/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License. For additional information regarding
* copyright in this work, please see the NOTICE file in the top level
* directory of this distribution.
*/
package org.apache.abdera.security.util.servlet;
import java.io.IOException;
import java.security.Key;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.KeyGenerator;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.abdera.model.Document;
import org.apache.abdera.model.Element;
import org.apache.abdera.security.Encryption;
import org.apache.abdera.security.EncryptionOptions;
import org.apache.xml.security.encryption.XMLCipher;
/**
* <pre>
* <filter>
* <filter-name>enc filter</filter-name>
* <filter-class>com.test.EncryptedResponseFilter</filter-class>
* </filter>
* <filter-mapping>
* <filter-name>enc filter</filter-name>
* <servlet-name>TestServlet</servlet-name>
* </filter-mapping>
* </pre>
*/
public class EncryptedResponseFilter
extends SecurityFilter {
public void init(
FilterConfig config)
throws ServletException {
try {
Class.forName("org.bouncycastle.LICENSE");
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
} catch (Exception e) {}
}
@SuppressWarnings("unchecked")
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException,
ServletException {
try {
X509Certificate[] cert = (X509Certificate[]) request.getAttribute(
"javax.servlet.request.X509Certificate");
PublicKey pkey = (cert != null) ? cert[0].getPublicKey() : null;
if (pkey != null && pkey instanceof RSAPublicKey) {
BufferingResponseWrapper wrapper =
new BufferingResponseWrapper(
(HttpServletResponse)response);
chain.doFilter(request, wrapper);
Document<Element> doc = getDocument(wrapper);
if (doc != null) {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(new SecureRandom());
Key key = keygen.generateKey();
Encryption enc = security.getEncryption();
EncryptionOptions options = enc.getDefaultEncryptionOptions();
options.setDataEncryptionKey(key);
options.setKeyEncryptionKey(pkey);
options.setKeyCipherAlgorithm(XMLCipher.RSA_v1dot5);
options.setIncludeKeyInfo(true);
Document<Element> enc_doc = enc.encrypt(doc, options);
enc_doc.writeTo(response.getOutputStream());
}
} else {
chain.doFilter(request, response);
}
} catch (Exception e) {}
}
}