Package com.sun.xml.ws.security.opt.api.keyinfo

Examples of com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult


            } else {
                usernameTokenBinding =(AuthenticationTokenPolicy.UsernameTokenBinding)keyBinding;
            }     
            signingKey = usernameTokenBinding.getSecretKey();
            builder = new UsernameTokenBuilder(context,usernameTokenBinding);
            BuilderResult untResult = builder.process();           
            untResult.setDataProtectionKey(signingKey);
            return untResult;
           
        } else if(PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
            AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
            if ( context.getX509CertificateBinding() != null) {
                certificateBinding  = context.getX509CertificateBinding();
                context.setX509CertificateBinding(null);
            } else {
                certificateBinding  =(AuthenticationTokenPolicy.X509CertificateBinding)keyBinding;
            }
           
            PrivateKeyBinding privKBinding  = (PrivateKeyBinding)certificateBinding.getKeyBinding();
            signingKey = privKBinding.getPrivateKey();
           
            builder = new X509TokenBuilder(context,certificateBinding);
            BuilderResult xtbResult = builder.process();
           
            xtbResult.setDataProtectionKey(signingKey);
            return xtbResult;
        } else if(PolicyTypeUtil.kerberosTokenBinding(keyBinding)){
            AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
            if(context.getKerberosTokenBinding() != null){
                krbBinding = context.getKerberosTokenBinding();
                context.setKerberosTokenBinding(null);
            } else{
                krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding)keyBinding;
            }
           
            signingKey = krbBinding.getSecretKey();
            builder = new KerberosTokenBuilder(context, krbBinding);
            BuilderResult ktbResult = builder.process();
            ktbResult.setDataProtectionKey(signingKey);
           
            return ktbResult;
        } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
            SymmetricKeyBinding skb = null;
            if ( context.getSymmetricKeyBinding() != null) {
                skb = context.getSymmetricKeyBinding();
                context.setSymmetricKeyBinding(null);
            } else {
                skb = (SymmetricKeyBinding)keyBinding;
            }
           
            builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo,keyEncAlgo);
            BuilderResult skbResult = builder.process();
            return skbResult;
        else if ( PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
            DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding)keyBinding;
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            builder = new DerivedKeyTokenBuilder(context, dtk);
            BuilderResult dtkResult = builder.process();
            return dtkResult;
        else if ( PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
            IssuedTokenBuilder itb = new IssuedTokenBuilder(context,(IssuedTokenKeyBinding)keyBinding);
            BuilderResult itbResult = itb.process();
            return itbResult;
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            SCTBuilder sctBuilder = new SCTBuilder(context,(SecureConversationTokenKeyBinding)keyBinding);
            BuilderResult sctResult = sctBuilder.process();
            return sctResult;
        } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSAMLNS();
            SamlTokenBuilder stb = new SamlTokenBuilder(context,(AuthenticationTokenPolicy.SAMLAssertionBinding)keyBinding,true);
            return stb.process();
        } else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSAMLNS();           
            KeyValueTokenBuilder sctBuilder = new KeyValueTokenBuilder(context,(AuthenticationTokenPolicy.KeyValueTokenBinding)keyBinding);
            BuilderResult kvtResult = sctBuilder.process();
            return kvtResult;           
         } else{
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
            throw new UnsupportedOperationException("Unsupported Key Binding"+keyBinding);
           
View Full Code Here


     * @throws com.sun.xml.wss.XWSSecurityException
     */
    @SuppressWarnings("unchecked")
    @Override
    public BuilderResult process() throws XWSSecurityException {
        BuilderResult result = new BuilderResult();
        String assertionId;
       
        SecurityHeaderElement she = null;
       
        Element samlAssertion = keyBinding.getAssertion();
        if (samlAssertion == null) {
             reader = keyBinding.getAssertionReader();
            if (reader != null) {
                try {
                    reader.next(); //start document , so move to next event
                    id = reader.getAttributeValue(null, "AssertionID");
                    if (id == null) {
                        id = reader.getAttributeValue(null, "ID");
                    }
                    //version = reader.getAttributeValue(null, "Version");
                    buffer = new MutableXMLStreamBuffer();
                    StreamWriterBufferCreator bCreator = new StreamWriterBufferCreator(buffer);
                    XMLStreamWriter writer_tmp = (XMLStreamWriter) bCreator;
                    while (!(XMLStreamReader.END_DOCUMENT == reader.getEventType())) {
                        com.sun.xml.ws.security.opt.impl.util.StreamUtil.writeCurrentEvent(reader, writer_tmp);
                        reader.next();
                    }
                } catch (XMLStreamException ex) {
                   throw new XWSSecurityException(ex);
                }
            }
        }

        if (samlAssertion != null) {
            she = new GSHeaderElement(samlAssertion);
        }else if (reader != null) {
            she = new GSHeaderElement(buffer);
            she.setId(id)// set the ID again to bring it to top           
        }
        JAXBEncryptedKey ek;
        String asID;
        String idVal = "";
        String keyEncAlgo = XMLCipher.RSA_v1dot5;       
        Key samlkey = null;
        if(samlAssertion != null){
            asID = samlAssertion.getAttributeNS(null,"AssertionID");
            if(she == null){
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1811_NULL_SAML_ASSERTION());
                throw new XWSSecurityException("SAML Assertion is NULL");
            }
            if(asID == null || asID.length() ==0){
                idVal = samlAssertion.getAttributeNS(null,"ID");
                she.setId(idVal);
            }else{
                she.setId(asID);
            }
        }else {
            if (she == null) {
                she = (SecurityHeaderElement) context.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
            }
            if (she == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1811_NULL_SAML_ASSERTION());
                throw new XWSSecurityException("SAML Assertion is NULL");
            }
            idVal = asID = she.getId();
        }
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, "SAML Assertion id:{0}", asID);
        }
       
        Key dataProtectionKey;
        if(forSign){
            PrivateKeyBinding privKBinding  = (PrivateKeyBinding)keyBinding.getKeyBinding();
            dataProtectionKey = privKBinding.getPrivateKey();
            if (dataProtectionKey == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1810_NULL_PRIVATEKEY_SAML());
                throw new XWSSecurityException("PrivateKey null inside PrivateKeyBinding set for SAML Policy ");
            }
           
            if(context.getSecurityHeader().getChildElement(she.getId()) == null){
                context.getSecurityHeader().add(she);
            }
           
        } else {
            SecurityHeaderElement assertion = (SecurityHeaderElement) context.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
            samlkey = ((SAMLAssertion) assertion).getKey();
            /*
            x509Cert = context.getSecurityEnvironment().getCertificate(
                    context.getExtraneousProperties() ,(PublicKey)key, false);
            if (x509Cert == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1812_MISSING_CERT_SAMLASSERTION());
                throw new XWSSecurityException("Could not locate Certificate corresponding to Key in SubjectConfirmation of SAML Assertion");
            }
            */
            if (!"".equals(keyBinding.getKeyAlgorithm())) {
                keyEncAlgo = keyBinding.getKeyAlgorithm();
            }
            String dataEncAlgo = SecurityUtil.getDataEncryptionAlgo(context);
            dataProtectionKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
        }
        Element authorityBinding = keyBinding.getAuthorityBinding();
        //assertionId = keyBinding.getAssertionId();
       
       
       
        String referenceType = keyBinding.getReferenceType();
        if (referenceType.equals(MessageConstants.EMBEDDED_REFERENCE_TYPE)) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1813_UNSUPPORTED_EMBEDDEDREFERENCETYPE_SAML());
            throw new XWSSecurityException("Embedded Reference Type for SAML Assertions not supported yet");
        }
       
        assertionId = she.getId();
       
        //todo reference different keyreference types.
        SecurityTokenReference samlSTR;
        if(authorityBinding == null){
            KeyIdentifier keyIdentifier = new KeyIdentifier(context.getSOAPVersion());
            keyIdentifier.setValue(assertionId);
            if(MessageConstants.SAML_v2_0_NS.equals(she.getNamespaceURI())){
                keyIdentifier.setValueType(MessageConstants.WSSE_SAML_v2_0_KEY_IDENTIFIER_VALUE_TYPE);
            } else{
                keyIdentifier.setValueType(MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE);
            }
            samlSTR = elementFactory.createSecurityTokenReference(keyIdentifier);
            if (idVal != null) {
                samlSTR.setTokenType(MessageConstants.WSSE_SAML_v2_0_TOKEN_TYPE);
            }else{
                samlSTR.setTokenType(MessageConstants.WSSE_SAML_v1_1_TOKEN_TYPE);
            }
            //((SecurityTokenReferenceType)samlSTR).getAny().add(authorityBinding);
            ((NamespaceContextEx)context.getNamespaceContext()).addWSS11NS();
            buildKeyInfo((SecurityTokenReference) samlSTR);
        } else{
            //TODO: handle authorityBinding != null
        }
       
       
        if(!forSign){
            HashMap ekCache = context.getEncryptedKeyCache();
            ek = (JAXBEncryptedKey)elementFactory.createEncryptedKey(context.generateID(),keyEncAlgo,super.keyInfo,samlkey,dataProtectionKey);
            context.getSecurityHeader().add(ek);
            String ekId = ek.getId();
            DirectReference dr = buildDirectReference(ekId,MessageConstants.EncryptedKey_NS);
            result.setKeyInfo(buildKeyInfo(dr,""));
        }else{
            result.setKeyInfo(super.keyInfo);
        }
       
        HashMap sentSamlKeys = (HashMap) context.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
        if(sentSamlKeys == null)
            sentSamlKeys = new HashMap();
        sentSamlKeys.put(assertionId, dataProtectionKey);
        context.setExtraneousProperty(MessageConstants.STORED_SAML_KEYS, sentSamlKeys);
       
        result.setDataProtectionKey(dataProtectionKey);
       
        return result;
    }
View Full Code Here

                wssPolicy = ep;
            }
        }
       
        TokenProcessor tp = new TokenProcessor((EncryptionPolicy) wssPolicy, context);
        BuilderResult tokenInfo = tp.process();
        Key dataEncKey = null;
        Key dkEncKey = null;
        dataEncKey = tokenInfo.getDataProtectionKey();
        ek = tokenInfo.getEncryptedKey();
        ArrayList targets =  featureBinding.getTargetBindings();
        Iterator targetItr = targets.iterator();
       
        ETHandler edBuilder =  new ETHandler(context.getSOAPVersion());
        EncryptionPolicy.FeatureBinding  binding = (FeatureBinding) wssPolicy.getFeatureBinding();
        dataRefList = new ReferenceList();
       
        if(ek == null || binding.getUseStandAloneRefList()){
            edKeyInfo = tokenInfo.getKeyInfo();
        }
       
        boolean refAdded = false;
        while (targetItr.hasNext()) {
            EncryptionTarget target = (EncryptionTarget)targetItr.next();
View Full Code Here

            } else {
                usernameTokenBinding =(AuthenticationTokenPolicy.UsernameTokenBinding)keyBinding;
            }     
            signingKey = usernameTokenBinding.getSecretKey();
            builder = new UsernameTokenBuilder(context,usernameTokenBinding);
            BuilderResult untResult = builder.process();           
            untResult.setDataProtectionKey(signingKey);
            return untResult;
           
        } else if(PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
            AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
            if ( context.getX509CertificateBinding() != null) {
                certificateBinding  = context.getX509CertificateBinding();
                context.setX509CertificateBinding(null);
            } else {
                certificateBinding  =(AuthenticationTokenPolicy.X509CertificateBinding)keyBinding;
            }
           
            PrivateKeyBinding privKBinding  = (PrivateKeyBinding)certificateBinding.getKeyBinding();
            signingKey = privKBinding.getPrivateKey();
           
            builder = new X509TokenBuilder(context,certificateBinding);
            BuilderResult xtbResult = builder.process();
           
            xtbResult.setDataProtectionKey(signingKey);
            return xtbResult;
        } else if(PolicyTypeUtil.kerberosTokenBinding(keyBinding)){
            AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
            if(context.getKerberosTokenBinding() != null){
                krbBinding = context.getKerberosTokenBinding();
                context.setKerberosTokenBinding(null);
            } else{
                krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding)keyBinding;
            }
           
            signingKey = krbBinding.getSecretKey();
            builder = new KerberosTokenBuilder(context, krbBinding);
            BuilderResult ktbResult = builder.process();
            ktbResult.setDataProtectionKey(signingKey);
           
            return ktbResult;
        } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
            SymmetricKeyBinding skb = null;
            if ( context.getSymmetricKeyBinding() != null) {
                skb = context.getSymmetricKeyBinding();
                context.setSymmetricKeyBinding(null);
            } else {
                skb = (SymmetricKeyBinding)keyBinding;
            }
           
            builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo,keyEncAlgo);
            BuilderResult skbResult = builder.process();
            return skbResult;
        else if ( PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
            DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding)keyBinding;
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            builder = new DerivedKeyTokenBuilder(context, dtk);
            BuilderResult dtkResult = builder.process();
            return dtkResult;
        else if ( PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
            IssuedTokenBuilder itb = new IssuedTokenBuilder(context,(IssuedTokenKeyBinding)keyBinding);
            BuilderResult itbResult = itb.process();
            return itbResult;
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            SCTBuilder sctBuilder = new SCTBuilder(context,(SecureConversationTokenKeyBinding)keyBinding);
            BuilderResult sctResult = sctBuilder.process();
            return sctResult;
        } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSAMLNS();
            SamlTokenBuilder stb = new SamlTokenBuilder(context,(AuthenticationTokenPolicy.SAMLAssertionBinding)keyBinding,true);
            return stb.process();
        } else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
            ((NamespaceContextEx)context.getNamespaceContext()).addSAMLNS();           
            KeyValueTokenBuilder sctBuilder = new KeyValueTokenBuilder(context,(AuthenticationTokenPolicy.KeyValueTokenBinding)keyBinding);
            BuilderResult kvtResult = sctBuilder.process();
            return kvtResult;           
         } else{
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
            throw new UnsupportedOperationException("Unsupported Key Binding"+keyBinding);
           
View Full Code Here

    public BuilderResult process() throws XWSSecurityException {
       
        String algorithm = null;
        WSSPolicy originalKeyBinding = dtk.getOriginalKeyBinding();
        AlgorithmSuite algSuite = context.getAlgorithmSuite();
        BuilderResult dktResult = new BuilderResult();
               
        if(algSuite != null){
            algorithm = algSuite.getEncryptionAlgorithm();
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, "Algorithm used for Derived Keys: "+algorithm);
            }
        } else{
            throw new XWSSecurityException("Internal Error: Algorithm Suite is not set in context");
        }
        //The offset and length to be used for DKT
        long offset = 0; // Default 0
        long length = SecurityUtil.getLengthFromAlgorithm(algorithm);
       
        WSSPolicy policy = (WSSPolicy)context.getSecurityPolicy();
        if(length == 32 && PolicyTypeUtil.signaturePolicy(policy)){
            length = 24;
        }
        String dpTokenID = "";
        byte[] secret =null;
        BuilderResult result = null;
        // findbugs :correctness error, will lead to NPE if result was accessed later.
        /*if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1805_DERIVEDKEYS_WITH_ASYMMETRICBINDING_UNSUPPORTED());
            //throw new XWSSecurityException("Asymmetric Binding with DerivedKeys under X509Token Policy Not Yet Supported");
        } else*/
        UsernameTokenBinding utb;
        if(PolicyTypeUtil.usernameTokenBinding(originalKeyBinding)){
          if ( context.getusernameTokenBinding() != null) {
                utb = context.getusernameTokenBinding();
                context.setUsernameTokenBinding(null);
            } else{
                throw new XWSSecurityException("Internal Error: UsernameToken Binding not set on context");
            }
           UsernameTokenBuilder br = new UsernameTokenBuilder(context,utb);
           result = br.process();
           SecretKey key  = utb.getSecretKey();
           if(key == null){
               throw new XWSSecurityException("Key obtained from the username token binding is null");
           }
           byte[] tempSecret = key.getEncoded();
           secret = new byte[16];
           for(int i =0;i<=15;i++){
               secret[i] = tempSecret[i];
           }
          
        } else if ( PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
            //SymmetricKeyBinding skb = (SymmetricKeyBinding)originalKeyBinding;
            SymmetricKeyBinding skb = null;
            if ( context.getSymmetricKeyBinding() != null) {
                skb = context.getSymmetricKeyBinding();
                context.setSymmetricKeyBinding(null);
            } else{
                throw new XWSSecurityException("Internal Error: SymmetricBinding not set on context");
            }
            String dataEncAlgo = SecurityUtil.getDataEncryptionAlgo(context);
           
            String keyAlgo = skb.getKeyAlgorithm();
            if(keyAlgo == null || "".equals(keyAlgo)){
                if(context.getAlgorithmSuite() != null)
                    keyAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
            }
            SymmetricTokenBuilder stb = new SymmetricTokenBuilder(skb,context,dataEncAlgo,keyAlgo);
            result = stb.process();
            Key originalKey = result.getDataProtectionKey();
            secret = originalKey.getEncoded();
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, "SymmetricBinding under Derived Keys");
                logger.log(Level.FINEST, "DataEncryption Algorithm:"+dataEncAlgo);
                logger.log(Level.FINEST, "Key Algorithm:"+keyAlgo);
            }
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding)) {
            SecureConversationTokenKeyBinding skb = (SecureConversationTokenKeyBinding)originalKeyBinding;
            SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) originalKeyBinding);
            result = builder.process();
            IssuedTokenContext ictx = context.getSecureConversationContext();
            com.sun.xml.ws.security.SecurityContextToken sct =(com.sun.xml.ws.security.SecurityContextToken)ictx.getSecurityToken();
            if(sct.getInstance() != null){
                if(context.isExpired()){
                    secret = ictx.getProofKey();
                }else{
                    SecurityContextTokenInfo sctInstanceInfo = ictx.getSecurityContextTokenInfo();
                    //secret = context.getSecureConversationContext().getProofKey();
                    if(sctInstanceInfo != null){
                        secret = sctInstanceInfo.getInstanceSecret(sct.getInstance());
                    }else {
                        secret = ictx.getProofKey();
                    }                   
                }
            }else{
                secret = ictx.getProofKey();
            }
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, "SecureConversation token binding under Derived Keys");
            }
        }else if( PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding)) {
            IssuedTokenBuilder itb = new IssuedTokenBuilder(context,(IssuedTokenKeyBinding)originalKeyBinding);
            result = itb.process();
            Key originalKey = result.getDataProtectionKey();
            //ignore derived key when issuedtoken is public key
            if (context.getTrustContext().getProofKey() == null) {
                dktResult.setDataProtectionKey(originalKey);
                //keyinfo
                dktResult.setKeyInfo(result.getKeyInfo());
                return dktResult;
            }
           
            secret = originalKey.getEncoded();
            dpTokenID = result.getDPTokenId();
           
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, "Issued Token Binding token binding under Derived Keys");
            }
        } else{
            if(originalKeyBinding != null){
                throw new XWSSecurityException("Unsupported Key Binding:" + originalKeyBinding);
            } else{
                throw new XWSSecurityException("Internal Error: Null original key binding");
            }
        }
       
        DerivedKeyToken dkt = new DerivedKeyTokenImpl(offset, length, secret);
        Key dataKey = null;
        try{
            String jceAlgo = SecurityUtil.getSecretKeyAlgorithm(algorithm);
            dataKey = dkt.generateSymmetricKey(jceAlgo);
        } catch(Exception e){
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1806_ERROR_GENERATING_SYMMETRIC_KEY(),e);
            throw new XWSSecurityException(e);
        }
        SecurityTokenReferenceType str = null;
        Object strObj = result.getKeyInfo().getContent().get(0);
        if(strObj instanceof JAXBElement){
            str = (SecurityTokenReferenceType) ((JAXBElement)strObj).getValue();
        }else{
            str = (SecurityTokenReferenceType)strObj;
        }
View Full Code Here

            }else {
                untBinding = (AuthenticationTokenPolicy.UsernameTokenBinding)keyBinding;
            }   
            this.dataEncKey = untBinding.getSecretKey();
            builder = new UsernameTokenBuilder(context, untBinding);
            BuilderResult untResult = builder.process();
            untResult.setDataProtectionKey(dataEncKey);
            return untResult;           
           
        } else if(PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
            AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
            if ( context.getX509CertificateBinding() != null) {
                certificateBinding  = context.getX509CertificateBinding();
                context.setX509CertificateBinding(null);
            } else {
                certificateBinding  =(AuthenticationTokenPolicy.X509CertificateBinding)keyBinding;
            }
           
            String x509TokenId = certificateBinding.getUUID();
            if(x509TokenId == null || x509TokenId.equals("")){
                x509TokenId = context.generateID();
            }
           
            builder = new X509TokenBuilder(context,certificateBinding);
            BuilderResult xtbResult = builder.process();
            KeyInfo ekKI  = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo();
           
            tmp = null;
            tmp = certificateBinding.getKeyAlgorithm();
            if(tmp != null && !tmp.equals("")){
                keyEncAlgo = tmp;
            }
           
            dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
            //ekRefList = true;
            dkEncKey = certificateBinding.getX509Certificate().getPublicKey();
            String ekId = context.generateID();
            ek = elementFactory.createEncryptedKey(ekId,keyEncAlgo,ekKI,dkEncKey,dataEncKey);
            context.getSecurityHeader().add((SecurityHeaderElement)ek);
            xtbResult.setKeyInfo(null);
           
            DirectReference dr = elementFactory.createDirectReference();
            dr.setURI("#"+ekId);
            boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
            if(wss11Sender){
                dr.setValueType(MessageConstants.EncryptedKey_NS);
            }
            SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr);
            keyInfo = elementFactory.createKeyInfo(str);
           
            xtbResult.setKeyInfo(keyInfo);
            xtbResult.setEncryptedKey(ek);
            xtbResult.setDataProtectionKey(dataEncKey);
            xtbResult.setKeyProtectionKey(dkEncKey);
            return xtbResult;
           
        } else if(PolicyTypeUtil.kerberosTokenBinding(keyBinding)){
            AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
            if(context.getKerberosTokenBinding() != null){
                krbBinding = context.getKerberosTokenBinding();
                context.setKerberosTokenBinding(null);
            } else{
                krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding)keyBinding;
            }
            this.dataEncKey = krbBinding.getSecretKey();
            builder = new KerberosTokenBuilder(context, krbBinding);
            BuilderResult ktbResult = builder.process();
            ktbResult.setDataProtectionKey(dataEncKey);
            return ktbResult;
           
        } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
            SymmetricKeyBinding skb = null;
            if (context.getSymmetricKeyBinding() != null) {
                skb = context.getSymmetricKeyBinding();
                context.setSymmetricKeyBinding(null);
            } else {
                skb = (SymmetricKeyBinding)keyBinding;
            }
            builder = new SymmetricTokenBuilder(skb,context,dataEncAlgo,keyEncAlgo);
            BuilderResult skbResult = builder.process();
            this.dataEncKey = skbResult.getDataProtectionKey();
            keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo)skbResult.getKeyInfo();
            return skbResult;
           
        }else if(PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)){
            DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding)keyBinding;
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            builder = new DerivedKeyTokenBuilder(context, dtk);
            BuilderResult dtkResult = builder.process();
            //dtkResult.setEncryptedKey(null);
            return dtkResult;
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)){
            ((NamespaceContextEx)context.getNamespaceContext()).addSCNS();
            SCTBuilder sctBuilder = new SCTBuilder(context,(SecureConversationTokenKeyBinding)keyBinding);
            BuilderResult sctResult = sctBuilder.process();
            return sctResult;
        }else if ( PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {           
            IssuedTokenBuilder itb = new IssuedTokenBuilder(context,(IssuedTokenKeyBinding)keyBinding);
            BuilderResult itbResult = itb.process();
            return itbResult;
        }else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {           
            ((NamespaceContextEx)context.getNamespaceContext()).addSAMLNS();
            SamlTokenBuilder stb = new SamlTokenBuilder(context,(AuthenticationTokenPolicy.SAMLAssertionBinding)keyBinding,false);
            return stb.process();
View Full Code Here

     *
     * @return BuilderResult
     * @throws com.sun.xml.wss.XWSSecurityException
     */
    public BuilderResult process() throws XWSSecurityException {
        BuilderResult sctResult = new BuilderResult();      
        String dataEncAlgo = SecurityUtil.getDataEncryptionAlgo(context);      
        String sctPolicyId = sctBinding.getUUID();
        //Look for SCT in TokenCache
        SecurityElement sct = context.getSecurityHeader().getChildElement(sctPolicyId);
        IssuedTokenContext ictx = context.getSecureConversationContext();
        String sctVersion = sctBinding.getIncludeToken();
        boolean includeToken = (sctBinding.INCLUDE_ALWAYS.equals( sctVersion) ||
                                sctBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals( sctVersion) ||
                                sctBinding.INCLUDE_ALWAYS_VER2.equals( sctVersion) ||
                                sctBinding.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals( sctVersion)
                                );
        com.sun.xml.ws.security.SecurityContextToken sct1 = null;
        if (sct == null) {
            sct1 =(com.sun.xml.ws.security.SecurityContextToken)ictx.getSecurityToken();
            if (sct1 == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1809_SCT_NOT_FOUND());
                throw new XWSSecurityException("SecureConversation Token not Found");
            }
            sct  = context.getSecurityHeader().getChildElement(sct1.getWsuId());
            if(sct == null){
                sct1 = com.sun.xml.wss.impl.misc.SecurityUtil.getSCT(sct1, context.getSOAPVersion());
                if(includeToken){
                    if(context.getSecurityPolicyVersion().equals(MessageConstants.SECURITYPOLICY_12_NS)){
                        context.getSecurityHeader().add((SecurityContextToken13)sct1);
                    }else{
                        context.getSecurityHeader().add((SecurityContextToken)sct1);
                    }
                }
                if(context.getSecurityPolicyVersion().equals(MessageConstants.SECURITYPOLICY_12_NS)){
                    sct = (SecurityContextToken13)sct1;
                }else{
                    sct = (SecurityContextToken)sct1;
                }               
            }
            //Add ext elements;
        }
  
        String sctWsuId = sct.getId();
        if (sctWsuId == null) {
            sct.setId(context.generateID());
            sctWsuId = sct.getId();
        }              
        Key dataProtectionKey = null;      
        DirectReference directRef = elementFactory.createDirectReference();
        if(includeToken){
            directRef.setURI("#"+sctWsuId);
        } else{
            directRef.setURI(sct1.getIdentifier().toString())
        }      
        if (!sctBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(sctBinding.getIncludeToken()) ||
                !sctBinding.INCLUDE_ALWAYS.equals(sctBinding.getIncludeToken())) {
            if(context.getSecurityPolicyVersion().equals(MessageConstants.SECURITYPOLICY_12_NS)){
                directRef.setValueType(MessageConstants.SCT_13_VALUETYPE);               
            }else{
                directRef.setValueType(MessageConstants.SCT_VALUETYPE);               
            }
        }
    
        if(sct1.getInstance() != null && !context.isExpired()){
            ((com.sun.xml.ws.security.opt.impl.reference.DirectReference)directRef).setAttribute(
                    context.getWSSCVersion(context.getSecurityPolicyVersion()), "Instance", sct1.getInstance());
        }  
        byte[] proofKey = null;   
        if(sct1.getInstance() != null){
            if(context.isExpired()){
                proofKey = ictx.getProofKey();
            }else{
               if(ictx.getSecurityContextTokenInfo() != null){
                SecurityContextTokenInfo sctInstanceInfo = ictx.getSecurityContextTokenInfo();
                 proofKey = sctInstanceInfo.getInstanceSecret(sct1.getInstance());
               } else {
                   proofKey = ictx.getProofKey();
               }
            }
        }else{
            proofKey = ictx.getProofKey();
        }
        String jceAlgo = SecurityUtil.getSecretKeyAlgorithm(dataEncAlgo);
        //dataProtectionKey = new SecretKeySpec(ictx.getProofKey(), jceAlgo);
        dataProtectionKey = new SecretKeySpec(proofKey, jceAlgo);
        buildKeyInfo(directRef,context.generateID());
        sctResult.setKeyInfo(super.keyInfo);
        sctResult.setDataProtectionKey(dataProtectionKey);
        return sctResult;
    }
View Full Code Here

        if (sendEKSHA1) {
            if (context.getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE) == null) {
                sendEKSHA1 = false;
            }
        }
        BuilderResult stbResult = new BuilderResult();
        WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();       
        if (PolicyTypeUtil.usernameTokenBinding(ckBinding)) {
             if (sendEKSHA1) {
                String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
                buildKeyInfoWithEKSHA1(ekSha1Ref);
                dataProtectionKey = binding.getSecretKey();
                if(dataProtectionKey == null){
                    throw new XWSSecurityException("DataProtectionKey got from the  UsernameToken Binding is NULL");
                }
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (wss11Sender || wss10) {
                AuthenticationTokenPolicy.UsernameTokenBinding untBinding = null;
                dataProtectionKey = binding.getSecretKey();
                if(dataProtectionKey == null){
                    throw new XWSSecurityException("DataProtectionKey got from the  UsernameToken Binding is NULL");
                }
                if (context.getusernameTokenBinding() != null) {
                    untBinding = context.getusernameTokenBinding();
                    untBinding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
                } else {
                    throw new XWSSecurityException("Internal error: UsernameToken Binding not set on context");
                }
                UsernameToken unt = untBinding.getUsernameToken();
                String unTokenId = untBinding.getUUID();
                if (unTokenId == null || unTokenId.equals("")) {
                    unTokenId = context.generateID();
                }
                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "UsernameToken for SymmetricBinding is: " + unt);
                    logger.log(Level.FINEST, "Token ID for SymmetricBinding is: " + unTokenId);
                }
                SecurityHeaderElement ek = null;
                HashMap ekCache = context.getEncryptedKeyCache();
                String ekId = (String) ekCache.get(unTokenId);
                keyProtectionKey = untBinding.getSecretKey();
                if (ekId == null) {
                    TokenBuilder builder = new UsernameTokenBuilder(context, untBinding);
                    result = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) result.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    //Truncating 20 byte Key to 16 byte Key;
                    byte[] secretKey = untBinding.getSecretKey().getEncoded();
                    PasswordDerivedKey pdk = new PasswordDerivedKey();                   
                    Key dpKey = pdk.generate16ByteKeyforEncryption(secretKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), context.getAlgorithmSuite().getSymmetricKeyAlgorithm(), ekKI, dpKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(unTokenId, ekId);
                    context.addToCurrentSecretMap(ekId, dataProtectionKey);
                    try {
                        byte[] cipherVal = ((JAXBEncryptedKey) ek).getCipherValue();
                        byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        //byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        String encEkSha1 = Base64.encode(ekSha1);
                        context.setExtraneousProperty("EncryptedKeySHA1", encEkSha1);
                    } catch (java.security.NoSuchAlgorithmException nsa) {
                        throw new XWSSecurityException(nsa);
                    }
                } else {
                    if (ekId == null || ekId.length() == 0) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
                        throw new XWSSecurityException("Invalid EncryptedKey Id ");
                    }
                    dataProtectionKey = context.getCurrentSecretFromMap(ekId);
                }
                String valType = null;
                if (wss11Sender) {
                    valType = MessageConstants.EncryptedKey_NS;
                }
                com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference str = buildSTR(untBinding.getUUID(), buildDirectReference(ekId, valType));
                //str.setTokenType(MessageConstants.EncryptedKey_NS);
                buildKeyInfo((SecurityTokenReference) str);
                stbResult.setDataProtectionKey(dataProtectionKey);
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setEncryptedKey((EncryptedKey) ek);
            }
        } else if (!PolicyTypeUtil.kerberosTokenBinding(ckBinding)) {
            if (!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                if (keyProtectionAlg != null && !"".equals(keyProtectionAlg)) {
                    dataProtectionKey = SecurityUtil.generateSymmetricKey(dataProtectionAlg);
                }

                keyProtectionKey = binding.getSecretKey();
                if (dataProtectionKey == null) {
                    dataProtectionKey = keyProtectionKey;
                    keyProtectionKey = null;
                    buildKIWithKeyName(binding.getKeyIdentifier());
                }
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (sendEKSHA1) {
                //get the signing key and EKSHA1 reference from the Subject, it was stored from the incoming message
                String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
                buildKeyInfoWithEKSHA1(ekSha1Ref);
                dataProtectionKey = binding.getSecretKey();
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (wss11Sender || wss10) {
                dataProtectionKey = binding.getSecretKey();
                //TODO :: REMOVE ONCE THE CHANGE IS MADE IN FITERS
                AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
                if (!binding.getCertAlias().equals(MessageConstants._EMPTY)) {
                    certificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                    //x509Binding.newPrivateKeyBinding();
                    certificateBinding.setCertificateIdentifier(binding.getCertAlias());
                    X509Certificate x509Cert = context.getSecurityEnvironment().getCertificate(context.getExtraneousProperties(), certificateBinding.getCertificateIdentifier(), false);
                    certificateBinding.setX509Certificate(x509Cert);
                    certificateBinding.setReferenceType("Direct");
                } else if (context.getX509CertificateBinding() != null) {
                    certificateBinding = context.getX509CertificateBinding();
                    context.setX509CertificateBinding(null);
                } else {
                    throw new XWSSecurityException("Internal Error: X509CertificateBinding not set on context");
                }

                X509Certificate x509Cert = certificateBinding.getX509Certificate();
                String x509TokenId = certificateBinding.getUUID();
                if (x509TokenId == null || x509TokenId.equals("")) {
                    x509TokenId = context.generateID();
                }

                SecurityUtil.checkIncludeTokenPolicyOpt(context, certificateBinding, x509TokenId);

                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "Certificate for SymmetricBinding is: " + x509Cert);
                    logger.log(Level.FINEST, "BinaryToken ID for SymmetricBinding is: " + x509TokenId);
                }
                BinarySecurityToken bst = null;
                SecurityHeaderElement ek = null;

                HashMap ekCache = context.getEncryptedKeyCache();
                String ekId = (String) ekCache.get(x509TokenId);

                keyProtectionKey = x509Cert.getPublicKey();
                if (ekId == null) {

                    TokenBuilder builder = new X509TokenBuilder(context, certificateBinding);
                    BuilderResult bResult = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) bResult.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), keyProtectionAlg, ekKI, keyProtectionKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(x509TokenId, ekId);
View Full Code Here

       
        String referenceType = binding.getReferenceType();
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, LogStringsMessages.WSS_1853_REFERENCETYPE_KERBEROS_TOKEN(referenceType));
        }
        BuilderResult result = new BuilderResult();
       
        if(referenceType.equals(MessageConstants.DIRECT_REFERENCE_TYPE)){
            BinarySecurityToken bst = createKerberosBST(binding, binding.getTokenValue());
            if(bst == null){
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
                throw new XWSSecurityException(LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
            }
            DirectReference dr = buildDirectReference(bst.getId(), MessageConstants.KERBEROS_V5_GSS_APREQ);
            buildKeyInfo(dr,binding.getSTRID());
        } else if(referenceType.equals(MessageConstants.KEY_INDETIFIER_TYPE)){
            BinarySecurityToken bst = createKerberosBST(binding,binding.getTokenValue());
            buildKeyInfoWithKIKerberos(binding, MessageConstants.KERBEROS_v5_APREQ_IDENTIFIER);
            if(binding.getSTRID() != null){
                OctectStreamData osd = new OctectStreamData(new String(binding.getTokenValue()));
                context.getElementCache().put(binding.getSTRID(),osd);
            }
        } else{
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
            throw new XWSSecurityException(LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
        }
        result.setKeyInfo(keyInfo);
        return result;
    }
View Full Code Here

            KeyInfo keyInfo = null;
            SecurityHeader securityHeader = context.getSecurityHeader();
           
            //Get the Signing key and KeyInfo from TokenProcessor
            TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context);
            BuilderResult builderResult = tokenProcessor.process();
            signingKey = builderResult.getDataProtectionKey();
            keyInfo = builderResult.getKeyInfo();
           
            if (keyInfo != null || !keyBinding.isOptional()){
                SignedInfo signedInfo = signFactory.constructSignedInfo(context);
                JAXBSignContext signContext = new JAXBSignContext(signingKey);
                signContext.setURIDereferencer(DSigResolver.getInstance());
View Full Code Here

TOP

Related Classes of com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.