List of usage examples for org.w3c.dom Element getAttributeNS
public String getAttributeNS(String namespaceURI, String localName) throws DOMException;
From source file:org.apache.ws.security.message.TestMessageTransformer.java
public static Element duplicateEncryptedDataInWsseWrapperHeader(Element saaj, boolean moveReferenceList) { if (moveReferenceList) { moveReferenceList(saaj);// ww w. j a va 2s . c o m } Element body = getFirstChildElement(saaj, new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"), true); Element encData = getFirstChildElement(body, new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData"), true); Element newEncData = createNewEncryptedData(encData); Element sh = getFirstChildElement(saaj, new QName("http://schemas.xmlsoap.org/soap/envelope/", "Header"), true); Element signature = getFirstChildElement(sh, new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"), true); Node wsseHeader = signature.getParentNode(); Node newWsseHeader = wsseHeader.cloneNode(false); Node cur = wsseHeader.getFirstChild(); String newId = newEncData.getAttributeNS(null, "Id"); while (!cur.isSameNode(signature)) { cur = copyHeadersAndUpdateRefList(cur, newWsseHeader, newId); } Element wrapper = encData.getOwnerDocument().createElementNS(null, "a"); wrapper.appendChild(newEncData); newWsseHeader.appendChild(wrapper); while (cur != null) { cur = copyHeadersAndUpdateRefList(cur, newWsseHeader, newId); } if (!moveReferenceList) { updateEncryptedKeyRefList(newWsseHeader, newId); } Node parent = wsseHeader.getParentNode(); parent.removeChild(wsseHeader); parent.appendChild(newWsseHeader); print(saaj.getOwnerDocument()); return newEncData; }
From source file:org.apache.ws.security.message.TestMessageTransformer.java
public static Element duplicateEncryptedDataInExternalWrapperElement(Element saaj, boolean moveReferenceList) { if (moveReferenceList) { moveReferenceList(saaj);//w w w . j a v a 2 s. c o m } Element body = getFirstChildElement(saaj, new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"), true); Element encData = getFirstChildElement(body, new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData"), true); Element newEncData = createNewEncryptedData(encData); Element sh = getFirstChildElement(saaj, new QName("http://schemas.xmlsoap.org/soap/envelope/", "Header"), true); Element wsseHeader = getFirstChildElement(sh, new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"), true); Node newWsseHeader = wsseHeader.cloneNode(false); Node cur = wsseHeader.getFirstChild(); String newId = newEncData.getAttributeNS(null, "Id"); while (cur != null) { cur = copyHeadersAndUpdateRefList(cur, newWsseHeader, newId); } sh.removeChild(wsseHeader); sh.appendChild(newWsseHeader); if (!moveReferenceList) { updateEncryptedKeyRefList(newWsseHeader, newId); } Element wrapper = encData.getOwnerDocument().createElementNS(null, "a"); wrapper.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "mustUnderstand", "0"); wrapper.setAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "actor", "foo"); wrapper.appendChild(newEncData); sh.appendChild(wrapper); print(saaj.getOwnerDocument()); return newEncData; }
From source file:org.apache.ws.security.message.TestMessageTransformer.java
public static Element addEncryptedDataWithEmbeddedEncryptedKeyInWsseHeader(Element saaj) { moveReferenceList(saaj);/*from w ww . j a va 2 s . c om*/ Element body = getFirstChildElement(saaj, new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"), true); Element encData = getFirstChildElement(body, new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData"), true); Element newEncData = (Element) encData.cloneNode(true); String newId = newEncData.getAttributeNS(null, "Id") + "b"; newEncData.setAttributeNS(null, "Id", newId); Element encKey = getFirstChildElement(saaj, new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"), true); Element newEncKey = (Element) encKey.cloneNode(true); String newEcId = newEncKey.getAttributeNS(null, "Id") + "b"; newEncKey.setAttributeNS(null, "Id", newEcId); Element keyInfo = getFirstChildElement(newEncData, new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"), true); Element str = getFirstChildElement(newEncData, new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference"), true); keyInfo.replaceChild(newEncKey, str); Element wsseHeader = getFirstChildElement(saaj, new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"), true); Node newWsseHeader = wsseHeader.cloneNode(false); Node cur = wsseHeader.getFirstChild(); while (cur != null) { cur = copyHeadersAndUpdateRefList(cur, newWsseHeader, newId); } newWsseHeader.appendChild(newEncData); Node parent = wsseHeader.getParentNode(); parent.removeChild(wsseHeader); parent.appendChild(newWsseHeader); print(saaj.getOwnerDocument()); return newEncData; }
From source file:org.apache.ws.security.message.TestMessageTransformer.java
private static Element createNewEncryptedData(Element encData) { Element newEncData = (Element) encData.cloneNode(true); String id = newEncData.getAttributeNS(null, "Id"); String newId = id + "b"; newEncData.setAttributeNS(null, "Id", newId); return newEncData; }
From source file:org.apache.ws.security.processor.EncryptedDataProcessor.java
public List<WSSecurityEngineResult> handleToken(Element elem, RequestData request, WSDocInfo wsDocInfo) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("Found EncryptedData element"); }/* w w w .java 2s .co m*/ Element kiElem = WSSecurityUtil.getDirectChildElement(elem, "KeyInfo", WSConstants.SIG_NS); // KeyInfo cannot be null if (kiElem == null) { throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, "noKeyinfo"); } String symEncAlgo = X509Util.getEncAlgo(elem); // Check BSP compliance if (request.getWssConfig().isWsiBSPCompliant()) { checkBSPCompliance(symEncAlgo); } // Get the Key either via a SecurityTokenReference or an EncryptedKey Element secRefToken = WSSecurityUtil.getDirectChildElement(kiElem, "SecurityTokenReference", WSConstants.WSSE_NS); Element encryptedKeyElement = WSSecurityUtil.getDirectChildElement(kiElem, WSConstants.ENC_KEY_LN, WSConstants.ENC_NS); if (elem != null && request.isRequireSignedEncryptedDataElements()) { WSSecurityUtil.verifySignedElement(elem, elem.getOwnerDocument(), wsDocInfo.getSecurityHeader()); } SecretKey key = null; List<WSSecurityEngineResult> encrKeyResults = null; Principal principal = null; if (secRefToken != null) { STRParser strParser = new SecurityTokenRefSTRParser(); Map<String, Object> parameters = new HashMap<String, Object>(); parameters.put(SecurityTokenRefSTRParser.SIGNATURE_METHOD, symEncAlgo); strParser.parseSecurityTokenReference(secRefToken, request, wsDocInfo, parameters); byte[] secretKey = strParser.getSecretKey(); principal = strParser.getPrincipal(); key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKey); } else if (encryptedKeyElement != null) { EncryptedKeyProcessor encrKeyProc = new EncryptedKeyProcessor(); encrKeyResults = encrKeyProc.handleToken(encryptedKeyElement, request, wsDocInfo); byte[] symmKey = (byte[]) encrKeyResults.get(0).get(WSSecurityEngineResult.TAG_SECRET); key = WSSecurityUtil.prepareSecretKey(symEncAlgo, symmKey); } else { throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncKey"); } // Check for compliance against the defined AlgorithmSuite AlgorithmSuite algorithmSuite = request.getAlgorithmSuite(); if (algorithmSuite != null) { AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(algorithmSuite); if (principal instanceof WSDerivedKeyTokenPrincipal) { algorithmSuiteValidator .checkDerivedKeyAlgorithm(((WSDerivedKeyTokenPrincipal) principal).getAlgorithm()); algorithmSuiteValidator .checkEncryptionDerivedKeyLength(((WSDerivedKeyTokenPrincipal) principal).getLength()); } algorithmSuiteValidator.checkSymmetricKeyLength(key.getEncoded().length); algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(symEncAlgo); } // initialize Cipher .... XMLCipher xmlCipher = null; try { xmlCipher = XMLCipher.getInstance(symEncAlgo); xmlCipher.setSecureValidation(true); xmlCipher.init(XMLCipher.DECRYPT_MODE, key); } catch (XMLEncryptionException ex) { throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex); } Node previousSibling = elem.getPreviousSibling(); Node parent = elem.getParentNode(); try { xmlCipher.doFinal(elem.getOwnerDocument(), elem, false); } catch (Exception e) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e); } WSDataRef dataRef = new WSDataRef(); dataRef.setWsuId(elem.getAttributeNS(null, "Id")); dataRef.setAlgorithm(symEncAlgo); dataRef.setContent(false); Node decryptedNode; if (previousSibling == null) { decryptedNode = parent.getFirstChild(); } else { decryptedNode = previousSibling.getNextSibling(); } if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType()) { dataRef.setProtectedElement((Element) decryptedNode); } dataRef.setXpath(ReferenceListProcessor.getXPath(decryptedNode)); WSSecurityEngineResult result = new WSSecurityEngineResult(WSConstants.ENCR, Collections.singletonList(dataRef)); result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null, "Id")); wsDocInfo.addResult(result); wsDocInfo.addTokenElement(elem); WSSConfig wssConfig = request.getWssConfig(); if (wssConfig != null) { // Get hold of the plain text element Element decryptedElem; if (previousSibling == null) { decryptedElem = (Element) parent.getFirstChild(); } else { decryptedElem = (Element) previousSibling.getNextSibling(); } QName el = new QName(decryptedElem.getNamespaceURI(), decryptedElem.getLocalName()); Processor proc = request.getWssConfig().getProcessor(el); if (proc != null) { if (log.isDebugEnabled()) { log.debug("Processing decrypted element with: " + proc.getClass().getName()); } List<WSSecurityEngineResult> results = proc.handleToken(decryptedElem, request, wsDocInfo); List<WSSecurityEngineResult> completeResults = new ArrayList<WSSecurityEngineResult>(); if (encrKeyResults != null) { completeResults.addAll(encrKeyResults); } completeResults.add(result); completeResults.addAll(0, results); return completeResults; } } encrKeyResults.add(result); return encrKeyResults; }
From source file:org.apache.ws.security.processor.EncryptedKeyProcessor.java
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("Found encrypted key element"); }//from w ww . j av a2s . c om if (decCrypto == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noDecCryptoFile"); } if (cb == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback"); } docInfo = wsDocInfo; ArrayList dataRefUris = handleEncryptedKey((Element) elem, cb, decCrypto); encryptedKeyId = elem.getAttributeNS(null, "Id"); WSSecurityEngineResult result = new WSSecurityEngineResult(WSConstants.ENCR, this.decryptedBytes, this.encryptedEphemeralKey, this.encryptedKeyId, dataRefUris, cert); result.put(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD, this.encryptedKeyTransportMethod); returnResults.add(0, result); }
From source file:org.apache.ws.security.processor.SignatureConfirmationProcessor.java
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("Found SignatureConfirmation list element"); }//from w w w . ja v a2s .c om // // Decode SignatureConfirmation, just store in result // SignatureConfirmation sigConf = new SignatureConfirmation(elem); returnResults.add(0, new WSSecurityEngineResult(WSConstants.SC, sigConf)); scId = elem.getAttributeNS(WSConstants.WSU_NS, "Id"); }
From source file:org.apache.ws.security.processor.SignatureProcessor.java
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("Found signature element"); }/* w ww . j ava 2 s. c o m*/ boolean remove = WSDocInfoStore.store(wsDocInfo); X509Certificate[] returnCert = new X509Certificate[1]; Set returnElements = new HashSet(); List protectedElements = new java.util.ArrayList(); byte[][] signatureValue = new byte[1][]; Principal lastPrincipalFound = null; this.returnResults = returnResults; secretKeyLength = wsc.getSecretKeyLength(); signatureMethod = c14nMethod = null; certificates = null; try { lastPrincipalFound = verifyXMLSignature(elem, crypto, returnCert, returnElements, protectedElements, signatureValue, cb, wsDocInfo); } catch (WSSecurityException ex) { throw ex; } finally { if (remove) { WSDocInfoStore.delete(wsDocInfo); } } byte[] storedKey = null; if (secretKey != null && secretKey.length > 0) { storedKey = new byte[secretKey.length]; for (int i = 0; i < secretKey.length; i++) { storedKey[i] = secretKey[i]; } } if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) { WSSecurityEngineResult result = new WSSecurityEngineResult(WSConstants.UT_SIGN, lastPrincipalFound, null, returnElements, protectedElements, signatureValue[0]); result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod); result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod); result.put(WSSecurityEngineResult.TAG_DECRYPTED_KEY, storedKey); returnResults.add(0, result); } else if (lastPrincipalFound instanceof KerberosTokenPrincipal) { returnResults.add(0, new WSSecurityEngineResult(WSConstants.KERBEROS_SIGN, lastPrincipalFound, returnCert[0], returnElements, protectedElements, signatureValue[0])); } else { WSSecurityEngineResult result = new WSSecurityEngineResult(WSConstants.SIGN, lastPrincipalFound, returnCert[0], returnElements, protectedElements, signatureValue[0]); result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod); result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod); result.put(WSSecurityEngineResult.TAG_X509_CERTIFICATES, certificates); result.put(WSSecurityEngineResult.TAG_DECRYPTED_KEY, storedKey); returnResults.add(0, result); } signatureId = elem.getAttributeNS(null, "Id"); secretKey = null; }
From source file:org.apache.ws.security.processor.TimestampProcessor.java
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("Found Timestamp list element"); }//from ww w. j a v a 2 s.co m wssConfig = wsc; // // Decode Timestamp, add the found time (created/expiry) to result // Timestamp timestamp = new Timestamp(elem); handleTimestamp(timestamp); returnResults.add(0, new WSSecurityEngineResult(WSConstants.TS, timestamp)); tsId = elem.getAttributeNS(WSConstants.WSU_NS, "Id"); }
From source file:org.apache.ws.security.util.WSSecurityUtil.java
/** * Returns the single element that contains an Id with value * <code>uri</code> and <code>namespace</code>. <p/> This is a * replacement for a XPath Id lookup with the given namespace. It's somewhat * faster than XPath, and we do not deal with prefixes, just with the real * namespace URI//from w w w . j av a2 s. c om * * If there are multiple elements, we log a warning and return null as this * can be used to get around the signature checking. * * @param startNode Where to start the search * @param value Value of the Id attribute * @param namespace Namespace URI of the Id * @return The found element if there was exactly one match, or * <code>null</code> otherwise */ public static Element findElementById(Node startNode, String value, String namespace) { Element foundElement = null; // // Replace the formerly recursive implementation with a depth-first-loop // lookup // if (startNode == null) { return null; } Node startParent = startNode.getParentNode(); Node processedNode = null; while (startNode != null) { // start node processing at this point if (startNode.getNodeType() == Node.ELEMENT_NODE) { Element se = (Element) startNode; if (se.hasAttributeNS(namespace, "Id") && value.equals(se.getAttributeNS(namespace, "Id"))) { if (foundElement == null) { foundElement = se; // Continue searching to find duplicates } else { log.warn("Multiple elements with the same 'Id' attribute value!"); return null; } } } processedNode = startNode; startNode = startNode.getFirstChild(); // no child, this node is done. if (startNode == null) { // close node processing, get sibling startNode = processedNode.getNextSibling(); } // no more siblings, get parent, all children // of parent are processed. while (startNode == null) { processedNode = processedNode.getParentNode(); if (processedNode == startParent) { return foundElement; } // close parent node processing (processed node now) startNode = processedNode.getNextSibling(); } } return foundElement; }