Package org.apache.ws.security.util
Class WSSecurityUtil
java.lang.Object
org.apache.ws.security.util.WSSecurityUtil
WS-Security Utility methods.
- Author:
- Davanum Srinivas (dims@yahoo.com).
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic Element
appendChildElement
(Document doc, Element parent, Element child) append a child elementstatic Text
createBase64EncodedTextNode
(Document doc, byte[] data) create a base64 test nodestatic Element
createBinarySecurityToken
(Document doc, String wsuIdVal) Create a BinarySecurityToken elementstatic int
decodeAction
(String action, Vector actions) static X509Certificate
ensureSignedTogether
(Iterator results, Element[] elements) Search through a WSS4J results vector for a single signature covering all these elements.static WSSecurityEngineResult
fetchActionResult
(Vector wsResultVector, int action) Fetch the result of a given action from a given result vectorstatic Vector
fetchAllActionResults
(Vector wsResultVector, int action, Vector results) Fetch the result of a given action from a given result vectorstatic Element
findBodyElement
(Document doc, SOAPConstants sc) return the first soap "Body" element.static Node
findElement
(Node startNode, String name, String namespace) Returns the first element that matchesname
andnamespace
.static Element
findElementById
(Node startNode, String value, String namespace) Returns the single element that containes an Id with valueuri
andnamespace
.static Element
findWsseSecurityHeaderBlock
(Document doc, Element envelope, boolean doCreate) find the first ws-security header blockstatic Element
findWsseSecurityHeaderBlock
(Document doc, Element envelope, String actor, boolean doCreate) find a ws-security header block for a given actorstatic byte[]
generateNonce
(int length) Generate a nonce of the given lengthstatic Cipher
getCipherInstance
(String cipherAlgo) static Node
getDirectChild
(Node fNode, String localName, String namespace) Gets a direct child with specified localname and namespace.static Element
getElementByGenId
(Document doc, String id) Search for an element given its generic id.static Element
getElementByWsuId
(Document doc, String id) Search for an element given its wsu:id.static QName
getFullQNameFromString
(String str, Node e) Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node.static String
getIDfromReference
(String ref) Turn a reference (eg "#5") into an ID (eg "5").static int
getKeyLength
(String algorithm) Returns the length of the key in # of bytesstatic String
getNamespace
(String prefix, Node e) static String
getPrefixNS
(String uri, Node e) static QName
getQNameFromString
(String str, Node e) Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node.static Element
getSecurityHeader
(Document doc, String actor, SOAPConstants sc) Returns the first WS-Security header element for a given actor.static SOAPConstants
getSOAPConstants
(Element startElement) static String
getStringForQName
(QName qname, Element e) Return a string for a particular QName, mapping a new prefix if necessary.static boolean
isActorEqual
(String actor, String hActor) Compares two actor strings and returns true if these are equal.static SecretKey
prepareSecretKey
(String symEncAlgo, byte[] rawKey) static Element
prependChildElement
(Document doc, Element parent, Element child, boolean addWhitespace) prepend a child elementstatic String
setNamespace
(Element element, String namespace, String prefix) set the namespace if it is not set already.
-
Constructor Details
-
WSSecurityUtil
public WSSecurityUtil()
-
-
Method Details
-
getSecurityHeader
Returns the first WS-Security header element for a given actor. Only one WS-Security header is allowed for an actor.- Parameters:
doc
-actor
-- Returns:
- the
wsse:Security
element ornull
if not such element found
-
isActorEqual
Compares two actor strings and returns true if these are equal. Takes care of the null length strings and uses ignore case.- Parameters:
actor
-hActor
-- Returns:
- TODO
-
getDirectChild
Gets a direct child with specified localname and namespace.- Parameters:
fNode
- the node where to start the searchlocalName
- local name of the child to getnamespace
- the namespace of the child to get- Returns:
- the node or
null
if not such node found
-
findBodyElement
return the first soap "Body" element.- Parameters:
doc
-- Returns:
- the body element or
null
if document does not contain a SOAP body
-
findElement
Returns the first element that matchesname
andnamespace
. This is a replacement for a XPath lookup//name
with the given namespace. It's somewhat faster than XPath, and we do not deal with prefixes, just with the real namespace URI- Parameters:
startNode
- Where to start the searchname
- Local name of the elementnamespace
- Namespace URI of the element- Returns:
- The found element or
null
-
findElementById
Returns the single element that containes an Id with valueuri
andnamespace
. This is a replacement for a XPath Id lookup with the given namespace. It's somewhat faster than XPath, and we do not deal with prefixes, just with the real namespace URI If there are multiple elements, we log a warning and return null as this can be used to get around the signature checking.- Parameters:
startNode
- Where to start the searchvalue
- Value of the Id attributenamespace
- Namespace URI of the Id- Returns:
- The found element if there was exactly one match, or
null
otherwise
-
setNamespace
set the namespace if it is not set already.- Parameters:
element
-namespace
-prefix
-- Returns:
- TODO
-
getPrefixNS
-
getNamespace
-
getQNameFromString
Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node.- Returns:
- a QName generated from the given string representation
-
getFullQNameFromString
Return a QName when passed a string like "foo:bar" by mapping the "foo" prefix to a namespace in the context of the given Node. If default namespace is found it is returned as part of the QName.- Returns:
- a QName generated from the given string representation
-
getStringForQName
Return a string for a particular QName, mapping a new prefix if necessary. -
getElementByWsuId
Search for an element given its wsu:id.- Parameters:
doc
- the DOM document (SOAP request)id
- the Id of the element- Returns:
- the found element or null if no element with the Id exists
-
getIDfromReference
Turn a reference (eg "#5") into an ID (eg "5").- Parameters:
ref
-- Returns:
- ref trimmed and with the leading "#" removed, or null if not correctly formed
-
getElementByGenId
Search for an element given its generic id.- Parameters:
doc
- the DOM document (SOAP request)id
- the Id of the element- Returns:
- the found element or null if no element with the Id exists
-
createBinarySecurityToken
Create a BinarySecurityToken element- Parameters:
doc
- the DOM document (SOAP request)wsuIdVal
- the value for the wsu:Id- Returns:
- then BST element (DOM element)
-
appendChildElement
append a child element- Parameters:
doc
- the DOM document (SOAP request)parent
- element of this child elementchild
- the element to append- Returns:
- the child element
-
prependChildElement
public static Element prependChildElement(Document doc, Element parent, Element child, boolean addWhitespace) prepend a child element- Parameters:
doc
- the DOM document (SOAP request)parent
- element of this child elementchild
- the element to appendaddWhitespace
- if true prepend a newline before child- Returns:
- the child element
-
findWsseSecurityHeaderBlock
find the first ws-security header block- Parameters:
doc
- the DOM document (SOAP request)envelope
- the SOAP envelopedoCreate
- if true create a new WSS header block if none exists- Returns:
- the WSS header or null if none found and doCreate is false
-
findWsseSecurityHeaderBlock
public static Element findWsseSecurityHeaderBlock(Document doc, Element envelope, String actor, boolean doCreate) find a ws-security header block for a given actor- Parameters:
doc
- the DOM document (SOAP request)envelope
- the SOAP envelopeactor
- the acttoer (role) name of the WSS headerdoCreate
- if true create a new WSS header block if none exists- Returns:
- the WSS header or null if none found and doCreate is false
-
createBase64EncodedTextNode
create a base64 test node- Parameters:
doc
- the DOM document (SOAP request)data
- to encode- Returns:
- a Text node containing the base64 encoded data
-
prepareSecretKey
-
getSOAPConstants
-
getCipherInstance
- Throws:
WSSecurityException
-
fetchActionResult
Fetch the result of a given action from a given result vector- Parameters:
wsResultVector
- The result vector to fetch an action fromaction
- The action to fetch- Returns:
- The result fetched from the result vector, null if the result could not be found
-
fetchAllActionResults
Fetch the result of a given action from a given result vector- Parameters:
wsResultVector
- The result vector to fetch an action fromaction
- The action to fetchresults
- where to store the found results data for the action- Returns:
- The result fetched from the result vector, null if the result could not be found
-
decodeAction
- Throws:
WSSecurityException
-
getKeyLength
Returns the length of the key in # of bytes- Parameters:
algorithm
-- Returns:
- Throws:
WSSecurityException
-
generateNonce
Generate a nonce of the given length- Returns:
- Throws:
Exception
WSSecurityException
-
ensureSignedTogether
public static X509Certificate ensureSignedTogether(Iterator results, Element[] elements) throws WSSecurityException Search through a WSS4J results vector for a single signature covering all these elements.- Parameters:
results
- results (e.g., as stored as WSHandlerConstants.RECV_RESULTS on an Axis MessageContext)elements
- the elements to check- Returns:
- the identity of the signer
- Throws:
WSSecurityException
- if no suitable signature could be found or if any element didn't have a wsu:Id attribute
-