Examples of org.picketlink.identity.federation.ws.trust.RequestedProofTokenType

• org.picketlink.identity.federation.ws.trust.RequestedProofTokenType
  3.org/2001/XMLSchema}anyType"> <sequence> <any/> </sequence> </restriction> </complexContent> </complexType>

        // get the key wrap algorithm.
        URI keyWrapAlgo = request.getKeyWrapAlgorithm();

        // create proof-of-possession token and server entropy (if needed).
        RequestedProofTokenType requestedProofToken = null;
        EntropyType serverEntropy = null;

        if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equalsIgnoreCase(keyType.toString())) {
            // symmetric key case: if client entropy is found, compute a key. If not, generate a new key.
            requestedProofToken = new RequestedProofTokenType();

            byte[] serverSecret = WSTrustUtil.createRandomSecret((int) keySize / 8);
            BinarySecretType serverBinarySecret = new BinarySecretType();
            serverBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
            serverBinarySecret.setValue(Base64.encodeBytes(serverSecret).getBytes());

            byte[] clientSecret = null;
            EntropyType clientEntropy = request.getEntropy();
            if (clientEntropy != null) {
                clientSecret = Base64.decode(new String(WSTrustUtil.getBinarySecret(clientEntropy)));
                serverEntropy = new EntropyType();
                serverEntropy.addAny(serverBinarySecret);
            }

            if (clientSecret != null && clientSecret.length != 0) {
                // client secret has been specified - combine it with the sts secret.
                requestedProofToken.add(new ComputedKeyType(WSTrustConstants.CK_PSHA1));
                byte[] combinedSecret = null;
                try {


                  if( base64EncodeSecretKey == true ) {
                    combinedSecret = Base64.encodeBytes(WSTrustUtil.P_SHA1(clientSecret, serverSecret, (int) keySize / 8))
                            .getBytes();
                  }
                  else {
                    combinedSecret = WSTrustUtil.P_SHA1(clientSecret, serverSecret, (int) keySize / 8);
                  }

                } catch (Exception e) {
                    throw logger.wsTrustCombinedSecretKeyError(e);
                }
                requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(combinedSecret, providerPublicKey, keyWrapAlgo, providerCertificate));
            } else {
                // client secret has not been specified - use the sts secret only.
                requestedProofToken.add(serverBinarySecret);
                requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(serverSecret, providerPublicKey,
                        keyWrapAlgo, providerCertificate));
            }
        } else if (WSTrustConstants.KEY_TYPE_PUBLIC.equalsIgnoreCase(keyType.toString())) {
            // try to locate the client cert in the keystore using the caller principal as the alias.

                } else if (tag.equals(WSTrustConstants.REQUESTED_TOKEN_CANCELLED)) {
                    StaxParserUtil.getNextEndElement(xmlEventReader);
                    responseToken.setRequestedTokenCancelled(new RequestedTokenCancelledType());
                } else if (tag.equals(WSTrustConstants.REQUESTED_PROOF_TOKEN)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    RequestedProofTokenType requestedProofToken = new RequestedProofTokenType();
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    if (StaxParserUtil.matches(subEvent, WSTrustConstants.BINARY_SECRET)) {
                        BinarySecretType binarySecret = new BinarySecretType();
                        Attribute typeAttribute = subEvent.getAttributeByName(new QName("", "Type"));
                        binarySecret.setType(StaxParserUtil.getAttributeValue(typeAttribute));

                        if (!StaxParserUtil.hasTextAhead(xmlEventReader))
                            throw logger.parserExpectedTextValue("binary secret value");

                        binarySecret.setValue(StaxParserUtil.getElementText(xmlEventReader).getBytes());
                        requestedProofToken.add(binarySecret);
                    } else if (StaxParserUtil.matches(subEvent, WSTrustConstants.COMPUTED_KEY)) {
                        ComputedKeyType computedKey = new ComputedKeyType();
                        if (!StaxParserUtil.hasTextAhead(xmlEventReader))
                            throw logger.parserExpectedTextValue("computed key algorithm");
                        computedKey.setAlgorithm(StaxParserUtil.getElementText(xmlEventReader));
                        requestedProofToken.add(computedKey);
                    }
                    responseToken.setRequestedProofToken(requestedProofToken);
                    EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(endElement, WSTrustConstants.REQUESTED_PROOF_TOKEN);
                } else if (tag.equals(WSTrustConstants.REQUESTED_TOKEN)) {

            StaxUtil.writeEndElement(this.writer);
        }

        // write the requested proof token, if available.
        if (response.getRequestedProofToken() != null) {
            RequestedProofTokenType requestedProof = response.getRequestedProofToken();

            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.REQUESTED_PROOF_TOKEN,
                    WSTrustConstants.BASE_NAMESPACE);
            List<Object> theList = requestedProof.getAny();
            for (Object content : theList) {
                if (content instanceof BinarySecretType) {
                    BinarySecretType binarySecret = (BinarySecretType) content;
                    StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.BINARY_SECRET,
                            WSTrustConstants.BASE_NAMESPACE);

        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);

        // check if the response contains the STS-generated key.
        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        RequestedProofTokenType proofToken = response.getRequestedProofToken();
        assertNotNull("Unexpected null proof token", proofToken);
        assertTrue(proofToken.getAny().get(0) instanceof BinarySecretType);
        BinarySecretType serverBinarySecret = (BinarySecretType) proofToken.getAny().get(0);
        assertNotNull("Unexpected null secret", serverBinarySecret.getValue());
        // default key size is 128 bits (16 bytes).
        byte[] encodedSecret = serverBinarySecret.getValue();
        assertEquals("Unexpected secret size", 16, Base64.decode(encodedSecret, 0, encodedSecret.length).length);
    }

        SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
        this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        RequestedProofTokenType proofToken = response.getRequestedProofToken();
        assertNotNull("Unexpected null proof token", proofToken);
        assertTrue(proofToken.getAny().get(0) instanceof ComputedKeyType);
        ComputedKeyType computedKey = (ComputedKeyType) proofToken.getAny().get(0);
        assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, computedKey.getAlgorithm());

        // server entropy must have been included in the response to allow reconstruction of the computed key.
        EntropyType serverEntropy = response.getEntropy();
        assertNotNull("Unexpected null server entropy");