Package com.sun.xml.ws.security.opt.crypto.dsig.keyinfo

Examples of com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo


       
        return xis;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(SecurityTokenReference str){
        KeyInfo keyInfo = new KeyInfo();
        JAXBElement je = new com.sun.xml.ws.security.secext10.ObjectFactory().createSecurityTokenReference(str);
        List strList = Collections.singletonList(je);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here


        keyInfo.setContent(strList);
        return keyInfo;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(KeyValue keyValue){
        KeyInfo keyInfo = new KeyInfo();
        JAXBElement je = new com.sun.xml.security.core.dsig.ObjectFactory().createKeyValue(keyValue);
        List strList = Collections.singletonList(je);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here

        keyInfo.setContent(strList);
        return keyInfo;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(KeyName name){
        KeyInfo keyInfo = new KeyInfo();
        List strList = Collections.singletonList(name);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here

            nsContext.addWSSNS();
            // Get the service certificate
            final X509Certificate serCert = getServiceCertificate(callbackHandler, stsConfig.getTrustSPMetadata(appliesTo), appliesTo);
           
            // Create the KeyInfo for SubjectConfirmation
            final KeyInfo keyInfo = createKeyInfo(keyType, serCert, context);
           
            // Create SAML assertion
            Assertion assertion = null;
            SAMLToken samlToken = null;
            if (WSTrustConstants.SAML10_ASSERTION_TOKEN_TYPE.equals(tokenType)||
                    WSTrustConstants.SAML11_ASSERTION_TOKEN_TYPE.equals(tokenType)){
                assertion = createSAML11Assertion(assertionId, issuer, appliesTo, keyInfo, claimedAttrs);
                samlToken = new SAMLToken(assertion,SAMLJAXBUtil.getJAXBContext(),soapVersion);
               
            } else if (WSTrustConstants.SAML20_ASSERTION_TOKEN_TYPE.equals(tokenType)){
                assertion = createSAML20Assertion(assertionId, issuer, appliesTo, keyInfo, claimedAttrs);
                samlToken = new SAMLToken(assertion,SAMLJAXBUtil.getJAXBContext(),soapVersion);
            } else{
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0031_UNSUPPORTED_TOKEN_TYPE(tokenType, appliesTo));
                throw new WSTrustException(LogStringsMessages.WST_0031_UNSUPPORTED_TOKEN_TYPE(tokenType, appliesTo));
            }
           
            // Get the STS's public and private key
            final SignatureKeyCallback.DefaultPrivKeyCertRequest request =
                    new SignatureKeyCallback.DefaultPrivKeyCertRequest();
            final Callback skc = new SignatureKeyCallback(request);
            final Callback[] callbacks = {skc};
            callbackHandler.handle(callbacks);
            final PrivateKey stsPrivKey = request.getPrivateKey();
           
            // Sign the assertion with STS's private key
            //Element signedAssertion = assertion.sign(request.getX509Certificate(), stsPrivKey);
            final SecurityHeaderElement signedAssertion = createSignature(request.getX509Certificate().getPublicKey(),stsPrivKey,samlToken,nsContext);
           
            //javax.xml.bind.Unmarshaller u = eleFac.getContext().createUnmarshaller();
            //JAXBElement<AssertionType> aType = u.unmarshal(signedAssertion, AssertionType.class);
            //assertion =  new com.sun.xml.wss.saml.assertion.saml11.jaxb20.Assertion(aType.getValue());
            token = new GenericToken(signedAssertion);
           
            if (stsConfig.getEncryptIssuedToken()){
                final String id = "uuid-" + UUID.randomUUID().toString();
                final int keysizeInBytes = 32;
                final byte[] skey = WSTrustUtil.generateRandomSecret(keysizeInBytes);
                final Key key = new SecretKeySpec(skey, "AES");
               
                final KeyInfo encKeyInfo = new KeyInfo();
                final EncryptedKey encKey = encryptKey(key, serCert);
                encKeyInfo.getContent().add(encKey);
                final EncryptedDataType edt = createEncryptedData(id,MessageConstants.AES_BLOCK_ENCRYPTION_256,encKeyInfo,false);
               
               
                final JAXBEncryptedData jed = new JAXBEncryptedData(edt,new SSEData((SecurityElement)signedAssertion,false,nsContext),soapVersion);
                token = new GenericToken(jed);
View Full Code Here

       
        return assertion;
    }
   
    private KeyInfo createKeyInfo(final String keyType, final X509Certificate serCert, final IssuedTokenContext ctx)throws WSTrustException{
        final KeyInfo keyInfo = new KeyInfo();
        if (WSTrustConstants.SYMMETRIC_KEY.equals(keyType)){
            final byte[] key = ctx.getProofKey();
            if (!stsConfig.getEncryptIssuedToken() && stsConfig.getEncryptIssuedKey()){
                try{
                    final Key secKey = new SecretKeySpec(key, "AES");
                    final EncryptedKey encKey = encryptKey(secKey, serCert);
                    keyInfo.getContent().add(encKey);
                }catch(Exception ex){
                    throw new WSTrustException(ex.getMessage(), ex);
                }
            }else{
                final BinarySecret secret = eleFac.createBinarySecret(key, wstVer.getSymmetricKeyTypeURI());
                keyInfo.getContent().add(secret);
            }
        }else if(WSTrustConstants.PUBLIC_KEY.equals(keyType)){
           
            final X509Data x509Data = new X509Data();
            final Set certs = ctx.getRequestorSubject().getPublicCredentials();
            if(certs == null){
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
            boolean addedClientCert = false;
            final ObjectFactory dsigOF = new ObjectFactory();
            for(Object o : certs){
                if(o instanceof X509Certificate){
                    final X509Certificate clientCert = (X509Certificate)o;
                   
                    JAXBElement<byte[]> certElement;
                    try {
                        certElement = dsigOF.createX509DataTypeX509Certificate(clientCert.getEncoded());
                    } catch (CertificateEncodingException ex) {
                        //ex.printStackTrace();
                        throw new WSTrustException("Unable to create KeyInfo",ex);
                    }
                    @SuppressWarnings("unchecked") final List<Object> x509DataContent = x509Data.getContent();
                    x509DataContent.add(certElement);
                    addedClientCert = true;
                   
                }
            }
            if(!addedClientCert){
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
            keyInfo.getContent().add(x509Data);
        }
       
        return keyInfo;
    }
View Full Code Here

       
        return keyInfo;
    }
   
    private EncryptedKey encryptKey(final Key key, final X509Certificate cert) throws XWSSecurityException{
        KeyInfo keyInfo = null;
        final KeyIdentifier keyIdentifier = wef.createKeyIdentifier();
        keyIdentifier.setValueType(MessageConstants.X509SubjectKeyIdentifier_NS);
        keyIdentifier.updateReferenceValue(cert);
        keyIdentifier.setEncodingType(MessageConstants.BASE64_ENCODING_NS);
        final SecurityTokenReference str = wef.createSecurityTokenReference(keyIdentifier);
View Full Code Here

        this.data = data;
        this.soapVersion = soapVersion;
    }
   
    public boolean refersToSecHdrWithId(String id) {
        KeyInfo ki = (KeyInfo) eht.getEncryptedData().getKeyInfo();
        if(ki != null){
            List list = ki.getContent();
            if(list.size() >0 ){
                Object data = list.get(0);
                if(data instanceof SecurityHeaderElement){
                    return ((SecurityHeaderElement)data).refersToSecHdrWithId(id);
                }
View Full Code Here

        EncryptedKeyType ekt = null;
        WSSPolicy wssPolicy = (WSSPolicy)context.getSecurityPolicy();
        EncryptionPolicy.FeatureBinding featureBinding =(EncryptionPolicy.FeatureBindingwssPolicy.getFeatureBinding();
        WSSPolicy keyBinding = (WSSPolicy)wssPolicy.getKeyBinding();
        EncryptedKey ek = null;
        KeyInfo edKeyInfo = null;
       
       
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, LogStringsMessages.WSS_1952_ENCRYPTION_KEYBINDING_VALUE(keyBinding));
        }
View Full Code Here

     * @param id
     * @return
     */
    @SuppressWarnings("unchecked")
    public boolean refersToSecHdrWithId(String id) {
        KeyInfo ki = (KeyInfo) this.ekt.getKeyInfo();
        if(ki != null){
            List list = ki.getContent();
            if(list.size() >0 ){
                Object data = ((JAXBElement)list.get(0)).getValue();
                if(data instanceof SecurityHeaderElement){
                    if(((SecurityHeaderElement)data).refersToSecHdrWithId(id)){
                        return true;
View Full Code Here

                String ekId = (String) ekCache.get(unTokenId);
                keyProtectionKey = untBinding.getSecretKey();
                if (ekId == null) {
                    TokenBuilder builder = new UsernameTokenBuilder(context, untBinding);
                    result = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) result.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    //Truncating 20 byte Key to 16 byte Key;
                    byte[] secretKey = untBinding.getSecretKey().getEncoded();
                    PasswordDerivedKey pdk = new PasswordDerivedKey();                   
                    Key dpKey = pdk.generate16ByteKeyforEncryption(secretKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), context.getAlgorithmSuite().getSymmetricKeyAlgorithm(), ekKI, dpKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(unTokenId, ekId);
                    context.addToCurrentSecretMap(ekId, dataProtectionKey);
                    try {
                        byte[] cipherVal = ((JAXBEncryptedKey) ek).getCipherValue();
                        byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        //byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        String encEkSha1 = Base64.encode(ekSha1);
                        context.setExtraneousProperty("EncryptedKeySHA1", encEkSha1);
                    } catch (java.security.NoSuchAlgorithmException nsa) {
                        throw new XWSSecurityException(nsa);
                    }
                } else {
                    if (ekId == null || ekId.length() == 0) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
                        throw new XWSSecurityException("Invalid EncryptedKey Id ");
                    }
                    dataProtectionKey = context.getCurrentSecretFromMap(ekId);
                }
                String valType = null;
                if (wss11Sender) {
                    valType = MessageConstants.EncryptedKey_NS;
                }
                com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference str = buildSTR(untBinding.getUUID(), buildDirectReference(ekId, valType));
                //str.setTokenType(MessageConstants.EncryptedKey_NS);
                buildKeyInfo((SecurityTokenReference) str);
                stbResult.setDataProtectionKey(dataProtectionKey);
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setEncryptedKey((EncryptedKey) ek);
            }
        } else if (!PolicyTypeUtil.kerberosTokenBinding(ckBinding)) {
            if (!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                if (keyProtectionAlg != null && !"".equals(keyProtectionAlg)) {
                    dataProtectionKey = SecurityUtil.generateSymmetricKey(dataProtectionAlg);
                }

                keyProtectionKey = binding.getSecretKey();
                if (dataProtectionKey == null) {
                    dataProtectionKey = keyProtectionKey;
                    keyProtectionKey = null;
                    buildKIWithKeyName(binding.getKeyIdentifier());
                }
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (sendEKSHA1) {
                //get the signing key and EKSHA1 reference from the Subject, it was stored from the incoming message
                String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
                buildKeyInfoWithEKSHA1(ekSha1Ref);
                dataProtectionKey = binding.getSecretKey();
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (wss11Sender || wss10) {
                dataProtectionKey = binding.getSecretKey();
                //TODO :: REMOVE ONCE THE CHANGE IS MADE IN FITERS
                AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
                if (!binding.getCertAlias().equals(MessageConstants._EMPTY)) {
                    certificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                    //x509Binding.newPrivateKeyBinding();
                    certificateBinding.setCertificateIdentifier(binding.getCertAlias());
                    X509Certificate x509Cert = context.getSecurityEnvironment().getCertificate(context.getExtraneousProperties(), certificateBinding.getCertificateIdentifier(), false);
                    certificateBinding.setX509Certificate(x509Cert);
                    certificateBinding.setReferenceType("Direct");
                } else if (context.getX509CertificateBinding() != null) {
                    certificateBinding = context.getX509CertificateBinding();
                    context.setX509CertificateBinding(null);
                } else {
                    throw new XWSSecurityException("Internal Error: X509CertificateBinding not set on context");
                }

                X509Certificate x509Cert = certificateBinding.getX509Certificate();
                String x509TokenId = certificateBinding.getUUID();
                if (x509TokenId == null || x509TokenId.equals("")) {
                    x509TokenId = context.generateID();
                }

                SecurityUtil.checkIncludeTokenPolicyOpt(context, certificateBinding, x509TokenId);

                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "Certificate for SymmetricBinding is: " + x509Cert);
                    logger.log(Level.FINEST, "BinaryToken ID for SymmetricBinding is: " + x509TokenId);
                }
                BinarySecurityToken bst = null;
                SecurityHeaderElement ek = null;

                HashMap ekCache = context.getEncryptedKeyCache();
                String ekId = (String) ekCache.get(x509TokenId);

                keyProtectionKey = x509Cert.getPublicKey();
                if (ekId == null) {

                    TokenBuilder builder = new X509TokenBuilder(context, certificateBinding);
                    BuilderResult bResult = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) bResult.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), keyProtectionAlg, ekKI, keyProtectionKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(x509TokenId, ekId);
View Full Code Here

TOP

Related Classes of com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.