Examples with WSSecDKEncrypt org.apache.wss4j.dom.message.WSSecDKEncrypt used on opensource projects

Search in sources :

Example 1 with WSSecDKEncrypt

use of org.apache.wss4j.dom.message.WSSecDKEncrypt in project cxf by apache.

the class AsymmetricBindingHandler method doEncryptionDerived.

private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, AbstractToken encrToken, List<WSEncryptionPart> encrParts, AlgorithmSuite algorithmSuite) {
    try {
        WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
        dkEncr.setEncryptionSerializer(new StaxSerializer());
        dkEncr.setIdAllocator(wssConfig.getIdAllocator());
        dkEncr.setCallbackLookup(callbackLookup);
        dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
        dkEncr.setExpandXopInclude(isExpandXopInclude());
        dkEncr.setWsDocInfo(wsDocInfo);
        if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
            dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
        }
        if (encrKey == null) {
            setupEncryptedKey(recToken, encrToken);
        }
        dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
        dkEncr.getParts().addAll(encrParts);
        dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE);
        AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
        dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
        dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
        dkEncr.prepare();
        addDerivedKeyElement(dkEncr.getdktElement());
        Element refList = dkEncr.encryptForExternalRef(null, encrParts);
        if (refList != null) {
            insertBeforeBottomUp(refList);
        }
        return dkEncr;
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        unassertPolicy(recToken, e);
    }
    return null;
}
Also used : StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) Element(org.w3c.dom.Element) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler) WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 2 with WSSecDKEncrypt

use of org.apache.wss4j.dom.message.WSSecDKEncrypt in project cxf by apache.

the class AsymmetricBindingHandler method encryptTokensInSecurityHeader.

private void encryptTokensInSecurityHeader(AbstractToken encryptionToken, WSSecBase encrBase) {
    List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
    // Check for signature protection
    if (abinding.isEncryptSignature()) {
        assertPolicy(new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        // Now encrypt the signature using the above token
        if (mainSigId != null) {
            WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
            sigPart.setElement(bottomUpElement);
            secondEncrParts.add(sigPart);
        }
        if (sigConfList != null && !sigConfList.isEmpty()) {
            secondEncrParts.addAll(sigConfList);
        }
    }
    // Add any SupportingTokens that need to be encrypted
    if (isRequestor()) {
        secondEncrParts.addAll(encryptedTokensList);
    }
    if (secondEncrParts.isEmpty()) {
        return;
    }
    // Perform encryption
    if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && encrBase instanceof WSSecDKEncrypt) {
        try {
            Element secondRefList = ((WSSecDKEncrypt) encrBase).encryptForExternalRef(null, secondEncrParts);
            if (secondRefList != null) {
                ((WSSecDKEncrypt) encrBase).addExternalRefElement(secondRefList);
            }
        } catch (WSSecurityException ex) {
            LOG.log(Level.FINE, ex.getMessage(), ex);
            throw new Fault(ex);
        }
    } else if (encrBase instanceof WSSecEncrypt) {
        try {
            // Encrypt, get hold of the ref list and add it
            Element secondRefList = saaj.getSOAPPart().createElementNS(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_PREFIX + ":ReferenceList");
            if (lastEncryptedKeyElement != null) {
                insertAfter(secondRefList, lastEncryptedKeyElement);
            } else {
                this.insertBeforeBottomUp(secondRefList);
            }
            ((WSSecEncrypt) encrBase).encryptForRef(secondRefList, secondEncrParts);
        } catch (WSSecurityException ex) {
            LOG.log(Level.FINE, ex.getMessage(), ex);
            throw new Fault(ex);
        }
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Fault(org.apache.cxf.interceptor.Fault) WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt)

Example 3 with WSSecDKEncrypt

use of org.apache.wss4j.dom.message.WSSecDKEncrypt in project cxf by apache.

the class SymmetricBindingHandler method doEncryptionDerived.

private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, SecurityToken encrTok, AbstractToken encrToken, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) {
    try {
        WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
        dkEncr.setEncryptionSerializer(new StaxSerializer());
        dkEncr.setIdAllocator(wssConfig.getIdAllocator());
        dkEncr.setCallbackLookup(callbackLookup);
        dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
        dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
        dkEncr.setExpandXopInclude(isExpandXopInclude());
        dkEncr.setWsDocInfo(wsDocInfo);
        if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
            dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
        }
        if (attached && encrTok.getAttachedReference() != null) {
            dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getAttachedReference()));
        } else if (encrTok.getUnattachedReference() != null) {
            dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference()));
        } else if (!isRequestor() && encrTok.getSHA1() != null) {
            // If the Encrypted key used to create the derived key is not
            // attached use key identifier as defined in WSS1.1 section
            // 7.7 Encrypted Key reference
            SecurityTokenReference tokenRef = new SecurityTokenReference(saaj.getSOAPPart());
            String tokenType = encrTok.getTokenType();
            if (encrToken instanceof KerberosToken) {
                tokenRef.setKeyIdentifier(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE, encrTok.getSHA1(), true);
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_GSS_KRB_V5_AP_REQ;
                }
            } else {
                tokenRef.setKeyIdentifierEncKeySHA1(encrTok.getSHA1());
                if (tokenType == null) {
                    tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
                }
            }
            tokenRef.addTokenType(tokenType);
            dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
        } else {
            if (attached) {
                String id = encrTok.getWsuId();
                if (id == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
                    dkEncr.setTokenIdDirectId(true);
                    id = encrTok.getId();
                } else if (id == null) {
                    id = encrTok.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
                dkEncr.setExternalKey(encrTok.getSecret(), id);
            } else {
                dkEncr.setTokenIdDirectId(true);
                dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
            }
        }
        if (encrTok.getSHA1() != null) {
            String tokenType = encrTok.getTokenType();
            if (tokenType == null) {
                tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
            }
            dkEncr.setCustomValueType(tokenType);
        } else {
            String tokenType = encrTok.getTokenType();
            if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
            } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
                dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
            } else if (encrToken instanceof UsernameToken) {
                dkEncr.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
            } else {
                dkEncr.setCustomValueType(tokenType);
            }
        }
        AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
        dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
        dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
        dkEncr.prepare();
        Element encrDKTokenElem = null;
        encrDKTokenElem = dkEncr.getdktElement();
        addDerivedKeyElement(encrDKTokenElem);
        Element refList = dkEncr.encryptForExternalRef(null, encrParts);
        List<Element> attachments = dkEncr.getAttachmentEncryptedDataElements();
        addAttachmentsForEncryption(atEnd, refList, attachments);
        return dkEncr;
    } catch (Exception e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        unassertPolicy(recToken, e);
    }
    return null;
}
Also used : AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SOAPException(javax.xml.soap.SOAPException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer) SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)

Aggregations

WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3 WSSecDKEncrypt (org.apache.wss4j.dom.message.WSSecDKEncrypt)3 Element (org.w3c.dom.Element)3 SOAPException (javax.xml.soap.SOAPException)2 AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)2 StaxSerializer (org.apache.cxf.ws.security.wss4j.StaxSerializer)2 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)2 ArrayList (java.util.ArrayList)1 QName (javax.xml.namespace.QName)1 Fault (org.apache.cxf.interceptor.Fault)1 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)1 SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)1 WSSecEncrypt (org.apache.wss4j.dom.message.WSSecEncrypt)1 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)1 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)1 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)1 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)1 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial