/**
* Generates a random secret key using the algorithm specified in the first DataReference URI
*
* @param dataRefURIs
* @param doc
* @param wsDocInfo
* @return
* @throws WSSecurityException
*/
private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo)
throws WSSecurityException {
try {
String alg = "AES";
int size = 16;
if (!dataRefURIs.isEmpty()) {
String uri = dataRefURIs.iterator().next();
Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, uri);
String algorithmURI = X509Util.getEncAlgo(ee);
alg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
size = WSSecurityUtil.getKeyLength(algorithmURI);
}
KeyGenerator kgen = KeyGenerator.getInstance(alg);
kgen.init(size * 8);
SecretKey k = kgen.generateKey();
return k.getEncoded();
} catch (Throwable ex) {
// Fallback to just using AES to avoid attacks on EncryptedData algorithms
try {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
SecretKey k = kgen.generateKey();
return k.getEncoded();
} catch (NoSuchAlgorithmException e) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e);
}
}
}
/** Decrypt an EncryptedData element referenced by dataRefURI */
private WSDataRef decryptDataRef(Document doc, String dataRefURI, byte[] decryptedData)
throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("found data reference: " + dataRefURI);
}
//
// Find the encrypted data element referenced by dataRefURI
//
Element encryptedDataElement = ReferenceListProcessor.findEncryptedDataElement(doc, dataRefURI);
//
// Prepare the SecretKey object to decrypt EncryptedData
//
String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
SecretKey symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
return ReferenceListProcessor.decryptEncryptedData(
doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo);
}