コード例 #1
0
  /**
   * @param context JAXBFilterProcessingContext
   * @return errorCode
   * @throws XWSSecurityException
   */
  public static int sign(JAXBFilterProcessingContext context) throws XWSSecurityException {
    try {
      SignaturePolicy signaturePolicy = (SignaturePolicy) context.getSecurityPolicy();
      ((NamespaceContextEx) context.getNamespaceContext()).addSignatureNS();
      WSSPolicy keyBinding = (WSSPolicy) signaturePolicy.getKeyBinding();
      if (logger.isLoggable(Level.FINEST)) {
        logger.log(Level.FINEST, "KeyBinding is " + keyBinding);
      }

      Key signingKey = null;

      SignatureElementFactory signFactory = new SignatureElementFactory();

      KeyInfo keyInfo = null;
      SecurityHeader securityHeader = context.getSecurityHeader();

      // Get the Signing key and KeyInfo from TokenProcessor
      TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context);
      BuilderResult builderResult = tokenProcessor.process();
      signingKey = builderResult.getDataProtectionKey();
      keyInfo = builderResult.getKeyInfo();

      if (keyInfo != null || !keyBinding.isOptional()) {
        SignedInfo signedInfo = signFactory.constructSignedInfo(context);
        JAXBSignContext signContext = new JAXBSignContext(signingKey);
        signContext.setURIDereferencer(DSigResolver.getInstance());
        XMLSignature signature =
            signFactory.constructSignature(signedInfo, keyInfo, signaturePolicy.getUUID());
        signContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context);
        NamespaceAndPrefixMapper npMapper =
            new NamespaceAndPrefixMapper(
                context.getNamespaceContext(), context.getDisableIncPrefix());
        signContext.put(NamespaceAndPrefixMapper.NS_PREFIX_MAPPER, npMapper);
        signContext.putNamespacePrefix(MessageConstants.DSIG_NS, MessageConstants.DSIG_PREFIX);
        signature.sign(signContext);

        JAXBSignatureHeaderElement jaxBSign =
            new JAXBSignatureHeaderElement(
                (com.sun.xml.ws.security.opt.crypto.dsig.Signature) signature,
                context.getSOAPVersion());
        securityHeader.add(jaxBSign);

        // For SignatureConfirmation
        List scList = (ArrayList) context.getExtraneousProperty("SignatureConfirmation");
        if (scList != null) {
          scList.add(Base64.encode(signature.getSignatureValue().getValue()));
        }
      }
      // End SignatureConfirmation specific code

    } catch (XWSSecurityException xe) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), xe);
      throw xe;
    } catch (Exception ex) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), ex);
      throw new XWSSecurityException(ex);
    }
    return 0;
  }
コード例 #2
0
  /**
   * process the keyBinding and populate BuilderResult with appropriate key and KeyInfo
   *
   * @return <CODE>BuilderResult</CODE> populated with appropriate values
   * @throws com.sun.xml.wss.XWSSecurityException
   */
  public BuilderResult process() throws XWSSecurityException {

    String keyEncAlgo = XMLCipher.RSA_v1dot5; // <--Harcoding of Algo
    String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;

    AlgorithmSuite algSuite = context.getAlgorithmSuite();
    String tmp = null;
    if (algSuite != null) {
      tmp = algSuite.getAsymmetricKeyAlgorithm();
    }
    if (tmp != null && !"".equals(tmp)) {
      keyEncAlgo = tmp;
    }
    if (algSuite != null) {
      tmp = algSuite.getEncryptionAlgorithm();
    }
    if (tmp != null && !"".equals(tmp)) {
      dataEncAlgo = tmp;
    }

    if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1702_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
      throw new XWSSecurityException(
          "UsernameToken as KeyBinding for SignaturePolicy is Not Yet Supported");
    } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
      AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
      if (context.getX509CertificateBinding() != null) {
        certificateBinding = context.getX509CertificateBinding();
        context.setX509CertificateBinding(null);
      } else {
        certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
      }

      PrivateKeyBinding privKBinding = (PrivateKeyBinding) certificateBinding.getKeyBinding();
      signingKey = privKBinding.getPrivateKey();

      builder = new X509TokenBuilder(context, certificateBinding);
      BuilderResult xtbResult = builder.process();

      xtbResult.setDataProtectionKey(signingKey);
      return xtbResult;
    } else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
      AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
      if (context.getKerberosTokenBinding() != null) {
        krbBinding = context.getKerberosTokenBinding();
        context.setKerberosTokenBinding(null);
      } else {
        krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
      }

      signingKey = krbBinding.getSecretKey();
      builder = new KerberosTokenBuilder(context, krbBinding);
      BuilderResult ktbResult = builder.process();
      ktbResult.setDataProtectionKey(signingKey);

      return ktbResult;
    } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
      SymmetricKeyBinding skb = null;
      if (context.getSymmetricKeyBinding() != null) {
        skb = context.getSymmetricKeyBinding();
        context.setSymmetricKeyBinding(null);
      } else {
        skb = (SymmetricKeyBinding) keyBinding;
      }

      builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
      BuilderResult skbResult = builder.process();
      return skbResult;
    } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
      DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
      ((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
      builder = new DerivedKeyTokenBuilder(context, dtk);
      BuilderResult dtkResult = builder.process();
      return dtkResult;
    } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
      IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
      BuilderResult itbResult = itb.process();
      return itbResult;
    } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
      ((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
      SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
      BuilderResult sctResult = builder.process();
      return sctResult;
    } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
      ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
      SamlTokenBuilder stb =
          new SamlTokenBuilder(
              context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, true);
      return stb.process();
    } else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
      ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
      KeyValueTokenBuilder builder =
          new KeyValueTokenBuilder(
              context, (AuthenticationTokenPolicy.KeyValueTokenBinding) keyBinding);
      BuilderResult kvtResult = builder.process();
      return kvtResult;
    } else {
      logger.log(
          Level.SEVERE,
          LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
      throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
    }
  }
コード例 #3
0
  public BuilderResult process() throws XWSSecurityException {

    String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
    // XMLCipher.RSA_v1dot5;
    String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
    EncryptionPolicy.FeatureBinding featureBinding =
        (EncryptionPolicy.FeatureBinding) ep.getFeatureBinding();
    String tmp = featureBinding.getDataEncryptionAlgorithm();
    if (tmp == null || "".equals(tmp)) {
      if (context.getAlgorithmSuite() != null) {
        tmp = context.getAlgorithmSuite().getEncryptionAlgorithm();
      } else {
        // warn that data encryption algorithm not set
        if (logger.isLoggable(Level.FINEST)) {
          logger.log(Level.FINEST, LogStringsMessages.WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET());
        }
      }
    }
    // TODO :: Change to getDataEncryptionAlgorith,
    if (tmp != null && !"".equals(tmp)) {
      dataEncAlgo = tmp;
    }

    if (context.getAlgorithmSuite() != null) {
      keyEncAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
    }
    if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
      throw new XWSSecurityException(
          "UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
    } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
      AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
      if (context.getX509CertificateBinding() != null) {
        certificateBinding = context.getX509CertificateBinding();
        context.setX509CertificateBinding(null);
      } else {
        certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
      }

      String x509TokenId = certificateBinding.getUUID();
      if (x509TokenId == null || x509TokenId.equals("")) {
        x509TokenId = context.generateID();
      }

      builder = new X509TokenBuilder(context, certificateBinding);
      BuilderResult xtbResult = builder.process();
      KeyInfo ekKI =
          (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo();

      tmp = null;
      tmp = certificateBinding.getKeyAlgorithm();
      if (tmp != null && !tmp.equals("")) {
        keyEncAlgo = tmp;
      }

      dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
      // ekRefList = true;
      dkEncKey = certificateBinding.getX509Certificate().getPublicKey();
      String ekId = context.generateID();
      ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo, ekKI, dkEncKey, dataEncKey);
      context.getSecurityHeader().add((SecurityHeaderElement) ek);
      xtbResult.setKeyInfo(null);

      DirectReference dr = elementFactory.createDirectReference();
      dr.setURI("#" + ekId);
      boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
      if (wss11Sender) {
        dr.setValueType(MessageConstants.EncryptedKey_NS);
      }
      SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr);
      keyInfo = elementFactory.createKeyInfo(str);

      xtbResult.setKeyInfo(keyInfo);
      xtbResult.setEncryptedKey(ek);
      xtbResult.setDataProtectionKey(dataEncKey);
      xtbResult.setKeyProtectionKey(dkEncKey);
      return xtbResult;

    } else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
      AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
      if (context.getKerberosTokenBinding() != null) {
        krbBinding = context.getKerberosTokenBinding();
        context.setKerberosTokenBinding(null);
      } else {
        krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
      }
      this.dataEncKey = krbBinding.getSecretKey();
      builder = new KerberosTokenBuilder(context, krbBinding);
      BuilderResult ktbResult = builder.process();
      ktbResult.setDataProtectionKey(dataEncKey);
      return ktbResult;

    } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
      SymmetricKeyBinding skb = null;
      if (context.getSymmetricKeyBinding() != null) {
        skb = context.getSymmetricKeyBinding();
        context.setSymmetricKeyBinding(null);
      } else {
        skb = (SymmetricKeyBinding) keyBinding;
      }
      builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
      BuilderResult skbResult = builder.process();
      this.dataEncKey = skbResult.getDataProtectionKey();
      keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult.getKeyInfo();
      return skbResult;

    } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
      DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
      ((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
      builder = new DerivedKeyTokenBuilder(context, dtk);
      BuilderResult dtkResult = builder.process();
      // dtkResult.setEncryptedKey(null);
      return dtkResult;
    } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
      ((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
      SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
      BuilderResult sctResult = builder.process();
      return sctResult;
    } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
      IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
      BuilderResult itbResult = itb.process();
      return itbResult;
    } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
      ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
      SamlTokenBuilder stb =
          new SamlTokenBuilder(
              context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, false);
      return stb.process();
    } else {
      logger.log(
          Level.SEVERE,
          LogStringsMessages.WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding));
      throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
    }
  }