1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.transform;
21
22 import java.security.cert.CertificateEncodingException;
23 import java.security.cert.X509Certificate;
24
25 import org.apache.wss4j.common.ext.WSSecurityException;
26 import org.apache.wss4j.common.token.Reference;
27 import org.apache.wss4j.common.token.SecurityTokenReference;
28 import org.apache.wss4j.common.token.X509Security;
29 import org.apache.wss4j.common.util.XMLUtils;
30 import org.apache.wss4j.dom.WSConstants;
31 import org.apache.wss4j.dom.WSDocInfo;
32 import org.apache.wss4j.dom.str.STRParserUtil;
33 import org.w3c.dom.Document;
34 import org.w3c.dom.Element;
35 import org.w3c.dom.Text;
36
37
38
39
40 public final class STRTransformUtil {
41 private static final org.slf4j.Logger LOG =
42 org.slf4j.LoggerFactory.getLogger(STRTransformUtil.class);
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58 public static Element dereferenceSTR(Document doc,
59 SecurityTokenReference secRef, WSDocInfo wsDocInfo) throws WSSecurityException {
60
61
62
63
64
65 if (secRef.containsReference()) {
66 LOG.debug("STR: Reference");
67
68 Reference reference = secRef.getReference();
69 return STRParserUtil.getTokenElement(doc, wsDocInfo, null, reference.getURI(), reference.getValueType());
70 } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
71
72
73
74
75 LOG.debug("STR: IssuerSerial");
76 X509Certificate[] certs =
77 secRef.getX509IssuerSerial(wsDocInfo.getCrypto());
78 if (certs == null || certs.length == 0 || certs[0] == null) {
79 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
80 }
81 return createBSTX509(doc, certs[0], secRef.getElement(), secRef.getKeyIdentifierEncodingType());
82 } else if (secRef.containsKeyIdentifier()) {
83
84
85
86
87
88 LOG.debug("STR: KeyIdentifier");
89 if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())
90 || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) {
91 return STRParserUtil.getTokenElement(doc, wsDocInfo, null, secRef.getKeyIdentifierValue(),
92 secRef.getKeyIdentifierValueType());
93 } else {
94 X509Certificate[] certs = secRef.getKeyIdentifier(wsDocInfo.getCrypto());
95 if (certs == null || certs.length == 0 || certs[0] == null) {
96 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
97 }
98 return createBSTX509(doc, certs[0], secRef.getElement());
99 }
100 }
101 return null;
102 }
103
104 public static Element createBSTX509(Document doc, X509Certificate cert, Element secRefE)
105 throws WSSecurityException {
106 return createBSTX509(doc, cert, secRefE, null);
107 }
108
109 public static Element createBSTX509(Document doc, X509Certificate cert, Element secRefE,
110 String secRefEncType)
111 throws WSSecurityException {
112 byte[] data;
113 try {
114 data = cert.getEncoded();
115 } catch (CertificateEncodingException e) {
116 throw new WSSecurityException(
117 WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError"
118 );
119 }
120 String prefix = XMLUtils.getPrefixNS(WSConstants.WSSE_NS, secRefE);
121 if (prefix == null) {
122 prefix = WSConstants.WSSE_PREFIX;
123 }
124 Element elem = doc.createElementNS(WSConstants.WSSE_NS, prefix + ":BinarySecurityToken");
125 XMLUtils.setNamespace(elem, WSConstants.WSSE_NS, prefix);
126
127 elem.setAttributeNS(null, "ValueType", X509Security.X509_V3_TYPE);
128 if (secRefEncType != null) {
129 elem.setAttributeNS(null, "EncodingType", secRefEncType);
130 }
131 Text certText = doc.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(data));
132 elem.appendChild(certText);
133 return elem;
134 }
135
136
137
138
139 private STRTransformUtil() {
140 }
141
142 }