in ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java [279:399]
private InboundSecurityToken parseKeyInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
Deque<XMLSecEvent> eventQueue, int index) throws XMLSecurityException {
XMLSecEvent xmlSecEvent = null;
int idx = 0;
Iterator<XMLSecEvent> xmlSecEventIterator = eventQueue.descendingIterator();
while (xmlSecEventIterator.hasNext() && idx <= index) {
xmlSecEvent = xmlSecEventIterator.next();
idx++;
}
//forward to next start element
while (xmlSecEventIterator.hasNext()) {
xmlSecEvent = xmlSecEventIterator.next();
if (xmlSecEvent.isStartElement()) {
break;
}
idx++;
}
if (xmlSecEvent == null || !xmlSecEvent.isStartElement()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
}
final XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
final QName elementName = xmlSecStartElement.getName();
if (WSSConstants.TAG_WST_BINARY_SECRET.equals(elementName)
|| WSSConstants.TAG_WST0512_BINARY_SECRET.equals(elementName)) {
final StringBuilder stringBuilder = new StringBuilder();
loop:
while (xmlSecEventIterator.hasNext()) {
xmlSecEvent = xmlSecEventIterator.next();
switch (xmlSecEvent.getEventType()) { //NOPMD
case XMLStreamConstants.END_ELEMENT:
if (xmlSecEvent.asEndElement().getName().equals(elementName)) {
break loop;
}
break;
case XMLStreamConstants.CHARACTERS:
stringBuilder.append(xmlSecEvent.asCharacters().getText());
break;
}
}
return new AbstractInboundSecurityToken(
inputProcessorChain.getSecurityContext(), IDGenerator.generateID(null),
WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, true) {
@Override
public WSSecurityTokenConstants.TokenType getTokenType() {
return WSSecurityTokenConstants.DefaultToken;
}
@Override
public boolean isAsymmetric() throws XMLSecurityException {
return false;
}
@Override
protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String correlationID)
throws XMLSecurityException {
Key key = super.getKey(algorithmURI, algorithmUsage, correlationID);
if (key == null) {
String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
key = new SecretKeySpec(XMLUtils.decode(stringBuilder.toString()), algoFamily);
setSecretKey(algorithmURI, key);
}
return key;
}
};
} else {
Object object = null;
try {
Unmarshaller unmarshaller = WSSConstants.getJaxbUnmarshaller(securityProperties.isDisableSchemaValidation());
object = unmarshaller.unmarshal(new XMLSecurityEventReader(eventQueue, idx));
} catch (JAXBException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, e);
}
if (object instanceof JAXBElement) {
object = ((JAXBElement<?>) object).getValue();
}
KeyInfoType keyInfoType = null;
if (object instanceof X509DataType) {
JAXBElement<X509DataType> x509DataTypeJAXBElement =
new org.apache.xml.security.binding.xmldsig.ObjectFactory().createX509Data((X509DataType) object);
keyInfoType = new KeyInfoType();
SecurityTokenReferenceType securityTokenReferenceType = new SecurityTokenReferenceType();
securityTokenReferenceType.getAny().add(x509DataTypeJAXBElement);
JAXBElement<SecurityTokenReferenceType> securityTokenReferenceTypeJAXBElement =
new ObjectFactory().createSecurityTokenReference(securityTokenReferenceType);
keyInfoType.getContent().add(securityTokenReferenceTypeJAXBElement);
} else if (object instanceof EncryptedKeyType) {
EncryptedKeyType encryptedKeyType = (EncryptedKeyType) object;
WSSEncryptedKeyInputHandler encryptedKeyInputHandler = new WSSEncryptedKeyInputHandler();
encryptedKeyInputHandler.handle(inputProcessorChain, encryptedKeyType, xmlSecStartElement, securityProperties);
SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
inputProcessorChain.getSecurityContext().getSecurityTokenProvider(encryptedKeyType.getId());
if (securityTokenProvider != null) {
return securityTokenProvider.getSecurityToken();
}
} else if (object instanceof SecurityTokenReferenceType) {
JAXBElement<SecurityTokenReferenceType> securityTokenReferenceTypeJAXBElement =
new ObjectFactory().createSecurityTokenReference((SecurityTokenReferenceType) object);
keyInfoType = new KeyInfoType();
keyInfoType.getContent().add(securityTokenReferenceTypeJAXBElement);
} else if (object instanceof KeyValueType) {
JAXBElement<KeyValueType> keyValueTypeJAXBElement =
new org.apache.xml.security.binding.xmldsig.ObjectFactory().createKeyValue((KeyValueType) object);
keyInfoType = new KeyInfoType();
keyInfoType.getContent().add(keyValueTypeJAXBElement);
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedKeyInfo");
}
return SecurityTokenFactory.getInstance().getSecurityToken(
keyInfoType, WSSecurityTokenConstants.KeyUsage_Signature_Verification,
securityProperties, inputProcessorChain.getSecurityContext());
}
}