Examples of org.apache.wss4j.policy.model.AlgorithmSuite

• org.apache.wss4j.policy.model.AlgorithmSuite

        //Do encryption
        if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
            AbstractToken encrToken = recToken.getToken();
            assertPolicy(recToken);
            assertPolicy(encrToken);
            AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
            if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                return doEncryptionDerived(recToken, encrTok, encrToken,
                                           attached, encrParts, atEnd);
            } else {
                try {
                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
                    String encrTokId = encrTok.getId();
                    if (attached) {
                        encrTokId = encrTok.getWsuId();
                        if (encrTokId == null
                            && (encrToken instanceof SecureConversationToken
                                || encrToken instanceof SecurityContextToken)) {
                            encr.setEncKeyIdDirectId(true);
                            encrTokId = encrTok.getId();
                        } else if (encrTokId == null) {
                            encrTokId = encrTok.getId();
                        }
                        if (encrTokId.startsWith("#")) {
                            encrTokId = encrTokId.substring(1);
                        }
                    } else {
                        encr.setEncKeyIdDirectId(true);
                    }
                    if (encrTok.getTokenType() != null) {
                        encr.setCustomReferenceValue(encrTok.getTokenType());
                    }
                    encr.setEncKeyId(encrTokId);
                    encr.setEphemeralKey(encrTok.getSecret());
                    Crypto crypto = getEncryptionCrypto(recToken);
                    if (crypto != null) {
                        this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
                        setEncryptionUser(encr, recToken, false, crypto);
                    }

                    encr.setDocument(saaj.getSOAPPart());
                    encr.setEncryptSymmKey(false);
                    encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());

                    if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
                        || encrToken instanceof SecureConversationToken) {
                        //Setting the AttachedReference or the UnattachedReference according to the flag
                        Element ref;

        if (asymSignatureAlgorithm != null) {
            Collection<AssertionInfo> algorithmSuites =
                aim.get(SP12Constants.ALGORITHM_SUITE);
            if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
                for (AssertionInfo algorithmSuite : algorithmSuites) {
                    AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
                    algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
                }
            }
        }

        super.configureProperties(msg);

                                    List<SecurePart> encrParts,
                                    boolean externalRef) throws SOAPException {
        //Do encryption
        if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
            AbstractToken encrToken = recToken.getToken();
            AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();

            // Action
            Map<String, Object> config = getProperties();
            String actionToPerform = ConfigurationConstants.ENCRYPT;
            if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
            }

            if (config.containsKey(ConfigurationConstants.ACTION)) {
                String action = (String)config.get(ConfigurationConstants.ACTION);
                config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
            } else {
                config.put(ConfigurationConstants.ACTION, actionToPerform);
            }

            String parts = "";
            if (config.containsKey(ConfigurationConstants.ENCRYPTION_PARTS)) {
                parts = (String)config.get(ConfigurationConstants.ENCRYPTION_PARTS);
                if (!parts.endsWith(";")) {
                    parts += ";";
                }
            }

            for (SecurePart part : encrParts) {
                QName name = part.getName();
                parts += "{" + part.getModifier() + "}{"
                    +  name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
            }

            config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);

            config.put(ConfigurationConstants.ENC_KEY_ID,
                       getKeyIdentifierType(recToken, encrToken));

            config.put(ConfigurationConstants.ENC_KEY_TRANSPORT,
                       algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
            config.put(ConfigurationConstants.ENC_SYM_ALGO,
                       algorithmSuite.getAlgorithmSuiteType().getEncryption());

            String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
            if (encUser != null) {
                config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
            }

        client.setSoap11(message.getVersion() == Soap11.getInstance());
        client.setSecureConv(true);
        String s = message
            .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
        client.setLocation(s);
        AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
        if (suite != null) {
            client.setAlgorithmSuite(suite);
            int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
            if (x < 256) {
                client.setKeySize(x);
            }
        }
        Map<String, Object> ctx = client.getRequestContext();

                              List<SecurePart> encrParts,
                              boolean externalRef) throws SOAPException {
        //Do encryption
        if (recToken != null && recToken.getToken() != null) {
            AbstractToken encrToken = recToken.getToken();
            AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();

            // Action
            Map<String, Object> config = getProperties();
            String actionToPerform = ConfigurationConstants.ENCRYPT;
            if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
                if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof X509Token) {
                    config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
                } else {
                    config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
                }
                AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
                config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
                           "" + algSuiteType.getEncryptionDerivedKeyLength() / 8);
            }

            if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
                config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
            }

            if (config.containsKey(ConfigurationConstants.ACTION)) {
                String action = (String)config.get(ConfigurationConstants.ACTION);
                config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
            } else {
                config.put(ConfigurationConstants.ACTION, actionToPerform);
            }

            String parts = "";
            if (config.containsKey(ConfigurationConstants.ENCRYPTION_PARTS)) {
                parts = (String)config.get(ConfigurationConstants.ENCRYPTION_PARTS);
                if (!parts.endsWith(";")) {
                    parts += ";";
                }
            }

            if (encrParts != null) {
                for (SecurePart part : encrParts) {
                    QName name = part.getName();
                    parts += "{" + part.getModifier() + "}{"
                        +  name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
                }
            }

            config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);

            if (isRequestor()) {
                config.put(ConfigurationConstants.ENC_KEY_ID,
                       getKeyIdentifierType(recToken, encrToken));
                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "DirectReference");
            } else if (recToken.getToken() instanceof KerberosToken && !isRequestor()) {
                config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "KerberosSHA1");
                if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    config.put(ConfigurationConstants.ENC_KEY_ID, "DirectReference");
                }
            } else if ((recToken.getToken() instanceof IssuedToken
                || recToken.getToken() instanceof SecureConversationToken
                || recToken.getToken() instanceof SpnegoContextToken) && !isRequestor()) {
                config.put(ConfigurationConstants.ENC_KEY_ID, "DirectReference");
            } else {
                config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
                if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "EncryptedKeySHA1");
                    config.put(ConfigurationConstants.ENC_KEY_ID, "DirectReference");
                    config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
                }
            }

            config.put(ConfigurationConstants.ENC_KEY_TRANSPORT,
                       algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
            config.put(ConfigurationConstants.ENC_SYM_ALGO,
                       algorithmSuite.getAlgorithmSuiteType().getEncryption());

            String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
            if (encUser != null) {
                config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
            }

        Collection<AssertionInfo> sp11Ais =
            aim.get(new QName(spNamespace, SPConstants.ALGORITHM_SUITE));
        if (sp11Ais != null) {
            for (AssertionInfo ai : sp11Ais) {
                ai.setAsserted(true);
                AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion();
                AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
                String namespace = algorithmSuiteType.getNamespace();
                if (namespace == null) {
                    namespace = spNamespace;
                }
                Collection<AssertionInfo> algAis =

        String context = config.getIdAllocator().createSecureId("_", null);
        client.setContext(context);

        String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
        client.setLocation(s);
        AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
        if (suite != null) {
            client.setAlgorithmSuite(suite);
            int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
            if (x < 256) {
                client.setKeySize(x);
            }
        }

        client.setSoap11(message.getVersion() == Soap11.getInstance());
        client.setSecureConv(true);
        String s = message
            .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
        client.setLocation(s);
        AlgorithmSuite suite = NegotiationUtils.getAlgorithmSuite(aim);
        if (suite != null) {
            client.setAlgorithmSuite(suite);
            int x = suite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
            if (x < 256) {
                client.setKeySize(x);
            }
        }
        Map<String, Object> ctx = client.getRequestContext();

        if (asymSignatureAlgorithm != null) {
            Collection<AssertionInfo> algorithmSuites =
                aim.get(SP12Constants.ALGORITHM_SUITE);
            if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
                for (AssertionInfo algorithmSuite : algorithmSuites) {
                    AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
                    algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
                }
            }
        }

        super.configureProperties(msg, securityProperties);

                              List<SecurePart> encrParts,
                              boolean externalRef) throws SOAPException {
        //Do encryption
        if (recToken != null && recToken.getToken() != null) {
            AbstractToken encrToken = recToken.getToken();
            AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();

            // Action
            WSSSecurityProperties properties = getProperties();
            WSSConstants.Action actionToPerform = WSSConstants.ENCRYPT;
            if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
                if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof X509Token) {
                    properties.setDerivedKeyTokenReference(
                        WSSConstants.DerivedKeyTokenReference.EncryptedKey);
                } else {
                    properties.setDerivedKeyTokenReference(
                        WSSConstants.DerivedKeyTokenReference.DirectReference);
                }
                AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
                properties.setDerivedEncryptionKeyLength(
                           algSuiteType.getEncryptionDerivedKeyLength() / 8);
            }

            if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
                properties.setUse200512Namespace(true);
            }

            properties.getEncryptionSecureParts().addAll(encrParts);
            properties.addAction(actionToPerform);

            if (isRequestor()) {
                properties.setEncryptionKeyIdentifier(getKeyIdentifierType(recToken, encrToken));
                properties.setDerivedKeyKeyIdentifier(
                    WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
            } else if (recToken.getToken() instanceof KerberosToken && !isRequestor()) {
                properties.setEncryptionKeyIdentifier(
                    WSSecurityTokenConstants.KeyIdentifier_KerberosSha1Identifier);
                properties.setDerivedKeyKeyIdentifier(
                    WSSecurityTokenConstants.KeyIdentifier_KerberosSha1Identifier);
                if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    properties.setEncryptionKeyIdentifier(
                        WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                }
            } else if ((recToken.getToken() instanceof IssuedToken
                || recToken.getToken() instanceof SecureConversationToken
                || recToken.getToken() instanceof SpnegoContextToken) && !isRequestor()) {
                properties.setEncryptionKeyIdentifier(
                    WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
            } else {
                properties.setEncryptionKeyIdentifier(
                    WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier);
                if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                    properties.setDerivedKeyKeyIdentifier(
                        WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier);
                    properties.setEncryptionKeyIdentifier(
                        WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                    properties.setEncryptSymmetricEncryptionKey(false);
                }
            }

            // Find out do we also need to include the token as per the Inclusion requirement
            WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getEncryptionKeyIdentifier();
            if (encrToken instanceof X509Token
                && isTokenRequired(encrToken.getIncludeTokenType())
                && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)
                    || WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)
                    || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(
                        keyIdentifier))) {
                properties.setIncludeEncryptionToken(true);
            } else {
                properties.setIncludeEncryptionToken(false);
            }

            properties.setEncryptionKeyTransportAlgorithm(
                       algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
            properties.setEncryptionSymAlgorithm(
                       algorithmSuite.getAlgorithmSuiteType().getEncryption());

            String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
            if (encUser == null) {
                encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
            }