/* | |
* Copyright 2003-2007 The Apache Software Foundation. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
* | |
*/ | |
package org.apache.ws.security.action; | |
import java.util.Vector; | |
import org.apache.ws.security.SOAPConstants; | |
import org.apache.ws.security.WSConstants; | |
import org.apache.ws.security.WSEncryptionPart; | |
import org.apache.ws.security.WSSecurityException; | |
import org.apache.ws.security.handler.RequestData; | |
import org.apache.ws.security.handler.WSHandler; | |
import org.apache.ws.security.handler.WSHandlerConstants; | |
import org.apache.ws.security.message.WSSecUsernameToken; | |
import org.apache.ws.security.message.WSSecSignature; | |
import org.apache.ws.security.message.WSSecHeader; | |
import org.apache.ws.security.util.WSSecurityUtil; | |
import org.apache.xml.security.signature.XMLSignature; | |
import org.w3c.dom.Document; | |
import org.w3c.dom.Element; | |
/** | |
* Sign a request using a secret key derived from UsernameToken data. | |
* | |
* Enhanced by Alberto Coletti to support digest password type for | |
* username token signature | |
* | |
* @author Werner Dittmann (Werner.Dittmann@t-online.de) | |
*/ | |
public class UsernameTokenSignedAction implements Action { | |
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData) | |
throws WSSecurityException { | |
String password; | |
password = handler.getPassword(reqData.getUsername(), actionToDo, | |
WSHandlerConstants.PW_CALLBACK_CLASS, | |
WSHandlerConstants.PW_CALLBACK_REF, reqData).getPassword(); | |
WSSecUsernameToken builder = new WSSecUsernameToken(); | |
builder.setWsConfig(reqData.getWssConfig()); | |
builder.setPasswordType(reqData.getPwType()); // enhancement by Alberto Coletti | |
builder.setUserInfo(reqData.getUsername(), password); | |
builder.addCreated(); | |
builder.addNonce(); | |
builder.prepare(doc); | |
// Now prepare to sign. | |
// First step: Get a WS Signature object and set config parameters | |
// second step: set user data and algorithm parameters. This | |
// _must_ be done before we "prepare" | |
// third step: Call "prepare". This creates the internal WS Signature | |
// data structures, XML element, fills in the algorithms | |
// and other data. | |
// fourth step: Get the references. These references identify the parts | |
// of the document that will be included into the | |
// signature. If no references are given sign the message | |
// body by default. | |
// fifth step: compute the signature | |
// | |
// after "prepare" the Signature XML element is ready and may prepend | |
// this to the security header. | |
WSSecSignature sign = new WSSecSignature(); | |
sign.setWsConfig(reqData.getWssConfig()); | |
sign.setUsernameToken(builder); | |
sign.setKeyIdentifierType(WSConstants.UT_SIGNING); | |
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1); | |
sign.prepare(doc, null, reqData.getSecHeader()); | |
// prepend in this order: first the Signature Element and then the | |
// UsernameToken Element. This way the server gets the UsernameToken | |
// first, can check it and are prepared to compute the Signature key. | |
sign.prependToHeader(reqData.getSecHeader()); | |
builder.prependToHeader(reqData.getSecHeader()); | |
Vector parts = null; | |
if (reqData.getSignatureParts().size() > 0) { | |
parts = reqData.getSignatureParts(); | |
} | |
else { | |
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc | |
.getDocumentElement()); | |
parts = new Vector(); | |
WSEncryptionPart encP = new WSEncryptionPart(soapConstants | |
.getBodyQName().getLocalPart(), soapConstants | |
.getEnvelopeURI(), "Content"); | |
parts.add(encP); | |
} | |
sign.addReferencesToSign(parts, reqData.getSecHeader()); | |
try { | |
sign.computeSignature(); | |
reqData.getSignatureValues().add(sign.getSignatureValue()); | |
} catch (WSSecurityException e) { | |
throw new WSSecurityException("WSHandler: Error during Signature with UsernameToken secret" | |
+ e); | |
} | |
} | |
} |