private void checkType0(SecurityPolicy policy) {
if (!PolicyTypeUtil.messagePolicy(policy)) /* ||
PolicyTypeUtil.signaturePolicy(policy) ||
PolicyTypeUtil.encryptionPolicy(policy) ||
PolicyTypeUtil.authenticationTokenPolicy(policy)))*/ {
// log
throw new IllegalArgumentException(
"Invalid SecurityPolicy type " + policy + ", Expected MessagePolicy");
}
}
private void checkType(SecurityPolicy policy) throws PolicyGenerationException {
try {
if (PolicyTypeUtil.dynamicSecurityPolicy(policy)) {
isDynamicSecurityPolicy = true;
} else if (!Class.forName("com.sun.xml.wss.impl.policy.mls.WSSPolicy")
.isAssignableFrom(policy.getClass())) {
// log
throw new PolicyGenerationException("Invalid SecurityPolicy type");
}
} catch (ClassNotFoundException cnfe) {
}
}
/**
* process the keyBinding and populate BuilderResult with appropriate key and KeyInfo
*
* @return <CODE>BuilderResult</CODE> populated with appropriate values
* @throws com.sun.xml.wss.XWSSecurityException
*/
public BuilderResult process() throws XWSSecurityException {
String keyEncAlgo = XMLCipher.RSA_v1dot5; // <--Harcoding of Algo
String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
AlgorithmSuite algSuite = context.getAlgorithmSuite();
String tmp = null;
if (algSuite != null) {
tmp = algSuite.getAsymmetricKeyAlgorithm();
}
if (tmp != null && !"".equals(tmp)) {
keyEncAlgo = tmp;
}
if (algSuite != null) {
tmp = algSuite.getEncryptionAlgorithm();
}
if (tmp != null && !"".equals(tmp)) {
dataEncAlgo = tmp;
}
if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1702_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
throw new XWSSecurityException(
"UsernameToken as KeyBinding for SignaturePolicy is Not Yet Supported");
} else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
}
PrivateKeyBinding privKBinding = (PrivateKeyBinding) certificateBinding.getKeyBinding();
signingKey = privKBinding.getPrivateKey();
builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult xtbResult = builder.process();
xtbResult.setDataProtectionKey(signingKey);
return xtbResult;
} else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
if (context.getKerberosTokenBinding() != null) {
krbBinding = context.getKerberosTokenBinding();
context.setKerberosTokenBinding(null);
} else {
krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
}
signingKey = krbBinding.getSecretKey();
builder = new KerberosTokenBuilder(context, krbBinding);
BuilderResult ktbResult = builder.process();
ktbResult.setDataProtectionKey(signingKey);
return ktbResult;
} else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
SymmetricKeyBinding skb = null;
if (context.getSymmetricKeyBinding() != null) {
skb = context.getSymmetricKeyBinding();
context.setSymmetricKeyBinding(null);
} else {
skb = (SymmetricKeyBinding) keyBinding;
}
builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
BuilderResult skbResult = builder.process();
return skbResult;
} else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
builder = new DerivedKeyTokenBuilder(context, dtk);
BuilderResult dtkResult = builder.process();
return dtkResult;
} else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
BuilderResult itbResult = itb.process();
return itbResult;
} else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
BuilderResult sctResult = builder.process();
return sctResult;
} else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
SamlTokenBuilder stb =
new SamlTokenBuilder(
context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, true);
return stb.process();
} else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
KeyValueTokenBuilder builder =
new KeyValueTokenBuilder(
context, (AuthenticationTokenPolicy.KeyValueTokenBinding) keyBinding);
BuilderResult kvtResult = builder.process();
return kvtResult;
} else {
logger.log(
Level.SEVERE,
LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
}
}
public BuilderResult process() throws XWSSecurityException {
String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
// XMLCipher.RSA_v1dot5;
String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
EncryptionPolicy.FeatureBinding featureBinding =
(EncryptionPolicy.FeatureBinding) ep.getFeatureBinding();
String tmp = featureBinding.getDataEncryptionAlgorithm();
if (tmp == null || "".equals(tmp)) {
if (context.getAlgorithmSuite() != null) {
tmp = context.getAlgorithmSuite().getEncryptionAlgorithm();
} else {
// warn that data encryption algorithm not set
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, LogStringsMessages.WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET());
}
}
}
// TODO :: Change to getDataEncryptionAlgorith,
if (tmp != null && !"".equals(tmp)) {
dataEncAlgo = tmp;
}
if (context.getAlgorithmSuite() != null) {
keyEncAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
}
if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
throw new XWSSecurityException(
"UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
} else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
}
String x509TokenId = certificateBinding.getUUID();
if (x509TokenId == null || x509TokenId.equals("")) {
x509TokenId = context.generateID();
}
builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult xtbResult = builder.process();
KeyInfo ekKI =
(com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo();
tmp = null;
tmp = certificateBinding.getKeyAlgorithm();
if (tmp != null && !tmp.equals("")) {
keyEncAlgo = tmp;
}
dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
// ekRefList = true;
dkEncKey = certificateBinding.getX509Certificate().getPublicKey();
String ekId = context.generateID();
ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo, ekKI, dkEncKey, dataEncKey);
context.getSecurityHeader().add((SecurityHeaderElement) ek);
xtbResult.setKeyInfo(null);
DirectReference dr = elementFactory.createDirectReference();
dr.setURI("#" + ekId);
boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
if (wss11Sender) {
dr.setValueType(MessageConstants.EncryptedKey_NS);
}
SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr);
keyInfo = elementFactory.createKeyInfo(str);
xtbResult.setKeyInfo(keyInfo);
xtbResult.setEncryptedKey(ek);
xtbResult.setDataProtectionKey(dataEncKey);
xtbResult.setKeyProtectionKey(dkEncKey);
return xtbResult;
} else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
if (context.getKerberosTokenBinding() != null) {
krbBinding = context.getKerberosTokenBinding();
context.setKerberosTokenBinding(null);
} else {
krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
}
this.dataEncKey = krbBinding.getSecretKey();
builder = new KerberosTokenBuilder(context, krbBinding);
BuilderResult ktbResult = builder.process();
ktbResult.setDataProtectionKey(dataEncKey);
return ktbResult;
} else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
SymmetricKeyBinding skb = null;
if (context.getSymmetricKeyBinding() != null) {
skb = context.getSymmetricKeyBinding();
context.setSymmetricKeyBinding(null);
} else {
skb = (SymmetricKeyBinding) keyBinding;
}
builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
BuilderResult skbResult = builder.process();
this.dataEncKey = skbResult.getDataProtectionKey();
keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult.getKeyInfo();
return skbResult;
} else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
builder = new DerivedKeyTokenBuilder(context, dtk);
BuilderResult dtkResult = builder.process();
// dtkResult.setEncryptedKey(null);
return dtkResult;
} else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
BuilderResult sctResult = builder.process();
return sctResult;
} else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
BuilderResult itbResult = itb.process();
return itbResult;
} else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
SamlTokenBuilder stb =
new SamlTokenBuilder(
context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, false);
return stb.process();
} else {
logger.log(
Level.SEVERE,
LogStringsMessages.WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding));
throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
}
}