/** Creates a new instance of TokenProcessor */
public TokenProcessor(EncryptionPolicy ep, JAXBFilterProcessingContext context) {
this.context = context;
this.ep = ep;
this.keyBinding = (WSSPolicy) ep.getKeyBinding();
this.elementFactory = new WSSElementFactory(context.getSOAPVersion());
}
public BuilderResult process() throws XWSSecurityException {
String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
// XMLCipher.RSA_v1dot5;
String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
EncryptionPolicy.FeatureBinding featureBinding =
(EncryptionPolicy.FeatureBinding) ep.getFeatureBinding();
String tmp = featureBinding.getDataEncryptionAlgorithm();
if (tmp == null || "".equals(tmp)) {
if (context.getAlgorithmSuite() != null) {
tmp = context.getAlgorithmSuite().getEncryptionAlgorithm();
} else {
// warn that data encryption algorithm not set
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, LogStringsMessages.WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET());
}
}
}
// TODO :: Change to getDataEncryptionAlgorith,
if (tmp != null && !"".equals(tmp)) {
dataEncAlgo = tmp;
}
if (context.getAlgorithmSuite() != null) {
keyEncAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
}
if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
throw new XWSSecurityException(
"UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
} else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
}
String x509TokenId = certificateBinding.getUUID();
if (x509TokenId == null || x509TokenId.equals("")) {
x509TokenId = context.generateID();
}
builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult xtbResult = builder.process();
KeyInfo ekKI =
(com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo();
tmp = null;
tmp = certificateBinding.getKeyAlgorithm();
if (tmp != null && !tmp.equals("")) {
keyEncAlgo = tmp;
}
dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
// ekRefList = true;
dkEncKey = certificateBinding.getX509Certificate().getPublicKey();
String ekId = context.generateID();
ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo, ekKI, dkEncKey, dataEncKey);
context.getSecurityHeader().add((SecurityHeaderElement) ek);
xtbResult.setKeyInfo(null);
DirectReference dr = elementFactory.createDirectReference();
dr.setURI("#" + ekId);
boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
if (wss11Sender) {
dr.setValueType(MessageConstants.EncryptedKey_NS);
}
SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr);
keyInfo = elementFactory.createKeyInfo(str);
xtbResult.setKeyInfo(keyInfo);
xtbResult.setEncryptedKey(ek);
xtbResult.setDataProtectionKey(dataEncKey);
xtbResult.setKeyProtectionKey(dkEncKey);
return xtbResult;
} else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
if (context.getKerberosTokenBinding() != null) {
krbBinding = context.getKerberosTokenBinding();
context.setKerberosTokenBinding(null);
} else {
krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
}
this.dataEncKey = krbBinding.getSecretKey();
builder = new KerberosTokenBuilder(context, krbBinding);
BuilderResult ktbResult = builder.process();
ktbResult.setDataProtectionKey(dataEncKey);
return ktbResult;
} else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
SymmetricKeyBinding skb = null;
if (context.getSymmetricKeyBinding() != null) {
skb = context.getSymmetricKeyBinding();
context.setSymmetricKeyBinding(null);
} else {
skb = (SymmetricKeyBinding) keyBinding;
}
builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
BuilderResult skbResult = builder.process();
this.dataEncKey = skbResult.getDataProtectionKey();
keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult.getKeyInfo();
return skbResult;
} else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
builder = new DerivedKeyTokenBuilder(context, dtk);
BuilderResult dtkResult = builder.process();
// dtkResult.setEncryptedKey(null);
return dtkResult;
} else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
BuilderResult sctResult = builder.process();
return sctResult;
} else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
BuilderResult itbResult = itb.process();
return itbResult;
} else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
SamlTokenBuilder stb =
new SamlTokenBuilder(
context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, false);
return stb.process();
} else {
logger.log(
Level.SEVERE,
LogStringsMessages.WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding));
throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
}
}
