use of org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal in project cxf by apache.
the class AlgorithmSuitePolicyValidator method checkKeyLengths.
/**
* Check the key lengths of the secret and public keys.
*/
private boolean checkKeyLengths(WSSecurityEngineResult result, AlgorithmSuite algorithmPolicy, AssertionInfo ai, boolean signature) {
PublicKey publicKey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (publicKey != null && !checkPublicKeyLength(publicKey, algorithmPolicy, ai)) {
return false;
}
X509Certificate x509Cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (x509Cert != null && !checkPublicKeyLength(x509Cert.getPublicKey(), algorithmPolicy, ai)) {
return false;
}
AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
byte[] secret = (byte[]) result.get(WSSecurityEngineResult.TAG_SECRET);
if (signature) {
Principal principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principal instanceof WSDerivedKeyTokenPrincipal) {
int requiredLength = algorithmSuiteType.getSignatureDerivedKeyLength();
if (secret == null || secret.length != (requiredLength / 8)) {
ai.setNotAsserted("The signature derived key length does not match the requirement");
return false;
}
} else if (secret != null && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8) || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
ai.setNotAsserted("The symmetric key length does not match the requirement");
return false;
}
} else if (secret != null && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8) || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
ai.setNotAsserted("The symmetric key length does not match the requirement");
return false;
}
return true;
}
Aggregations