if (sendEKSHA1) {
if (context.getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE) == null) {
sendEKSHA1 = false;
}
}
BuilderResult stbResult = new BuilderResult();
WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();
if (PolicyTypeUtil.usernameTokenBinding(ckBinding)) {
if (sendEKSHA1) {
String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
buildKeyInfoWithEKSHA1(ekSha1Ref);
dataProtectionKey = binding.getSecretKey();
if(dataProtectionKey == null){
throw new XWSSecurityException("DataProtectionKey got from the UsernameToken Binding is NULL");
}
stbResult.setKeyInfo(super.keyInfo);
stbResult.setDataProtectionKey(dataProtectionKey);
} else if (wss11Sender || wss10) {
AuthenticationTokenPolicy.UsernameTokenBinding untBinding = null;
dataProtectionKey = binding.getSecretKey();
if(dataProtectionKey == null){
throw new XWSSecurityException("DataProtectionKey got from the UsernameToken Binding is NULL");
}
if (context.getusernameTokenBinding() != null) {
untBinding = context.getusernameTokenBinding();
untBinding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
} else {
throw new XWSSecurityException("Internal error: UsernameToken Binding not set on context");
}
UsernameToken unt = untBinding.getUsernameToken();
String unTokenId = untBinding.getUUID();
if (unTokenId == null || unTokenId.equals("")) {
unTokenId = context.generateID();
}
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "UsernameToken for SymmetricBinding is: " + unt);
logger.log(Level.FINEST, "Token ID for SymmetricBinding is: " + unTokenId);
}
SecurityHeaderElement ek = null;
HashMap ekCache = context.getEncryptedKeyCache();
String ekId = (String) ekCache.get(unTokenId);
keyProtectionKey = untBinding.getSecretKey();
if (ekId == null) {
TokenBuilder builder = new UsernameTokenBuilder(context, untBinding);
result = builder.process();
KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) result.getKeyInfo();
context.setExtraneousProperty("SecretKey", dataProtectionKey);
//Truncating 20 byte Key to 16 byte Key;
byte[] secretKey = untBinding.getSecretKey().getEncoded();
PasswordDerivedKey pdk = new PasswordDerivedKey();
Key dpKey = pdk.generate16ByteKeyforEncryption(secretKey);
ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), context.getAlgorithmSuite().getSymmetricKeyAlgorithm(), ekKI, dpKey, dataProtectionKey);
context.getSecurityHeader().add(ek);
ekId = ek.getId();
ekCache.put(unTokenId, ekId);
context.addToCurrentSecretMap(ekId, dataProtectionKey);
try {
byte[] cipherVal = ((JAXBEncryptedKey) ek).getCipherValue();
byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
//byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
String encEkSha1 = Base64.encode(ekSha1);
context.setExtraneousProperty("EncryptedKeySHA1", encEkSha1);
} catch (java.security.NoSuchAlgorithmException nsa) {
throw new XWSSecurityException(nsa);
}
} else {
if (ekId == null || ekId.length() == 0) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
throw new XWSSecurityException("Invalid EncryptedKey Id ");
}
dataProtectionKey = context.getCurrentSecretFromMap(ekId);
}
String valType = null;
if (wss11Sender) {
valType = MessageConstants.EncryptedKey_NS;
}
com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference str = buildSTR(untBinding.getUUID(), buildDirectReference(ekId, valType));
//str.setTokenType(MessageConstants.EncryptedKey_NS);
buildKeyInfo((SecurityTokenReference) str);
stbResult.setDataProtectionKey(dataProtectionKey);
stbResult.setKeyInfo(super.keyInfo);
stbResult.setEncryptedKey((EncryptedKey) ek);
}
} else if (!PolicyTypeUtil.kerberosTokenBinding(ckBinding)) {
if (!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
if (keyProtectionAlg != null && !"".equals(keyProtectionAlg)) {
dataProtectionKey = SecurityUtil.generateSymmetricKey(dataProtectionAlg);
}
keyProtectionKey = binding.getSecretKey();
if (dataProtectionKey == null) {
dataProtectionKey = keyProtectionKey;
keyProtectionKey = null;
buildKIWithKeyName(binding.getKeyIdentifier());
}
stbResult.setKeyInfo(super.keyInfo);
stbResult.setDataProtectionKey(dataProtectionKey);
} else if (sendEKSHA1) {
//get the signing key and EKSHA1 reference from the Subject, it was stored from the incoming message
String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
buildKeyInfoWithEKSHA1(ekSha1Ref);
dataProtectionKey = binding.getSecretKey();
stbResult.setKeyInfo(super.keyInfo);
stbResult.setDataProtectionKey(dataProtectionKey);
} else if (wss11Sender || wss10) {
dataProtectionKey = binding.getSecretKey();
//TODO :: REMOVE ONCE THE CHANGE IS MADE IN FITERS
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (!binding.getCertAlias().equals(MessageConstants._EMPTY)) {
certificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
//x509Binding.newPrivateKeyBinding();
certificateBinding.setCertificateIdentifier(binding.getCertAlias());
X509Certificate x509Cert = context.getSecurityEnvironment().getCertificate(context.getExtraneousProperties(), certificateBinding.getCertificateIdentifier(), false);
certificateBinding.setX509Certificate(x509Cert);
certificateBinding.setReferenceType("Direct");
} else if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
throw new XWSSecurityException("Internal Error: X509CertificateBinding not set on context");
}
X509Certificate x509Cert = certificateBinding.getX509Certificate();
String x509TokenId = certificateBinding.getUUID();
if (x509TokenId == null || x509TokenId.equals("")) {
x509TokenId = context.generateID();
}
SecurityUtil.checkIncludeTokenPolicyOpt(context, certificateBinding, x509TokenId);
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "Certificate for SymmetricBinding is: " + x509Cert);
logger.log(Level.FINEST, "BinaryToken ID for SymmetricBinding is: " + x509TokenId);
}
BinarySecurityToken bst = null;
SecurityHeaderElement ek = null;
HashMap ekCache = context.getEncryptedKeyCache();
String ekId = (String) ekCache.get(x509TokenId);
keyProtectionKey = x509Cert.getPublicKey();
if (ekId == null) {
TokenBuilder builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult bResult = builder.process();
KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) bResult.getKeyInfo();
context.setExtraneousProperty("SecretKey", dataProtectionKey);
ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), keyProtectionAlg, ekKI, keyProtectionKey, dataProtectionKey);
context.getSecurityHeader().add(ek);
ekId = ek.getId();
ekCache.put(x509TokenId, ekId);