|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.ws.security.WSSecurityEngine
WS-Security Engine.
Field Summary | |
protected javax.xml.namespace.QName |
binaryToken
wsse:BinarySecurityToken as defined by WS Security specification |
protected static javax.xml.namespace.QName |
ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification,
enhanced by WS Security specification |
protected static javax.xml.namespace.QName |
REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification, |
protected static javax.xml.namespace.QName |
SAML_TOKEN
saml:Assertion as defined by SAML specification |
protected static javax.xml.namespace.QName |
SIGNATURE
ds:Signature as defined by XML Signature specification,
enhanced by WS Security specification |
protected javax.xml.namespace.QName |
timeStamp
wsu:Timestamp as defined by OASIS WS Security specification, |
protected javax.xml.namespace.QName |
usernameToken
wsse:UsernameToken as defined by WS Security specification |
protected WSSConfig |
wssConfig
|
Constructor Summary | |
WSSecurityEngine()
|
|
WSSecurityEngine(WSSConfig wssConfig)
|
Method Summary | |
void |
decryptDataRefEmbedded(org.w3c.dom.Document doc,
java.lang.String dataRefURI,
javax.security.auth.callback.CallbackHandler cb)
|
protected java.security.cert.X509Certificate[] |
getCertificatesFromSAML(org.w3c.dom.Element elem,
Crypto crypto)
Extracts the certificate(s) from the SAML token reference. |
java.security.cert.X509Certificate[] |
getCertificatesTokenReference(org.w3c.dom.Element elem,
Crypto crypto)
Extracts the certificate(s) from the Binary Security token reference. |
static byte[] |
getDecodedBase64EncodedData(org.w3c.dom.Element element)
Method getDecodedBase64EncodedData |
byte[] |
getDecryptedBytes()
|
static WSSecurityEngine |
getInstance()
Get a singleton instance of security engine. |
static WSSecurityEngine |
getInstance(WSSConfig wssConfig)
Get a singleton instance of security engine with specified configuration settings. |
protected javax.crypto.SecretKey |
getSharedKey(org.w3c.dom.Element keyInfoElem,
java.lang.String algorithm,
javax.security.auth.callback.CallbackHandler cb)
|
void |
handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey,
javax.security.auth.callback.CallbackHandler cb,
Crypto crypto)
|
void |
handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey,
javax.security.auth.callback.CallbackHandler cb,
Crypto crypto,
java.security.PrivateKey privateKey)
|
void |
handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey,
java.security.PrivateKey privatekey)
|
org.opensaml.SAMLAssertion |
handleSAMLToken(org.w3c.dom.Element token)
|
void |
handleTimestamp(Timestamp timestamp)
|
WSUsernameTokenPrincipal |
handleUsernameToken(org.w3c.dom.Element token,
javax.security.auth.callback.CallbackHandler cb)
Check the UsernameToken element. |
java.util.Vector |
processSecurityHeader(org.w3c.dom.Document doc,
java.lang.String actor,
javax.security.auth.callback.CallbackHandler cb,
Crypto crypto)
Process the security header given the soap envelope as W3C document. |
java.util.Vector |
processSecurityHeader(org.w3c.dom.Document doc,
java.lang.String actor,
javax.security.auth.callback.CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the soap envelope as W3C document. |
protected java.util.Vector |
processSecurityHeader(org.w3c.dom.Element securityHeader,
javax.security.auth.callback.CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the wsse:Security DOM
Element. |
protected java.security.Principal |
verifyXMLSignature(org.w3c.dom.Element elem,
Crypto crypto,
java.security.cert.X509Certificate[] returnCert,
java.util.Vector[] returnQname)
Verify the WS-Security signature. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected WSSConfig wssConfig
protected javax.xml.namespace.QName binaryToken
wsse:BinarySecurityToken
as defined by WS Security specification
protected javax.xml.namespace.QName usernameToken
wsse:UsernameToken
as defined by WS Security specification
protected javax.xml.namespace.QName timeStamp
wsu:Timestamp
as defined by OASIS WS Security specification,
protected static final javax.xml.namespace.QName SIGNATURE
ds:Signature
as defined by XML Signature specification,
enhanced by WS Security specification
protected static final javax.xml.namespace.QName ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification,
enhanced by WS Security specification
protected static final javax.xml.namespace.QName REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification,
protected static final javax.xml.namespace.QName SAML_TOKEN
saml:Assertion
as defined by SAML specification
Constructor Detail |
public WSSecurityEngine()
public WSSecurityEngine(WSSConfig wssConfig)
Method Detail |
public static WSSecurityEngine getInstance()
public static WSSecurityEngine getInstance(WSSConfig wssConfig)
wssConfig
- the configuration parameters to use.
public java.util.Vector processSecurityHeader(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto crypto) throws WSSecurityException
wsse:Security
is availabe with the
defined actor.
doc
- the SOAP envelope as Document
actor
- the engine works on behalf of this actor
. Refer
to the SOAP specification about actor
or role
cb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken
handlingcrypto
- the object that implements the access to the keystore and the
handling of certificates.
WSSecurityException
processSecurityHeader(Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)
public java.util.Vector processSecurityHeader(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
wsse:Security
is availabe with the
defined actor.
doc
- the SOAP envelope as Document
actor
- the engine works on behalf of this actor
. Refer
to the SOAP specification about actor
or role
cb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken
handlingsigCrypto
- the object that implements the access to the keystore and the
handling of certificates for SignaturedecCrypto
- the object that implements the access to the keystore and the
handling of certificates for Decryption
WSSecurityException
processSecurityHeader(Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)
protected java.util.Vector processSecurityHeader(org.w3c.dom.Element securityHeader, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
wsse:Security
DOM
Element. This function loops over all direct child elements of the
wsse:Security
header. If it finds a knwon element, it
transfers control to the appropriate handling function. The mehtod
processes the known child elements in the same order as they appear in
the wsse:Security
element. This is in accordance to the WS
Security specification. Currently the functions can handle the
following child elements: here:
ds:Signature
xenc:EncryptedKey
wsse:UsernameToken
securityHeader
- the wsse:Security
header elementcb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken
handlingsigCrypto
- the object that implements the access to the keystore and the
handling of certificates used for SignaturedecCrypto
- the object that implements the access to the keystore and the
handling of certificates used for Decryption
WSSecurityEngineResult
. Each element in the
the Vector represents the result of a security action. The elements
are ordered according to the sequence of the security actions in the
wsse:Signature header. The Vector maybe empty if no security processing
was performed.
WSSecurityException
protected java.security.Principal verifyXMLSignature(org.w3c.dom.Element elem, Crypto crypto, java.security.cert.X509Certificate[] returnCert, java.util.Vector[] returnQname) throws WSSecurityException
KeyInfo
that is
contained in the signature contains standard X509 data. If yes then
get the certificate data via the standard KeyInfo
methods.
Otherwise, if the KeyInfo
info does not contain X509 data, check
if we can find a wsse:SecurityTokenReference
element. If yes, the next
step is to check how to get the certificate. Two methods are currently supported
here:
wsse:Security
header. If the derefenced token is
of the correct type the contained certificate is extracted.
crypto
parameter.
verfication
function.
elem
- the XMLSignature DOM Element.crypto
- the object that implements the access to the keystore and the
handling of certificates.returnCert
- verifyXMLSignature stores the certificate in the first
entry of this array. Ther caller may then further validate
the certificatereturnQname
- verifyXMLSignature store the Qnames of all signed elements
in this Vector ordered according the sequence in the Signature
header.
WSSecurityException
public java.security.cert.X509Certificate[] getCertificatesTokenReference(org.w3c.dom.Element elem, Crypto crypto) throws WSSecurityException
elem
- The element containing the binary security token. This is
either X509 certificate(s) or a PKIPath.
WSSecurityException
protected java.security.cert.X509Certificate[] getCertificatesFromSAML(org.w3c.dom.Element elem, Crypto crypto) throws WSSecurityException
elem
- The element containing the SAML token.
WSSecurityException
public WSUsernameTokenPrincipal handleUsernameToken(org.w3c.dom.Element token, javax.security.auth.callback.CallbackHandler cb) throws WSSecurityException
USERNAME_TOKEN_UNKNOWN
token
- the DOM element that contains the UsernameTokencb
- the refernce to the callback object
WSSecurityException
public org.opensaml.SAMLAssertion handleSAMLToken(org.w3c.dom.Element token) throws WSSecurityException
WSSecurityException
public void handleTimestamp(Timestamp timestamp) throws WSSecurityException
WSSecurityException
public void handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey, javax.security.auth.callback.CallbackHandler cb, Crypto crypto) throws WSSecurityException
WSSecurityException
public void handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey, java.security.PrivateKey privatekey) throws WSSecurityException
WSSecurityException
public void handleEncryptedKey(org.w3c.dom.Element xencEncryptedKey, javax.security.auth.callback.CallbackHandler cb, Crypto crypto, java.security.PrivateKey privateKey) throws WSSecurityException
WSSecurityException
public void decryptDataRefEmbedded(org.w3c.dom.Document doc, java.lang.String dataRefURI, javax.security.auth.callback.CallbackHandler cb) throws WSSecurityException
WSSecurityException
protected javax.crypto.SecretKey getSharedKey(org.w3c.dom.Element keyInfoElem, java.lang.String algorithm, javax.security.auth.callback.CallbackHandler cb) throws WSSecurityException
WSSecurityException
public static byte[] getDecodedBase64EncodedData(org.w3c.dom.Element element) throws WSSecurityException
element
-
WSSecurityException
public byte[] getDecryptedBytes()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |