/** * @param context JAXBFilterProcessingContext * @return errorCode * @throws XWSSecurityException */ public static int sign(JAXBFilterProcessingContext context) throws XWSSecurityException { try { SignaturePolicy signaturePolicy = (SignaturePolicy) context.getSecurityPolicy(); ((NamespaceContextEx) context.getNamespaceContext()).addSignatureNS(); WSSPolicy keyBinding = (WSSPolicy) signaturePolicy.getKeyBinding(); if (logger.isLoggable(Level.FINEST)) { logger.log(Level.FINEST, "KeyBinding is " + keyBinding); } Key signingKey = null; SignatureElementFactory signFactory = new SignatureElementFactory(); KeyInfo keyInfo = null; SecurityHeader securityHeader = context.getSecurityHeader(); // Get the Signing key and KeyInfo from TokenProcessor TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context); BuilderResult builderResult = tokenProcessor.process(); signingKey = builderResult.getDataProtectionKey(); keyInfo = builderResult.getKeyInfo(); if (keyInfo != null || !keyBinding.isOptional()) { SignedInfo signedInfo = signFactory.constructSignedInfo(context); JAXBSignContext signContext = new JAXBSignContext(signingKey); signContext.setURIDereferencer(DSigResolver.getInstance()); XMLSignature signature = signFactory.constructSignature(signedInfo, keyInfo, signaturePolicy.getUUID()); signContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context); NamespaceAndPrefixMapper npMapper = new NamespaceAndPrefixMapper( context.getNamespaceContext(), context.getDisableIncPrefix()); signContext.put(NamespaceAndPrefixMapper.NS_PREFIX_MAPPER, npMapper); signContext.putNamespacePrefix(MessageConstants.DSIG_NS, MessageConstants.DSIG_PREFIX); signature.sign(signContext); JAXBSignatureHeaderElement jaxBSign = new JAXBSignatureHeaderElement( (com.sun.xml.ws.security.opt.crypto.dsig.Signature) signature, context.getSOAPVersion()); securityHeader.add(jaxBSign); // For SignatureConfirmation List scList = (ArrayList) context.getExtraneousProperty("SignatureConfirmation"); if (scList != null) { scList.add(Base64.encode(signature.getSignatureValue().getValue())); } } // End SignatureConfirmation specific code } catch (XWSSecurityException xe) { logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), xe); throw xe; } catch (Exception ex) { logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), ex); throw new XWSSecurityException(ex); } return 0; }
/** * process the keyBinding and populate BuilderResult with appropriate key and KeyInfo * * @return <CODE>BuilderResult</CODE> populated with appropriate values * @throws com.sun.xml.wss.XWSSecurityException */ public BuilderResult process() throws XWSSecurityException { String keyEncAlgo = XMLCipher.RSA_v1dot5; // <--Harcoding of Algo String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION; AlgorithmSuite algSuite = context.getAlgorithmSuite(); String tmp = null; if (algSuite != null) { tmp = algSuite.getAsymmetricKeyAlgorithm(); } if (tmp != null && !"".equals(tmp)) { keyEncAlgo = tmp; } if (algSuite != null) { tmp = algSuite.getEncryptionAlgorithm(); } if (tmp != null && !"".equals(tmp)) { dataEncAlgo = tmp; } if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) { logger.log(Level.SEVERE, LogStringsMessages.WSS_1702_UNSUPPORTED_USERNAMETOKEN_KEYBINDING()); throw new XWSSecurityException( "UsernameToken as KeyBinding for SignaturePolicy is Not Yet Supported"); } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) { AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null; if (context.getX509CertificateBinding() != null) { certificateBinding = context.getX509CertificateBinding(); context.setX509CertificateBinding(null); } else { certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding; } PrivateKeyBinding privKBinding = (PrivateKeyBinding) certificateBinding.getKeyBinding(); signingKey = privKBinding.getPrivateKey(); builder = new X509TokenBuilder(context, certificateBinding); BuilderResult xtbResult = builder.process(); xtbResult.setDataProtectionKey(signingKey); return xtbResult; } else if (PolicyTypeUtil.kerberosTokenBinding(keyBinding)) { AuthenticationTokenPolicy.KerberosTokenBinding krbBinding = null; if (context.getKerberosTokenBinding() != null) { krbBinding = context.getKerberosTokenBinding(); context.setKerberosTokenBinding(null); } else { krbBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) keyBinding; } signingKey = krbBinding.getSecretKey(); builder = new KerberosTokenBuilder(context, krbBinding); BuilderResult ktbResult = builder.process(); ktbResult.setDataProtectionKey(signingKey); return ktbResult; } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) { SymmetricKeyBinding skb = null; if (context.getSymmetricKeyBinding() != null) { skb = context.getSymmetricKeyBinding(); context.setSymmetricKeyBinding(null); } else { skb = (SymmetricKeyBinding) keyBinding; } builder = new SymmetricTokenBuilder(skb, context, dataEncAlgo, keyEncAlgo); BuilderResult skbResult = builder.process(); return skbResult; } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) { DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding; ((NamespaceContextEx) context.getNamespaceContext()).addSCNS(); builder = new DerivedKeyTokenBuilder(context, dtk); BuilderResult dtkResult = builder.process(); return dtkResult; } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) { IssuedTokenBuilder itb = new IssuedTokenBuilder(context, (IssuedTokenKeyBinding) keyBinding); BuilderResult itbResult = itb.process(); return itbResult; } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) { ((NamespaceContextEx) context.getNamespaceContext()).addSCNS(); SCTBuilder builder = new SCTBuilder(context, (SecureConversationTokenKeyBinding) keyBinding); BuilderResult sctResult = builder.process(); return sctResult; } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) { ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS(); SamlTokenBuilder stb = new SamlTokenBuilder( context, (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding, true); return stb.process(); } else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) { ((NamespaceContextEx) context.getNamespaceContext()).addSAMLNS(); KeyValueTokenBuilder builder = new KeyValueTokenBuilder( context, (AuthenticationTokenPolicy.KeyValueTokenBinding) keyBinding); BuilderResult kvtResult = builder.process(); return kvtResult; } else { logger.log( Level.SEVERE, LogStringsMessages.WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding)); throw new UnsupportedOperationException("Unsupported Key Binding" + keyBinding); } }