Examples of org.apache.ws.security.message.WSSecEncryptedKey

• org.apache.ws.security.message.WSSecEncryptedKey
  Builder class to build an EncryptedKey. This is especially useful in the case where the same EncryptedKey has to be used to sign and encrypt the message In such a situation this builder will add the EncryptedKey to the security header and we can use the information form the builder to provide to other builders to reference to the token

                keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
                LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keyWrapAlgorithm);
            }
        }

        WSSecEncryptedKey builder = new WSSecEncryptedKey();
        builder.setUserInfo(name);
        builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
        builder.setEphemeralKey(secret);
        builder.setKeyEncAlgo(keyWrapAlgorithm);

        Document doc = DOMUtils.createDocument();

        builder.prepare(doc, stsProperties.getEncryptionCrypto());

        return builder.getEncryptedKeyElement();
    }

     * @throws RampartException
     */
    private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
    throws RampartException {
        try {
            WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
                                                                sigToken);
            String id = encrKey.getId();
            //Create a rahas token from this info and store it so we can use
            //it in the next steps

            Date created = new Date();
            Date expires = new Date();
            //TODO make this lifetime configurable ???
            expires.setTime(System.currentTimeMillis() + 300000);
            org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
                            id,
                            (OMElement) encrKey.getEncryptedKeyElement(),
                            created,
                            expires);
            tempTok.setSecret(encrKey.getEphemeralKey());

            rmd.getTokenStorage().add(tempTok);

            String bstTokenId = encrKey.getBSTTokenId();
            //If direct ref is used to refer to the cert
            //then add the cert to the sec header now
            if(bstTokenId != null && bstTokenId.length() > 0) {
                RampartUtil.appendChildToSecHeader(rmd,
                        encrKey.getBinarySecurityTokenElement());
            }

            return id;

        } catch (TrustException e) {

    protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {

        RampartPolicyData rpd = rmd.getPolicyData();
        Document doc = rmd.getDocument();

        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
        if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
            if(rpd.getWss11() != null) {
                //Use thumbprint
                encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            } else {
                //Use SKI
                encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
            }
        } else {
            encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        }
        try {
            RampartUtil.setEncryptionUser(rmd, encrKey);
            encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
            encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());

            encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));

            return encrKey;
        } catch (WSSecurityException e) {
            throw new RampartException("errorCreatingEncryptedKey", e);
        }

                } else if(token instanceof X509Token) {
                    //Get the to be added
                    if(token.isDerivedKeys()) {
                        //We have to use an EncryptedKey
                        try {
                            WSSecEncryptedKey encrKey = this
                                    .getEncryptedKeyBuilder(rmd, token);

                            Element bstElem = encrKey.getBinarySecurityTokenElement();
                            if(bstElem != null) {
                               Element siblingElem = RampartUtil
                                        .insertSiblingAfter(rmd, this.getInsertionLocation(),
                                                bstElem);
                               this.setInsertionLocation(siblingElem);
                            }

                            Element siblingElem = RampartUtil
                                    .insertSiblingAfter(rmd,
                                            this.getInsertionLocation(),
                                            encrKey.getEncryptedKeyElement());

                            this.setInsertionLocation(siblingElem);

                            Date now = new Date();
                            endSuppTok =
                                new org.apache.rahas.Token(encrKey.getId(),
                                        (OMElement)encrKey.getEncryptedKeyElement(),
                                        now, new Date(now.getTime() + 300000));

                            endSuppTokMap.put(token, endSuppTok);

                        } catch (TrustException e) {

     * @param config
     * @throws Exception
     */
    private void createRSTR(ConversationConfiguration config) throws Exception {

        WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
        Crypto crypto = org.apache.rampart.conversation.Util.getCryptoInstace(config);
        String encryptionUser = config.getEncryptionUser();
        if(encryptionUser == null) {
            throw new RampartException("missingEncryptionUser");
        }
        X509Certificate cert = crypto.getCertificates(encryptionUser)[0];

        encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
        try {
            encrKeyBuilder.setUseThisCert(cert);
            encrKeyBuilder.prepare(config.getDocument(), crypto);
        } catch (WSSecurityException e) {
            throw new TrustException(
                    "errorInBuildingTheEncryptedKeyForPrincipal",
                    new String[] { cert.getSubjectDN().getName()}, e);
        }

        SecurityContextToken sct = new SecurityContextToken(config.getDocument());
        Util.resgisterContext(sct.getIdentifier(), config);

        //Creation and expiration times
        Date creationTime = new Date();
        Date expirationTime = new Date();

        expirationTime.setTime(creationTime.getTime() + 300000);

        Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement(), creationTime, expirationTime);
        token.setSecret(encrKeyBuilder.getEphemeralKey());

        config.getTokenStore().add(token);

        SOAPEnvelope env = config.getMsgCtx().getEnvelope();

        SOAPHeader header = env.getHeader();
        if(header == null) {
            header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env);
        }

        OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(config.getWstVersion(), header);

        OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(config.getWstVersion(), rstrElem);

        // Use GMT time in milliseconds
        DateFormat zulu = new XmlSchemaDateFormat();

        // Add the Lifetime element
        TrustUtil.createLifetimeElement(config.getWstVersion(), rstrElem, zulu
                .format(creationTime), zulu.format(expirationTime));

        rstElem.addChild((OMElement)sct.getElement());

        TrustUtil.createRequestedAttachedRef(config.getWstVersion(), rstrElem,
                "#" + sct.getID(), WSSHandlerConstants.TOK_TYPE_SCT);

        TrustUtil
                .createRequestedUnattachedRef(config.getWstVersion(), rstrElem,
                        sct.getIdentifier(), WSSHandlerConstants.TOK_TYPE_SCT);

        Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
        Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();

        OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
                config.getWstVersion(), rstrElem);

        if(bstElem != null) {

            //In this case we will have to encrypt the ephmeral key with the
            //other party's key and then use it as the parent key of the
            // derived keys
            try {

                WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(rmd, token);

                Element bstElem = encrKey.getBinarySecurityTokenElement();
                if(bstElem != null) {
                   RampartUtil.appendChildToSecHeader(rmd, bstElem);
                }

                encrKey.appendToHeader(rmd.getSecHeader());

                WSSecDKSign dkSig = new WSSecDKSign();

                dkSig.setWsConfig(rmd.getConfig());

                dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
                dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
                dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);

                dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());

                dkSig.prepare(doc, rmd.getSecHeader());

                Vector sigParts = new  Vector();

                if(this.timestampElement != null){
                  sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
                }

                if(rpd.isTokenProtection()) {
                    sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
                }

                dkSig.setParts(sigParts);

                dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());

        return result;
    }

    protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
                                                       Token token) throws WSSecurityException {
        WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
        Crypto crypto = getEncryptionCrypto(wrapper);
        message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
        setKeyIdentifierType(encrKey, wrapper, token);
        setEncryptionUser(encrKey, wrapper, false, crypto);
        encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
        encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());

        encrKey.prepare(saaj.getSOAPPart(), crypto);

        return encrKey;
    }

                        "Content");
                sigParts.add(wep);
            }
        }
        if (token.isDerivedKeys()) {
            WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);

            Element bstElem = encrKey.getBinarySecurityTokenElement();
            if (bstElem != null) {
                addTopDownElement(bstElem);
            }
            encrKey.appendToHeader(secHeader);

            WSSecDKSign dkSig = new WSSecDKSign(wssConfig);

            dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
            dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
            dkSig.setDerivedKeyLength(binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);

            dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());

            dkSig.prepare(doc, secHeader);

            /*
            if(binding.isTokenProtection()) {

            return sig.getSignatureValue();
        }
    }

    private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
        WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
        String id = encrKey.getId();
        byte[] secret = encrKey.getEphemeralKey();

        Date created = new Date();
        Date expires = new Date();
        expires.setTime(created.getTime() + 300000);
        SecurityToken tempTok = new SecurityToken(
                        id,
                        encrKey.getEncryptedKeyElement(),
                        created,
                        expires);


        tempTok.setSecret(secret);

        // Set the SHA1 value of the encrypted key, this is used when the encrypted
        // key is referenced via a key identifier of type EncryptedKeySHA1
        tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));

        tokenStore.add(tempTok);

        String bstTokenId = encrKey.getBSTTokenId();
        //If direct ref is used to refer to the cert
        //then add the cert to the sec header now
        if (bstTokenId != null && bstTokenId.length() > 0) {
            encrKey.prependBSTElementToHeader(secHeader);
        }
        return id;
    }

            return sig.getSignatureValue();
        }
    }

    private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
        WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
        String id = encrKey.getId();
        byte[] secret = encrKey.getEphemeralKey();

        Date created = new Date();
        Date expires = new Date();
        expires.setTime(created.getTime() + 300000);
        SecurityToken tempTok = new SecurityToken(
                        id,
                        encrKey.getEncryptedKeyElement(),
                        created,
                        expires);


        tempTok.setSecret(secret);

        // Set the SHA1 value of the encrypted key, this is used when the encrypted
        // key is referenced via a key identifier of type EncryptedKeySHA1
        tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));

        tokenStore.add(tempTok);

        String bstTokenId = encrKey.getBSTTokenId();
        //If direct ref is used to refer to the cert
        //then add the cert to the sec header now
        if (bstTokenId != null && bstTokenId.length() > 0) {
            encrKey.prependBSTElementToHeader(secHeader);
        }
        return id;
    }