Package com.sun.xml.ws.security.opt.crypto.dsig.keyinfo

Examples of com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo

232
233
234
235
236
237
238
239
240
241
242
       
        return xis;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(SecurityTokenReference str){
        KeyInfo keyInfo = new KeyInfo();
        JAXBElement je = new com.sun.xml.ws.security.secext10.ObjectFactory().createSecurityTokenReference(str);
        List strList = Collections.singletonList(je);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here
240
241
242
243
244
245
246
247
248
249
250
        keyInfo.setContent(strList);
        return keyInfo;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(KeyValue keyValue){
        KeyInfo keyInfo = new KeyInfo();
        JAXBElement je = new com.sun.xml.security.core.dsig.ObjectFactory().createKeyValue(keyValue);
        List strList = Collections.singletonList(je);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here
248
249
250
251
252
253
254
255
256
257
        keyInfo.setContent(strList);
        return keyInfo;
    }
    @SuppressWarnings("unchecked")
    public KeyInfo createKeyInfo(KeyName name){
        KeyInfo keyInfo = new KeyInfo();
        List strList = Collections.singletonList(name);
        keyInfo.setContent(strList);
        return keyInfo;
    }
View Full Code Here
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
            nsContext.addWSSNS();
            // Get the service certificate
            final X509Certificate serCert = getServiceCertificate(callbackHandler, stsConfig.getTrustSPMetadata(appliesTo), appliesTo);
           
            // Create the KeyInfo for SubjectConfirmation
            final KeyInfo keyInfo = createKeyInfo(keyType, serCert, context);
           
            // Create SAML assertion
            Assertion assertion = null;
            SAMLToken samlToken = null;
            if (WSTrustConstants.SAML10_ASSERTION_TOKEN_TYPE.equals(tokenType)||
                    WSTrustConstants.SAML11_ASSERTION_TOKEN_TYPE.equals(tokenType)){
                assertion = createSAML11Assertion(assertionId, issuer, appliesTo, keyInfo, claimedAttrs);
                samlToken = new SAMLToken(assertion,SAMLJAXBUtil.getJAXBContext(),soapVersion);
               
            } else if (WSTrustConstants.SAML20_ASSERTION_TOKEN_TYPE.equals(tokenType)){
                assertion = createSAML20Assertion(assertionId, issuer, appliesTo, keyInfo, claimedAttrs);
                samlToken = new SAMLToken(assertion,SAMLJAXBUtil.getJAXBContext(),soapVersion);
            } else{
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0031_UNSUPPORTED_TOKEN_TYPE(tokenType, appliesTo));
                throw new WSTrustException(LogStringsMessages.WST_0031_UNSUPPORTED_TOKEN_TYPE(tokenType, appliesTo));
            }
           
            // Get the STS's public and private key
            final SignatureKeyCallback.DefaultPrivKeyCertRequest request =
                    new SignatureKeyCallback.DefaultPrivKeyCertRequest();
            final Callback skc = new SignatureKeyCallback(request);
            final Callback[] callbacks = {skc};
            callbackHandler.handle(callbacks);
            final PrivateKey stsPrivKey = request.getPrivateKey();
           
            // Sign the assertion with STS's private key
            //Element signedAssertion = assertion.sign(request.getX509Certificate(), stsPrivKey);
            final SecurityHeaderElement signedAssertion = createSignature(request.getX509Certificate().getPublicKey(),stsPrivKey,samlToken,nsContext);
           
            //javax.xml.bind.Unmarshaller u = eleFac.getContext().createUnmarshaller();
            //JAXBElement<AssertionType> aType = u.unmarshal(signedAssertion, AssertionType.class);
            //assertion =  new com.sun.xml.wss.saml.assertion.saml11.jaxb20.Assertion(aType.getValue());
            token = new GenericToken(signedAssertion);
           
            if (stsConfig.getEncryptIssuedToken()){
                final String id = "uuid-" + UUID.randomUUID().toString();
                final int keysizeInBytes = 32;
                final byte[] skey = WSTrustUtil.generateRandomSecret(keysizeInBytes);
                final Key key = new SecretKeySpec(skey, "AES");
               
                final KeyInfo encKeyInfo = new KeyInfo();
                final EncryptedKey encKey = encryptKey(key, serCert);
                encKeyInfo.getContent().add(encKey);
                final EncryptedDataType edt = createEncryptedData(id,MessageConstants.AES_BLOCK_ENCRYPTION_256,encKeyInfo,false);
               
               
                final JAXBEncryptedData jed = new JAXBEncryptedData(edt,new SSEData((SecurityElement)signedAssertion,false,nsContext),soapVersion);
                token = new GenericToken(jed);
View Full Code Here
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
       
        return assertion;
    }
   
    private KeyInfo createKeyInfo(final String keyType, final X509Certificate serCert, final IssuedTokenContext ctx)throws WSTrustException{
        final KeyInfo keyInfo = new KeyInfo();
        if (WSTrustConstants.SYMMETRIC_KEY.equals(keyType)){
            final byte[] key = ctx.getProofKey();
            if (!stsConfig.getEncryptIssuedToken() && stsConfig.getEncryptIssuedKey()){
                try{
                    final Key secKey = new SecretKeySpec(key, "AES");
                    final EncryptedKey encKey = encryptKey(secKey, serCert);
                    keyInfo.getContent().add(encKey);
                }catch(Exception ex){
                    throw new WSTrustException(ex.getMessage(), ex);
                }
            }else{
                final BinarySecret secret = eleFac.createBinarySecret(key, wstVer.getSymmetricKeyTypeURI());
                keyInfo.getContent().add(secret);
            }
        }else if(WSTrustConstants.PUBLIC_KEY.equals(keyType)){
           
            final X509Data x509Data = new X509Data();
            final Set certs = ctx.getRequestorSubject().getPublicCredentials();
            if(certs == null){
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
            boolean addedClientCert = false;
            final ObjectFactory dsigOF = new ObjectFactory();
            for(Object o : certs){
                if(o instanceof X509Certificate){
                    final X509Certificate clientCert = (X509Certificate)o;
                   
                    JAXBElement<byte[]> certElement;
                    try {
                        certElement = dsigOF.createX509DataTypeX509Certificate(clientCert.getEncoded());
                    } catch (CertificateEncodingException ex) {
                        //ex.printStackTrace();
                        throw new WSTrustException("Unable to create KeyInfo",ex);
                    }
                    @SuppressWarnings("unchecked") final List<Object> x509DataContent = x509Data.getContent();
                    x509DataContent.add(certElement);
                    addedClientCert = true;
                   
                }
            }
            if(!addedClientCert){
                log.log(Level.SEVERE,
                        LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
            keyInfo.getContent().add(x509Data);
        }
       
        return keyInfo;
    }
View Full Code Here
428
429
430
431
432
433
434
435
436
437
438
       
        return keyInfo;
    }
   
    private EncryptedKey encryptKey(final Key key, final X509Certificate cert) throws XWSSecurityException{
        KeyInfo keyInfo = null;
        final KeyIdentifier keyIdentifier = wef.createKeyIdentifier();
        keyIdentifier.setValueType(MessageConstants.X509SubjectKeyIdentifier_NS);
        keyIdentifier.updateReferenceValue(cert);
        keyIdentifier.setEncodingType(MessageConstants.BASE64_ENCODING_NS);
        final SecurityTokenReference str = wef.createSecurityTokenReference(keyIdentifier);
View Full Code Here
98
99
100
101
102
103
104
105
106
107
108
109
110
        this.data = data;
        this.soapVersion = soapVersion;
    }
   
    public boolean refersToSecHdrWithId(String id) {
        KeyInfo ki = (KeyInfo) eht.getEncryptedData().getKeyInfo();
        if(ki != null){
            List list = ki.getContent();
            if(list.size() >0 ){
                Object data = list.get(0);
                if(data instanceof SecurityHeaderElement){
                    return ((SecurityHeaderElement)data).refersToSecHdrWithId(id);
                }
View Full Code Here
117
118
119
120
121
122
123
124
125
126
127
        EncryptedKeyType ekt = null;
        WSSPolicy wssPolicy = (WSSPolicy)context.getSecurityPolicy();
        EncryptionPolicy.FeatureBinding featureBinding =(EncryptionPolicy.FeatureBindingwssPolicy.getFeatureBinding();
        WSSPolicy keyBinding = (WSSPolicy)wssPolicy.getKeyBinding();
        EncryptedKey ek = null;
        KeyInfo edKeyInfo = null;
       
       
        if(logger.isLoggable(Level.FINEST)){
            logger.log(Level.FINEST, LogStringsMessages.WSS_1952_ENCRYPTION_KEYBINDING_VALUE(keyBinding));
        }
View Full Code Here
231
232
233
234
235
236
237
238
239
240
241
242
243
     * @param id
     * @return
     */
    @SuppressWarnings("unchecked")
    public boolean refersToSecHdrWithId(String id) {
        KeyInfo ki = (KeyInfo) this.ekt.getKeyInfo();
        if(ki != null){
            List list = ki.getContent();
            if(list.size() >0 ){
                Object data = ((JAXBElement)list.get(0)).getValue();
                if(data instanceof SecurityHeaderElement){
                    if(((SecurityHeaderElement)data).refersToSecHdrWithId(id)){
                        return true;
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
                String ekId = (String) ekCache.get(unTokenId);
                keyProtectionKey = untBinding.getSecretKey();
                if (ekId == null) {
                    TokenBuilder builder = new UsernameTokenBuilder(context, untBinding);
                    result = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) result.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    //Truncating 20 byte Key to 16 byte Key;
                    byte[] secretKey = untBinding.getSecretKey().getEncoded();
                    PasswordDerivedKey pdk = new PasswordDerivedKey();                   
                    Key dpKey = pdk.generate16ByteKeyforEncryption(secretKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), context.getAlgorithmSuite().getSymmetricKeyAlgorithm(), ekKI, dpKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(unTokenId, ekId);
                    context.addToCurrentSecretMap(ekId, dataProtectionKey);
                    try {
                        byte[] cipherVal = ((JAXBEncryptedKey) ek).getCipherValue();
                        byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        //byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(cipherVal);
                        String encEkSha1 = Base64.encode(ekSha1);
                        context.setExtraneousProperty("EncryptedKeySHA1", encEkSha1);
                    } catch (java.security.NoSuchAlgorithmException nsa) {
                        throw new XWSSecurityException(nsa);
                    }
                } else {
                    if (ekId == null || ekId.length() == 0) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
                        throw new XWSSecurityException("Invalid EncryptedKey Id ");
                    }
                    dataProtectionKey = context.getCurrentSecretFromMap(ekId);
                }
                String valType = null;
                if (wss11Sender) {
                    valType = MessageConstants.EncryptedKey_NS;
                }
                com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference str = buildSTR(untBinding.getUUID(), buildDirectReference(ekId, valType));
                //str.setTokenType(MessageConstants.EncryptedKey_NS);
                buildKeyInfo((SecurityTokenReference) str);
                stbResult.setDataProtectionKey(dataProtectionKey);
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setEncryptedKey((EncryptedKey) ek);
            }
        } else if (!PolicyTypeUtil.kerberosTokenBinding(ckBinding)) {
            if (!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                if (keyProtectionAlg != null && !"".equals(keyProtectionAlg)) {
                    dataProtectionKey = SecurityUtil.generateSymmetricKey(dataProtectionAlg);
                }

                keyProtectionKey = binding.getSecretKey();
                if (dataProtectionKey == null) {
                    dataProtectionKey = keyProtectionKey;
                    keyProtectionKey = null;
                    buildKIWithKeyName(binding.getKeyIdentifier());
                }
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (sendEKSHA1) {
                //get the signing key and EKSHA1 reference from the Subject, it was stored from the incoming message
                String ekSha1Ref = (String) context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
                buildKeyInfoWithEKSHA1(ekSha1Ref);
                dataProtectionKey = binding.getSecretKey();
                stbResult.setKeyInfo(super.keyInfo);
                stbResult.setDataProtectionKey(dataProtectionKey);
            } else if (wss11Sender || wss10) {
                dataProtectionKey = binding.getSecretKey();
                //TODO :: REMOVE ONCE THE CHANGE IS MADE IN FITERS
                AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
                if (!binding.getCertAlias().equals(MessageConstants._EMPTY)) {
                    certificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                    //x509Binding.newPrivateKeyBinding();
                    certificateBinding.setCertificateIdentifier(binding.getCertAlias());
                    X509Certificate x509Cert = context.getSecurityEnvironment().getCertificate(context.getExtraneousProperties(), certificateBinding.getCertificateIdentifier(), false);
                    certificateBinding.setX509Certificate(x509Cert);
                    certificateBinding.setReferenceType("Direct");
                } else if (context.getX509CertificateBinding() != null) {
                    certificateBinding = context.getX509CertificateBinding();
                    context.setX509CertificateBinding(null);
                } else {
                    throw new XWSSecurityException("Internal Error: X509CertificateBinding not set on context");
                }

                X509Certificate x509Cert = certificateBinding.getX509Certificate();
                String x509TokenId = certificateBinding.getUUID();
                if (x509TokenId == null || x509TokenId.equals("")) {
                    x509TokenId = context.generateID();
                }

                SecurityUtil.checkIncludeTokenPolicyOpt(context, certificateBinding, x509TokenId);

                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "Certificate for SymmetricBinding is: " + x509Cert);
                    logger.log(Level.FINEST, "BinaryToken ID for SymmetricBinding is: " + x509TokenId);
                }
                BinarySecurityToken bst = null;
                SecurityHeaderElement ek = null;

                HashMap ekCache = context.getEncryptedKeyCache();
                String ekId = (String) ekCache.get(x509TokenId);

                keyProtectionKey = x509Cert.getPublicKey();
                if (ekId == null) {

                    TokenBuilder builder = new X509TokenBuilder(context, certificateBinding);
                    BuilderResult bResult = builder.process();
                    KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) bResult.getKeyInfo();
                    context.setExtraneousProperty("SecretKey", dataProtectionKey);
                    ek = (SecurityHeaderElement) elementFactory.createEncryptedKey(context.generateID(), keyProtectionAlg, ekKI, keyProtectionKey, dataProtectionKey);
                    context.getSecurityHeader().add(ek);
                    ekId = ek.getId();
                    ekCache.put(x509TokenId, ekId);
View Full Code Here
TOP

Related Classes of com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo

  • com.sun.xml.ws.security.opt.impl.dsig.JAXBSignatureHeaderElement
  • com.sun.xml.ws.security.opt.impl.enc.EncryptedHeader
  • com.sun.xml.ws.security.opt.impl.enc.EncryptionProcessor
  • com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedData
  • com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey
  • com.sun.xml.ws.security.opt.impl.enc.TokenProcessor
  • com.sun.xml.ws.security.opt.impl.keyinfo.IssuedTokenBuilder
  • com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder
  • com.sun.xml.ws.security.opt.impl.util.WSSElementFactory
  • com.sun.xml.ws.security.trust.impl.SBIssuedSamlTokenContractImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.