log.log(Level.WARNING, "None of the specified Encryption Parts found in the Message");
}
}
EncryptedKey _encryptedKey = null;
ReferenceListHeaderBlock _ekReferenceList = null;
ReferenceListHeaderBlock _standaloneReferenceList = null;
if (_keyEncryptor != null && !skbX509TokenInserted) {
try {
if(!dktSender){
_encryptedKey = _keyEncryptor.encryptKey(secureMsg.getSOAPPart(), _symmetricKey);
} else{
_encryptedKey = _keyEncryptor.encryptKey(secureMsg.getSOAPPart(), originalKey);
}
_encryptedKey.setId(ekId);
ekCache.put(x509TokenId, ekId);
KeyInfoHeaderBlock keyInfoBlock = new KeyInfoHeaderBlock(secureMsg.getSOAPPart());
if (samlTokenRef != null) {
keyInfoBlock.addSecurityTokenReference(samlTokenRef);
} else if(_x509Cert != null){
keyInfoStrategy.insertKey(keyInfoBlock, secureMsg, x509TokenId);
}else if(keyEncSK != null){
//keyInfoStrategy.insertKey(keyInfoBlock, secureMsg,null);
keyInfoBlock.addKeyName(symmetricKeyName);
}
KeyInfo keyInfo = keyInfoBlock.getKeyInfo(); /*new KeyInfo(keyInfoBlock.getAsSoapElement(), null); */
_encryptedKey.setKeyInfo(keyInfo);
} catch (Exception xe) {
log.log(Level.SEVERE, "WSS1223.unableto.set.KeyInfo.EncryptedKey", xe);
//xe.printStackTrace();
throw new XWSSecurityException(xe);
}
}
if (_encryptedKey != null && !dktSender && !useStandaloneRefList){
_ekReferenceList = new ReferenceListHeaderBlock(secureMsg.getSOAPPart());
}
// process APs - push only EDs (create EDs), modify AP headers/content
//When encrypting content and attachments with the same key process attachments first.
//SWA Spec.
SOAPElement x509Sibling = null;
if(x509TokenElement != null){
x509Sibling = (SOAPElement)x509TokenElement.getNextSibling();
}
Iterator _apartsI = _aparts.iterator();
if(_apartsI.hasNext()){
//We have attachments so get the cipher instances.
try{
//_attachmentEncryptor = Cipher.getInstance("DESede/CBC/ISO10126Padding");
//TODO:GETMAP -venu
String dataAlgorithm = JCEMapper.translateURItoJCEID(dataEncAlgo);
_attachmentEncryptor = Cipher.getInstance(dataAlgorithm);
_attachmentEncryptor.init(Cipher.ENCRYPT_MODE, _symmetricKey);
} catch (Exception xee) {
log.log(Level.SEVERE, "WSS1205.unableto.initialize.xml.cipher", xee);
throw new XWSSecurityException(
"Unable to initialize XML Cipher", xee);
}
}
while (_apartsI.hasNext()) {
Object[] s = (Object[])_apartsI.next();
AttachmentPart p = (AttachmentPart)s[0];
boolean b = ((Boolean)s[1]).booleanValue();
// create n push an ED
EncryptedDataHeaderBlock edhb = new EncryptedDataHeaderBlock();
String id = secureMsg.generateId();
edhb.setId(id);
edhb.setType( (b ? MessageConstants.ATTACHMENT_CONTENT_ONLY_URI : MessageConstants.ATTACHMENT_COMPLETE_URI));
edhb.setMimeType(p.getContentType());
String uri = p.getContentId();
if (uri != null) {
if ( uri.charAt(0) == '<' && uri.charAt(uri.length()-1) == '>'){
uri = "cid:" + uri.substring(1, uri.length()-1);
}else{
uri = "cid:" + uri;
}
} else {
uri = p.getContentLocation();
}
edhb.getCipherReference(true, uri);
edhb.setEncryptionMethod(dataEncAlgo);
edhb.addTransform(MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI);
encryptAttachment(p, b, _attachmentEncryptor);
if (_ekReferenceList != null){
_ekReferenceList.addReference("#"+id);
}
if(x509Sibling == null && x509TokenElement == null){
_secHeader.insertHeaderBlock(edhb);
}else{
if(x509Sibling != null){
_secHeader.insertBefore(edhb,x509Sibling);
}else{
_secHeader.appendChild(edhb);
}
}
}
int optType = -1;
Iterator _dnodeI = _dnodes.iterator();
while (_dnodeI.hasNext()) {
Object[] s = (Object[])_dnodeI.next();
Node n = (Node)s[0];
boolean b = ((Boolean)s[1]).booleanValue();
//TODO :Add Transforms here.
Element ed = null;
boolean _fi = false;
if(context.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY ){
if(_fi){
ed = encryptBodyContent(secureMsg,context.getCanonicalizedData(),_dataEncryptor);
}else{
signEncrypt(context, _dataCipher,_ekReferenceList,_standaloneReferenceList,keyInfoStrategy, dataEncAlgo);
continue;
}
}else{
if(n.getNodeType() == Node.TEXT_NODE){
ed = encryptElement(secureMsg, (SOAPElement) n.getParentNode(),true, _dataEncryptor);
}else{
ed = encryptElement(secureMsg, (SOAPElement)n, b, _dataEncryptor);
}
}
EncryptedHeaderBlock ehb = null;
boolean isEhb = false;
EncryptedDataHeaderBlock xencEncryptedData = new EncryptedDataHeaderBlock(
XMLUtil.convertToSoapElement( secureMsg.getSOAPPart(), ed));
String xencEncryptedDataId = secureMsg.generateId();
String xencEncryptedDataRef = "#" + xencEncryptedDataId;
if(ed.getParentNode() instanceof SOAPHeader && wss11Sender){
isEhb = true;
ehb = new EncryptedHeaderBlock(secureMsg.getSOAPPart());
ehb.setId(xencEncryptedDataId);
ehb.copyAttributes(secureMsg, _secHeader);
}else{
xencEncryptedData.setId(xencEncryptedDataId);
}
if (_ekReferenceList != null){
_ekReferenceList.addReference(xencEncryptedDataRef);
}else {
if (_standaloneReferenceList == null){
_standaloneReferenceList = new ReferenceListHeaderBlock(secureMsg.getSOAPPart());
}
_standaloneReferenceList.addReference(xencEncryptedDataRef);
KeyInfoHeaderBlock keyInfoBlock = new KeyInfoHeaderBlock(secureMsg.getSOAPPart());
SecurityTokenReference cloned = null;
if (dktSctTokenRef != null) {
cloned = new SecurityTokenReference((SOAPElement)dktSctTokenRef.cloneNode(true));
keyInfoBlock.addSecurityTokenReference(cloned);
} else if (secConvRef != null) {
cloned = new SecurityTokenReference((SOAPElement)secConvRef.cloneNode(true));
keyInfoBlock.addSecurityTokenReference(cloned);
} else if(ekTokenRef != null){
cloned = new SecurityTokenReference((SOAPElement)ekTokenRef.cloneNode(true));
keyInfoBlock.addSecurityTokenReference(cloned);
} else if (dktIssuedTokenRef != null) {
cloned = new SecurityTokenReference((SOAPElement)dktIssuedTokenRef.cloneNode(true));
keyInfoBlock.addSecurityTokenReference(cloned);
} else if (issuedTokenRef != null) {
cloned = new SecurityTokenReference((SOAPElement)issuedTokenRef.cloneNode(true));
keyInfoBlock.addSecurityTokenReference(cloned);
} else {
if (PolicyTypeUtil.x509CertificateBinding(keyBinding)){
//to handle EncryptBeforeSigning we split EK and RefList even in this case
DirectReference dRef = new DirectReference();
dRef.setURI("#"+ekId);
ekDirectRef = new SecurityTokenReference(secureMessage.getSOAPPart());
ekDirectRef.setReference(dRef);
keyInfoBlock.addSecurityTokenReference(ekDirectRef);
}else {
// this is the default KeyName case
keyInfoStrategy.insertKey(keyInfoBlock, secureMsg, null);
}
}
xencEncryptedData.setKeyInfo(keyInfoBlock);
}
if(isEhb){
try{
ed.getParentNode().replaceChild(ehb.getAsSoapElement(), ed);
ehb.addChildElement(xencEncryptedData.getAsSoapElement());
}catch(Exception se){se.printStackTrace();}
} else{
ed.getParentNode().replaceChild(xencEncryptedData.getAsSoapElement(), ed);
}
}
try {
x509Sibling = null;
if(x509TokenElement != null){
x509Sibling = (SOAPElement)x509TokenElement.getNextSibling();
}
if (_encryptedKey != null) {
SOAPElement se = (SOAPElement)_keyEncryptor.martial(_encryptedKey);
se = _secHeader.makeUsable(se);
if(_ekReferenceList != null)
se.appendChild(_ekReferenceList.getAsSoapElement());
//store EKSHA1 of KeyValue contents in context
Element cipherData = (Element)se.getChildElements(new QName(MessageConstants.XENC_NS, "CipherData", MessageConstants.XENC_PREFIX)).next();
String cipherValue = cipherData.getElementsByTagNameNS(MessageConstants.XENC_NS, "CipherValue").item(0).getTextContent();
byte[] decodedCipher = Base64.decode(cipherValue);
byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(decodedCipher);
String encEkSha1 = Base64.encode(ekSha1);
context.setExtraneousProperty("EncryptedKeySHA1", encEkSha1);
if(x509Sibling == null ){
if(x509TokenElement == null){
_secHeader.insertHeaderBlockElement(se);
}else{
_secHeader.appendChild(se);
}
}else{
_secHeader.insertBefore(se,x509Sibling);
}
//For SymmetricBinding with X509 case and for Asym with E before S
if (_standaloneReferenceList != null){
_secHeader.insertBefore(_standaloneReferenceList, se.getNextSibling());
context.setCurrentReferenceList(se.getNextSibling());
}
}else{
if (_standaloneReferenceList != null){
// if SCT or IssuedToken is not already in message then do what we did before WSIT
if ((sctElement == null) && (issuedTokenElementFromMsg == null)) {
if (insertedEkId != null) {
//insert the standalone reflist under EK
Element ekElem = secureMessage.getElementById(insertedEkId);
_secHeader.insertBefore(_standaloneReferenceList, ekElem.getNextSibling());
} else {
_secHeader.insertHeaderBlock(_standaloneReferenceList);
context.setCurrentReferenceList(_standaloneReferenceList.getAsSoapElement());
}
} else {
// insert standalone reflist under the SCT/Issued Token
if (sctElement != null) {
_secHeader.insertBefore(_standaloneReferenceList, sctElement.getNextSibling());
}else if (issuedTokenElementFromMsg != null) {
_secHeader.insertBefore(_standaloneReferenceList, issuedTokenElementFromMsg.getNextSibling());
} else {
_secHeader.insertHeaderBlock(_standaloneReferenceList);
context.setCurrentReferenceList(_standaloneReferenceList.getAsSoapElement());
}
}
}
}