Examples of org.apache.ws.security.saml.SAMLIssuer

• org.apache.ws.security.saml.SAMLIssuer
  Builds a WS SAML Assertion and inserts it into the SOAP Envelope. Refer to the WS specification, SAML Token profile @author Davanum Srinivas (dims@yahoo.com).

     */
    public void testSAMLEncryptedKey() throws Exception {
        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();

        // Create a SAML assertion
        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml4.properties");
        Document doc = unsignedEnvelope.getAsDocument();
        saml.setInstanceDoc(doc);
        Crypto hokCrypto = CryptoFactory.getInstance("crypto.properties");
        saml.setUserCrypto(hokCrypto);
        saml.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
        SAMLAssertion assertion = saml.newAssertion();
        Node assertionNode = assertion.toDOM(doc);

        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        secHeader.getSecurityHeader().appendChild(assertionNode);

        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
        Document doc = unsignedEnvelope.getAsDocument();
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);

        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml.properties");
        SAMLAssertion assertion = saml.newAssertion();
        String issuerKeyName = saml.getIssuerKeyName();
        String issuerKeyPW = saml.getIssuerKeyPassword();
        Crypto issuerCrypto = saml.getIssuerCrypto();
        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
        Document samlDoc =
            wsSign.build(doc, null, assertion, issuerCrypto,
                issuerKeyName, issuerKeyPW, secHeader

        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
        Document doc = unsignedEnvelope.getAsDocument();
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);

        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml.properties");
        SAMLAssertion assertion = saml.newAssertion();
        String issuerKeyName = saml.getIssuerKeyName();
        String issuerKeyPW = saml.getIssuerKeyPassword();
        Crypto issuerCrypto = saml.getIssuerCrypto();
        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        Document samlDoc =
            wsSign.build(doc, null, assertion, issuerCrypto,
                issuerKeyName, issuerKeyPW, secHeader

    public void testSAMLSignedKeyHolder() throws Exception {
        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();

        Document doc = unsignedEnvelope.getAsDocument();

        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml4.properties");
        // Provide info to SAML issuer that it can construct a Holder-of-key
        // SAML token.
        saml.setInstanceDoc(doc);
        saml.setUserCrypto(crypto);
        saml.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
        SAMLAssertion assertion = saml.newAssertion();

        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wsSign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

    public void testSAMLSignedKeyHolderSendKeyValue() throws Exception {
        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();

        Document doc = unsignedEnvelope.getAsDocument();

        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml4sendKeyValue.properties");
        // Provide info to SAML issuer that it can construct a Holder-of-key
        // SAML token.
        saml.setInstanceDoc(doc);
        saml.setUserCrypto(crypto);
        saml.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
        SAMLAssertion assertion = saml.newAssertion();

        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wsSign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

    public void testSAMLSignedKeyHolderKeyIdentifier() throws Exception {
        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();

        Document doc = unsignedEnvelope.getAsDocument();

        SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml4.properties");
        // Provide info to SAML issuer that it can construct a Holder-of-key
        // SAML token.
        saml.setInstanceDoc(doc);
        saml.setUserCrypto(crypto);
        saml.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
        SAMLAssertion assertion = saml.newAssertion();

        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
        wsSign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");

    public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
            throws WSSecurityException {
        WSSecSAMLToken builder = new WSSecSAMLToken();
        builder.setWsConfig(reqData.getWssConfig());

        SAMLIssuer saml = loadSamlIssuer(handler, reqData);
        saml.setUsername(reqData.getUsername());
        SAMLAssertion assertion = saml.newAssertion();

        // add the SAMLAssertion Token to the SOAP Envelope
        builder.build(doc, assertion, reqData.getSecHeader());
    }

            if (log.isDebugEnabled()) {
                log.debug(t.getMessage(), t);
            }
        }

        SAMLIssuer saml = loadSamlIssuer(handler, reqData);
        saml.setUsername(reqData.getUsername());
        saml.setUserCrypto(crypto);
        saml.setInstanceDoc(doc);

        SAMLAssertion assertion = saml.newAssertion();
        if (assertion == null) {
            throw new WSSecurityException("WSHandler: Signed SAML: no SAML token received");
        }
        String issuerKeyName = null;
        String issuerKeyPW = null;
        Crypto issuerCrypto = null;

        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
        wsSign.setWsConfig(reqData.getWssConfig());

        String password = null;
        if (saml.isSenderVouches()) {
            issuerKeyName = saml.getIssuerKeyName();
            issuerKeyPW = saml.getIssuerKeyPassword();
            issuerCrypto = saml.getIssuerCrypto();
        } else {
            password =
                    handler.getPassword(reqData.getUsername(),
                            actionToDo,
                            WSHandlerConstants.PW_CALLBACK_CLASS,

            if (log.isDebugEnabled()) {
                log.debug(ex.getMessage(), ex);
            }
        }

        SAMLIssuer saml = loadSamlIssuer(handler, reqData);

        AssertionWrapper assertion = saml.newAssertion();
        if (assertion == null) {
            throw new WSSecurityException("WSHandler: Signed SAML: no SAML token received");
        }

        WSSecSignatureSAML wsSign = new WSSecSignatureSAML(reqData.getWssConfig());

        CallbackHandler callbackHandler =
            handler.getPasswordCallbackHandler(reqData);
        WSPasswordCallback passwordCallback =
            handler.getPasswordCB(reqData.getUsername(), actionToDo, callbackHandler, reqData);
        wsSign.setUserInfo(reqData.getUsername(), passwordCallback.getPassword());

        if (reqData.getSigKeyId() != 0) {
            wsSign.setKeyIdentifierType(reqData.getSigKeyId());
        }
        if (reqData.getSigAlgorithm() != null) {
            wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm());
        }
        if (reqData.getSigDigestAlgorithm() != null) {
            wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
        }

         /*
         * required to add support for the
         * signatureParts parameter.
         * If not set WSSecSignatureSAML
         * defaults to only sign the body.
         */
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());
        }

        try {
            wsSign.build(
                    doc,
                    crypto,
                    assertion,
                    saml.getIssuerCrypto(),
                    saml.getIssuerKeyName(),
                    saml.getIssuerKeyPassword(),
                    reqData.getSecHeader());
            reqData.getSignatureValues().add(wsSign.getSignatureValue());
        } catch (WSSecurityException e) {
            throw new WSSecurityException("Error when signing the SAML token: ", e);
        }

        WSHandler handler,
        RequestData reqData
    ) throws WSSecurityException {
        String samlPropFile =
            handler.getString(WSHandlerConstants.SAML_PROP_FILE, reqData.getMsgContext());
        SAMLIssuer samlIssuer = SAMLIssuerFactory.getInstance(samlPropFile);
        CallbackHandler callbackHandler =
            handler.getCallbackHandler(
                WSHandlerConstants.SAML_CALLBACK_CLASS,
                WSHandlerConstants.SAML_CALLBACK_REF,
                reqData
            );
        if (callbackHandler != null) {
            samlIssuer.setCallbackHandler(callbackHandler);
        }
        return samlIssuer;
    }