/** * Generates a random secret key using the algorithm specified in the first DataReference URI * * @param dataRefURIs * @param doc * @param wsDocInfo * @return * @throws WSSecurityException */ private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo) throws WSSecurityException { try { String alg = "AES"; int size = 16; if (!dataRefURIs.isEmpty()) { String uri = dataRefURIs.iterator().next(); Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, uri); String algorithmURI = X509Util.getEncAlgo(ee); alg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI); size = WSSecurityUtil.getKeyLength(algorithmURI); } KeyGenerator kgen = KeyGenerator.getInstance(alg); kgen.init(size * 8); SecretKey k = kgen.generateKey(); return k.getEncoded(); } catch (Throwable ex) { // Fallback to just using AES to avoid attacks on EncryptedData algorithms try { KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128); SecretKey k = kgen.generateKey(); return k.getEncoded(); } catch (NoSuchAlgorithmException e) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e); } } }
/** Decrypt an EncryptedData element referenced by dataRefURI */ private WSDataRef decryptDataRef(Document doc, String dataRefURI, byte[] decryptedData) throws WSSecurityException { if (log.isDebugEnabled()) { log.debug("found data reference: " + dataRefURI); } // // Find the encrypted data element referenced by dataRefURI // Element encryptedDataElement = ReferenceListProcessor.findEncryptedDataElement(doc, dataRefURI); // // Prepare the SecretKey object to decrypt EncryptedData // String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement); SecretKey symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData); return ReferenceListProcessor.decryptEncryptedData( doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo); }