1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.action;
21
22 import javax.security.auth.callback.CallbackHandler;
23
24 import org.apache.wss4j.common.SecurityActionToken;
25 import org.apache.wss4j.common.ext.WSSecurityException;
26 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
27 import org.apache.wss4j.common.saml.SAMLCallback;
28 import org.apache.wss4j.common.saml.SAMLUtil;
29 import org.apache.wss4j.dom.handler.RequestData;
30 import org.apache.wss4j.dom.handler.WSHandler;
31 import org.apache.wss4j.dom.handler.WSHandlerConstants;
32 import org.apache.wss4j.dom.message.WSSecSAMLToken;
33
34 public class SAMLTokenUnsignedAction implements Action {
35
36 public void execute(WSHandler handler, SecurityActionToken actionToken, RequestData reqData)
37 throws WSSecurityException {
38 WSSecSAMLToken builder = new WSSecSAMLToken(reqData.getSecHeader());
39 builder.setIdAllocator(reqData.getWssConfig().getIdAllocator());
40 builder.setWsDocInfo(reqData.getWsDocInfo());
41 builder.setExpandXopInclude(reqData.isExpandXopInclude());
42
43 CallbackHandler samlCallbackHandler =
44 handler.getCallbackHandler(
45 WSHandlerConstants.SAML_CALLBACK_CLASS,
46 WSHandlerConstants.SAML_CALLBACK_REF,
47 reqData
48 );
49 if (samlCallbackHandler == null) {
50 throw new WSSecurityException(
51 WSSecurityException.ErrorCode.FAILURE,
52 "noSAMLCallbackHandler"
53 );
54 }
55 SAMLCallback samlCallback = new SAMLCallback();
56 SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
57
58 SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
59 if (samlCallback.isSignAssertion()) {
60 samlAssertion.signAssertion(
61 samlCallback.getIssuerKeyName(),
62 samlCallback.getIssuerKeyPassword(),
63 samlCallback.getIssuerCrypto(),
64 samlCallback.isSendKeyValue(),
65 samlCallback.getCanonicalizationAlgorithm(),
66 samlCallback.getSignatureAlgorithm()
67 );
68 }
69
70
71 builder.build(samlAssertion);
72
73 byte[] signatureValue = samlAssertion.getSignatureValue();
74 if (signatureValue != null) {
75 reqData.getSignatureValues().add(signatureValue);
76 }
77 }
78 }