1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.validate;
20
21 import org.apache.wss4j.binding.wssc.AbstractSecurityContextTokenType;
22 import org.apache.wss4j.common.ext.WSPasswordCallback;
23 import org.apache.wss4j.common.ext.WSSecurityException;
24 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
25 import org.apache.wss4j.stax.utils.WSSUtils;
26 import org.apache.xml.security.algorithms.JCEMapper;
27 import org.apache.xml.security.exceptions.XMLSecurityException;
28 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
29 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
30 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
31
32 import java.security.Key;
33
34 import javax.crypto.spec.SecretKeySpec;
35
36 public class SecurityContextTokenValidatorImpl implements SecurityContextTokenValidator {
37
38 @Override
39 public InboundSecurityToken validate(final AbstractSecurityContextTokenType securityContextTokenType,
40 final String identifier, final TokenContext tokenContext)
41 throws WSSecurityException {
42
43 AbstractInboundSecurityToken securityContextToken = new AbstractInboundSecurityToken(
44 tokenContext.getWsSecurityContext(), identifier,
45 WSSecurityTokenConstants.KEYIDENTIFIER_EXTERNAL_REFERENCE, true) {
46
47 @Override
48 public boolean isAsymmetric() {
49 return false;
50 }
51
52 @Override
53 public Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
54 String correlationID) throws XMLSecurityException {
55
56 Key key = getSecretKey().get(algorithmURI);
57 if (key != null) {
58 return key;
59 }
60
61 WSPasswordCallback passwordCallback = new WSPasswordCallback(
62 identifier, WSPasswordCallback.SECURITY_CONTEXT_TOKEN);
63 WSSUtils.doSecretKeyCallback(
64 tokenContext.getWssSecurityProperties().getCallbackHandler(), passwordCallback);
65 if (passwordCallback.getKey() == null) {
66 throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE,
67 "noKey", new Object[] {securityContextTokenType.getId()});
68 }
69 String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
70 key = new SecretKeySpec(passwordCallback.getKey(), keyAlgorithm);
71 setSecretKey(algorithmURI, key);
72 return key;
73 }
74
75 @Override
76 public WSSecurityTokenConstants.TokenType getTokenType() {
77 return WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN;
78 }
79 };
80
81 securityContextToken.setElementPath(tokenContext.getElementPath());
82 securityContextToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
83
84 return securityContextToken;
85 }
86 }