Examples with P_SHA1 org.apache.wss4j.common.derivedKey.P_SHA1 used on opensource projects

Example 1 with P_SHA1

use of org.apache.wss4j.common.derivedKey.P_SHA1 in project cxf by apache.

the class AbstractSTSClient method createSecurityToken.

protected SecurityToken createSecurityToken(Element el, byte[] requestorEntropy) throws WSSecurityException, Base64DecodingException {
    if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
        el = DOMUtils.getFirstElement(el);
    }
    if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
        throw new Fault("Unexpected element " + el.getLocalName(), LOG);
    }
    el = DOMUtils.getFirstElement(el);
    Element rst = null;
    Element rar = null;
    Element rur = null;
    Element rpt = null;
    Element lte = null;
    Element entropy = null;
    String tt = null;
    String retKeySize = null;
    while (el != null) {
        String ln = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Lifetime".equals(ln)) {
                lte = el;
            } else if ("RequestedSecurityToken".equals(ln)) {
                rst = DOMUtils.getFirstElement(el);
            } else if ("RequestedAttachedReference".equals(ln)) {
                rar = DOMUtils.getFirstElement(el);
            } else if ("RequestedUnattachedReference".equals(ln)) {
                rur = DOMUtils.getFirstElement(el);
            } else if ("RequestedProofToken".equals(ln)) {
                rpt = el;
            } else if ("Entropy".equals(ln)) {
                entropy = el;
            } else if ("TokenType".equals(ln)) {
                tt = DOMUtils.getContent(el);
            } else if ("KeySize".equals(ln)) {
                retKeySize = DOMUtils.getContent(el);
            }
        }
        el = DOMUtils.getNextElement(el);
    }
    Element rstDec = rst;
    String id = findID(rar, rur, rstDec);
    if (StringUtils.isEmpty(id)) {
        LOG.fine("No ID extracted from token, so just making one up");
        id = WSSConfig.getNewInstance().getIdAllocator().createSecureId("_", null);
    }
    SecurityToken token = new SecurityToken(id, rstDec, lte);
    token.setAttachedReference(rar);
    token.setUnattachedReference(rur);
    token.setIssuerAddress(location);
    token.setTokenType(tt);
    byte[] secret = null;
    if (rpt != null) {
        Element child = DOMUtils.getFirstElement(rpt);
        QName childQname = DOMUtils.getElementQName(child);
        if (childQname.equals(new QName(namespace, "BinarySecret"))) {
            // First check for the binary secret
            String b64Secret = DOMUtils.getContent(child);
            secret = org.apache.xml.security.utils.XMLUtils.decode(b64Secret);
        } else if (childQname.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
            secret = decryptKey(child);
        } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
            // Handle the computed key
            Element computedKeyChild = entropy == null ? null : DOMUtils.getFirstElement(entropy);
            byte[] serviceEntr = null;
            if (computedKeyChild != null) {
                QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild);
                if (computedKeyChildQName.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
                    serviceEntr = decryptKey(computedKeyChild);
                } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) {
                    String content = DOMUtils.getContent(computedKeyChild);
                    serviceEntr = org.apache.xml.security.utils.XMLUtils.decode(content);
                }
            }
            if (serviceEntr != null) {
                // Right now we only use PSHA1 as the computed key algo
                P_SHA1 psha1 = new P_SHA1();
                int length = 0;
                if (retKeySize != null) {
                    try {
                        length = Integer.parseInt(retKeySize);
                    } catch (NumberFormatException ex) {
                    // do nothing
                    }
                } else {
                    length = keySize;
                }
                if (length <= 0) {
                    length = 256;
                }
                try {
                    secret = psha1.createKey(requestorEntropy, serviceEntr, 0, length / 8);
                } catch (WSSecurityException e) {
                    throw new TrustException("DERIVED_KEY_ERROR", e, LOG);
                }
            } else {
                // Service entropy missing
                throw new TrustException("NO_ENTROPY", LOG);
            }
        }
    } else if (requestorEntropy != null) {
        // Use requester entropy as the key
        secret = requestorEntropy;
    }
    token.setSecret(secret);
    return token;
}

Example 2 with P_SHA1

use of org.apache.wss4j.common.derivedKey.P_SHA1 in project cxf by apache.

the class SymmetricKeyHandler method createSymmetricKey.

/**
 * Create the Symmetric Key
 */
public void createSymmetricKey() {
    computedKey = false;
    boolean generateEntropy = true;
    if (clientEntropy != null) {
        BinarySecret binarySecret = clientEntropy.getBinarySecret();
        if (binarySecret != null && (STSConstants.SYMMETRIC_KEY_TYPE.equals(binarySecret.getBinarySecretType()) || binarySecret.getBinarySecretType() == null)) {
            secret = binarySecret.getBinarySecretValue();
            generateEntropy = false;
        } else if (clientEntropy.getDecryptedKey() != null) {
            secret = clientEntropy.getDecryptedKey();
            generateEntropy = false;
        }
    }
    if (generateEntropy) {
        try {
            entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
            secret = entropyBytes;
        } catch (WSSecurityException ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
        }
        if (clientEntropy != null && clientEntropy.getBinarySecret() != null) {
            byte[] nonce = clientEntropy.getBinarySecret().getBinarySecretValue();
            try {
                P_SHA1 psha1 = new P_SHA1();
                secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
                computedKey = true;
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
            }
        }
    }
}

Example 3 with P_SHA1

use of org.apache.wss4j.common.derivedKey.P_SHA1 in project cxf by apache.

the class SimpleBatchSTSClient method createSecurityToken.

protected SecurityToken createSecurityToken(Element el, byte[] requestorEntropy) throws WSSecurityException {
    if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
        el = DOMUtils.getFirstElement(el);
    }
    if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
        throw new Fault("Unexpected element " + el.getLocalName(), LOG);
    }
    el = DOMUtils.getFirstElement(el);
    Element rst = null;
    Element rar = null;
    Element rur = null;
    Element rpt = null;
    Element lte = null;
    Element entropy = null;
    String tt = null;
    while (el != null) {
        String ln = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Lifetime".equals(ln)) {
                lte = el;
            } else if ("RequestedSecurityToken".equals(ln)) {
                rst = DOMUtils.getFirstElement(el);
            } else if ("RequestedAttachedReference".equals(ln)) {
                rar = DOMUtils.getFirstElement(el);
            } else if ("RequestedUnattachedReference".equals(ln)) {
                rur = DOMUtils.getFirstElement(el);
            } else if ("RequestedProofToken".equals(ln)) {
                rpt = el;
            } else if ("Entropy".equals(ln)) {
                entropy = el;
            } else if ("TokenType".equals(ln)) {
                tt = DOMUtils.getContent(el);
            }
        }
        el = DOMUtils.getNextElement(el);
    }
    Element rstDec = rst;
    String id = findID(rar, rur, rstDec);
    if (StringUtils.isEmpty(id)) {
        throw new TrustException("NO_ID", LOG);
    }
    SecurityToken token = new SecurityToken(id, rstDec, lte);
    token.setAttachedReference(rar);
    token.setUnattachedReference(rur);
    token.setIssuerAddress(location);
    token.setTokenType(tt);
    byte[] secret = null;
    if (rpt != null) {
        Element child = DOMUtils.getFirstElement(rpt);
        QName childQname = DOMUtils.getElementQName(child);
        if (childQname.equals(new QName(namespace, "BinarySecret"))) {
            // First check for the binary secret
            String b64Secret = DOMUtils.getContent(child);
            secret = Base64.getMimeDecoder().decode(b64Secret);
        } else if (childQname.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
            secret = decryptKey(child);
        } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
            // Handle the computed key
            Element computedKeyChild = entropy == null ? null : DOMUtils.getFirstElement(entropy);
            byte[] serviceEntr = null;
            if (computedKeyChild != null) {
                QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild);
                if (computedKeyChildQName.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
                    serviceEntr = decryptKey(computedKeyChild);
                } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) {
                    String content = DOMUtils.getContent(computedKeyChild);
                    serviceEntr = Base64.getMimeDecoder().decode(content);
                }
            }
            if (serviceEntr != null) {
                // Right now we only use PSHA1 as the computed key algo
                P_SHA1 psha1 = new P_SHA1();
                int length = (keySize > 0) ? keySize : 256;
                if (algorithmSuite != null) {
                    AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
                    length = (keySize > 0) ? keySize : algType.getMaximumSymmetricKeyLength();
                }
                try {
                    secret = psha1.createKey(requestorEntropy, serviceEntr, 0, length / 8);
                } catch (WSSecurityException e) {
                    throw new TrustException("DERIVED_KEY_ERROR", e, LOG);
                }
            } else {
                // Service entropy missing
                throw new TrustException("NO_ENTROPY", LOG);
            }
        }
    } else if (requestorEntropy != null) {
        // Use requester entropy as the key
        secret = requestorEntropy;
    }
    token.setSecret(secret);
    return token;
}

Example 4 with P_SHA1

use of org.apache.wss4j.common.derivedKey.P_SHA1 in project cxf by apache.

the class STSInvoker method writeProofToken.

byte[] writeProofToken(String prefix, String namespace, W3CDOMStreamWriter writer, byte[] clientEntropy, int keySize) throws NoSuchAlgorithmException, WSSecurityException, XMLStreamException {
    final byte[] secret;
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(XMLUtils.encodeToString(secret));
        writer.writeEndElement();
    } else {
        byte[] entropy = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);
        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(XMLUtils.encodeToString(entropy));
        writer.writeEndElement();
    }
    writer.writeEndElement();
    return secret;
}