org.apache.ws.security.message.token
Class UsernameToken

java.lang.Object
  extended by org.apache.ws.security.message.token.UsernameToken

public class UsernameToken
extends Object

UsernameToken according to WS Security specifications, UsernameToken profile. Enhanced to support digest password type for username token signature Enhanced to support passwordless usernametokens as allowed by spec.

Author:
Davanum Srinivas (dims@yahoo.com), Werner Dittmann (Werner.Dittmann@t-online.de)

Field Summary
static String BASE64_ENCODING
           
static int DEFAULT_ITERATION
           
protected  org.w3c.dom.Element element
           
protected  org.w3c.dom.Element elementCreated
           
protected  org.w3c.dom.Element elementIteration
           
protected  org.w3c.dom.Element elementNonce
           
protected  org.w3c.dom.Element elementPassword
           
protected  org.w3c.dom.Element elementSalt
           
protected  org.w3c.dom.Element elementUsername
           
protected  boolean hashed
           
static String PASSWORD_TYPE
           
protected  String passwordType
           
static javax.xml.namespace.QName TOKEN
           
 
Constructor Summary
UsernameToken(boolean milliseconds, org.w3c.dom.Document doc)
          Constructs a UsernameToken object according to the defined parameters.
UsernameToken(boolean milliseconds, org.w3c.dom.Document doc, String pwType)
          Constructs a UsernameToken object according to the defined parameters.
UsernameToken(org.w3c.dom.Element elem)
          Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.
UsernameToken(org.w3c.dom.Element elem, boolean allowNamespaceQualifiedPasswordTypes)
          Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.
 
Method Summary
 void addCreated(boolean milliseconds, org.w3c.dom.Document doc)
          Creates and adds a Created element to this UsernameToken
 void addIteration(org.w3c.dom.Document doc, int iteration)
          Creates and adds a Iteration element to this UsernameToken
 void addNonce(org.w3c.dom.Document doc)
          Creates and adds a Nonce element to this UsernameToken
 byte[] addSalt(org.w3c.dom.Document doc, byte[] saltValue, boolean mac)
          Adds and optionally creates a Salt element to this UsernameToken.
static String doPasswordDigest(String nonce, String created, byte[] password)
           
static String doPasswordDigest(String nonce, String created, String password)
           
static byte[] generateDerivedKey(byte[] password, byte[] salt, int iteration)
          This static method generates a derived key as defined in WSS Username Token Profile.
static byte[] generateDerivedKey(String password, byte[] salt, int iteration)
          This static method generates a derived key as defined in WSS Username Token Profile.
static byte[] generateSalt(boolean useForMac)
          This static method generates a 128 bit salt value as defined in WSS Username Token Profile.
 String getCreated()
          Get the created timestamp.
 byte[] getDerivedKey()
          This method gets a derived key as defined in WSS Username Token Profile.
 org.w3c.dom.Element getElement()
          Returns the dom element of this UsernameToken object.
 String getID()
          Gets the id.
 int getIteration()
          Get the Iteration value of this UsernameToken.
 String getName()
          Get the user name.
 String getNonce()
          Get the nonce.
 String getPassword()
          Gets the password string.
 boolean getPasswordsAreEncoded()
           
 String getPasswordType()
           
 String getRawPassword()
          Get the raw (plain text) password used to compute secret key.
 byte[] getSalt()
          Get the Salt value of this UsernameToken.
 byte[] getSecretKey()
          Gets the secret key as per WS-Trust spec.
 byte[] getSecretKey(int keylen)
          Gets the secret key as per WS-Trust spec.
 byte[] getSecretKey(int keylen, String labelString)
          Gets the secret key as per WS-Trust spec.
 boolean isDerivedKey()
          Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1.
 boolean isHashed()
          Get the hashed indicator.
 void setID(String id)
          Set the id of this username token.
 void setName(String name)
          Set the user name.
 void setPassword(String pwd)
          Sets the password string.
 void setPasswordsAreEncoded(boolean passwordsAreEncoded)
           
 void setRawPassword(String newRawPassword)
          Set the raw (plain text) password used to compute secret key.
 String toString()
          Returns the string representation of the token.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

BASE64_ENCODING

public static final String BASE64_ENCODING
See Also:
Constant Field Values

PASSWORD_TYPE

public static final String PASSWORD_TYPE
See Also:
Constant Field Values

DEFAULT_ITERATION

public static final int DEFAULT_ITERATION
See Also:
Constant Field Values

TOKEN

public static final javax.xml.namespace.QName TOKEN

element

protected org.w3c.dom.Element element

elementUsername

protected org.w3c.dom.Element elementUsername

elementPassword

protected org.w3c.dom.Element elementPassword

elementNonce

protected org.w3c.dom.Element elementNonce

elementCreated

protected org.w3c.dom.Element elementCreated

elementSalt

protected org.w3c.dom.Element elementSalt

elementIteration

protected org.w3c.dom.Element elementIteration

passwordType

protected String passwordType

hashed

protected boolean hashed
Constructor Detail

UsernameToken

public UsernameToken(org.w3c.dom.Element elem)
              throws WSSecurityException
Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.

Parameters:
elem - the wsse:UsernameToken element that contains the UsernameToken data
Throws:
WSSecurityException

UsernameToken

public UsernameToken(org.w3c.dom.Element elem,
                     boolean allowNamespaceQualifiedPasswordTypes)
              throws WSSecurityException
Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.

Parameters:
elem - the wsse:UsernameToken element that contains the UsernameToken data
allowNamespaceQualifiedPasswordTypes - whether to allow (wsse) namespace qualified password types or not (for interop with WCF)
Throws:
WSSecurityException

UsernameToken

public UsernameToken(boolean milliseconds,
                     org.w3c.dom.Document doc)
Constructs a UsernameToken object according to the defined parameters.

This constructs set the password encoding to WSConstants.PASSWORD_DIGEST

Parameters:
doc - the SOAP envelope as Document

UsernameToken

public UsernameToken(boolean milliseconds,
                     org.w3c.dom.Document doc,
                     String pwType)
Constructs a UsernameToken object according to the defined parameters.

Parameters:
doc - the SOAP envelope as Document
pwType - the required password encoding, either WSConstants.PASSWORD_DIGEST or WSConstants.PASSWORD_TEXT or WSConstants.PW_NONE null if no password required
Method Detail

addNonce

public void addNonce(org.w3c.dom.Document doc)
Creates and adds a Nonce element to this UsernameToken


addCreated

public void addCreated(boolean milliseconds,
                       org.w3c.dom.Document doc)
Creates and adds a Created element to this UsernameToken


addSalt

public byte[] addSalt(org.w3c.dom.Document doc,
                      byte[] saltValue,
                      boolean mac)
Adds and optionally creates a Salt element to this UsernameToken. If the saltValue is null the the method generates a new salt. Otherwise it uses the the given value.

Parameters:
doc - The Document for the UsernameToken
saltValue - The salt to add, if null generate a new salt value
mac - If true then an optionally generated value is usable for a MAC
Returns:
Returns the added salt

addIteration

public void addIteration(org.w3c.dom.Document doc,
                         int iteration)
Creates and adds a Iteration element to this UsernameToken


getName

public String getName()
Get the user name.

Returns:
the data from the user name element.

setName

public void setName(String name)
Set the user name.

Parameters:
name - sets a text node containing the use name into the user name element.

getNonce

public String getNonce()
Get the nonce.

Returns:
the data from the nonce element.

getCreated

public String getCreated()
Get the created timestamp.

Returns:
the data from the created time element.

getPassword

public String getPassword()
Gets the password string. This is the password as it is in the password element of a username token. Thus it can be either plain text or the password digest value.

Returns:
the password string or null if no such node exists.

getSalt

public byte[] getSalt()
               throws WSSecurityException
Get the Salt value of this UsernameToken.

Returns:
Returns the binary Salt value or null if no Salt value is available in the username token.
Throws:
WSSecurityException

getIteration

public int getIteration()
Get the Iteration value of this UsernameToken.

Returns:
Returns the Iteration value. If no Iteration was specified in the username token the default value according to the specification is returned.

isHashed

public boolean isHashed()
Get the hashed indicator. If the indicator is true> the password of the UsernameToken was encoded using WSConstants.PASSWORD_DIGEST

Returns:
the hashed indicator.

getPasswordType

public String getPasswordType()
Returns:
Returns the passwordType.

setPassword

public void setPassword(String pwd)
Sets the password string. This function sets the password in the UsernameToken either as plain text or encodes the password according to the WS Security specifications, UsernameToken profile, into a password digest.

Parameters:
pwd - the password to use

setRawPassword

public void setRawPassword(String newRawPassword)
Set the raw (plain text) password used to compute secret key.

Parameters:
newRawPassword - the raw password to set

getRawPassword

public String getRawPassword()
Get the raw (plain text) password used to compute secret key.


setPasswordsAreEncoded

public void setPasswordsAreEncoded(boolean passwordsAreEncoded)
Parameters:
passwordsAreEncoded - whether passwords are encoded

getPasswordsAreEncoded

public boolean getPasswordsAreEncoded()
Returns:
whether passwords are encoded

doPasswordDigest

public static String doPasswordDigest(String nonce,
                                      String created,
                                      byte[] password)

doPasswordDigest

public static String doPasswordDigest(String nonce,
                                      String created,
                                      String password)

getElement

public org.w3c.dom.Element getElement()
Returns the dom element of this UsernameToken object.

Returns:
the wsse:UsernameToken element

toString

public String toString()
Returns the string representation of the token.

Overrides:
toString in class Object
Returns:
a XML string representation

getID

public String getID()
Gets the id.

Returns:
the value of the wsu:Id attribute of this username token

setID

public void setID(String id)
Set the id of this username token.

Parameters:
id - the value for the wsu:Id attribute of this username token

getSecretKey

public byte[] getSecretKey()
Gets the secret key as per WS-Trust spec. This method uses default setting to generate the secret key. These default values are suitable for .NET WSE.

Returns:
a secret key constructed from information contained in this username token

getSecretKey

public byte[] getSecretKey(int keylen)
Gets the secret key as per WS-Trust spec. This method uses default setting to generate the secret key. These default values are suitable for .NET WSE.

Returns:
a secret key constructed from information contained in this username token

getSecretKey

public byte[] getSecretKey(int keylen,
                           String labelString)
Gets the secret key as per WS-Trust spec.

Parameters:
keylen - How many bytes to generate for the key
labelString - the label used to generate the seed
Returns:
a secret key constructed from information contained in this username token

generateDerivedKey

public static byte[] generateDerivedKey(byte[] password,
                                        byte[] salt,
                                        int iteration)
                                 throws WSSecurityException
This static method generates a derived key as defined in WSS Username Token Profile.

Parameters:
password - The password to include in the key generation
salt - The Salt value
iteration - The Iteration value. If zero (0) is given the method uses the default value
Returns:
Returns the derived key a byte array
Throws:
WSSecurityException

generateDerivedKey

public static byte[] generateDerivedKey(String password,
                                        byte[] salt,
                                        int iteration)
                                 throws WSSecurityException
This static method generates a derived key as defined in WSS Username Token Profile.

Parameters:
password - The password to include in the key generation
salt - The Salt value
iteration - The Iteration value. If zero (0) is given the method uses the default value
Returns:
Returns the derived key a byte array
Throws:
WSSecurityException

getDerivedKey

public byte[] getDerivedKey()
                     throws WSSecurityException
This method gets a derived key as defined in WSS Username Token Profile.

Returns:
Returns the derived key as a byte array
Throws:
WSSecurityException

isDerivedKey

public boolean isDerivedKey()
                     throws WSSecurityException
Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1. It does this by checking that the username token has salt and iteration values.

Throws:
WSSecurityException

generateSalt

public static byte[] generateSalt(boolean useForMac)
This static method generates a 128 bit salt value as defined in WSS Username Token Profile.

Parameters:
useForMac - If true define the Salt for use in a MAC
Returns:
Returns the 128 bit salt value as byte array


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.