All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.ws.security.message.WSSecUsernameToken Maven / Gradle / Ivy

Go to download

The Apache WSS4J project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.

There is a newer version: 1.6.19
Show newest version
/*
 * Copyright  2003-2004 The Apache Software Foundation.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */

package org.apache.ws.security.message;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/**
 * Builds a WS UsernameToken.
 * 
 * Refer to the WS specification, UsernameToken profile
 * 
 * @author Werner Dittmann ([email protected]).
 */

public class WSSecUsernameToken extends WSSecBase {
	private static Log log = LogFactory.getLog(WSSecUsernameToken.class
			.getName());

	private String passwordType = WSConstants.PASSWORD_DIGEST;

	private UsernameToken ut = null;

	private boolean nonce = false;

	private boolean created = false;
	
	private boolean useDerivedKey = false;
	
	private boolean useMac = false;
	
	private byte[] saltValue;
	
	private int iteration = UsernameToken.DEFAULT_ITERATION;

	private Document document = null;

	/**
	 * Constructor.
	 */
	public WSSecUsernameToken() {
	}

	/**
	 * Defines how to construct the password element of the
	 * UsernameToken.
	 * 
	 * @param pwType
	 *            contains the password type. Only allowed values are
	 *            {@link WSConstants#PASSWORD_DIGEST} and
	 *            {@link WSConstants#PASSWORD_TEXT}.
	 * 			  or null when no password is needed.
	 */
	public void setPasswordType(String pwType) {
		this.passwordType = pwType;
	}

	/**
	 * Add a Nonce element to the UsernameToken.
	 */
	public void addNonce() {
		nonce = true;
	}

	/**
	 * Add a Created element to the UsernameToken.
	 */
	public void addCreated() {
		created = true;
	}
	
    /**
     * Add a derived key to the UsernameToken
     * @param useMac whether the derived key is to be used for a MAC or not
     * @param saltValue The saltvalue to use
     * @param iteration The number of iterations to use in deriving a key
     */
    public void addDerivedKey(boolean useMac, byte[] saltValue, int iteration) {
        passwordType = null;
        useDerivedKey = true;
        this.useMac = useMac;
        this.saltValue = saltValue;
        if (iteration > 0) {
            this.iteration = iteration;
        }
    }

	
	/**
	 * Get the derived secret key.
	 * 
	 * After the prepare() method was called use this method
	 * to compute a derived secret key. The generation of this secret key is according
	 * to WS-Trust specification.
	 * 
	 * @return Return the derived secret key of this token or null if prepare()
	 * was not called before.
	 */
	public byte[] getSecretKey() {
		if (ut == null) {
			return null;
		}
		return ut.getSecretKey();
	}
	
    /**
     * Get the derived key.
     * 
     * After the prepare() method was called use this method
     * to compute a derived key. The generation of this secret key is according
     * to the UsernameTokenProfile 1.1 specification (section 4 - Key Derivation).
     * 
     * @return Return the derived key of this token or null if prepare()
     * was not called before.
     */
    public byte[] getDerivedKey() throws WSSecurityException {
        if (ut == null || !useDerivedKey) {
            return null;
        }
        return UsernameToken.generateDerivedKey(password, saltValue, iteration);
    }

	/**
	 * Get the id generated during prepare().
	 * 
	 * Returns the the value of wsu:Id attribute of this UsernameToken. 
	 * 
	 * @return Return the wsu:Id of this token or null if prepare()
	 * was not called before.
	 */
	public String getId() {
		if (ut == null) {
			return null;
		}
		return ut.getID();
	}

	/**
	 * Creates a Username token.
	 * 
	 * The method prepares and initializes a WSSec UsernameToken structure after
	 * the relevant information was set. A Before calling
	 * prepare() all parameters such as user, password,
	 * passwordType etc. must be set. A complete UsernameToken is
	 * constructed.
	 * 
	 * @param doc
	 *            The SOAP envelope as W3C document
	 */
	public void prepare(Document doc) {
		document = doc;
		ut = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc,
				passwordType);
		ut.setName(user);
		if (useDerivedKey) {
		    saltValue = ut.addSalt(doc, saltValue, useMac);
		    ut.addIteration(doc, iteration);
		} else {
		    ut.setPassword(password);
		}
		if (nonce) {
			ut.addNonce(doc);
		}
		if (created) {
			ut.addCreated(wssConfig.isPrecisionInMilliSeconds(), doc);
		}
		String utId = "UsernameToken-" + ut.hashCode();
		ut.setID(utId);
	}

	/**
	 * Prepends the UsernameToken element to the elements already in the
	 * Security header.
	 * 
	 * The method can be called any time after prepare().
	 * This allows to insert the UsernameToken element at any position in the
	 * Security header.
	 * 
	 * @param secHeader
	 *            The security header that holds the Signature element.
	 */
	public void prependToHeader(WSSecHeader secHeader) {
		WSSecurityUtil.prependChildElement(document, secHeader
				.getSecurityHeader(), ut.getElement(), false);
	}

    /**
     * Appends the UsernameToken element to the elements already in the
     * Security header.
     * 
     * The method can be called any time after prepare().
     * This allows to insert the UsernameToken element at any position in the
     * Security header.
     * 
     * @param secHeader
     *            The security header that holds the Signature element.
     */
    public void appendToHeader(WSSecHeader secHeader) {
        WSSecurityUtil.appendChildElement(document, secHeader
                .getSecurityHeader(), ut.getElement());
    }
	/**
	 * Adds a new UsernameToken to a soap envelope.
	 * 
	 * Before calling build() all parameters such as user,
	 * password, passwordType etc. must be set. A complete
	 * UsernameToken is constructed and added to the
	 * wsse:Security header.
	 * 
	 * @param doc
	 *            The SOAP envelope as W3C document
	 * @param secHeader
	 *            The security header inside the SOAP envelope
	 * @return Document with UsernameToken added
	 */
	public Document build(Document doc, WSSecHeader secHeader) {
		log.debug("Begin add username token...");

		prepare(doc);
		prependToHeader(secHeader);

		return doc;
	}

    /**
     * Returns the UsernameToken element.
     * 
     * The method can be called any time after prepare().
     * This allows to insert the UsernameToken element at any position in the
     * Security header.
     * 
     * @return
     */
    public Element getUsernameTokenElement() {
       return this.ut.getElement(); 
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy