Package org.apache.wss4j.dom.message.token

Class UsernameToken

  • public class UsernameToken
extends Object
    UsernameToken according to WS Security specifications, UsernameToken profile. Enhanced to support digest password type for username token signature Enhanced to support passwordless usernametokens as allowed by spec.

    • Constructor Detail

      • UsernameToken

        public UsernameToken​(Element elem,
                     boolean allowNamespaceQualifiedPasswordTypes,
                     BSPEnforcer bspEnforcer)
              throws WSSecurityException
        Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.
        Parameters:
        elem - the wsse:UsernameToken element that contains the UsernameToken data
        allowNamespaceQualifiedPasswordTypes - whether to allow (wsse) namespace qualified password types or not (for interop with WCF)
        bspEnforcer - a BSPEnforcer instance to enforce BSP rules
        Throws:
        WSSecurityException

      • UsernameToken

        public UsernameToken​(boolean milliseconds,
                     Document doc)
        Constructs a UsernameToken object according to the defined parameters.

        This constructs set the password encoding to WSS4JConstants.PASSWORD_DIGEST

        Parameters:
        doc - the SOAP envelope as Document

    • Method Detail

      • addWSSENamespace

        public void addWSSENamespace()
        Add the WSSE Namespace to this UT. The namespace is not added by default for efficiency purposes.

      • addWSUNamespace

        public void addWSUNamespace()
        Add the WSU Namespace to this UT. The namespace is not added by default for efficiency purposes.

      • addNonce

        public void addNonce​(Document doc)
        Creates and adds a Nonce element to this UsernameToken

      • addCreated

        public void addCreated​(boolean milliseconds,
                       Document doc)
        Creates and adds a Created element to this UsernameToken

      • addCreated

        public void addCreated​(boolean milliseconds,
                       WSTimeSource timeSource,
                       Document doc)
        Creates and adds a Created element to this UsernameToken

      • addSalt

        public void addSalt​(Document doc,
                    byte[] saltValue,
                    boolean mac)
        Adds a Salt element to this UsernameToken.
        Parameters:
        doc - The Document for the UsernameToken
        saltValue - The salt to add.
        mac - If true then an optionally generated value is usable for a MAC

      • addIteration

        public void addIteration​(Document doc,
                         int iteration)
        Creates and adds a Iteration element to this UsernameToken

      • getName

        public String getName()
        Get the user name.
        Returns:
        the data from the user name element.

      • setName

        public void setName​(String name)
        Set the user name.
        Parameters:
        name - sets a text node containing the use name into the user name element.

      • getNonce

        public String getNonce()
        Get the nonce.
        Returns:
        the data from the nonce element.

      • getCreated

        public String getCreated()
        Get the created timestamp.
        Returns:
        the data from the created time element.

      • getCreatedDate

        public Instant getCreatedDate()
        Return the Created Element as a Date object
        Returns:
        the Created Date

      • getPassword

        public String getPassword()
        Gets the password string. This is the password as it is in the password element of a username token. Thus it can be either plain text or the password digest value.
        Returns:
        the password string or null if no such node exists.

      • containsPasswordElement

        public boolean containsPasswordElement()
        Return true if this UsernameToken contains a Password element

      • getSalt

        public byte[] getSalt()
               throws WSSecurityException
        Get the Salt value of this UsernameToken.
        Returns:
        Returns the binary Salt value or null if no Salt value is available in the username token.
        Throws:
        WSSecurityException

      • getIteration

        public int getIteration()
        Get the Iteration value of this UsernameToken.
        Returns:
        Returns the Iteration value. If no Iteration was specified in the username token the default value according to the specification is returned.

      • isHashed

        public boolean isHashed()
        Get the hashed indicator. If the indicator is true> the password of the UsernameToken was encoded using WSS4JConstants.PASSWORD_DIGEST
        Returns:
        the hashed indicator.

      • getPasswordType

        public String getPasswordType()
        Returns:
        Returns the passwordType.

      • setPassword

        public void setPassword​(String pwd)
        Sets the password string. This function sets the password in the UsernameToken either as plain text or encodes the password according to the WS Security specifications, UsernameToken profile, into a password digest.
        Parameters:
        pwd - the password to use

      • setPasswordsAreEncoded

        public void setPasswordsAreEncoded​(boolean passwordsAreEncoded)
        Parameters:
        passwordsAreEncoded - whether passwords are encoded

      • getPasswordsAreEncoded

        public boolean getPasswordsAreEncoded()
        Returns:
        whether passwords are encoded

      • getElement

        public Element getElement()
        Returns the dom element of this UsernameToken object.
        Returns:
        the wsse:UsernameToken element

      • toString

        public String toString()
        Returns the string representation of the token.
        Overrides:
        toString in class Object
        Returns:
        a XML string representation

      • getID

        public String getID()
        Gets the id.
        Returns:
        the value of the wsu:Id attribute of this username token

      • setID

        public void setID​(String id)
        Set the id of this username token.
        Parameters:
        id - the value for the wsu:Id attribute of this username token

      • getDerivedKey

        public byte[] getDerivedKey​(BSPEnforcer bspEnforcer,
                            String rawPassword)
                     throws WSSecurityException
        This method gets a derived key as defined in WSS Username Token Profile.
        Parameters:
        rawPassword - The raw password to use to derive the key
        Returns:
        Returns the derived key as a byte array
        Throws:
        WSSecurityException

      • isDerivedKey

        public boolean isDerivedKey()
                     throws WSSecurityException
        Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1. It does this by checking that the username token has salt and iteration values.
        Throws:
        WSSecurityException

      • verifyCreated

        public boolean verifyCreated​(int timeToLive,
                             int futureTimeToLive)
        Return true if the "Created" value is before the current time minus the timeToLive argument, and if the Created value is not "in the future".
        Parameters:
        timeToLive - the value in seconds for the validity of the Created time
        futureTimeToLive - the value in seconds for the future validity of the Created time
        Returns:
        true if the UsernameToken is before (now-timeToLive), false otherwise

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object