Package org.apache.wss4j.common

Examples of org.apache.wss4j.common.EncryptionActionToken

478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
        messageContext.put(
            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
        );
        reqData.setMsgContext(messageContext);
       
        EncryptionActionToken actionToken = new EncryptionActionToken();
        actionToken.setKey(keyData);
        actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
        actionToken.setKeyIdentifierId(WSConstants.SKI_KEY_IDENTIFIER);
        actionToken.setUser("wss40");
        actionToken.setCryptoProperties("wss40.properties");
        actionToken.setTokenId(IDGenerator.generateID("EK-"));
       
        SignatureActionToken actionToken2 = new SignatureActionToken();
        actionToken2.setKeyIdentifierId(WSConstants.CUSTOM_SYMM_SIGNING);
        actionToken2.setKey(keyData);
        actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
        actionToken2.setTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
        actionToken2.setTokenId(actionToken.getTokenId());
       
        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        CustomHandler handler = new CustomHandler();
        List<HandlerAction> actions = new ArrayList<HandlerAction>();
        actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
View Full Code Here
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
        messageContext.put(
            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
        );
        reqData.setMsgContext(messageContext);
       
        EncryptionActionToken actionToken = new EncryptionActionToken();
        actionToken.setKey(keyData);
        actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
        actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
        actionToken.setEncSymmetricEncryptionKey(false);
       
        SignatureActionToken actionToken2 = new SignatureActionToken();
        actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
        actionToken2.setKey(keyData);
        actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
View Full Code Here
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
    public void execute(WSHandler handler, SecurityActionToken actionToken,
                        Document doc, RequestData reqData)
            throws WSSecurityException {
        WSSecEncrypt wsEncrypt = new WSSecEncrypt(reqData.getWssConfig());

        EncryptionActionToken encryptionToken = null;
        if (actionToken instanceof EncryptionActionToken) {
            encryptionToken = (EncryptionActionToken)actionToken;
        }
        if (encryptionToken == null) {
            encryptionToken = reqData.getEncryptionToken();
        }
       
        if (encryptionToken.getKeyIdentifierId() != 0) {
            wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());
        }

        if (encryptionToken.getSymmetricAlgorithm() != null) {
            wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
        }
        if (encryptionToken.getKeyTransportAlgorithm() != null) {
            wsEncrypt.setKeyEnc(encryptionToken.getKeyTransportAlgorithm());
        }
        if (encryptionToken.getDigestAlgorithm() != null) {
            wsEncrypt.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
        }

        if (encryptionToken.getMgfAlgorithm() != null) {
            wsEncrypt.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
        }
       
        wsEncrypt.setUserInfo(encryptionToken.getUser());
        wsEncrypt.setUseThisCert(encryptionToken.getCertificate());
        Crypto crypto = encryptionToken.getCrypto();
        boolean enableRevocation = Boolean.valueOf(handler.getStringOption(WSHandlerConstants.ENABLE_REVOCATION));
        if (enableRevocation && crypto != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(encryptionToken.getUser());
            X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
            if (certs != null && certs.length > 0) {
                crypto.verifyTrust(certs, enableRevocation);
            }
        }
        if (encryptionToken.getParts().size() > 0) {
            wsEncrypt.setParts(encryptionToken.getParts());
        }
       
        wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
        byte[] ephemeralKey = encryptionToken.getKey();
        if (!encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey == null) {
            CallbackHandler callbackHandler =
                handler.getPasswordCallbackHandler(reqData);
            if (ephemeralKey == null) {
                WSPasswordCallback passwordCallback =
                    handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
                ephemeralKey = passwordCallback.getKey();
            }
        }
        wsEncrypt.setEphemeralKey(ephemeralKey);
       
        if (encryptionToken.getTokenId() != null) {
            wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
        }
        if (encryptionToken.getTokenType() != null) {
            wsEncrypt.setCustomReferenceValue(encryptionToken.getTokenType());
        }
       
        try {
            wsEncrypt.build(doc, encryptionToken.getCrypto(), reqData.getSecHeader());
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error during encryption: ");
        }
    }
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
            } else if (actionToDo.getAction() == WSConstants.ST_SIGNED
                && actionToDo.getActionToken() == null) {
                decodeSignatureParameter(reqData);
            } else if (actionToDo.getAction() == WSConstants.ENCR
                && actionToDo.getActionToken() == null) {
                EncryptionActionToken actionToken = reqData.getEncryptionToken();
                if (actionToken == null) {
                    actionToken = new EncryptionActionToken();
                    reqData.setEncryptionToken(actionToken);
                }
                if (actionToken.getCrypto() == null) {
                    actionToken.setCrypto(loadEncryptionCrypto(reqData));
                }
                decodeEncryptionParameter(reqData);
            }
        }
View Full Code Here
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
    // the RequestData object
    protected void decodeEncryptionParameter(RequestData reqData)
        throws WSSecurityException {
        Object mc = reqData.getMsgContext();

        EncryptionActionToken actionToken = reqData.getEncryptionToken();
        if (actionToken == null) {
            actionToken = new EncryptionActionToken();
            reqData.setEncryptionToken(actionToken);
        }
        //
        // If the following parameters are no used (they return null) then the
        // default values of WSS4J are used.
        //
        String encKeyId = getString(WSHandlerConstants.ENC_KEY_ID, mc);
        if (encKeyId != null) {
            Integer id = WSHandlerConstants.getKeyIdentifier(encKeyId);
            if (id == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: unknown key identification"
                );
            }
            int tmp = id;
            actionToken.setKeyIdentifierId(tmp);
            if (!(tmp == WSConstants.ISSUER_SERIAL
                    || tmp == WSConstants.X509_KEY_IDENTIFIER
                    || tmp == WSConstants.SKI_KEY_IDENTIFIER
                    || tmp == WSConstants.BST_DIRECT_REFERENCE
                    || tmp == WSConstants.THUMBPRINT_IDENTIFIER
                    || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: illegal key identification"
                );
            }
        }
        String encSymAlgo = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
        actionToken.setSymmetricAlgorithm(encSymAlgo);

        String encKeyTransport =
            getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
        actionToken.setKeyTransportAlgorithm(encKeyTransport);
       
        String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
        actionToken.setDigestAlgorithm(digestAlgo);

        String mgfAlgo = getString(WSHandlerConstants.ENC_MGF_ALGO, mc);
        actionToken.setMgfAlgorithm(mgfAlgo);
       
        String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
        if (encSymEncKey != null) {
            boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
            actionToken.setEncSymmetricEncryptionKey(encSymEndKeyBoolean);
        }
       
        String encUser = getString(WSHandlerConstants.ENCRYPTION_USER, mc);
        if (encUser != null) {
            actionToken.setUser(encUser);
        } else {
            actionToken.setUser(reqData.getUsername());
        }
        if (actionToken.isEncSymmetricEncryptionKey() && actionToken.getUser() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", "WSHandler: Encryption: no username");
        }

        handleSpecialUser(reqData);

        String encParts = getString(WSHandlerConstants.ENCRYPTION_PARTS, mc);
        if (encParts != null) {
            splitEncParts(true, encParts, actionToken.getParts(), reqData);
        }
        encParts = getString(WSHandlerConstants.OPTIONAL_ENCRYPTION_PARTS, mc);
        if (encParts != null) {
            splitEncParts(false, encParts, actionToken.getParts(), reqData);
        }
    }
View Full Code Here
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
        }
    }

    @SuppressWarnings("unchecked")
    private void handleSpecialUser(RequestData reqData) {
        EncryptionActionToken actionToken = reqData.getEncryptionToken();
        if (actionToken == null
            || !WSHandlerConstants.USE_REQ_SIG_CERT.equals(actionToken.getUser())) {
            return;
        }
        List<WSHandlerResult> results =
            (List<WSHandlerResult>) getProperty(
                reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS
            );
        if (results == null) {
            return;
        }
        /*
         * Scan the results for a matching actor. Use results only if the
         * receiving Actor and the sending Actor match.
         */
        for (WSHandlerResult rResult : results) {
            String hActor = rResult.getActor();
            if (!WSSecurityUtil.isActorEqual(reqData.getActor(), hActor)) {
                continue;
            }
            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
            /*
             * Scan the results for the first Signature action. Use the
             * certificate of this Signature to set the certificate for the
             * encryption action :-).
             */
            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                int wserAction =
                        (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
                if (wserAction == WSConstants.SIGN) {
                    X509Certificate cert =
                        (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                    actionToken.setCertificate(cert);
                    return;
                }
            }
        }
    }
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
103
104
        assertNotNull(certificate);
    }
   
    @Test
    public void testEncryption() throws Exception {
        EncryptionActionToken actionToken = new EncryptionActionToken();
        actionToken.setCryptoProperties("outsecurity.properties");
        actionToken.setUser("myalias");
        List<HandlerAction> actions =
            Collections.singletonList(new HandlerAction(WSConstants.ENCR, actionToken));
       
        Map<String, Object> outProperties = new HashMap<String, Object>();
        outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions);
View Full Code Here
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
    public void execute(WSHandler handler, SecurityActionToken actionToken,
                        Document doc, RequestData reqData)
            throws WSSecurityException {
        WSSecEncrypt wsEncrypt = new WSSecEncrypt(reqData.getWssConfig());

        EncryptionActionToken encryptionToken = null;
        if (actionToken instanceof EncryptionActionToken) {
            encryptionToken = (EncryptionActionToken)actionToken;
        }
        if (encryptionToken == null) {
            encryptionToken = reqData.getEncryptionToken();
        }
       
        if (encryptionToken.getKeyIdentifierId() != 0) {
            wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());
        }

        if (encryptionToken.getSymmetricAlgorithm() != null) {
            wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
        }
        if (encryptionToken.getKeyTransportAlgorithm() != null) {
            wsEncrypt.setKeyEnc(encryptionToken.getKeyTransportAlgorithm());
        }
        if (encryptionToken.getDigestAlgorithm() != null) {
            wsEncrypt.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
        }

        if (encryptionToken.getMgfAlgorithm() != null) {
            wsEncrypt.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
        }
       
        wsEncrypt.setUserInfo(encryptionToken.getUser());
        wsEncrypt.setUseThisCert(encryptionToken.getCertificate());
        Crypto crypto = encryptionToken.getCrypto();
        boolean enableRevocation = Boolean.valueOf(handler.getStringOption(WSHandlerConstants.ENABLE_REVOCATION));
        if (enableRevocation && crypto != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(encryptionToken.getUser());
            X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
            if (certs != null && certs.length > 0) {
                crypto.verifyTrust(certs, enableRevocation);
            }
        }
        if (encryptionToken.getParts().size() > 0) {
            wsEncrypt.setParts(encryptionToken.getParts());
        }
       
        wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
        byte[] ephemeralKey = encryptionToken.getKey();
        if (!encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey == null) {
            CallbackHandler callbackHandler =
                handler.getPasswordCallbackHandler(reqData);
            if (ephemeralKey == null) {
                WSPasswordCallback passwordCallback =
                    handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
                ephemeralKey = passwordCallback.getKey();
            }
        }
        wsEncrypt.setEphemeralKey(ephemeralKey);
       
        if (encryptionToken.getTokenId() != null) {
            wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
        }
        if (encryptionToken.getTokenType() != null) {
            wsEncrypt.setCustomReferenceValue(encryptionToken.getTokenType());
        }
       
        wsEncrypt.setAttachmentCallbackHandler(reqData.getAttachmentCallbackHandler());
       
        try {
            wsEncrypt.build(doc, encryptionToken.getCrypto(), reqData.getSecHeader());
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error during encryption: ");
        }
    }
View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
            } else if (actionToDo.getAction() == WSConstants.ST_SIGNED
                && actionToDo.getActionToken() == null) {
                decodeSignatureParameter(reqData);
            } else if (actionToDo.getAction() == WSConstants.ENCR
                && actionToDo.getActionToken() == null) {
                EncryptionActionToken actionToken = reqData.getEncryptionToken();
                if (actionToken == null) {
                    actionToken = new EncryptionActionToken();
                    reqData.setEncryptionToken(actionToken);
                }
                if (actionToken.getCrypto() == null) {
                    actionToken.setCrypto(loadEncryptionCrypto(reqData));
                }
                decodeEncryptionParameter(reqData);
            }
        }
View Full Code Here
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
    // the RequestData object
    protected void decodeEncryptionParameter(RequestData reqData)
        throws WSSecurityException {
        Object mc = reqData.getMsgContext();

        EncryptionActionToken actionToken = reqData.getEncryptionToken();
        if (actionToken == null) {
            actionToken = new EncryptionActionToken();
            reqData.setEncryptionToken(actionToken);
        }
        //
        // If the following parameters are no used (they return null) then the
        // default values of WSS4J are used.
        //
        String encKeyId = getString(WSHandlerConstants.ENC_KEY_ID, mc);
        if (encKeyId != null) {
            Integer id = WSHandlerConstants.getKeyIdentifier(encKeyId);
            if (id == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: unknown key identification"
                );
            }
            int tmp = id;
            actionToken.setKeyIdentifierId(tmp);
            if (!(tmp == WSConstants.ISSUER_SERIAL
                    || tmp == WSConstants.X509_KEY_IDENTIFIER
                    || tmp == WSConstants.SKI_KEY_IDENTIFIER
                    || tmp == WSConstants.BST_DIRECT_REFERENCE
                    || tmp == WSConstants.THUMBPRINT_IDENTIFIER
                    || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: illegal key identification"
                );
            }
        }
        String encSymAlgo = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
        actionToken.setSymmetricAlgorithm(encSymAlgo);

        String encKeyTransport =
            getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
        actionToken.setKeyTransportAlgorithm(encKeyTransport);
       
        String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
        actionToken.setDigestAlgorithm(digestAlgo);

        String mgfAlgo = getString(WSHandlerConstants.ENC_MGF_ALGO, mc);
        actionToken.setMgfAlgorithm(mgfAlgo);
       
        String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
        if (encSymEncKey != null) {
            boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
            actionToken.setEncSymmetricEncryptionKey(encSymEndKeyBoolean);
        }
       
        String encUser = getString(WSHandlerConstants.ENCRYPTION_USER, mc);
        if (encUser != null) {
            actionToken.setUser(encUser);
        } else {
            actionToken.setUser(reqData.getUsername());
        }
        if (actionToken.isEncSymmetricEncryptionKey() && actionToken.getUser() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", "WSHandler: Encryption: no username");
        }

        handleSpecialUser(reqData);

        String encParts = getString(WSHandlerConstants.ENCRYPTION_PARTS, mc);
        if (encParts != null) {
            splitEncParts(true, encParts, actionToken.getParts(), reqData);
        }
        encParts = getString(WSHandlerConstants.OPTIONAL_ENCRYPTION_PARTS, mc);
        if (encParts != null) {
            splitEncParts(false, encParts, actionToken.getParts(), reqData);
        }
    }
View Full Code Here
TOP

Related Classes of org.apache.wss4j.common.EncryptionActionToken

  • org.apache.cxf.ws.security.wss4j.SecurityActionTokenTest
  • org.apache.wss4j.dom.action.EncryptionAction
  • org.apache.wss4j.dom.action.EncryptionDerivedAction
  • org.apache.wss4j.dom.handler.SecurityActionTokenTest
  • org.apache.wss4j.dom.handler.WSHandler
  • org.apache.wss4j.dom.message.EncryptionCRLTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.