private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken)
      throws WSSecurityException {
    WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
    String id = encrKey.getId();
    byte[] secret = encrKey.getEphemeralKey();

    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + 300000);
    SecurityToken tempTok =
        new SecurityToken(id, encrKey.getEncryptedKeyElement(), created, expires);

    tempTok.setSecret(secret);

    // Set the SHA1 value of the encrypted key, this is used when the encrypted
    // key is referenced via a key identifier of type EncryptedKeySHA1
    tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));

    tokenStore.add(tempTok);

    String bstTokenId = encrKey.getBSTTokenId();
    // If direct ref is used to refer to the cert
    // then add the cert to the sec header now
    if (bstTokenId != null && bstTokenId.length() > 0) {
      encrKey.prependBSTElementToHeader(secHeader);
    }
    return id;
  }
Esempio n. 2
0
  /**
   * Test that first signs, then encrypts a WS-Security envelope.
   *
   * <p>
   *
   * @throws Exception Thrown when there is any problem in signing, encryption, decryption, or
   *     verification
   */
  public void testEncryptedKeySignature() throws Exception {

    SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
    LOG.info("Before Sign/Encryption....");
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
    encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
    encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    encrKey.setKeySize(192);
    encrKey.prepare(doc, crypto);

    WSSecEncrypt encrypt = new WSSecEncrypt();
    encrypt.setEncKeyId(encrKey.getId());
    encrypt.setEphemeralKey(encrKey.getEphemeralKey());
    encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
    encrypt.setEncryptSymmKey(false);
    encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement());

    WSSecSignature sign = new WSSecSignature();
    sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
    sign.setCustomTokenId(encrKey.getId());
    sign.setSecretKey(encrKey.getEphemeralKey());
    sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);

    Document signedDoc = sign.build(doc, crypto, secHeader);
    Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);

    if (LOG.isDebugEnabled()) {
      LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:");
      String outputString =
          org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
      LOG.debug(outputString);
    }

    LOG.info("After Sign/Encryption....");
    verify(encryptedSignedDoc);
  }