Example 1 with EncryptedKeyProcessor
use of org.apache.wss4j.dom.processor.EncryptedKeyProcessor in project cxf by apache.
the class RequestParser method parseEntropy.
/**
* Parse an Entropy object
* @param entropy an Entropy object
* @param stsProperties A STSPropertiesMBean object used to decrypt an EncryptedKey
*/
private static Entropy parseEntropy(EntropyType entropyType, STSPropertiesMBean stsProperties) throws STSException {
for (Object entropyObject : entropyType.getAny()) {
if (entropyObject instanceof JAXBElement<?>) {
JAXBElement<?> entropyObjectJaxb = (JAXBElement<?>) entropyObject;
if (QNameConstants.BINARY_SECRET.equals(entropyObjectJaxb.getName())) {
BinarySecretType binarySecretType = (BinarySecretType) entropyObjectJaxb.getValue();
LOG.fine("Found BinarySecret Entropy type");
Entropy entropy = new Entropy();
BinarySecret binarySecret = new BinarySecret();
binarySecret.setBinarySecretType(binarySecretType.getType());
binarySecret.setBinarySecretValue(binarySecretType.getValue());
entropy.setBinarySecret(binarySecret);
return entropy;
} else if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Unsupported Entropy type: " + entropyObjectJaxb.getName());
}
} else if (entropyObject instanceof Element && "EncryptedKey".equals(((Element) entropyObject).getLocalName())) {
EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
Element entropyElement = (Element) entropyObject;
RequestData requestData = new RequestData();
requestData.setDecCrypto(stsProperties.getSignatureCrypto());
requestData.setCallbackHandler(stsProperties.getCallbackHandler());
requestData.setWssConfig(WSSConfig.getNewInstance());
requestData.setWsDocInfo(new WSDocInfo(entropyElement.getOwnerDocument()));
try {
List<WSSecurityEngineResult> results = processor.handleToken(entropyElement, requestData);
Entropy entropy = new Entropy();
entropy.setDecryptedKey((byte[]) results.get(0).get(WSSecurityEngineResult.TAG_SECRET));
return entropy;
} catch (WSSecurityException e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
} else {
LOG.log(Level.WARNING, "An unknown element was received");
throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
}
}
return null;
}
Also used :
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
BinarySecretType(org.apache.cxf.ws.security.sts.provider.model.BinarySecretType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
JAXBElement(javax.xml.bind.JAXBElement)
EncryptedKeyProcessor(org.apache.wss4j.dom.processor.EncryptedKeyProcessor)
RequestData(org.apache.wss4j.dom.handler.RequestData)
List(java.util.List)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
Example 2 with EncryptedKeyProcessor
use of org.apache.wss4j.dom.processor.EncryptedKeyProcessor in project cxf by apache.
the class SimpleBatchSTSClient method decryptKey.
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE = XMLUtils.getDirectChildElement(child, "CipherData", WSS4JConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE = XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.getMimeDecoder().decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
return cipherValue;
}
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
data.setWsDocInfo(docInfo);
List<WSSecurityEngineResult> result = proc.handleToken(child, data);
return (byte[]) result.get(0).get(WSSecurityEngineResult.TAG_SECRET);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
}
}
Also used :
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
TrustException(org.apache.cxf.ws.security.trust.TrustException)
EncryptedKeyProcessor(org.apache.wss4j.dom.processor.EncryptedKeyProcessor)
RequestData(org.apache.wss4j.dom.handler.RequestData)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 3 with EncryptedKeyProcessor
use of org.apache.wss4j.dom.processor.EncryptedKeyProcessor in project cxf by apache.
the class AbstractSTSClient method decryptKey.
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException, Base64DecodingException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE = XMLUtils.getDirectChildElement(child, "CipherData", WSS4JConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE = XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.getMimeDecoder().decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
return cipherValue;
}
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
data.setWsDocInfo(docInfo);
List<WSSecurityEngineResult> result = proc.handleToken(child, data);
return (byte[]) result.get(0).get(WSSecurityEngineResult.TAG_SECRET);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
}
}
Also used :
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
EncryptedKeyProcessor(org.apache.wss4j.dom.processor.EncryptedKeyProcessor)
RequestData(org.apache.wss4j.dom.handler.RequestData)
ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3
WSDocInfo (org.apache.wss4j.dom.WSDocInfo)3
RequestData (org.apache.wss4j.dom.handler.RequestData)3
EncryptedKeyProcessor (org.apache.wss4j.dom.processor.EncryptedKeyProcessor)3
Element (org.w3c.dom.Element)3
IOException (java.io.IOException)2
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2
ArrayList (java.util.ArrayList)1
List (java.util.List)1
ExtensibilityElement (javax.wsdl.extensions.ExtensibilityElement)1
JAXBElement (javax.xml.bind.JAXBElement)1
STSException (org.apache.cxf.ws.security.sts.provider.STSException)1
BinarySecretType (org.apache.cxf.ws.security.sts.provider.model.BinarySecretType)1
TrustException (org.apache.cxf.ws.security.trust.TrustException)1
NodeList (org.w3c.dom.NodeList)1
