org.apache.wss4j.dom.message.token
Class UsernameToken

java.lang.Object
  org.apache.wss4j.dom.message.token.UsernameToken

public class UsernameToken
extends Object

UsernameToken according to WS Security specifications, UsernameToken profile. Enhanced to support digest password type for username token signature Enhanced to support passwordless usernametokens as allowed by spec.

Field Summary

static String	BASE64_ENCODING
static int	DEFAULT_ITERATION
static String	PASSWORD_TYPE
static QName	TOKEN

Constructor Summary

UsernameToken(boolean milliseconds, Document doc)
Constructs a UsernameToken object according to the defined parameters.

UsernameToken(boolean milliseconds, Document doc, String pwType)
Constructs a UsernameToken object according to the defined parameters.

UsernameToken(boolean milliseconds, Document doc, WSTimeSource timeSource, String pwType)

UsernameToken(Element elem, boolean allowNamespaceQualifiedPasswordTypes, BSPEnforcer bspEnforcer)
Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.

Method Summary

void	addCreated(boolean milliseconds, Document doc) Creates and adds a Created element to this UsernameToken
void	addCreated(boolean milliseconds, WSTimeSource timeSource, Document doc) Creates and adds a Created element to this UsernameToken
void	addIteration(Document doc, int iteration) Creates and adds a Iteration element to this UsernameToken
void	addNonce(Document doc) Creates and adds a Nonce element to this UsernameToken
byte[]	addSalt(Document doc, byte[] saltValue, boolean mac) Adds and optionally creates a Salt element to this UsernameToken.
void	addWSSENamespace() Add the WSSE Namespace to this UT.
void	addWSUNamespace() Add the WSU Namespace to this UT.
boolean	containsPasswordElement() Return true if this UsernameToken contains a Password element
Principal	createPrincipal() Create a WSUsernameTokenPrincipal from this UsernameToken object
static String	doPasswordDigest(String nonce, String created, byte[] password)
static String	doPasswordDigest(String nonce, String created, String password)
boolean	equals(Object object)
String	getCreated() Get the created timestamp.
Date	getCreatedDate() Return the Created Element as a Date object
byte[]	getDerivedKey(BSPEnforcer bspEnforcer) This method gets a derived key as defined in WSS Username Token Profile.
Element	getElement() Returns the dom element of this UsernameToken object.
String	getID() Gets the id.
int	getIteration() Get the Iteration value of this UsernameToken.
String	getName() Get the user name.
String	getNonce() Get the nonce.
String	getPassword() Gets the password string.
boolean	getPasswordsAreEncoded()
String	getPasswordType()
byte[]	getSalt() Get the Salt value of this UsernameToken.
int	hashCode()
boolean	isDerivedKey() Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1.
boolean	isHashed() Get the hashed indicator.
void	setID(String id) Set the id of this username token.
void	setName(String name) Set the user name.
void	setPassword(String pwd) Sets the password string.
void	setPasswordsAreEncoded(boolean passwordsAreEncoded)
void	setRawPassword(RequestData data) Set the raw (plain text) password used to compute secret key.
String	toString() Returns the string representation of the token.
boolean	verifyCreated(int timeToLive, int futureTimeToLive) Return true if the "Created" value is before the current time minus the timeToLive argument, and if the Created value is not "in the future".

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

BASE64_ENCODING

public static final String BASE64_ENCODING

See Also:

Constant Field Values

PASSWORD_TYPE

public static final String PASSWORD_TYPE

See Also:

Constant Field Values

DEFAULT_ITERATION

public static final int DEFAULT_ITERATION

See Also:

Constant Field Values

TOKEN

public static final QName TOKEN

Constructor Detail

UsernameToken

public UsernameToken(Element elem,
                     boolean allowNamespaceQualifiedPasswordTypes,
                     BSPEnforcer bspEnforcer)
              throws WSSecurityException

Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.

Parameters:

elem - the wsse:UsernameToken element that contains the UsernameToken data

allowNamespaceQualifiedPasswordTypes - whether to allow (wsse) namespace qualified password types or not (for interop with WCF)

bspEnforcer - a BSPEnforcer instance to enforce BSP rules

Throws:

WSSecurityException

UsernameToken

public UsernameToken(boolean milliseconds,
                     Document doc)

Constructs a UsernameToken object according to the defined parameters.

This constructs set the password encoding to WSConstants.PASSWORD_DIGEST

Parameters:

doc - the SOAP envelope as Document

UsernameToken

public UsernameToken(boolean milliseconds,
                     Document doc,
                     String pwType)

Constructs a UsernameToken object according to the defined parameters.

Parameters:

doc - the SOAP envelope as Document

pwType - the required password encoding, either WSConstants.PASSWORD_DIGEST or WSConstants.PASSWORD_TEXT or WSConstants.PW_NONE null if no password required

UsernameToken

public UsernameToken(boolean milliseconds,
                     Document doc,
                     WSTimeSource timeSource,
                     String pwType)

Method Detail

addWSSENamespace

public void addWSSENamespace()

Add the WSSE Namespace to this UT. The namespace is not added by default for efficiency purposes.

addWSUNamespace

public void addWSUNamespace()

Add the WSU Namespace to this UT. The namespace is not added by default for efficiency purposes.

addNonce

public void addNonce(Document doc)

Creates and adds a Nonce element to this UsernameToken

addCreated

public void addCreated(boolean milliseconds,
                       Document doc)

Creates and adds a Created element to this UsernameToken

addCreated

public void addCreated(boolean milliseconds,
                       WSTimeSource timeSource,
                       Document doc)

Creates and adds a Created element to this UsernameToken

addSalt

public byte[] addSalt(Document doc,
                      byte[] saltValue,
                      boolean mac)

Adds and optionally creates a Salt element to this UsernameToken. If the saltValue is null the the method generates a new salt. Otherwise it uses the the given value.

Parameters:

doc - The Document for the UsernameToken

saltValue - The salt to add, if null generate a new salt value

mac - If true then an optionally generated value is usable for a MAC

Returns:

Returns the added salt

addIteration

public void addIteration(Document doc,
                         int iteration)

Creates and adds a Iteration element to this UsernameToken

getName

public String getName()

Get the user name.

Returns:

the data from the user name element.

setName

public void setName(String name)

Set the user name.

Parameters:

name - sets a text node containing the use name into the user name element.

getNonce

public String getNonce()

Get the nonce.

Returns:

the data from the nonce element.

getCreated

public String getCreated()

Get the created timestamp.

Returns:

the data from the created time element.

getCreatedDate

public Date getCreatedDate()

Return the Created Element as a Date object

Returns:

the Created Date

getPassword

public String getPassword()

Gets the password string. This is the password as it is in the password element of a username token. Thus it can be either plain text or the password digest value.

Returns:

the password string or null if no such node exists.

containsPasswordElement

public boolean containsPasswordElement()

Return true if this UsernameToken contains a Password element

getSalt

public byte[] getSalt()
               throws WSSecurityException

Get the Salt value of this UsernameToken.

Returns:

Returns the binary Salt value or null if no Salt value is available in the username token.

Throws:

WSSecurityException

getIteration

public int getIteration()

Get the Iteration value of this UsernameToken.

Returns:

Returns the Iteration value. If no Iteration was specified in the username token the default value according to the specification is returned.

isHashed

public boolean isHashed()

Get the hashed indicator. If the indicator is true> the password of the UsernameToken was encoded using WSConstants.PASSWORD_DIGEST

Returns:

the hashed indicator.

getPasswordType

public String getPasswordType()

Returns:

Returns the passwordType.

setPassword

public void setPassword(String pwd)

Sets the password string. This function sets the password in the UsernameToken either as plain text or encodes the password according to the WS Security specifications, UsernameToken profile, into a password digest.

Parameters:

pwd - the password to use

setRawPassword

public void setRawPassword(RequestData data)
                    throws WSSecurityException

Set the raw (plain text) password used to compute secret key.

Throws:

WSSecurityException

setPasswordsAreEncoded

public void setPasswordsAreEncoded(boolean passwordsAreEncoded)

Parameters:

passwordsAreEncoded - whether passwords are encoded

getPasswordsAreEncoded

public boolean getPasswordsAreEncoded()

Returns:

whether passwords are encoded

doPasswordDigest

public static String doPasswordDigest(String nonce,
                                      String created,
                                      byte[] password)

doPasswordDigest

public static String doPasswordDigest(String nonce,
                                      String created,
                                      String password)

getElement

public Element getElement()

Returns the dom element of this UsernameToken object.

Returns:

the wsse:UsernameToken element

toString

public String toString()

Returns the string representation of the token.

Overrides:

toString in class Object

Returns:

a XML string representation

getID

public String getID()

Gets the id.

Returns:

the value of the wsu:Id attribute of this username token

setID

public void setID(String id)

Set the id of this username token.

Parameters:

id - the value for the wsu:Id attribute of this username token

getDerivedKey

public byte[] getDerivedKey(BSPEnforcer bspEnforcer)
                     throws WSSecurityException

This method gets a derived key as defined in WSS Username Token Profile.

Returns:

Returns the derived key as a byte array

Throws:

WSSecurityException

isDerivedKey

public boolean isDerivedKey()
                     throws WSSecurityException

Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1. It does this by checking that the username token has salt and iteration values.

Throws:

WSSecurityException

createPrincipal

public Principal createPrincipal()
                          throws WSSecurityException

Create a WSUsernameTokenPrincipal from this UsernameToken object

Throws:

WSSecurityException

verifyCreated

public boolean verifyCreated(int timeToLive,
                             int futureTimeToLive)

Return true if the "Created" value is before the current time minus the timeToLive argument, and if the Created value is not "in the future".

Parameters:

timeToLive - the value in seconds for the validity of the Created time

futureTimeToLive - the value in seconds for the future validity of the Created time

Returns:

true if the UsernameToken is before (now-timeToLive), false otherwise

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object object)

Overrides:

equals in class Object