Modifier and Type | Method and Description |
---|---|
void |
WSDocInfo.addTokenElement(Element element)
Store a token element for later retrieval.
|
void |
WSDocInfo.addTokenElement(Element element,
boolean checkMultipleElements)
Store a token element for later retrieval.
|
Action |
WSSConfig.getAction(int action)
Lookup action
|
Processor |
WSSConfig.getProcessor(QName el) |
Validator |
WSSConfig.getValidator(QName el) |
List<WSSecurityEngineResult> |
WSSecurityEngine.processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto crypto)
Process the security header given the soap envelope as W3C document.
|
List<WSSecurityEngineResult> |
WSSecurityEngine.processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the soap envelope as W3C document.
|
List<WSSecurityEngineResult> |
WSSecurityEngine.processSecurityHeader(Element securityHeader,
CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the
wsse:Security DOM
Element. |
List<WSSecurityEngineResult> |
WSSecurityEngine.processSecurityHeader(Element securityHeader,
RequestData requestData)
Process the security header given the
wsse:Security DOM
Element. |
Modifier and Type | Method and Description |
---|---|
void |
UsernameTokenSignedAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
UsernameTokenAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
TimestampAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
SignatureConfirmationAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
SignatureAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
SAMLTokenUnsignedAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
SAMLTokenSignedAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
EncryptionAction.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
void |
Action.execute(WSHandler handler,
int actionToDo,
Document doc,
RequestData reqData) |
protected SAMLIssuer |
SAMLTokenSignedAction.loadSamlIssuer(WSHandler handler,
RequestData reqData) |
Modifier and Type | Method and Description |
---|---|
void |
AlgorithmSuiteValidator.checkAsymmetricKeyLength(PublicKey publicKey)
Check the asymmetric key length
|
void |
AlgorithmSuiteValidator.checkAsymmetricKeyLength(X509Certificate x509Certificate)
Check the asymmetric key length
|
void |
AlgorithmSuiteValidator.checkC14nAlgorithm(String c14nAlgorithm)
Check the C14n Algorithm
|
void |
AlgorithmSuiteValidator.checkDerivedKeyAlgorithm(String algorithm)
Check Derived Key algorithm
|
void |
AlgorithmSuiteValidator.checkEncryptionDerivedKeyLength(int derivedKeyLength)
Check Encryption Derived Key length (in bytes)
|
void |
AlgorithmSuiteValidator.checkEncryptionKeyWrapAlgorithm(String keyWrapAlgorithm) |
void |
AlgorithmSuiteValidator.checkSignatureAlgorithms(XMLSignature xmlSignature)
Check the Signature Algorithms
|
void |
AlgorithmSuiteValidator.checkSignatureDerivedKeyLength(int derivedKeyLength)
Check Signature Derived Key length (in bytes)
|
void |
AlgorithmSuiteValidator.checkSignatureMethod(String signatureMethod)
Check the Signature Method
|
void |
AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(String symmetricAlgorithm) |
void |
AlgorithmSuiteValidator.checkSymmetricKeyLength(int secretKeyLength)
Check the symmetric key length
|
void |
DERDecoder.expect(byte val)
Confirm that the byte at the current position matches the given value.
|
void |
DERDecoder.expect(int val)
Confirm that the byte at the current position matches the given value.
|
byte[] |
DERDecoder.getBytes(int length)
Return an array of bytes from the current position.
|
byte[] |
CryptoBase.getBytesFromCertificates(X509Certificate[] certs)
Get a byte array given an array of X509 certificates.
|
byte[] |
Crypto.getBytesFromCertificates(X509Certificate[] certs)
Get a byte array given an array of X509 certificates.
|
CertificateFactory |
Merlin.getCertificateFactory()
Singleton certificate factory for this Crypto instance.
|
CertificateFactory |
CryptoBase.getCertificateFactory()
Get the CertificateFactory instance on this Crypto instance
|
CertificateFactory |
Crypto.getCertificateFactory()
Get the CertificateFactory instance on this Crypto instance
|
X509Certificate[] |
CryptoBase.getCertificatesFromBytes(byte[] data)
Construct an array of X509Certificate's from the byte array.
|
X509Certificate[] |
Crypto.getCertificatesFromBytes(byte[] data)
Construct an array of X509Certificate's from the byte array.
|
String |
Merlin.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
String |
CryptoBase.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
String |
Crypto.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
static Crypto |
CryptoFactory.getInstance()
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Class<? extends Crypto> cryptoClass,
Map<Object,Object> map)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Properties properties)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Properties properties,
ClassLoader classLoader)
getInstance
Returns an instance of Crypto loaded with the given classloader.
|
static Crypto |
CryptoFactory.getInstance(String propFilename)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(String propFilename,
ClassLoader customClassLoader) |
int |
DERDecoder.getLength()
Get the DER length at the current position.
|
PrivateKey |
Merlin.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
Crypto.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
CertificateStore.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
Merlin.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
PrivateKey |
Crypto.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
PrivateKey |
CertificateStore.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
byte[] |
CryptoBase.getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
byte[] |
Crypto.getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
byte[] |
X509SubjectPublicKeyInfo.getSubjectPublicKey()
Get the subjectPublicKey element of the SubjectPublicKeyInfo.
|
X509Certificate[] |
Merlin.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
X509Certificate[] |
Crypto.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
X509Certificate[] |
CertificateStore.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
String |
Merlin.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
String |
Crypto.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter, e.g.
|
String |
CertificateStore.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
X509Certificate |
CryptoBase.loadCertificate(InputStream in)
Load a X509Certificate from the input stream.
|
X509Certificate |
Crypto.loadCertificate(InputStream in)
Load a X509Certificate from the input stream.
|
void |
DERDecoder.skip(int length)
Advance the current position by the given number of bytes.
|
boolean |
DERDecoder.test(byte val)
Test if the byte at the current position matches the given value.
|
boolean |
Merlin.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
boolean |
Crypto.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
boolean |
CertificateStore.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
boolean |
Merlin.verifyTrust(X509Certificate[] certs)
Deprecated.
|
boolean |
Crypto.verifyTrust(X509Certificate[] certs)
Deprecated.
|
boolean |
CertificateStore.verifyTrust(X509Certificate[] certs)
Deprecated.
|
boolean |
Merlin.verifyTrust(X509Certificate[] certs,
boolean enableRevocation)
Evaluate whether a given certificate chain should be trusted.
|
boolean |
Crypto.verifyTrust(X509Certificate[] certs,
boolean enableRevocation)
Evaluate whether a given certificate chain should be trusted.
|
boolean |
CertificateStore.verifyTrust(X509Certificate[] certs,
boolean enableRevocation)
Evaluate whether a given certificate chain should be trusted.
|
Constructor and Description |
---|
DERDecoder(byte[] derEncoded)
Construct a DERDecoder for the given byte array.
|
X509SubjectPublicKeyInfo(byte[] x509EncodedPublicKey)
Construct a SubjectPublicKeyInfo for the given X.509-encoded public key.
|
X509SubjectPublicKeyInfo(PublicKey key)
Construct a SubjectPublicKeyInfo for the given public key.
|
Modifier and Type | Method and Description |
---|---|
protected void |
WSHandler.checkSignatureConfirmation(RequestData reqData,
List<WSSecurityEngineResult> resultList) |
protected void |
WSHandler.decodeAlgorithmSuite(RequestData reqData) |
protected boolean |
WSHandler.decodeAllowUsernameTokenNoPassword(RequestData reqData) |
protected boolean |
WSHandler.decodeBooleanConfigValue(RequestData reqData,
String configTag,
boolean defaultToTrue) |
protected boolean |
WSHandler.decodeBSPCompliance(RequestData reqData) |
protected boolean |
WSHandler.decodeCustomPasswordTypes(RequestData reqData) |
protected void |
WSHandler.decodeDecryptionParameter(RequestData reqData) |
protected boolean |
WSHandler.decodeEnableSignatureConfirmation(RequestData reqData) |
protected void |
WSHandler.decodeEncryptionParameter(RequestData reqData) |
protected boolean |
WSHandler.decodeMustUnderstand(RequestData reqData) |
protected boolean |
WSHandler.decodeNamespaceQualifiedPasswordTypes(RequestData reqData) |
protected String |
WSHandler.decodePasswordType(RequestData reqData) |
protected boolean |
WSHandler.decodePasswordTypeStrict(RequestData reqData) |
protected void |
WSHandler.decodeRequireSignedEncryptedDataElements(RequestData reqData) |
protected void |
WSHandler.decodeSignatureParameter(RequestData reqData) |
protected void |
WSHandler.decodeSignatureParameter2(RequestData reqData) |
protected boolean |
WSHandler.decodeTimestampPrecision(RequestData reqData) |
protected boolean |
WSHandler.decodeTimestampStrict(RequestData reqData) |
protected boolean |
WSHandler.decodeUseEncodedPasswords(RequestData reqData) |
protected boolean |
WSHandler.decodeUseSingleCertificate(RequestData reqData) |
protected void |
WSHandler.decodeUTParameter(RequestData reqData) |
protected void |
WSHandler.doReceiverAction(int doAction,
RequestData reqData) |
protected void |
WSHandler.doSenderAction(int doAction,
Document doc,
RequestData reqData,
List<Integer> actions,
boolean isRequest)
Performs all defined security actions to set-up the SOAP request.
|
CallbackHandler |
WSHandler.getCallbackHandler(String callbackHandlerClass,
String callbackHandlerRef,
RequestData requestData)
Get a CallbackHandler instance.
|
CallbackHandler |
WSHandler.getPasswordCallbackHandler(RequestData reqData)
Get a CallbackHandler instance to obtain passwords.
|
WSPasswordCallback |
WSHandler.getPasswordCB(String username,
int doAction,
CallbackHandler callbackHandler,
RequestData requestData)
Get a password callback (WSPasswordCallback object) from a CallbackHandler instance
|
ReplayCache |
RequestData.getSamlOneTimeUseReplayCache()
Get the replay cache for SAML2 OneTimeUse Assertions
|
Validator |
RequestData.getValidator(QName qName)
Get the Validator instance corresponding to the QName
|
protected Crypto |
WSHandler.loadCrypto(String cryptoPropertyFile,
String cryptoPropertyRefId,
RequestData requestData)
Load a Crypto instance.
|
protected Crypto |
WSHandler.loadCryptoFromPropertiesFile(String propFilename,
RequestData reqData)
A hook to allow subclass to load Crypto instances from property files in a different
way.
|
protected Crypto |
WSHandler.loadDecryptionCrypto(RequestData requestData)
Hook to allow subclasses to load their Decryption Crypto however they see
fit.
|
protected Crypto |
WSHandler.loadEncryptionCrypto(RequestData requestData)
Hook to allow subclasses to load their Encryption Crypto however they see
fit.
|
Crypto |
WSHandler.loadSignatureCrypto(RequestData requestData)
Hook to allow subclasses to load their Signature Crypto however they see
fit.
|
Modifier and Type | Method and Description |
---|---|
List<Reference> |
WSSecSignatureBase.addReferencesToSign(Document doc,
List<WSEncryptionPart> references,
WSDocInfo wsDocInfo,
XMLSignatureFactory signatureFactory,
WSSecHeader secHeader,
WSSConfig wssConfig,
String digestAlgo)
This method adds references to the Signature.
|
List<Reference> |
WSSecSignature.addReferencesToSign(List<WSEncryptionPart> references,
WSSecHeader secHeader)
This method adds references to the Signature.
|
List<Reference> |
WSSecDKSign.addReferencesToSign(List<WSEncryptionPart> references,
WSSecHeader secHeader)
This method adds references to the Signature.
|
Document |
WSSecSignature.build(Document doc,
Crypto cr,
WSSecHeader secHeader)
Builds a signed soap envelope.
|
Document |
WSSecEncrypt.build(Document doc,
Crypto crypto,
WSSecHeader secHeader)
Builds the SOAP envelope with encrypted Body and adds encrypted key.
|
Document |
WSSecDKSign.build(Document doc,
WSSecHeader secHeader) |
Document |
WSSecDKEncrypt.build(Document doc,
WSSecHeader secHeader) |
void |
WSSecSignature.computeSignature(List<Reference> referenceList)
Compute the Signature over the references.
|
void |
WSSecDKSign.computeSignature(List<Reference> referenceList)
Compute the Signature over the references.
|
void |
WSSecSignature.computeSignature(List<Reference> referenceList,
boolean prepend,
Element siblingElement)
Compute the Signature over the references.
|
void |
WSSecDKSign.computeSignature(List<Reference> referenceList,
boolean prepend,
Element siblingElement)
Compute the Signature over the references.
|
static List<String> |
WSSecEncrypt.doEncryption(Document doc,
WSSConfig config,
org.apache.xml.security.keys.KeyInfo keyInfo,
SecretKey secretKey,
String encryptionAlgorithm,
List<WSEncryptionPart> references,
CallbackLookup callbackLookup)
Perform encryption on the SOAP envelope.
|
Element |
WSSecEncrypt.encryptForExternalRef(Element dataRef,
List<WSEncryptionPart> references)
Deprecated.
Use encryptForRef(dataRef, references) instead
|
Element |
WSSecDKEncrypt.encryptForExternalRef(Element dataRef,
List<WSEncryptionPart> references)
Encrypt one or more parts or elements of the message (external).
|
Element |
WSSecEncrypt.encryptForInternalRef(Element dataRef,
List<WSEncryptionPart> references)
Deprecated.
Use encryptForRef(dataRef, references) instead
|
Element |
WSSecEncrypt.encryptForRef(Element dataRef,
List<WSEncryptionPart> references)
Encrypt one or more parts or elements of the message.
|
byte[] |
WSSecUsernameToken.getDerivedKey()
Get the derived key.
|
protected abstract int |
WSSecDerivedKeyBase.getDerivedKeyLength()
The derived key will change depending on the sig/encr algorithm.
|
protected int |
WSSecDKSign.getDerivedKeyLength() |
protected int |
WSSecDKEncrypt.getDerivedKeyLength() |
Element |
WSSecSAMLToken.getElement() |
Element |
DOMCallbackLookup.getElement(String id,
String valueType,
boolean checkMultipleElements)
Get the DOM element that corresponds to the given id and ValueType reference.
|
Element |
CallbackLookup.getElement(String id,
String valueType,
boolean checkMultipleElements)
Get the DOM element that corresponds to the given id and ValueType reference.
|
List<Element> |
DOMCallbackLookup.getElements(String localname,
String namespace)
Get the DOM element(s) that correspond to the given localname/namespace.
|
List<Element> |
CallbackLookup.getElements(String localname,
String namespace)
Get the DOM element(s) that correspond to the given localname/namespace.
|
protected KeyGenerator |
WSSecEncryptedKey.getKeyGenerator() |
byte[] |
WSSecUsernameToken.getSecretKey()
Get the derived secret key.
|
Element |
WSSecHeader.insertSecurityHeader(Document doc)
Creates a security header and inserts it as child into the SOAP Envelope.
|
boolean |
WSSecHeader.isEmpty(Document doc)
Returns whether the security header is empty
|
void |
WSSecDerivedKeyBase.prepare(Document doc)
Initialize a WSSec Derived key.
|
void |
WSSecSecurityContextToken.prepare(Document doc,
Crypto crypto) |
void |
WSSecEncryptedKey.prepare(Document doc,
Crypto crypto)
Prepare the ephemeralKey and the tokens required to be added to the
security header
|
void |
WSSecEncrypt.prepare(Document doc,
Crypto crypto)
Initialize a WSSec Encrypt.
|
void |
WSSecSignature.prepare(Document doc,
Crypto cr,
WSSecHeader secHeader)
Initialize a WSSec Signature.
|
void |
WSSecDKSign.prepare(Document doc,
WSSecHeader secHeader) |
protected void |
WSSecEncryptedKey.prepareInternal(SecretKey secretKey,
X509Certificate remoteCert,
Crypto crypto)
Encrypt the symmetric key data and prepare the EncryptedKey element
This method does the most work for to prepare the EncryptedKey element.
|
void |
WSSecSecurityContextToken.prependSCTElementToHeader(Document doc,
WSSecHeader secHeader) |
void |
WSSecHeader.removeSecurityHeader(Document doc) |
Modifier and Type | Method and Description |
---|---|
Principal |
DerivedKeyToken.createPrincipal()
Create a WSDerivedKeyTokenPrincipal from this DerivedKeyToken object
|
byte[] |
DerivedKeyToken.deriveKey(int length,
byte[] secret)
Derive a key from this DerivedKeyToken instance
|
Element |
SecurityTokenReference.findProcessedTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb,
String uri,
String type)
Find a token that has been processed already - in other words, it access previous
results to find the element, rather than conducting a general search
|
Element |
SecurityTokenReference.findUnprocessedTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb,
String uri,
String type)
Find a token that has not been processed already - in other words, it searches for
the element, rather than trying to access previous results to find the element
|
static byte[] |
UsernameToken.generateDerivedKey(byte[] password,
byte[] salt,
int iteration)
This static method generates a derived key as defined in WSS Username
Token Profile.
|
static byte[] |
UsernameToken.generateDerivedKey(String password,
byte[] salt,
int iteration)
This static method generates a derived key as defined in WSS Username
Token Profile.
|
byte[] |
UsernameToken.getDerivedKey()
This method gets a derived key as defined in WSS Username Token Profile.
|
X509Certificate[] |
SecurityTokenReference.getKeyIdentifier(Crypto crypto)
Gets the KeyIdentifier.
|
Reference |
SecurityTokenReference.getReference()
Gets the Reference.
|
byte[] |
UsernameToken.getSalt()
Get the Salt value of this UsernameToken.
|
SecurityTokenReference |
DerivedKeyToken.getSecurityTokenReference()
Returns the SecurityTokenReference of the derived key token
|
Element |
SecurityTokenReference.getTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb)
Gets the signing token element, which may be a
BinarySecurityToken
or a SAML token. |
X509Certificate |
X509Security.getX509Certificate(Crypto crypto)
Gets the X509Certificate certificate.
|
X509Certificate[] |
PKIPathSecurity.getX509Certificates(Crypto crypto)
get the X509Certificate array.
|
X509Certificate[] |
SecurityTokenReference.getX509IssuerSerial(Crypto crypto)
Gets the certificate identified with X509 issuerSerial data.
|
X509Certificate |
SecurityTokenReference.getX509SKIAlias(Crypto crypto) |
boolean |
UsernameToken.isDerivedKey()
Return whether the UsernameToken represented by this class is to be used
for key derivation as per the UsernameToken Profile 1.1.
|
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm) |
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg) |
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg,
GSSCredential delegatedCredential) |
KerberosServiceContext |
KerberosServiceExceptionAction.run() |
KerberosContext |
KerberosClientExceptionAction.run() |
void |
SecurityTokenReference.setKeyIdentifier(String valueType,
String keyIdVal) |
void |
SecurityTokenReference.setKeyIdentifier(String valueType,
String keyIdVal,
boolean base64) |
void |
SecurityTokenReference.setKeyIdentifier(X509Certificate cert)
Sets the KeyIdentifier Element as a X509 certificate.
|
void |
SecurityTokenReference.setKeyIdentifierEncKeySHA1(String value) |
void |
SecurityTokenReference.setKeyIdentifierSKI(X509Certificate cert,
Crypto crypto)
Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI).
|
void |
SecurityTokenReference.setKeyIdentifierThumb(X509Certificate cert)
Sets the KeyIdentifier Element as a Thumbprint.
|
void |
UsernameToken.setRawPassword(RequestData data)
Set the raw (plain text) password used to compute secret key.
|
void |
X509Security.setX509Certificate(X509Certificate cert)
Sets the X509Certificate.
|
void |
PKIPathSecurity.setX509Certificates(X509Certificate[] certs,
Crypto crypto)
set the X509Certificate array.
|
Constructor and Description |
---|
BinarySecurity(CallbackHandler callbackHandler)
Create a BinarySecurityToken via a CallbackHandler
|
BinarySecurity(Element elem)
Constructor.
|
BinarySecurity(Element elem,
boolean bspCompliant)
Constructor.
|
DerivedKeyToken(Element elem)
This will create a DerivedKeyToken object with the given DerivedKeyToken element
|
DerivedKeyToken(Element elem,
boolean bspCompliant)
This will create a DerivedKeyToken object with the given DerivedKeyToken element
|
DOMX509Data(Element x509DataElement)
Constructor.
|
KerberosSecurity(Element elem)
This constructor creates a new Kerberos token object and initializes
it from the data contained in the element.
|
KerberosSecurity(Element elem,
boolean bspCompliant)
This constructor creates a new Kerberos token object and initializes
it from the data contained in the element.
|
PKIPathSecurity(Element elem)
Constructor.
|
PKIPathSecurity(Element elem,
boolean bspCompliant)
Constructor.
|
Reference(Element elem)
Constructor.
|
SecurityContextToken(Element elem)
This is used to create a SecurityContextToken using a DOM Element
|
SecurityTokenReference(Element elem)
Constructor.
|
SecurityTokenReference(Element elem,
boolean bspCompliant)
Constructor.
|
SignatureConfirmation(Element elem)
Constructs a
SignatureConfirmation object and parses the
wsse11:SignatureConfirmation element to initialize it. |
Timestamp(Element timestampElement)
Constructs a
Timestamp object and parses the
wsu:Timestamp element to initialize it. |
Timestamp(Element timestampElement,
boolean bspCompliant)
Constructs a
Timestamp object and parses the
wsu:Timestamp element to initialize it. |
UsernameToken(Element elem)
Constructs a
UsernameToken object and parses the
wsse:UsernameToken element to initialize it. |
UsernameToken(Element elem,
boolean allowNamespaceQualifiedPasswordTypes,
boolean bspCompliant)
Constructs a
UsernameToken object and parses the
wsse:UsernameToken element to initialize it. |
X509Security(Element elem)
This constructor creates a new X509 certificate object and initializes
it from the data contained in the element.
|
X509Security(Element elem,
boolean bspCompliant)
This constructor creates a new X509 certificate object and initializes
it from the data contained in the element.
|
Modifier and Type | Method and Description |
---|---|
static WSDataRef |
ReferenceListProcessor.decryptEncryptedData(Document doc,
String dataRefURI,
Element encData,
SecretKey symmetricKey,
String symEncAlgo)
Decrypt the EncryptedData argument using a SecretKey.
|
static Element |
ReferenceListProcessor.findEncryptedDataElement(Document doc,
WSDocInfo wsDocInfo,
String dataRefURI)
Look up the encrypted data.
|
static String |
X509Util.getEncAlgo(Node encBodyData) |
protected static SecretKey |
X509Util.getSharedKey(Element keyInfoElem,
String algorithm,
CallbackHandler cb) |
Credential |
SAMLTokenProcessor.handleSAMLToken(AssertionWrapper samlAssertion,
RequestData data,
Validator validator,
WSDocInfo docInfo) |
List<WSSecurityEngineResult> |
UsernameTokenProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
TimestampProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
SignatureProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
SignatureConfirmationProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
SecurityContextTokenProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
SAMLTokenProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
ReferenceListProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
Processor.handleToken(Element elem,
RequestData request,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
EncryptedKeyProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
EncryptedDataProcessor.handleToken(Element elem,
RequestData request,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
EncryptedAssertionProcessor.handleToken(Element elem,
RequestData request,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
DerivedKeyTokenProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
BinarySecurityTokenProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo) |
List<WSSecurityEngineResult> |
EncryptedKeyProcessor.handleToken(Element elem,
RequestData data,
WSDocInfo wsDocInfo,
AlgorithmSuite algorithmSuite) |
Modifier and Type | Method and Description |
---|---|
Document |
WSSecSignatureSAML.build(Document doc,
Crypto uCrypto,
AssertionWrapper assertion,
Crypto iCrypto,
String iKeyName,
String iKeyPW,
WSSecHeader secHeader)
Builds a signed soap envelope with SAML token.
|
void |
WSSecSignatureSAML.computeSignature(List<Reference> referenceList,
WSSecHeader secHeader,
Element siblingElement)
Compute the Signature over the references.
|
static AssertionWrapper |
SAMLUtil.getAssertionFromKeyIdentifier(SecurityTokenReference secRef,
Element strElement,
RequestData request,
WSDocInfo wsDocInfo)
Get an AssertionWrapper object from parsing a SecurityTokenReference that uses
a KeyIdentifier that points to a SAML Assertion.
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromKeyInfo(Element keyInfoElement,
RequestData data,
WSDocInfo docInfo,
boolean bspCompliant)
This method returns a SAMLKeyInfo corresponding to the credential found in the
KeyInfo (DOM Element) argument.
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(Assertion assertion,
RequestData data,
WSDocInfo docInfo,
boolean bspCompliant)
Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
SAML 1.1 assertion
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(Assertion assertion,
RequestData data,
WSDocInfo docInfo,
boolean bspCompliant)
Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
SAML 2 assertion
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(AssertionWrapper assertion,
RequestData data,
WSDocInfo docInfo,
boolean bspCompliant)
Parse a SAML Assertion to obtain a SAMLKeyInfo object from
the Subject of the assertion
|
static SAMLIssuer |
SAMLIssuerFactory.getInstance()
getInstance
Returns an instance of SAMLIssuer.
|
static SAMLIssuer |
SAMLIssuerFactory.getInstance(Class<? extends SAMLIssuer> samlClass,
Properties properties)
getInstance
Returns an instance of SAMLIssuer.
|
static SAMLIssuer |
SAMLIssuerFactory.getInstance(Properties properties) |
static SAMLIssuer |
SAMLIssuerFactory.getInstance(String propFilename)
getInstance
Returns an instance of SAMLIssuer.
|
AssertionWrapper |
SAMLIssuerImpl.newAssertion()
Creates a new AssertionWrapper.
|
AssertionWrapper |
SAMLIssuer.newAssertion()
Creates a new
AssertionWrapper . |
void |
WSSecSignatureSAML.prepare(Document doc,
Crypto uCrypto,
AssertionWrapper assertion,
Crypto iCrypto,
String iKeyName,
String iKeyPW,
WSSecHeader secHeader)
Initialize a WSSec SAML Signature.
|
Constructor and Description |
---|
SAMLIssuerImpl(Properties prop) |
Modifier and Type | Method and Description |
---|---|
String |
AssertionWrapper.assertionToString()
Method assertionToString ...
|
static XMLObject |
OpenSAMLUtil.fromDom(Element root)
Convert a SAML Assertion from a DOM Element to an XMLObject
|
byte[] |
AssertionWrapper.getSignatureValue()
Get the SignatureValue bytes of the signed SAML Assertion
|
void |
AssertionWrapper.parseHOKSubject(RequestData data,
WSDocInfo docInfo)
This method parses the KeyInfo of the Subject for the holder-of-key confirmation
method, as required by the SAML Token spec.
|
void |
AssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue)
Create an enveloped signature on the assertion that has been created.
|
void |
AssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue,
String canonicalizationAlgorithm,
String signatureAlgorithm)
Create an enveloped signature on the assertion that has been created.
|
void |
AssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue,
String canonicalizationAlgorithm,
String signatureAlgorithm,
String signatureDigestAlgorithm)
Create an enveloped signature on the assertion that has been created.
|
Element |
AssertionWrapper.toDOM(Document doc)
Create a DOM from the current XMLObject content.
|
static Element |
OpenSAMLUtil.toDom(XMLObject xmlObject,
Document doc)
Convert a SAML Assertion from a XMLObject to a DOM Element
|
static Element |
OpenSAMLUtil.toDom(XMLObject xmlObject,
Document doc,
boolean signObject)
Convert a SAML Assertion from a XMLObject to a DOM Element
|
void |
AssertionWrapper.validateSignatureAgainstProfile()
Validate the signature of the Assertion against the Profile.
|
void |
AssertionWrapper.verifySignature(RequestData data,
WSDocInfo docInfo)
Verify the signature of this assertion
|
void |
AssertionWrapper.verifySignature(SAMLKeyInfo samlKeyInfo)
Verify the signature of this assertion
|
Constructor and Description |
---|
AssertionWrapper(Element element)
Constructor AssertionWrapper creates a new AssertionWrapper instance.
|
AssertionWrapper(SAMLParms parms)
Constructor AssertionWrapper creates a new AssertionWrapper instance.
|
Modifier and Type | Method and Description |
---|---|
static KeyInfo |
SAML1ComponentBuilder.createKeyInfo(KeyInfoBean keyInfo)
Create an Opensaml KeyInfo object from the parameters
|
static Subject |
SAML1ComponentBuilder.createSaml1v1Subject(SubjectBean subjectBean)
Create a SAML Subject from a SubjectBean instance
|
static Subject |
SAML2ComponentBuilder.createSaml2Subject(SubjectBean subjectBean)
Create a Subject.
|
static List<AttributeStatement> |
SAML1ComponentBuilder.createSamlv1AttributeStatement(List<AttributeStatementBean> attributeData)
Create SAML 1.1 attribute statement(s)
|
static List<AuthenticationStatement> |
SAML1ComponentBuilder.createSamlv1AuthenticationStatement(List<AuthenticationStatementBean> authBeans)
Create SAML 1.1 authentication statement(s)
|
static List<AuthorizationDecisionStatement> |
SAML1ComponentBuilder.createSamlv1AuthorizationDecisionStatement(List<AuthDecisionStatementBean> decisionData)
Create SAML 1.1 Authorization Decision Statement(s)
|
static SubjectConfirmationData |
SAML2ComponentBuilder.createSubjectConfirmationData(String inResponseTo,
String recipient,
org.joda.time.DateTime notOnOrAfter,
KeyInfoBean keyInfoBean)
Deprecated.
|
static SubjectConfirmationData |
SAML2ComponentBuilder.createSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationDataBean,
KeyInfoBean keyInfoBean)
Create a SubjectConfirmationData object
|
Modifier and Type | Method and Description |
---|---|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg,
GSSCredential delegationCredential)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
byte[] |
SpnegoTokenContext.unwrapKey(byte[] secret)
Unwrap a key
|
void |
SpnegoTokenContext.validateServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
byte[] ticket)
Validate a service ticket.
|
void |
SpnegoTokenContext.validateServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
byte[] ticket,
boolean isUsernameServiceNameForm) |
byte[] |
SpnegoTokenContext.wrapKey(byte[] secret)
Wrap a key
|
Modifier and Type | Method and Description |
---|---|
static void |
BSPEnforcer.checkBinarySecurityBSPCompliance(SecurityTokenReference secRef,
BinarySecurity token)
Check that the BinarySecurityToken referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
BSPEnforcer.checkEncryptedKeyBSPCompliance(SecurityTokenReference secRef)
Check that the EncryptedKey referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
BSPEnforcer.checkSamlTokenBSPCompliance(SecurityTokenReference secRef,
AssertionWrapper assertion)
Check that the SAML token referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
BSPEnforcer.checkUsernameTokenBSPCompliance(SecurityTokenReference secRef)
Check that the Username token referenced by the SecurityTokenReference argument
is BSP compliant.
|
void |
SignatureSTRParser.parseSecurityTokenReference(Element strElement,
RequestData data,
WSDocInfo wsDocInfo,
Map<String,Object> parameters)
Parse a SecurityTokenReference element and extract credentials.
|
void |
SecurityTokenRefSTRParser.parseSecurityTokenReference(Element strElement,
RequestData data,
WSDocInfo wsDocInfo,
Map<String,Object> parameters)
Parse a SecurityTokenReference element and extract credentials.
|
void |
STRParser.parseSecurityTokenReference(Element strElement,
RequestData data,
WSDocInfo wsDocInfo,
Map<String,Object> parameters)
Parse a SecurityTokenReference element and extract credentials.
|
void |
EncryptedKeySTRParser.parseSecurityTokenReference(Element strElement,
RequestData data,
WSDocInfo wsDocInfo,
Map<String,Object> parameters)
Parse a SecurityTokenReference element and extract credentials.
|
void |
DerivedKeyTokenSTRParser.parseSecurityTokenReference(Element strElement,
RequestData data,
WSDocInfo wsDocInfo,
Map<String,Object> parameters)
Parse a SecurityTokenReference element and extract credentials.
|
Modifier and Type | Method and Description |
---|---|
static Element |
STRTransformUtil.createBSTX509(Document doc,
X509Certificate cert,
Element secRefE) |
static Element |
STRTransformUtil.createBSTX509(Document doc,
X509Certificate cert,
Element secRefE,
String secRefEncType) |
static Element |
STRTransformUtil.dereferenceSTR(Document doc,
SecurityTokenReference secRef,
WSDocInfo wsDocInfo)
Retrieves the element representing the referenced content of a STR.
|
Modifier and Type | Method and Description |
---|---|
static void |
WSSecurityUtil.checkAllElementsProtected(List<WSSecurityEngineResult> results,
int action,
QName[] requiredParts)
Check that all of the QName[] requiredParts are protected by a specified action in the
results list.
|
static void |
WSSecurityUtil.checkSignsAllElements(WSSecurityEngineResult resultItem,
String[] requiredIDs)
Ensure that this covers all required elements (identified by
their wsu:Id attributes).
|
static byte[] |
Base64.decode(String encoded)
Decodes Base64 data into octets
|
static int |
WSSecurityUtil.decodeAction(String action,
List<Integer> actions) |
static int |
WSSecurityUtil.decodeAction(String action,
List<Integer> actions,
WSSConfig wssConfig)
Decode an action String.
|
static List<Element> |
WSSecurityUtil.findElements(WSEncryptionPart part,
CallbackLookup callbackLookup,
Document doc)
Find the DOM Element in the SOAP Envelope that is referenced by the
WSEncryptionPart argument.
|
static Element |
WSSecurityUtil.findWsseSecurityHeaderBlock(Document doc,
Element envelope,
boolean doCreate)
find the first ws-security header block
|
static Element |
WSSecurityUtil.findWsseSecurityHeaderBlock(Document doc,
Element envelope,
String actor,
boolean doCreate)
find a WS-Security header block for a given actor
|
static byte[] |
WSSecurityUtil.generateDigest(byte[] inputBytes)
Generate a (SHA1) digest of the input bytes.
|
static byte[] |
WSSecurityUtil.generateNonce(int length)
Generate a nonce of the given length using the SHA1PRNG algorithm.
|
static Cipher |
WSSecurityUtil.getCipherInstance(String cipherAlgo)
Translate the "cipherAlgo" URI to a JCE ID, and return a javax.crypto.Cipher instance
of this type.
|
static int |
WSSecurityUtil.getKeyLength(String algorithm)
Returns the length of the key in # of bytes
|
static Element |
WSSecurityUtil.getSecurityHeader(Document doc,
String actor)
Returns the first WS-Security header element for a given actor.
|
static void |
WSSecurityUtil.verifySignedElement(Element elem,
WSDocInfo wsDocInfo) |
Modifier and Type | Method and Description |
---|---|
void |
SamlAssertionValidator.checkAudienceRestrictions(AssertionWrapper assertion,
List<String> audienceRestrictions)
Check the AudienceRestrictions of the Assertion
|
protected void |
SamlAssertionValidator.checkAuthnStatements(AssertionWrapper assertion)
Check the AuthnStatements of the Assertion (if any)
|
protected void |
SamlAssertionValidator.checkConditions(AssertionWrapper assertion)
Check the Conditions of the Assertion.
|
protected void |
SamlAssertionValidator.checkOneTimeUse(AssertionWrapper samlAssertion,
RequestData data)
Check the "OneTimeUse" Condition of the Assertion.
|
protected boolean |
SignatureTrustValidator.isCertificateInKeyStore(Crypto crypto,
X509Certificate cert)
Deprecated.
|
Credential |
Validator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
UsernameTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
TimestampValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
SignatureTrustValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
SamlAssertionValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
NoOpValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
KerberosTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
JAASUsernameTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
protected void |
SamlAssertionValidator.validateAssertion(AssertionWrapper assertion)
Validate the assertion against schemas/profiles
|
protected void |
SignatureTrustValidator.validateCertificates(X509Certificate[] certificates)
Validate the certificates by checking the validity of each cert
|
protected boolean |
SignatureTrustValidator.validatePublicKey(PublicKey publicKey,
Crypto crypto)
Validate a public key
|
protected void |
UsernameTokenValidator.verifyCustomPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a password of some unknown (but specified) password
type.
|
protected void |
UsernameTokenValidator.verifyDigestPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a password digest.
|
protected void |
UsernameTokenValidator.verifyPlaintextPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a plaintext password.
|
protected Credential |
SamlAssertionValidator.verifySignedAssertion(AssertionWrapper assertion,
RequestData data)
Verify trust in the signature of a signed Assertion.
|
protected void |
SamlAssertionValidator.verifySubjectConfirmationMethod(AssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements
|
protected boolean |
SignatureTrustValidator.verifyTrustInCert(X509Certificate cert,
Crypto crypto)
Deprecated.
|
protected boolean |
SignatureTrustValidator.verifyTrustInCert(X509Certificate cert,
Crypto crypto,
boolean enableRevocation)
Deprecated.
|
protected boolean |
SignatureTrustValidator.verifyTrustInCert(X509Certificate cert,
Crypto crypto,
RequestData data,
boolean enableRevocation)
Evaluate whether a given certificate should be trusted.
|
protected boolean |
SignatureTrustValidator.verifyTrustInCerts(X509Certificate[] certificates,
Crypto crypto)
Deprecated.
|
protected boolean |
SignatureTrustValidator.verifyTrustInCerts(X509Certificate[] certificates,
Crypto crypto,
boolean enableRevocation)
Deprecated.
|
protected boolean |
SignatureTrustValidator.verifyTrustInCerts(X509Certificate[] certificates,
Crypto crypto,
RequestData data,
boolean enableRevocation)
Evaluate whether the given certificate chain should be trusted.
|
protected void |
UsernameTokenValidator.verifyUnknownPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing no password.
|
Copyright © 2018 JBoss by Red Hat. All rights reserved.