private TokenProviderParameters createProviderParameters(
String tokenType,
String keyType,
Crypto crypto,
String signatureUsername,
CallbackHandler callbackHandler,
String username,
String issuer)
throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal(username));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress(
"https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer(issuer);
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
private TokenProviderParameters createProviderParameters(
String tokenType,
String keyType,
Crypto crypto,
String signatureUsername,
CallbackHandler callbackHandler)
throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
parameters.setWebServiceContext(webServiceContext);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
parameters.setTokenStore(tokenStore);
return parameters;
}
protected void signToken(
SamlAssertionWrapper assertion,
RealmProperties samlRealm,
STSPropertiesMBean stsProperties,
KeyRequirements keyRequirements)
throws Exception {
// Initialise signature objects with defaults of STSPropertiesMBean
Crypto signatureCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
String alias = stsProperties.getSignatureUsername();
if (samlRealm != null) {
// If SignatureCrypto configured in realm then
// callbackhandler and alias of STSPropertiesMBean is ignored
if (samlRealm.getSignatureCrypto() != null) {
LOG.fine("SAMLRealm signature keystore used");
signatureCrypto = samlRealm.getSignatureCrypto();
callbackHandler = samlRealm.getCallbackHandler();
alias = samlRealm.getSignatureAlias();
}
// SignatureProperties can be defined independently of SignatureCrypto
if (samlRealm.getSignatureProperties() != null) {
signatureProperties = samlRealm.getSignatureProperties();
}
}
// Get the signature algorithm to use
String signatureAlgorithm = keyRequirements.getSignatureAlgorithm();
if (signatureAlgorithm == null) {
// If none then default to what is configured
signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
} else {
List<String> supportedAlgorithms = signatureProperties.getAcceptedSignatureAlgorithms();
if (!supportedAlgorithms.contains(signatureAlgorithm)) {
signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
}
}
}
// Get the c14n algorithm to use
String c14nAlgorithm = keyRequirements.getC14nAlgorithm();
if (c14nAlgorithm == null) {
// If none then default to what is configured
c14nAlgorithm = signatureProperties.getC14nAlgorithm();
} else {
List<String> supportedAlgorithms = signatureProperties.getAcceptedC14nAlgorithms();
if (!supportedAlgorithms.contains(c14nAlgorithm)) {
c14nAlgorithm = signatureProperties.getC14nAlgorithm();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
}
}
}
// If alias not defined, get the default of the SignatureCrypto
if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
alias = signatureCrypto.getDefaultX509Identifier();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Signature alias is null so using default alias: " + alias);
}
}
// Get the password
WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
LOG.fine("Creating SAML Token");
callbackHandler.handle(cb);
String password = cb[0].getPassword();
LOG.fine("Signing SAML Token");
boolean useKeyValue = signatureProperties.isUseKeyValue();
assertion.signAssertion(
alias,
password,
signatureCrypto,
useKeyValue,
c14nAlgorithm,
signatureAlgorithm,
signatureProperties.getDigestAlgorithm());
}
