protected boolean isValidatedLocally(Credential credential, RequestData data) throws WSSecurityException { if (!alwaysValidateToSts && credential.getSamlAssertion() != null) { try { samlValidator.validate(credential, data); return samlValidator.isTrustVerificationSucceeded(); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILURE, e, "invalidSAMLsecurity"); } } return false; }
public Credential validateWithSTS(Credential credential, Message message) throws WSSecurityException { try { SecurityToken token = new SecurityToken(); Element tokenElement = null; int hash = 0; if (credential.getSamlAssertion() != null) { SamlAssertionWrapper assertion = credential.getSamlAssertion(); byte[] signatureValue = assertion.getSignatureValue(); if (signatureValue != null && signatureValue.length > 0) { hash = Arrays.hashCode(signatureValue); } tokenElement = credential.getSamlAssertion().getElement(); } else if (credential.getUsernametoken() != null) { tokenElement = credential.getUsernametoken().getElement(); hash = credential.getUsernametoken().hashCode(); } else if (credential.getBinarySecurityToken() != null) { tokenElement = credential.getBinarySecurityToken().getElement(); hash = credential.getBinarySecurityToken().hashCode(); } else if (credential.getSecurityContextToken() != null) { tokenElement = credential.getSecurityContextToken().getElement(); hash = credential.getSecurityContextToken().hashCode(); } token.setToken(tokenElement); TokenStore ts = null; if (!disableCaching) { ts = getTokenStore(message); if (ts == null) { ts = tokenStore; } if (ts != null && hash != 0) { SecurityToken transformedToken = getTransformedToken(ts, hash); if (transformedToken != null && !transformedToken.isExpired()) { SamlAssertionWrapper assertion = new SamlAssertionWrapper(transformedToken.getToken()); credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion)); credential.setTransformedToken(assertion); return credential; } } } token.setTokenHash(hash); STSClient c = stsClient; if (c == null) { c = STSUtils.getClient(message, "sts"); } synchronized (c) { System.setProperty("noprint", "true"); SecurityToken returnedToken = null; if (useIssueBinding && useOnBehalfOf) { ElementCallbackHandler callbackHandler = new ElementCallbackHandler(tokenElement); c.setOnBehalfOf(callbackHandler); returnedToken = c.requestSecurityToken(); c.setOnBehalfOf(null); } else if (useIssueBinding && !useOnBehalfOf && credential.getUsernametoken() != null) { c.getProperties() .put(SecurityConstants.USERNAME, credential.getUsernametoken().getName()); c.getProperties() .put(SecurityConstants.PASSWORD, credential.getUsernametoken().getPassword()); returnedToken = c.requestSecurityToken(); c.getProperties().remove(SecurityConstants.USERNAME); c.getProperties().remove(SecurityConstants.PASSWORD); } else { List<SecurityToken> tokens = c.validateSecurityToken(token); returnedToken = tokens.get(0); } if (returnedToken != token) { SamlAssertionWrapper assertion = new SamlAssertionWrapper(returnedToken.getToken()); credential.setTransformedToken(assertion); credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion)); if (!disableCaching && hash != 0 && ts != null) { ts.add(returnedToken); token.setTransformedTokenIdentifier(returnedToken.getId()); ts.add(Integer.toString(hash), token); } } return credential; } } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILURE, e, "invalidSAMLsecurity"); } }