@SuppressWarnings("unchecked")
public static EncryptedData processEncryptedData(SOAPElement encDataElement,SecretKey key,
XMLCipher dataCipher,FilterProcessingContext context,ArrayList requiredTargets,
ArrayList optionalTargets,EncryptionPolicy encryptionPolicy,boolean updateSH) throws XWSSecurityException {
EncryptedDataHeaderBlock xencEncryptedData = new EncryptedDataHeaderBlock(encDataElement);
SecurableSoapMessage secureMessage = context.getSecurableSoapMessage();
KeyInfoHeaderBlock keyInfo = xencEncryptedData.getKeyInfo();
String algorithm = null;
algorithm = xencEncryptedData.getEncryptionMethodURI();
EncryptionPolicy inferredPolicy = (EncryptionPolicy)context.getInferredPolicy();
EncryptionPolicy.FeatureBinding fb = null;
//used for WSDL_POLICY mode
EncryptionPolicy inferredWsdlEncPolicy = null;
if(context.getMode() == FilterProcessingContext.WSDL_POLICY){
try{
int i = context.getInferredSecurityPolicy().size() - 1;
inferredWsdlEncPolicy = (EncryptionPolicy)context.getInferredSecurityPolicy().get(i);
} catch(Exception e){
log.log(Level.SEVERE, "WSS1237.Error.Processing.EncrpytedData", e);
throw new XWSSecurityException(e);
}
}
if(inferredPolicy != null){
fb = (EncryptionPolicy.FeatureBinding)inferredPolicy.getFeatureBinding();
fb.setDataEncryptionAlgorithm(algorithm);
}
SecretKey symmetricKey = null;
if (keyInfo == null ) {
if(key == null){
log.log(Level.SEVERE, "WSS1231.null.SymmetricKey");
throw new XWSSecurityException("Symmetric Key is null");
}
symmetricKey = key;
} else {
context.setDataEncryptionAlgorithm(algorithm);
symmetricKey = (SecretKey) KeyResolver.getKey(keyInfo, false, context);
context.setDataEncryptionAlgorithm(null);
}
if (symmetricKey == null) {
log.log(Level.SEVERE, "WSS1202.couldnot.locate.symmetrickey");
throw new XWSSecurityException("Couldn't locate symmetricKey for decryption");
}
boolean isAttachment = false;
String type = xencEncryptedData.getType();
if (type.equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_URI) ||
type.equals(MessageConstants.ATTACHMENT_COMPLETE_URI)){
isAttachment = true;
}
Node parent = null;
Node prevSibling = null;
boolean contentOnly = false;
Element actualEncrypted = null;
//String processedEncryptedDataId = xencEncryptedData.getId();
AttachmentPart encryptedAttachment = null;
com.sun.xml.messaging.saaj.soap.AttachmentPartImpl _attachmentBuffer =
new com.sun.xml.messaging.saaj.soap.AttachmentPartImpl();
if (isAttachment) {
// decrypt attachment
String uri = xencEncryptedData.getCipherReference(false, null).getAttribute("URI");
contentOnly = type.equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_URI);
try {
AttachmentPart p = secureMessage.getAttachmentPart(uri);
Iterator j = p.getAllMimeHeaders();
while (j.hasNext()) {
MimeHeader mh = (MimeHeader)j.next();
_attachmentBuffer.setMimeHeader(mh.getName(), mh.getValue());
}
_attachmentBuffer.setDataHandler(p.getDataHandler());
encryptedAttachment = decryptAttachment(secureMessage, xencEncryptedData, symmetricKey);
} catch (java.io.IOException ioe) {
log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", ioe);
throw new XWSSecurityException(ioe);
} catch (javax.xml.soap.SOAPException se) {
log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", se);
throw new XWSSecurityException(se);
} catch (javax.mail.MessagingException me) {
log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", me);
throw new XWSSecurityException(me);
}
encDataElement.detachNode();
} else {
parent = encDataElement.getParentNode();
prevSibling = encDataElement.getPreviousSibling();
if( dataCipher == null){
dataCipher = initXMLCipher(symmetricKey, algorithm);
}
if(parent.getLocalName()==MessageConstants.ENCRYPTED_HEADER_LNAME||parent.getLocalName().equals(MessageConstants.ENCRYPTED_HEADER_LNAME)){
try{
encDataElement.getParentNode().getParentNode().replaceChild(encDataElement, parent);
parent = encDataElement.getParentNode();
prevSibling = encDataElement.getPreviousSibling();
}catch(DOMException e) {
log.log(Level.SEVERE, "WSS1242.exception.dom" ,e);
throw new XWSSecurityException(e);
}
}
decryptElementWithCipher(dataCipher, encDataElement, secureMessage);
SOAPElement currentNode = null;
if(updateSH && secureMessage.findSecurityHeader().getCurrentHeaderBlockElement() ==
encDataElement){
if(prevSibling == null ){
currentNode = (SOAPElement)parent.getFirstChild();
}else{
currentNode = (SOAPElement)prevSibling.getNextSibling();
}
secureMessage.findSecurityHeader().setCurrentHeaderElement(currentNode);
}
if (xencEncryptedData.getType().equals(MessageConstants.XENC_NS+"Content")) {
actualEncrypted = (Element)resolveEncryptedNode(parent,prevSibling,true);
contentOnly = true;
}else{
if (xencEncryptedData.getType().equals(MessageConstants.XENC_NS+"Element")) {
actualEncrypted = (Element)resolveEncryptedNode(parent,prevSibling,false);
contentOnly = false;
}
}
}
if(context.getMode() == FilterProcessingContext.POSTHOC){
//log;
if(encryptionPolicy == null){
encryptionPolicy = new EncryptionPolicy();
}
EncryptionPolicy.FeatureBinding eFB = (EncryptionPolicy.FeatureBinding )
encryptionPolicy.getFeatureBinding();
EncryptionTarget encTarget = new EncryptionTarget();
//target.addCipherReferenceTransform(transform
encTarget.setDataEncryptionAlgorithm(algorithm);
encTarget.setContentOnly(contentOnly);
if(isAttachment){
encTarget.addCipherReferenceTransform(type);
}
if(encryptedAttachment != null){
encTarget.setValue(encryptedAttachment.getContentId());
}else{
String id = actualEncrypted.getAttribute("Id");
if("".equals(id)){
id = actualEncrypted.getAttributeNS(MessageConstants.WSU_NS, "Id");
}
encTarget.setValue(id);
}
encTarget.setType(Target.TARGET_TYPE_VALUE_URI);
encTarget.setElementData(actualEncrypted);
Iterator transformItr = xencEncryptedData.getTransforms();
if(transformItr != null){
while(transformItr.hasNext()){
encTarget.addCipherReferenceTransform((String)transformItr.next());
}
}