Package com.sun.xml.wss.impl

Examples of com.sun.xml.wss.impl.SecurityRecipient$EncryptedData

335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
      throws IOException, ASN1Exception, GeneralSecurityException {
  // byte[] encodedData;
  ByteArrayInputStream bais;
  PBEKeySpec pbeSpec = null;
  byte[] data = null;
  EncryptedData encData = null;

  if (((ContentInfo) this.get(i)).getContent() instanceof EncryptedData) {
      encData = (EncryptedData) ((ContentInfo) this.get(i)).getContent();
  } else {
      System.out
        .println("This bag is public-key protected or not protected at all.");
      return null;
  }
  // "PbeWithSHAAnd40BitRC2_CBC";
  String algName = encData.getAlgorithm();

  // Create the PBEBMPKey ;
  pbeSpec = new PBEKeySpec(passwd);
  SecretKeyFactory skf = null;
  skf = SecretKeyFactory.getInstance(algName);
  SecretKey pbeKey = skf.generateSecret(pbeSpec);
  encData.init(pbeKey);
  data = encData.getData();
  bais = new ByteArrayInputStream(data);
  SafeContents safe = new SafeContents();
  BERDecoder decoder = new BERDecoder(bais);
  safe.decode(decoder);
  bais.close();
View Full Code Here
452
453
454
455
456
457
458
459
460
461
462
463
  SecretKey pbekey = skf.generateSecret(pbeSpec);

  // System.out.println("The pbe key for encrypting");
  // System.out.println(new ASN1OctetString(pbekey.getEncoded()));
  // make an EncryptedData and put it in a ContentInfo
  EncryptedData ecd = new EncryptedData(algorithm, pbekey, params);
  ecd.setData(bais);
  bais.close();

  ContentInfo cinfo = new ContentInfo();
  cinfo.setContent(new codec.asn1.ASN1ObjectIdentifier(
    "1.2.840.113549.1.7.6"), ecd);
View Full Code Here
43
44
45
46
47
48
49
50
51
52
53
        assertEquals("ticket's realm", "MY.REALM", ticket.getRealm());
        assertEquals("ticket's sname", new PrincipalName(0, new String[] {
                "krbtgt", "MY.REALM" }), ticket.getSname());
       
        // enc-part
        EncryptedData encPart = reply.getEncPart();
        assertEquals("etype", 3, encPart.getEtype());
        assertEquals("kvno", 1, encPart.getKvno());
        assertTrue("cipher", Arrays.equals(new byte[] { 0x0f }, encPart
                .getCipher()));
    }
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
        this.protocolVersion = protocolVersion;
        preMaster = generatePreMaster(generator, protocolVersion);

        // Encrypt premaster secret
        try {
            EncryptedData eData = new EncryptedData(sessionKey, preMaster,
                KeyUsage.KU_UNKNOWN);
            encrypted = eData.getBytes()// not ASN.1 encoded.

        } catch (KrbException e) {
            throw (SSLKeyException)new SSLKeyException
                ("Kerberos premaster secret error").initCause(e);
        }
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
               "are not supported for TLS Kerberos cipher suites");
        }

         // Decrypt premaster secret
         try {
            EncryptedData data = new EncryptedData(sessionKey.getEType(),
                        null /* optional kvno */, encrypted);

            byte[] temp = data.decrypt(sessionKey, KeyUsage.KU_UNKNOWN);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 if (encrypted != null) {
                     Debug.println(System.out,
                         "decrypted premaster secret", temp);
                 }
            }

            // Reset data stream after decryption, remove redundant bytes
            preMaster =  data.reset(temp, false);

            protocolVersion = ProtocolVersion.valueOf(preMaster[0],
                 preMaster[1]);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 System.out.println("Kerberos PreMasterSecret version: "
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
91
92
        this.protocolVersion = protocolVersion;
        preMaster = generatePreMaster(generator, protocolVersion);

        // Encrypt premaster secret
        try {
            EncryptedData eData = new EncryptedData(sessionKey, preMaster,
                KeyUsage.KU_UNKNOWN);
            encrypted = eData.getBytes()// not ASN.1 encoded.

        } catch (KrbException e) {
            throw (SSLKeyException)new SSLKeyException
                ("Kerberos premaster secret error").initCause(e);
        }
View Full Code Here
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
               "are not supported for TLS Kerberos cipher suites");
        }

        // Decrypt premaster secret
        try {
            EncryptedData data = new EncryptedData(sessionKey.getEType(),
                        null /* optional kvno */, encrypted);

            byte[] temp = data.decrypt(sessionKey, KeyUsage.KU_UNKNOWN);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 if (encrypted != null) {
                     Debug.println(System.out,
                         "decrypted premaster secret", temp);
                 }
            }

            // Remove padding bytes after decryption. Only DES and DES3 have
            // paddings and we don't support DES3 in TLS (see above)

            if (temp.length == 52 &&
                    data.getEType() == EncryptedData.ETYPE_DES_CBC_CRC) {
                // For des-cbc-crc, 4 paddings. Value can be 0x04 or 0x00.
                if (paddingByteIs(temp, 52, (byte)4) ||
                        paddingByteIs(temp, 52, (byte)0)) {
                    temp = Arrays.copyOf(temp, 48);
                }
            } else if (temp.length == 56 &&
                    data.getEType() == EncryptedData.ETYPE_DES_CBC_MD5) {
                // For des-cbc-md5, 8 paddings with 0x08, or no padding
                if (paddingByteIs(temp, 56, (byte)8)) {
                    temp = Arrays.copyOf(temp, 48);
                }
            }
View Full Code Here
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
        EncryptionKey sessionKey = null;

        try {
            Ticket t = new Ticket(encodedTicket);

            EncryptedData encPart = t.encPart;
            PrincipalName ticketSname = t.sname;
            Realm ticketRealm = t.realm;

            String serverPrincipal = serverKeys[0].getPrincipal().getName();

            /*
             * permission to access and use the secret key of the Kerberized
             * "host" service is done in ServerHandshaker.getKerberosKeys()
             * to ensure server has the permission to use the secret key
             * before promising the client
             */

            // Check that ticket Sname matches serverPrincipal
            String ticketPrinc = ticketSname.toString().concat("@" +
                                        ticketRealm.toString());
            if (!ticketPrinc.equals(serverPrincipal)) {
                if (debug != null && Debug.isOn("handshake"))
                   System.out.println("Service principal in Ticket does not"
                        + " match associated principal in KerberosKey");
                throw new IOException("Server principal is " +
                    serverPrincipal + " but ticket is for " +
                    ticketPrinc);
            }

            // See if we have the right key to decrypt the ticket to get
            // the session key.
            int encPartKeyType = encPart.getEType();
            Integer encPartKeyVersion = encPart.getKeyVersionNumber();
            KerberosKey dkey = null;
            try {
                dkey = findKey(encPartKeyType, encPartKeyVersion, serverKeys);
            } catch (KrbException ke) { // a kvno mismatch
                throw new IOException(
                        "Cannot find key matching version number", ke);
            }
            if (dkey == null) {
                // %%% Should print string repr of etype
                throw new IOException(
        "Cannot find key of appropriate type to decrypt ticket - need etype " +
                                   encPartKeyType);
            }

            EncryptionKey secretKey = new EncryptionKey(
                encPartKeyType,
                dkey.getEncoded());

            // Decrypt encPart using server's secret key
            byte[] bytes = encPart.decrypt(secretKey, KeyUsage.KU_TICKET);

            // Reset data stream after decryption, remove redundant bytes
            byte[] temp = encPart.reset(bytes);
            EncTicketPart encTicketPart = new EncTicketPart(temp);

            // Record the Kerberos Principals
            peerPrincipal =
                new KerberosPrincipal(encTicketPart.cname.getName());
View Full Code Here
TOP

Related Classes of com.sun.xml.wss.impl.SecurityRecipient$EncryptedData

  • codec.asn1.ASN1Integer
  • codec.asn1.ASN1ObjectIdentifier
  • codec.pkcs12.AuthenticatedSafe
  • com.sun.xml.wss.core.SecurityHeader
  • com.sun.xml.wss.impl.callback.DynamicPolicyCallback
  • com.sun.xml.wss.impl.config.ApplicationSecurityConfiguration
  • com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration
  • com.sun.xml.wss.impl.configuration.DynamicApplicationContext
  • com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy
  • com.sun.xml.wss.impl.policy.mls.MessagePolicy
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.