Пример #1
0
 /**
  * Generates a random secret key using the algorithm specified in the first DataReference URI
  *
  * @param dataRefURIs
  * @param doc
  * @param wsDocInfo
  * @return
  * @throws WSSecurityException
  */
 private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo)
     throws WSSecurityException {
   try {
     String alg = "AES";
     int size = 16;
     if (!dataRefURIs.isEmpty()) {
       String uri = dataRefURIs.iterator().next();
       Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, uri);
       String algorithmURI = X509Util.getEncAlgo(ee);
       alg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
       size = WSSecurityUtil.getKeyLength(algorithmURI);
     }
     KeyGenerator kgen = KeyGenerator.getInstance(alg);
     kgen.init(size * 8);
     SecretKey k = kgen.generateKey();
     return k.getEncoded();
   } catch (Throwable ex) {
     // Fallback to just using AES to avoid attacks on EncryptedData algorithms
     try {
       KeyGenerator kgen = KeyGenerator.getInstance("AES");
       kgen.init(128);
       SecretKey k = kgen.generateKey();
       return k.getEncoded();
     } catch (NoSuchAlgorithmException e) {
       throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e);
     }
   }
 }
Пример #2
0
  /** Decrypt an EncryptedData element referenced by dataRefURI */
  private WSDataRef decryptDataRef(Document doc, String dataRefURI, byte[] decryptedData)
      throws WSSecurityException {
    if (log.isDebugEnabled()) {
      log.debug("found data reference: " + dataRefURI);
    }
    //
    // Find the encrypted data element referenced by dataRefURI
    //
    Element encryptedDataElement = ReferenceListProcessor.findEncryptedDataElement(doc, dataRefURI);
    //
    // Prepare the SecretKey object to decrypt EncryptedData
    //
    String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
    SecretKey symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);

    return ReferenceListProcessor.decryptEncryptedData(
        doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo);
  }