/**
* @param context JAXBFilterProcessingContext
* @return errorCode
* @throws XWSSecurityException
*/
public static int sign(JAXBFilterProcessingContext context) throws XWSSecurityException {
try {
SignaturePolicy signaturePolicy = (SignaturePolicy) context.getSecurityPolicy();
((NamespaceContextEx) context.getNamespaceContext()).addSignatureNS();
WSSPolicy keyBinding = (WSSPolicy) signaturePolicy.getKeyBinding();
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "KeyBinding is " + keyBinding);
}
Key signingKey = null;
SignatureElementFactory signFactory = new SignatureElementFactory();
KeyInfo keyInfo = null;
SecurityHeader securityHeader = context.getSecurityHeader();
// Get the Signing key and KeyInfo from TokenProcessor
TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context);
BuilderResult builderResult = tokenProcessor.process();
signingKey = builderResult.getDataProtectionKey();
keyInfo = builderResult.getKeyInfo();
if (keyInfo != null || !keyBinding.isOptional()) {
SignedInfo signedInfo = signFactory.constructSignedInfo(context);
JAXBSignContext signContext = new JAXBSignContext(signingKey);
signContext.setURIDereferencer(DSigResolver.getInstance());
XMLSignature signature =
signFactory.constructSignature(signedInfo, keyInfo, signaturePolicy.getUUID());
signContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context);
NamespaceAndPrefixMapper npMapper =
new NamespaceAndPrefixMapper(
context.getNamespaceContext(), context.getDisableIncPrefix());
signContext.put(NamespaceAndPrefixMapper.NS_PREFIX_MAPPER, npMapper);
signContext.putNamespacePrefix(MessageConstants.DSIG_NS, MessageConstants.DSIG_PREFIX);
signature.sign(signContext);
JAXBSignatureHeaderElement jaxBSign =
new JAXBSignatureHeaderElement(
(com.sun.xml.ws.security.opt.crypto.dsig.Signature) signature,
context.getSOAPVersion());
securityHeader.add(jaxBSign);
// For SignatureConfirmation
List scList = (ArrayList) context.getExtraneousProperty("SignatureConfirmation");
if (scList != null) {
scList.add(Base64.encode(signature.getSignatureValue().getValue()));
}
}
// End SignatureConfirmation specific code
} catch (XWSSecurityException xe) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), xe);
throw xe;
} catch (Exception ex) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), ex);
throw new XWSSecurityException(ex);
}
return 0;
}
/**
* process the keyBinding and populate BuilderResult with appropriate key and KeyInfo
*
* @return <CODE>BuilderResult</CODE> populated with appropriate values
* @throws com.sun.xml.wss.XWSSecurityException
*/
public BuilderResult process() throws XWSSecurityException {
String keyEncAlgo = XMLCipher.RSA_v1dot5; // <--Harcoding of Algo
String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
AlgorithmSuite algSuite = context.getAlgorithmSuite();
String tmp = null;
if (algSuite != null) {
tmp = algSuite.getAsymmetricKeyAlgorithm();
}
if (tmp != null && !"".equals(tmp)) {
keyEncAlgo = tmp;
}
if (algSuite != null) {
tmp = algSuite.getEncryptionAlgorithm();
}
if (tmp != null && !"".equals(tmp)) {
dataEncAlgo = tmp;
}
if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1702_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
throw new XWSSecurityException(
"UsernameToken as KeyBinding for SignaturePolicy is Not Yet Supported");
} else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
}
PrivateKeyBinding privKBinding = (PrivateKeyBinding) certificateBinding.getKeyBinding();
signingKey = privKBinding.getPrivateKey();
builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult xtbResult = builder.process();
xtbResult.setDataProtectionKey(signingKey);
return xtbResult;
} else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
if (context.getKerberosTokenBinding() != null) {
krbBinding = context.getKerberosTokenBinding();
context.setKerberosTokenBinding(null);
} else {
krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
}
signingKey = krbBinding.getSecretKey();
builder = new KerberosTokenBuilder(context, krbBinding);
BuilderResult ktbResult = builder.process();
ktbResult.setDataProtectionKey(signingKey);
return ktbResult;
} else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
SymmetricKeyBinding skb = null;
if (context.getSymmetricKeyBinding() != null) {
skb = context.getSymmetricKeyBinding();
context.setSymmetricKeyBinding(null);
} else {
skb = (SymmetricKeyBinding) keyBinding;
}
builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
BuilderResult skbResult = builder.process();
return skbResult;
} else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
builder = new DerivedKeyTokenBuilder(context, dtk);
BuilderResult dtkResult = builder.process();
return dtkResult;
} else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
BuilderResult itbResult = itb.process();
return itbResult;
} else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
BuilderResult sctResult = builder.process();
return sctResult;
} else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
SamlTokenBuilder stb =
new SamlTokenBuilder(
context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, true);
return stb.process();
} else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
KeyValueTokenBuilder builder =
new KeyValueTokenBuilder(
context, (AuthenticationTokenPolicy.KeyValueTokenBinding) keyBinding);
BuilderResult kvtResult = builder.process();
return kvtResult;
} else {
logger.log(
Level.SEVERE,
LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
}
}
public BuilderResult process() throws XWSSecurityException {
String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
// XMLCipher.RSA_v1dot5;
String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
EncryptionPolicy.FeatureBinding featureBinding =
(EncryptionPolicy.FeatureBinding) ep.getFeatureBinding();
String tmp = featureBinding.getDataEncryptionAlgorithm();
if (tmp == null || "".equals(tmp)) {
if (context.getAlgorithmSuite() != null) {
tmp = context.getAlgorithmSuite().getEncryptionAlgorithm();
} else {
// warn that data encryption algorithm not set
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, LogStringsMessages.WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET());
}
}
}
// TODO :: Change to getDataEncryptionAlgorith,
if (tmp != null && !"".equals(tmp)) {
dataEncAlgo = tmp;
}
if (context.getAlgorithmSuite() != null) {
keyEncAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
}
if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
throw new XWSSecurityException(
"UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
} else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
if (context.getX509CertificateBinding() != null) {
certificateBinding = context.getX509CertificateBinding();
context.setX509CertificateBinding(null);
} else {
certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
}
String x509TokenId = certificateBinding.getUUID();
if (x509TokenId == null || x509TokenId.equals("")) {
x509TokenId = context.generateID();
}
builder = new X509TokenBuilder(context, certificateBinding);
BuilderResult xtbResult = builder.process();
KeyInfo ekKI =
(com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo();
tmp = null;
tmp = certificateBinding.getKeyAlgorithm();
if (tmp != null && !tmp.equals("")) {
keyEncAlgo = tmp;
}
dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
// ekRefList = true;
dkEncKey = certificateBinding.getX509Certificate().getPublicKey();
String ekId = context.generateID();
ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo, ekKI, dkEncKey, dataEncKey);
context.getSecurityHeader().add((SecurityHeaderElement) ek);
xtbResult.setKeyInfo(null);
DirectReference dr = elementFactory.createDirectReference();
dr.setURI("#" + ekId);
boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
if (wss11Sender) {
dr.setValueType(MessageConstants.EncryptedKey_NS);
}
SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr);
keyInfo = elementFactory.createKeyInfo(str);
xtbResult.setKeyInfo(keyInfo);
xtbResult.setEncryptedKey(ek);
xtbResult.setDataProtectionKey(dataEncKey);
xtbResult.setKeyProtectionKey(dkEncKey);
return xtbResult;
} else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null;
if (context.getKerberosTokenBinding() != null) {
krbBinding = context.getKerberosTokenBinding();
context.setKerberosTokenBinding(null);
} else {
krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding;
}
this.dataEncKey = krbBinding.getSecretKey();
builder = new KerberosTokenBuilder(context, krbBinding);
BuilderResult ktbResult = builder.process();
ktbResult.setDataProtectionKey(dataEncKey);
return ktbResult;
} else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
SymmetricKeyBinding skb = null;
if (context.getSymmetricKeyBinding() != null) {
skb = context.getSymmetricKeyBinding();
context.setSymmetricKeyBinding(null);
} else {
skb = (SymmetricKeyBinding) keyBinding;
}
builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo);
BuilderResult skbResult = builder.process();
this.dataEncKey = skbResult.getDataProtectionKey();
keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult.getKeyInfo();
return skbResult;
} else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
builder = new DerivedKeyTokenBuilder(context, dtk);
BuilderResult dtkResult = builder.process();
// dtkResult.setEncryptedKey(null);
return dtkResult;
} else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSCNS();
SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding);
BuilderResult sctResult = builder.process();
return sctResult;
} else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding);
BuilderResult itbResult = itb.process();
return itbResult;
} else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS();
SamlTokenBuilder stb =
new SamlTokenBuilder(
context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, false);
return stb.process();
} else {
logger.log(
Level.SEVERE,
LogStringsMessages.WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding));
throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding);
}
}