org.apache.ws.security.message.token
Class SecurityTokenReference

java.lang.Object
  org.apache.ws.security.message.token.SecurityTokenReference

public class SecurityTokenReference
extends Object

Security Token Reference.

Author:

Davanum Srinivas (dims@yahoo.com).

Field Summary

protected Element	element
static String	ENC_KEY_SHA1_URI
static String	KEY_NAME
static String	SAML_ID_URI
static String	SECURITY_TOKEN_REFERENCE
static String	SKI_URI
static String	THUMB_URI

Constructor Summary

SecurityTokenReference(Document doc)
Constructor.

SecurityTokenReference(Element elem)
Constructor.

Method Summary

boolean	containsKerberosThumbprint()
boolean	containsKeyIdentifier() Method containsKeyIdentifier.
boolean	containsReference() Method containsReference
boolean	containsX509Data() Method containsX509Data
boolean	containsX509IssuerSerial() Method containsX509IssuerSerial
Element	getElement() get the dom element.
Element	getFirstElement() get the first child element.
KrbSession	getKerberosSession()
X509Certificate[]	getKeyIdentifier(Crypto crypto) Gets the KeyIdentifier.
Element	getKeyIdentifierTokenElement(Document doc, WSDocInfo docInfo, CallbackHandler cb) Gets the signing token element, which may be a BinarySecurityToken or a SAML token.
String	getKeyIdentifierValue()
String	getKeyIdentifierValueType()
Reference	getReference() Gets the Reference.
byte[]	getSKIBytes()
Element	getTokenElement(Document doc, WSDocInfo docInfo, CallbackHandler cb) Gets the signing token element, which maybe a BinarySecurityToken or a SAML token.
X509Certificate[]	getX509IssuerSerial(Crypto crypto) Gets the certificate identified with X509 issuerSerial data.
String	getX509IssuerSerialAlias(Crypto crypto) Gets the alias name of the certificate identified with X509 issuerSerial data.
String	getX509SKIAlias(Crypto crypto)
int	length(String namespace, String localname) Method length.
int	lengthKeyIdentifier() Method lengthKeyIdentifier.
int	lengthReference() Method lengthReference.
int	lengthX509Data() Method lengthX509Data.
int	lengthX509IssuerSerial() Method lengthX509IssuerSerial.
void	setID(String id) set the id.
void	setKerberosIdentifierThumb(KrbSession session)
void	setKeyIdentifier(String valueType, String keyIdVal)
void	setKeyIdentifier(X509Certificate cert) Sets the KeyIdentifier Element as a X509 certificate.
void	setKeyIdentifierEncKeySHA1(String value)
void	setKeyIdentifierSKI(X509Certificate cert, Crypto crypto) Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI).
void	setKeyIdentifierThumb(X509Certificate cert) Sets the KeyIdentifier Element as a Thumbprint.
void	setReference(Reference ref) set the reference.
void	setSAMLKeyIdentifier(String keyIdVal)
void	setX509IssuerSerial(org.apache.xml.security.keys.content.X509Data ref) Sets the X509 IssuerSerial data.
String	toString() return the string representation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

SECURITY_TOKEN_REFERENCE

public static final String SECURITY_TOKEN_REFERENCE

See Also:

Constant Field Values

KEY_NAME

public static final String KEY_NAME

See Also:

Constant Field Values

SKI_URI

public static final String SKI_URI

See Also:

Constant Field Values

THUMB_URI

public static final String THUMB_URI

See Also:

Constant Field Values

SAML_ID_URI

public static final String SAML_ID_URI

See Also:

Constant Field Values

ENC_KEY_SHA1_URI

public static final String ENC_KEY_SHA1_URI

See Also:

Constant Field Values

element

protected Element element

Constructor Detail

SecurityTokenReference

public SecurityTokenReference(Element elem)
                       throws WSSecurityException

Constructor.

Parameters:

elem - TODO

Throws:

WSSecurityException

SecurityTokenReference

public SecurityTokenReference(Document doc)

Constructor.

Parameters:

doc - TODO

Method Detail

setReference

public void setReference(Reference ref)

set the reference.

Parameters:

ref -

getReference

public Reference getReference()
                       throws WSSecurityException

Gets the Reference.

Returns:

the Reference element contained in this SecurityTokenReference

Throws:

WSSecurityException

getTokenElement

public Element getTokenElement(Document doc,
                               WSDocInfo docInfo,
                               CallbackHandler cb)
                        throws WSSecurityException

Gets the signing token element, which maybe a BinarySecurityToken or a SAML token. The method gets the URI attribute of the Reference contained in the SecurityTokenReference and tries to find the referenced Element in the document.

Parameters:

doc - the document that contains the binary security token element. This could be different from the document that contains the SecurityTokenReference (STR). See STRTransform.derefenceBST() method

Returns:

Element containing the signing token, must be a BinarySecurityToken

Throws:

WSSecurityException - When either no Reference element, or the found reference contains no URI, or the referenced signing not found.

getKeyIdentifierTokenElement

public Element getKeyIdentifierTokenElement(Document doc,
                                            WSDocInfo docInfo,
                                            CallbackHandler cb)
                                     throws WSSecurityException

Gets the signing token element, which may be a BinarySecurityToken or a SAML token. The method gets the value of the KeyIdentifier contained in the SecurityTokenReference and tries to find the referenced Element in the document.

Parameters:

doc - the document that contains the binary security token element. This could be different from the document that contains the SecurityTokenReference (STR). See STRTransform.derefenceBST() method

Returns:

Element containing the signing token

Throws:

WSSecurityException

setKeyIdentifier

public void setKeyIdentifier(X509Certificate cert)
                      throws WSSecurityException

Sets the KeyIdentifier Element as a X509 certificate. Takes a X509 certificate, converts its data into base 64 and inserts it into a wsse:KeyIdentifier element, which is placed in the wsse:SecurityTokenReference element.

Parameters:

cert - is the X509 certificate to be inserted as key identifier

Throws:

WSSecurityException

setKeyIdentifierSKI

public void setKeyIdentifierSKI(X509Certificate cert,
                                Crypto crypto)
                         throws WSSecurityException

Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI). Takes a X509 certificate, gets it SKI data, converts into base 64 and inserts it into a wsse:KeyIdentifier element, which is placed in the wsse:SecurityTokenReference element.

Parameters:

cert - is the X509 certificate to get the SKI

crypto - is the Crypto implementation. Used to read SKI info bytes from certificate

Throws:

WSSecurityException

setKeyIdentifierThumb

public void setKeyIdentifierThumb(X509Certificate cert)
                           throws WSSecurityException

Sets the KeyIdentifier Element as a Thumbprint. Takes a X509 certificate, computes its thumbprint using SHA-1, converts into base 64 and inserts it into a wsse:KeyIdentifier element, which is placed in the wsse:SecurityTokenReference element.

Parameters:

cert - is the X509 certificate to get the thumbprint

Throws:

WSSecurityException

setKeyIdentifierEncKeySHA1

public void setKeyIdentifierEncKeySHA1(String value)
                                throws WSSecurityException

Throws:

WSSecurityException

setSAMLKeyIdentifier

public void setSAMLKeyIdentifier(String keyIdVal)
                          throws WSSecurityException

Throws:

WSSecurityException

setKeyIdentifier

public void setKeyIdentifier(String valueType,
                             String keyIdVal)
                      throws WSSecurityException

Throws:

WSSecurityException

getFirstElement

public Element getFirstElement()

get the first child element.

Returns:

the first Element child node

getKeyIdentifier

public X509Certificate[] getKeyIdentifier(Crypto crypto)
                                   throws WSSecurityException

Gets the KeyIdentifier.

Returns:

the the X509 certificate or zero if a unknown key identifier type was detected.

Throws:

WSSecurityException

getKeyIdentifierValue

public String getKeyIdentifierValue()

getKeyIdentifierValueType

public String getKeyIdentifierValueType()

getX509SKIAlias

public String getX509SKIAlias(Crypto crypto)
                       throws WSSecurityException

Throws:

WSSecurityException

getSKIBytes

public byte[] getSKIBytes()

setX509IssuerSerial

public void setX509IssuerSerial(org.apache.xml.security.keys.content.X509Data ref)

Sets the X509 IssuerSerial data.

Parameters:

ref - the XMLX509IssuerSerial to put into this SecurityTokenReference

getX509IssuerSerial

public X509Certificate[] getX509IssuerSerial(Crypto crypto)
                                      throws WSSecurityException

Gets the certificate identified with X509 issuerSerial data. This method first tries to get the embedded certificate. If this fails it checks if the certificate is in the keystore.

Returns:

a certificate array or null if nothing found

Throws:

WSSecurityException

getX509IssuerSerialAlias

public String getX509IssuerSerialAlias(Crypto crypto)
                                throws WSSecurityException

Gets the alias name of the certificate identified with X509 issuerSerial data. The keystore identifies the certificate and the key with this alias name.

Returns:

the alias name for the certificate or null if nothing found

Throws:

WSSecurityException

containsReference

public boolean containsReference()

Method containsReference

Returns:

true if the SecurtityTokenReference contains a wsse:Reference element

lengthReference

public int lengthReference()

Method lengthReference.

Returns:

number of wsse:Reference elements in the SecurtityTokenReference

containsX509IssuerSerial

public boolean containsX509IssuerSerial()

Method containsX509IssuerSerial

Returns:

true if the SecurtityTokenReference contains a ds:IssuerSerial element

containsX509Data

public boolean containsX509Data()

Method containsX509Data

Returns:

true if the SecurtityTokenReference contains a ds:X509Data element

lengthX509IssuerSerial

public int lengthX509IssuerSerial()

Method lengthX509IssuerSerial.

Returns:

number of ds:IssuerSerial elements in the SecurtityTokenReference

lengthX509Data

public int lengthX509Data()

Method lengthX509Data.

Returns:

number of ds:IssuerSerial elements in the SecurtityTokenReference

containsKeyIdentifier

public boolean containsKeyIdentifier()

Method containsKeyIdentifier.

Returns:

true if the SecurtityTokenReference contains a wsse:KeyIdentifier element

lengthKeyIdentifier

public int lengthKeyIdentifier()

Method lengthKeyIdentifier.

Returns:

number of wsse:KeyIdentifier elements in the SecurtityTokenReference

length

public int length(String namespace,
                  String localname)

Method length.

Parameters:

namespace -

localname -

Returns:

number of elements with matching localname and namespace

getElement

public Element getElement()

get the dom element.

Returns:

TODO

setID

public void setID(String id)

set the id.

Parameters:

id -

toString

public String toString()

return the string representation.

Overrides:

toString in class Object

Returns:

TODO

setKerberosIdentifierThumb

public void setKerberosIdentifierThumb(KrbSession session)

Parameters:

session -

containsKerberosThumbprint

public boolean containsKerberosThumbprint()

getKerberosSession

public KrbSession getKerberosSession()