java
/** * Create BPEL Invocation message// w w w. ja va2 s .com * * BPEL invocation message like : * <message> * <TestPart> * <hello xmlns="http://tuscany.apache.org/implementation/bpel/example/helloworld.wsdl">Hello</hello> * </TestPart> * </message> * @param args * @return */ private org.apache.ode.bpel.iapi.Message createInvocationMessage( org.apache.ode.bpel.iapi.MyRoleMessageExchange mex, Object[] args) { Document dom = DOMUtils.newDocument(); Element contentMessage = dom.createElement("message"); Element contentPart = dom.createElement(bpelOperationInputPart.getName()); Element payload = null; // TODO handle WSDL input messages with multiple Parts... //TUSCANY-2321 - Properly handling Document or Element types if (args[0] instanceof Document) { payload = (Element) ((Document) args[0]).getFirstChild(); } else { payload = (Element) args[0]; } contentPart.appendChild(dom.importNode(payload, true)); contentMessage.appendChild(contentPart); dom.appendChild(contentMessage); if (__log.isDebugEnabled()) { __log.debug("Creating invocation message:"); __log.debug(">> args.....: " + DOMUtils.domToString(payload)); __log.debug(">> message..:" + DOMUtils.domToString(dom.getDocumentElement())); } org.apache.ode.bpel.iapi.Message request = mex.createMessage(new QName("", "")); request.setMessage(dom.getDocumentElement()); return request; }
From source file:org.apache.ws.security.message.token.SecurityTokenReference.java
private Element findTokenElement(Document doc, WSDocInfo docInfo, CallbackHandler cb, String uri, String type) { Element tokElement = null;/*from ww w . ja va 2s . co m*/ String id = uri; if (id.charAt(0) == '#') { id = id.substring(1); } // // If the type is a SAMLAssertionID then find the SAML assertion - first check // if it has been previously processed, else search the header for it // String assertionStr = WSConstants.WSS_SAML_NS + WSConstants.ASSERTION_LN; if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(type) || assertionStr.equals(type)) { Element sa = docInfo.getAssertion(); if (sa == null) { sa = (Element) WSSecurityUtil.findElement(docInfo.getDocument().getDocumentElement(), WSConstants.ASSERTION_LN, WSConstants.SAML_NS); } if (sa != null) { String saID = sa.getAttribute("AssertionID"); if (doDebug) { log.debug("SAML token ID: " + saID); } if (saID.equals(id)) { tokElement = sa; } } if (tokElement == null) { Node assertion = WSSecurityUtil.findSAMLAssertionElementById(doc.getDocumentElement(), id); if (assertion != null) { tokElement = (Element) assertion; } } } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(type) || assertionStr.equals(type)) { Element sa = docInfo.getAssertion(); if (sa == null) { sa = (Element) WSSecurityUtil.findElement(docInfo.getDocument().getDocumentElement(), "Assertion", WSConstants.SAML2_NS); } if (sa != null) { String saID = sa.getAttribute("ID"); if (doDebug) log.debug((new StringBuilder()).append("SAML token ID: ").append(saID).toString()); if (saID.equals(id)) tokElement = sa; } if (tokElement == null) { Node assertion = WSSecurityUtil.findSAMLAssertionElementById(doc.getDocumentElement(), id); if (assertion != null) tokElement = (Element) assertion; } } // // Try to find a custom token // if (tokElement == null && cb != null && (WSConstants.WSC_SCT.equals(type) || WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(type) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(type) || assertionStr.equals(type))) { // try to find a custom token WSPasswordCallback pwcb = new WSPasswordCallback(id, WSPasswordCallback.CUSTOM_TOKEN); try { cb.handle(new Callback[] { pwcb }); Element assertionElem = pwcb.getCustomToken(); if (assertionElem != null) { tokElement = (Element) doc.importNode(assertionElem, true); } } catch (Exception e) { log.debug(e.getMessage(), e); // Consume this failure } } // // Finally try to find the element by its Id // if (tokElement == null) { tokElement = WSSecurityUtil.getElementByWsuId(doc, uri); // In some scenarios id is used rather than wsu:Id if (tokElement == null) { tokElement = WSSecurityUtil.getElementByGenId(doc, uri); } } return tokElement; }
From source file:org.apache.ws.security.saml.ext.AssertionWrapper.java
/** * Create a DOM from the current XMLObject content. If the user-supplied doc is not null, * reparent the returned Element so that it is compatible with the user-supplied document. * * @param doc of type Document//from ww w . j a va 2 s. c o m * @return Element */ public Element toDOM(Document doc) throws WSSecurityException { if (fromDOM && assertionElement != null) { parseElement(assertionElement); if (doc != null) { return (Element) doc.importNode(assertionElement, true); } return assertionElement; } assertionElement = OpenSAMLUtil.toDom(xmlObject, doc); return assertionElement; }