org.apache.ws.security.message.token
Class UsernameToken

java.lang.Object
  extended byorg.apache.ws.security.message.token.UsernameToken

public class UsernameToken
extends java.lang.Object

UsernameToken according to WS Security specifications, UsernameToken profile. Enhanced to support digest password type for username token signature Enhanced to support passwordless usernametokens as allowed by spec.

Author:
Davanum Srinivas (dims@yahoo.com), Werner Dittmann (Werner.Dittmann@t-online.de)

Field Summary
static int DEFAULT_ITERATION
           
protected  org.w3c.dom.Element element
           
protected  org.w3c.dom.Element elementCreated
           
protected  org.w3c.dom.Element elementIteration
           
protected  org.w3c.dom.Element elementNonce
           
protected  org.w3c.dom.Element elementPassword
           
protected  org.w3c.dom.Element elementSalt
           
protected  org.w3c.dom.Element elementUsername
           
protected  boolean hashed
           
static java.lang.String PASSWORD_TYPE
           
protected  java.lang.String passwordType
           
static javax.xml.namespace.QName TOKEN
           
 
Constructor Summary
UsernameToken(boolean milliseconds, org.w3c.dom.Document doc)
          Constructs a UsernameToken object according to the defined parameters.
UsernameToken(boolean milliseconds, org.w3c.dom.Document doc, java.lang.String pwType)
          Constructs a UsernameToken object according to the defined parameters.
UsernameToken(org.w3c.dom.Element elem)
          Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.
 
Method Summary
 void addCreated(boolean milliseconds, org.w3c.dom.Document doc)
          Creates and adds a Created element to this UsernameToken
 void addIteration(org.w3c.dom.Document doc, int iteration)
          Creates and adds a Iteration element to this UsernameToken
 void addNonce(org.w3c.dom.Document doc)
          Creates and adds a Nonce element to this UsernameToken
 byte[] addSalt(org.w3c.dom.Document doc, byte[] saltValue, boolean mac)
          Adds and optionally creates a Salt element to this UsernameToken.
static java.lang.String doPasswordDigest(java.lang.String nonce, java.lang.String created, java.lang.String password)
           
static byte[] generateDerivedKey(java.lang.String password, byte[] salt, int iteration)
          This static method generates a derived key as defined in WSS Username Token Profile.
static byte[] generateSalt(boolean useForMac)
          This static method generates a 128 bit salt value as defined in WSS Username Token Profile.
 java.lang.String getCreated()
          Get the created timestamp.
 org.w3c.dom.Element getElement()
          Returns the dom element of this UsernameToken object.
 java.lang.String getID()
          Gets the id.
 int getIteration()
          Get the Iteration value of this UsernameToken.
 java.lang.String getName()
          Get the user name.
 java.lang.String getNonce()
          Get the nonce.
 java.lang.String getPassword()
          Gets the password string.
 java.lang.String getPasswordType()
           
 byte[] getSalt()
          Get the Salt value of this UsernameToken.
 byte[] getSecretKey()
          Gets the secret key as per WS-Trust spec.
 byte[] getSecretKey(int keylen, java.lang.String labelString)
          Gets the secret key as per WS-Trust spec.
 boolean isHashed()
          Get the hashed indicator.
 void setID(java.lang.String id)
          Set the id of this username token.
 void setName(java.lang.String name)
          Set the user name.
 void setPassword(java.lang.String pwd)
          Sets the password string.
 void setRawPassword(java.lang.String raw_password)
          Set the raw (plain text) password used to compute secret key.
 java.lang.String toString()
          Returns the string representation of the token.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

PASSWORD_TYPE

public static final java.lang.String PASSWORD_TYPE
See Also:
Constant Field Values

element

protected org.w3c.dom.Element element

elementUsername

protected org.w3c.dom.Element elementUsername

elementPassword

protected org.w3c.dom.Element elementPassword

elementNonce

protected org.w3c.dom.Element elementNonce

elementCreated

protected org.w3c.dom.Element elementCreated

elementSalt

protected org.w3c.dom.Element elementSalt

elementIteration

protected org.w3c.dom.Element elementIteration

passwordType

protected java.lang.String passwordType

hashed

protected boolean hashed

DEFAULT_ITERATION

public static final int DEFAULT_ITERATION
See Also:
Constant Field Values

TOKEN

public static final javax.xml.namespace.QName TOKEN
Constructor Detail

UsernameToken

public UsernameToken(org.w3c.dom.Element elem)
              throws WSSecurityException
Constructs a UsernameToken object and parses the wsse:UsernameToken element to initialize it.

Parameters:
elem - the wsse:UsernameToken element that contains the UsernameToken data
Throws:
WSSecurityException

UsernameToken

public UsernameToken(boolean milliseconds,
                     org.w3c.dom.Document doc)
Constructs a UsernameToken object according to the defined parameters.

This constructs set the password encoding to WSConstants.PASSWORD_DIGEST

Parameters:
doc - the SOAP envelope as Document

UsernameToken

public UsernameToken(boolean milliseconds,
                     org.w3c.dom.Document doc,
                     java.lang.String pwType)
Constructs a UsernameToken object according to the defined parameters.

Parameters:
doc - the SOAP envelope as Document
pwType - the required password encoding, either WSConstants.PASSWORD_DIGEST or WSConstants.PASSWORD_TEXT or WSConstants.PW_NONE null if no password required
Method Detail

addNonce

public void addNonce(org.w3c.dom.Document doc)
Creates and adds a Nonce element to this UsernameToken


addCreated

public void addCreated(boolean milliseconds,
                       org.w3c.dom.Document doc)
Creates and adds a Created element to this UsernameToken


addSalt

public byte[] addSalt(org.w3c.dom.Document doc,
                      byte[] saltValue,
                      boolean mac)
Adds and optionally creates a Salt element to this UsernameToken. If the saltValue is null the the method generates a new salt. Otherwise it uses the the given value.

Parameters:
doc - The Document for the UsernameToken
saltValue - The salt to add, if null generate a new salt value
mac - If true then an optionally generated value is usable for a MAC
Returns:
Returns the added salt

addIteration

public void addIteration(org.w3c.dom.Document doc,
                         int iteration)
Creates and adds a Iteration element to this UsernameToken


getName

public java.lang.String getName()
Get the user name.

Returns:
the data from the user name element.

setName

public void setName(java.lang.String name)
Set the user name.

Parameters:
name - sets a text node containing the use name into the user name element.

getNonce

public java.lang.String getNonce()
Get the nonce.

Returns:
the data from the nonce element.

getCreated

public java.lang.String getCreated()
Get the created timestamp.

Returns:
the data from the created time element.

getPassword

public java.lang.String getPassword()
Gets the password string. This is the password as it is in the password element of a username token. Thus it can be either plain text or the password digest value.

Returns:
the password string or null if no such node exists.

getSalt

public byte[] getSalt()
               throws WSSecurityException
Get the Salt value of this UsernameToken.

Returns:
Returns the binary Salt value or null if no Salt value is available in the username token.
Throws:
WSSecurityException

getIteration

public int getIteration()
Get the Iteration value of this UsernameToken.

Returns:
Returns the Iteration value. If no Iteration was specified in the username token the default value according to the specification is returned.

isHashed

public boolean isHashed()
Get the hashed indicator. If the indicator is true> the password of the UsernameToken was encoded using WSConstants.PASSWORD_DIGEST

Returns:
the hashed indicator.

getPasswordType

public java.lang.String getPasswordType()
Returns:
Returns the passwordType.

setPassword

public void setPassword(java.lang.String pwd)
Sets the password string. This function sets the password in the UsernameToken either as plain text or encodes the password according to the WS Security specifications, UsernameToken profile, into a password digest.

Parameters:
pwd - the password to use

setRawPassword

public void setRawPassword(java.lang.String raw_password)
Set the raw (plain text) password used to compute secret key.

Parameters:
raw_password - the raw_password to set

doPasswordDigest

public static java.lang.String doPasswordDigest(java.lang.String nonce,
                                                java.lang.String created,
                                                java.lang.String password)

getElement

public org.w3c.dom.Element getElement()
Returns the dom element of this UsernameToken object.

Returns:
the wsse:UsernameToken element

toString

public java.lang.String toString()
Returns the string representation of the token.

Returns:
a XML string representation

getID

public java.lang.String getID()
Gets the id.

Returns:
the value of the wsu:Id attribute of this username token

setID

public void setID(java.lang.String id)
Set the id of this username token.

Parameters:
id - the value for the wsu:Id attribute of this username token

getSecretKey

public byte[] getSecretKey()
Gets the secret key as per WS-Trust spec. This method uses default setting to generate the secret key. These default values are suitable for .NET WSE.

Returns:
a secret key constructed from information contained in this username token

getSecretKey

public byte[] getSecretKey(int keylen,
                           java.lang.String labelString)
Gets the secret key as per WS-Trust spec.

Parameters:
keylen - How many bytes to generate for the key
labelString - the label used to generate the seed
Returns:
a secret key constructed from information contained in this username token

generateDerivedKey

public static byte[] generateDerivedKey(java.lang.String password,
                                        byte[] salt,
                                        int iteration)
                                 throws WSSecurityException
This static method generates a derived key as defined in WSS Username Token Profile.

Parameters:
password - The password to include in the key generation
salt - The Salt value
iteration - The Iteration value. If zero (0) is given the method uses the default value
Returns:
Returns the derived key a byte array
Throws:
WSSecurityException

generateSalt

public static byte[] generateSalt(boolean useForMac)
This static method generates a 128 bit salt value as defined in WSS Username Token Profile.

Parameters:
useForMac - If true define the Salt for use in a MAC
Returns:
Returns the 128 bit salt value as byte array


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.