/** Creates a new instance of TokenProcessor */ public TokenProcessor(EncryptionPolicy ep, JAXBFilterProcessingContext context) { this.context = context; this.ep = ep; this.keyBinding = (WSSPolicy) ep.getKeyBinding(); this.elementFactory = new WSSElementFactory(context.getSOAPVersion()); }
public BuilderResult process() throws XWSSecurityException { String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256"; // XMLCipher.RSA_v1dot5; String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION; EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) ep.getFeatureBinding(); String tmp = featureBinding.getDataEncryptionAlgorithm(); if (tmp == null || "".equals(tmp)) { if (context.getAlgorithmSuite() != null) { tmp = context.getAlgorithmSuite().getEncryptionAlgorithm(); } else { // warn that data encryption algorithm not set if (logger.isLoggable(Level.FINEST)) { logger.log(Level.FINEST, LogStringsMessages.WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET()); } } } // TODO :: Change to getDataEncryptionAlgorith, if (tmp != null && !"".equals(tmp)) { dataEncAlgo = tmp; } if (context.getAlgorithmSuite() != null) { keyEncAlgo = context.getAlgorithmSuite().getAsymmetricKeyAlgorithm(); } if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) { logger.log(Level.SEVERE, LogStringsMessages.WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING()); throw new XWSSecurityException( "UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported"); } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) { AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null; if (context.getX509CertificateBinding() != null) { certificateBinding = context.getX509CertificateBinding(); context.setX509CertificateBinding(null); } else { certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding; } String x509TokenId = certificateBinding.getUUID(); if (x509TokenId == null || x509TokenId.equals("")) { x509TokenId = context.generateID(); } builder = new X509TokenBuilder(context, certificateBinding); BuilderResult xtbResult = builder.process(); KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult.getKeyInfo(); tmp = null; tmp = certificateBinding.getKeyAlgorithm(); if (tmp != null && !tmp.equals("")) { keyEncAlgo = tmp; } dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo); // ekRefList = true; dkEncKey = certificateBinding.getX509Certificate().getPublicKey(); String ekId = context.generateID(); ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo, ekKI, dkEncKey, dataEncKey); context.getSecurityHeader().add((SecurityHeaderElement) ek); xtbResult.setKeyInfo(null); DirectReference dr = elementFactory.createDirectReference(); dr.setURI("#" + ekId); boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender")); if (wss11Sender) { dr.setValueType(MessageConstants.EncryptedKey_NS); } SecurityTokenReference str = elementFactory.createSecurityTokenReference(dr); keyInfo = elementFactory.createKeyInfo(str); xtbResult.setKeyInfo(keyInfo); xtbResult.setEncryptedKey(ek); xtbResult.setDataProtectionKey(dataEncKey); xtbResult.setKeyProtectionKey(dkEncKey); return xtbResult; } else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) { AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null; if (context.getKerberosTokenBinding() != null) { krbBinding = context.getKerberosTokenBinding(); context.setKerberosTokenBinding(null); } else { krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding; } this.dataEncKey = krbBinding.getSecretKey(); builder = new KerberosTokenBuilder(context, krbBinding); BuilderResult ktbResult = builder.process(); ktbResult.setDataProtectionKey(dataEncKey); return ktbResult; } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) { SymmetricKeyBinding skb = null; if (context.getSymmetricKeyBinding() != null) { skb = context.getSymmetricKeyBinding(); context.setSymmetricKeyBinding(null); } else { skb = (SymmetricKeyBinding) keyBinding; } builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo); BuilderResult skbResult = builder.process(); this.dataEncKey = skbResult.getDataProtectionKey(); keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult.getKeyInfo(); return skbResult; } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) { DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding; ((NamespaceContextEx) context.getNamespaceContext()).addSCNS(); builder = new DerivedKeyTokenBuilder(context, dtk); BuilderResult dtkResult = builder.process(); // dtkResult.setEncryptedKey(null); return dtkResult; } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) { ((NamespaceContextEx) context.getNamespaceContext()).addSCNS(); SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding); BuilderResult sctResult = builder.process(); return sctResult; } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) { IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding); BuilderResult itbResult = itb.process(); return itbResult; } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) { ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS(); SamlTokenBuilder stb = new SamlTokenBuilder( context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, false); return stb.process(); } else { logger.log( Level.SEVERE, LogStringsMessages.WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding)); throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding); } }