if (context.getAlgorithmSuite() != null) {
encAlgo = SecurityUtil.getSecretKeyAlgorithm(context.getAlgorithmSuite().getEncryptionAlgorithm());
}
if(isWSITRecipient){
MLSPolicy inferredKB = inferredSignaturePolicy.getKeyBinding();
SecureConversationTokenKeyBinding sctBinding = new SecureConversationTokenKeyBinding();
if(inferredKB == null){
inferredSignaturePolicy.setKeyBinding(sctBinding);
} else if(PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)){
if(((DerivedTokenKeyBinding)inferredKB).getOriginalKeyBinding() == null)
((DerivedTokenKeyBinding)inferredKB).setOriginalKeyBinding(sctBinding);
}
}
returnKey = new SecretKeySpec(proofKey, encAlgo);
} else {
log.log(Level.SEVERE, LogStringsMessages.WSS_0243_INVALID_VALUE_TYPE_NON_SCT_TOKEN());
throw new XWSSecurityException("Incorrect ValueType: " + MessageConstants.SCT_VALUETYPE + ", specified for a Non SCT Token");
}
} else if (null == valueType) {
// Do default processing
String wsuId = secureMsg.getIdFromFragmentRef(uri);
SecurityToken token = SecurityUtil.locateBySCTId(context, wsuId);
if (token == null) {
token =resolveToken(wsuId,context,secureMsg);
}
if (token instanceof X509SecurityToken) {
if(isWSITRecipient){
MLSPolicy inferredKB = inferredSignaturePolicy.getKeyBinding();
AuthenticationTokenPolicy.X509CertificateBinding x509Binding = new AuthenticationTokenPolicy.X509CertificateBinding();
x509Binding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
if(inferredKB == null){
inferredSignaturePolicy.setKeyBinding(x509Binding);
} else if(PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)){
if(((DerivedTokenKeyBinding)inferredKB).getOriginalKeyBinding() == null)
((DerivedTokenKeyBinding)inferredKB).setOriginalKeyBinding(x509Binding);
}
}
returnKey = resolveX509Token(secureMsg, (X509SecurityToken)token, sig,context);
} else if (token instanceof EncryptedKeyToken) {
//TODO: STR is referring to EncryptedKey
KeyInfoHeaderBlock kiHB = ((EncryptedKeyToken)token).getKeyInfo();
SecurityTokenReference sectr = kiHB.getSecurityTokenReference(0);
ReferenceElement refElem = sectr.getReference();
String dataEncAlgo = MessageConstants.DEFAULT_DATA_ENC_ALGO;
//restoring BC
//String dataEncAlgo = MessageConstants.AES_BLOCK_ENCRYPTION_128;
if (context.getAlgorithmSuite() != null) {
dataEncAlgo = context.getAlgorithmSuite().getEncryptionAlgorithm();
}else{
if (context.getDataEncryptionAlgorithm() != null){
dataEncAlgo = context.getDataEncryptionAlgorithm();
}
}
try{
Element cipherData = (Element)((EncryptedKeyToken)token).getAsSoapElement().getChildElements(new QName(MessageConstants.XENC_NS, "CipherData", MessageConstants.XENC_PREFIX)).next();
String cipherValue = cipherData.getElementsByTagNameNS(MessageConstants.XENC_NS, "CipherValue").item(0).getTextContent();
byte[] decodedCipher = Base64.decode(cipherValue);
byte[] ekSha1 = MessageDigest.getInstance("SHA-1").digest(decodedCipher);
String encEkSha1 = Base64.encode(ekSha1);
context.setExtraneousProperty(MessageConstants.EK_SHA1_VALUE, encEkSha1);
} catch(Exception e){
log.log(Level.SEVERE, LogStringsMessages.WSS_0241_UNABLETO_SET_EKSHA_1_ON_CONTEXT(), e);
throw new XWSSecurityException(e);
}
if(isWSITRecipient){
MLSPolicy inferredKB = inferredSignaturePolicy.getKeyBinding();
SymmetricKeyBinding skBinding = new SymmetricKeyBinding();
AuthenticationTokenPolicy.X509CertificateBinding x509Binding = new AuthenticationTokenPolicy.X509CertificateBinding();
skBinding.setKeyBinding(x509Binding);
//TODO: ReferenceType and ValueType not set on X509Binding
if(inferredKB == null){
inferredSignaturePolicy.setKeyBinding(skBinding);
} else if(PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)){
if(((DerivedTokenKeyBinding)inferredKB).getOriginalKeyBinding() == null)
((DerivedTokenKeyBinding)inferredKB).setOriginalKeyBinding(skBinding);
}
}
returnKey = ((EncryptedKeyToken)token).getSecretKey(getKey(kiHB, sig, context), dataEncAlgo);
context.setExtraneousProperty(MessageConstants.SECRET_KEY_VALUE, returnKey);
} else if (token instanceof SecurityContextToken) {
//handling for SecurityContext Token
byte[] proofKey = resolveSCT(context, (SecurityContextTokenImpl)token, sig);
String encAlgo = "AES"; //default algo
if (context.getAlgorithmSuite() != null) {
encAlgo = SecurityUtil.getSecretKeyAlgorithm(context.getAlgorithmSuite().getEncryptionAlgorithm());
}
if(isWSITRecipient){
MLSPolicy inferredKB = inferredSignaturePolicy.getKeyBinding();
SecureConversationTokenKeyBinding sctBinding = new SecureConversationTokenKeyBinding();
if(inferredKB == null){
inferredSignaturePolicy.setKeyBinding(sctBinding);
} else if(PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)){
if(((DerivedTokenKeyBinding)inferredKB).getOriginalKeyBinding() == null)
((DerivedTokenKeyBinding)inferredKB).setOriginalKeyBinding(sctBinding);