Search in sources :

Example 1 with WSDerivedKeyTokenPrincipal

use of org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal in project cxf by apache.

the class AlgorithmSuitePolicyValidator method checkKeyLengths.

/**
 * Check the key lengths of the secret and public keys.
 */
private boolean checkKeyLengths(WSSecurityEngineResult result, AlgorithmSuite algorithmPolicy, AssertionInfo ai, boolean signature) {
    PublicKey publicKey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
    if (publicKey != null && !checkPublicKeyLength(publicKey, algorithmPolicy, ai)) {
        return false;
    }
    X509Certificate x509Cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
    if (x509Cert != null && !checkPublicKeyLength(x509Cert.getPublicKey(), algorithmPolicy, ai)) {
        return false;
    }
    AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
    byte[] secret = (byte[]) result.get(WSSecurityEngineResult.TAG_SECRET);
    if (signature) {
        Principal principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
        if (principal instanceof WSDerivedKeyTokenPrincipal) {
            int requiredLength = algorithmSuiteType.getSignatureDerivedKeyLength();
            if (secret == null || secret.length != (requiredLength / 8)) {
                ai.setNotAsserted("The signature derived key length does not match the requirement");
                return false;
            }
        } else if (secret != null && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8) || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
            ai.setNotAsserted("The symmetric key length does not match the requirement");
            return false;
        }
    } else if (secret != null && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8) || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
        ai.setNotAsserted("The symmetric key length does not match the requirement");
        return false;
    }
    return true;
}
Also used : AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509Certificate(java.security.cert.X509Certificate) WSDerivedKeyTokenPrincipal(org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal) Principal(java.security.Principal) WSDerivedKeyTokenPrincipal(org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal)

Aggregations

Principal (java.security.Principal)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 DSAPublicKey (java.security.interfaces.DSAPublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 WSDerivedKeyTokenPrincipal (org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal)1 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)1