Class WSSecurityUtil

java.lang.Object
org.apache.ws.security.util.WSSecurityUtil

public class WSSecurityUtil extends Object
WS-Security Utility methods.

Author:
Davanum Srinivas (dims@yahoo.com).
  • Constructor Details

    • WSSecurityUtil

      public WSSecurityUtil()
  • Method Details

    • getSecurityHeader

      public static Element getSecurityHeader(Document doc, String actor, SOAPConstants sc)
      Returns the first WS-Security header element for a given actor. Only one WS-Security header is allowed for an actor.
      Parameters:
      doc -
      actor -
      Returns:
      the wsse:Security element or null if not such element found
    • isActorEqual

      public static boolean isActorEqual(String actor, String hActor)
      Compares two actor strings and returns true if these are equal. Takes care of the null length strings and uses ignore case.
      Parameters:
      actor -
      hActor -
      Returns:
      TODO
    • getDirectChild

      public static Node getDirectChild(Node fNode, String localName, String namespace)
      Gets a direct child with specified localname and namespace.

      Parameters:
      fNode - the node where to start the search
      localName - local name of the child to get
      namespace - the namespace of the child to get
      Returns:
      the node or null if not such node found
    • findBodyElement

      public static Element findBodyElement(Document doc, SOAPConstants sc)
      return the first soap "Body" element.

      Parameters:
      doc -
      Returns:
      the body element or null if document does not contain a SOAP body
    • findElement

      public static Node findElement(Node startNode, String name, String namespace)
      Returns the first element that matches name and namespace.

      This is a replacement for a XPath lookup //name with the given namespace. It's somewhat faster than XPath, and we do not deal with prefixes, just with the real namespace URI

      Parameters:
      startNode - Where to start the search
      name - Local name of the element
      namespace - Namespace URI of the element
      Returns:
      The found element or null
    • findElementById

      public static Element findElementById(Node startNode, String value, String namespace)
      Returns the single element that containes an Id with value uri and namespace.

      This is a replacement for a XPath Id lookup with the given namespace. It's somewhat faster than XPath, and we do not deal with prefixes, just with the real namespace URI If there are multiple elements, we log a warning and return null as this can be used to get around the signature checking.

      Parameters:
      startNode - Where to start the search
      value - Value of the Id attribute
      namespace - Namespace URI of the Id
      Returns:
      The found element if there was exactly one match, or null otherwise
    • setNamespace

      public static String setNamespace(Element element, String namespace, String prefix)
      set the namespace if it is not set already.

      Parameters:
      element -
      namespace -
      prefix -
      Returns:
      TODO
    • getPrefixNS

      public static String getPrefixNS(String uri, Node e)
    • getNamespace

      public static String getNamespace(String prefix, Node e)
    • getQNameFromString

      public static QName getQNameFromString(String str, Node e)
      Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node.
      Returns:
      a QName generated from the given string representation
    • getFullQNameFromString

      public static QName getFullQNameFromString(String str, Node e)
      Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node. If default namespace is found it is returned as part of the QName.
      Returns:
      a QName generated from the given string representation
    • getStringForQName

      public static String getStringForQName(QName qname, Element e)
      Return a string for a particular QName, mapping a new prefix if necessary.
    • getElementByWsuId

      public static Element getElementByWsuId(Document doc, String id)
      Search for an element given its wsu:id.

      Parameters:
      doc - the DOM document (SOAP request)
      id - the Id of the element
      Returns:
      the found element or null if no element with the Id exists
    • getIDfromReference

      public static String getIDfromReference(String ref)
      Turn a reference (eg "#5") into an ID (eg "5").
      Parameters:
      ref -
      Returns:
      ref trimmed and with the leading "#" removed, or null if not correctly formed
    • getElementByGenId

      public static Element getElementByGenId(Document doc, String id)
      Search for an element given its generic id.

      Parameters:
      doc - the DOM document (SOAP request)
      id - the Id of the element
      Returns:
      the found element or null if no element with the Id exists
    • createBinarySecurityToken

      public static Element createBinarySecurityToken(Document doc, String wsuIdVal)
      Create a BinarySecurityToken element

      Parameters:
      doc - the DOM document (SOAP request)
      wsuIdVal - the value for the wsu:Id
      Returns:
      then BST element (DOM element)
    • appendChildElement

      public static Element appendChildElement(Document doc, Element parent, Element child)
      append a child element

      Parameters:
      doc - the DOM document (SOAP request)
      parent - element of this child element
      child - the element to append
      Returns:
      the child element
    • prependChildElement

      public static Element prependChildElement(Document doc, Element parent, Element child, boolean addWhitespace)
      prepend a child element

      Parameters:
      doc - the DOM document (SOAP request)
      parent - element of this child element
      child - the element to append
      addWhitespace - if true prepend a newline before child
      Returns:
      the child element
    • findWsseSecurityHeaderBlock

      public static Element findWsseSecurityHeaderBlock(Document doc, Element envelope, boolean doCreate)
      find the first ws-security header block

      Parameters:
      doc - the DOM document (SOAP request)
      envelope - the SOAP envelope
      doCreate - if true create a new WSS header block if none exists
      Returns:
      the WSS header or null if none found and doCreate is false
    • findWsseSecurityHeaderBlock

      public static Element findWsseSecurityHeaderBlock(Document doc, Element envelope, String actor, boolean doCreate)
      find a ws-security header block for a given actor

      Parameters:
      doc - the DOM document (SOAP request)
      envelope - the SOAP envelope
      actor - the acttoer (role) name of the WSS header
      doCreate - if true create a new WSS header block if none exists
      Returns:
      the WSS header or null if none found and doCreate is false
    • createBase64EncodedTextNode

      public static Text createBase64EncodedTextNode(Document doc, byte[] data)
      create a base64 test node

      Parameters:
      doc - the DOM document (SOAP request)
      data - to encode
      Returns:
      a Text node containing the base64 encoded data
    • prepareSecretKey

      public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey)
    • getSOAPConstants

      public static SOAPConstants getSOAPConstants(Element startElement)
    • getCipherInstance

      public static Cipher getCipherInstance(String cipherAlgo) throws WSSecurityException
      Throws:
      WSSecurityException
    • fetchActionResult

      public static WSSecurityEngineResult fetchActionResult(Vector wsResultVector, int action)
      Fetch the result of a given action from a given result vector

      Parameters:
      wsResultVector - The result vector to fetch an action from
      action - The action to fetch
      Returns:
      The result fetched from the result vector, null if the result could not be found
    • fetchAllActionResults

      public static Vector fetchAllActionResults(Vector wsResultVector, int action, Vector results)
      Fetch the result of a given action from a given result vector

      Parameters:
      wsResultVector - The result vector to fetch an action from
      action - The action to fetch
      results - where to store the found results data for the action
      Returns:
      The result fetched from the result vector, null if the result could not be found
    • decodeAction

      public static int decodeAction(String action, Vector actions) throws WSSecurityException
      Throws:
      WSSecurityException
    • getKeyLength

      public static int getKeyLength(String algorithm) throws WSSecurityException
      Returns the length of the key in # of bytes
      Parameters:
      algorithm -
      Returns:
      Throws:
      WSSecurityException
    • generateNonce

      public static byte[] generateNonce(int length) throws WSSecurityException
      Generate a nonce of the given length
      Returns:
      Throws:
      Exception
      WSSecurityException
    • ensureSignedTogether

      public static X509Certificate ensureSignedTogether(Iterator results, Element[] elements) throws WSSecurityException
      Search through a WSS4J results vector for a single signature covering all these elements.
      Parameters:
      results - results (e.g., as stored as WSHandlerConstants.RECV_RESULTS on an Axis MessageContext)
      elements - the elements to check
      Returns:
      the identity of the signer
      Throws:
      WSSecurityException - if no suitable signature could be found or if any element didn't have a wsu:Id attribute