Examples with OutboundSecurityToken org.apache.xml.security.stax.securityToken.OutboundSecurityToken used on opensource projects

Example 6 with OutboundSecurityToken

use of org.apache.xml.security.stax.securityToken.OutboundSecurityToken in project santuario-java by apache.

the class XMLEncryptOutputProcessor method processEvent.

@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
    if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
        XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
        // avoid double encryption when child elements matches too
        if (getActiveInternalEncryptionOutputProcessor() == null) {
            SecurePart securePart = securePartMatches(xmlSecStartElement, outputProcessorChain, XMLSecurityConstants.ENCRYPTION_PARTS);
            if (securePart != null) {
                LOG.debug("Matched encryptionPart for encryption");
                String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
                SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
                final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
                encryptionPartDef.setSecurePart(securePart);
                encryptionPartDef.setModifier(securePart.getModifier());
                encryptionPartDef.setEncRefId(IDGenerator.generateID(null));
                encryptionPartDef.setKeyId(securityTokenProvider.getId());
                encryptionPartDef.setSymmetricKey(securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
                outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
                AbstractInternalEncryptionOutputProcessor internalEncryptionOutputProcessor = createInternalEncryptionOutputProcessor(encryptionPartDef, xmlSecStartElement, outputProcessorChain.getDocumentContext().getEncoding(), (OutboundSecurityToken) securityToken.getKeyWrappingToken());
                internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                internalEncryptionOutputProcessor.setAction(getAction());
                internalEncryptionOutputProcessor.init(outputProcessorChain);
                setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
            }
        }
    }
    outputProcessorChain.processEvent(xmlSecEvent);
}

Example 7 with OutboundSecurityToken

use of org.apache.xml.security.stax.securityToken.OutboundSecurityToken in project santuario-java by apache.

the class OutboundXMLSec method configureEncryptionKeys.

private void configureEncryptionKeys(final OutboundSecurityContextImpl outboundSecurityContext) throws XMLSecurityException {
    // Sort out transport keys / key wrapping keys first.
    Key transportKey = securityProperties.getEncryptionTransportKey();
    X509Certificate transportCert = securityProperties.getEncryptionUseThisCertificate();
    X509Certificate[] transportCerts = null;
    if (transportCert != null) {
        transportCerts = new X509Certificate[] { transportCert };
    }
    final OutboundSecurityToken transportSecurityToken = new GenericOutboundSecurityToken(IDGenerator.generateID(null), SecurityTokenConstants.DefaultToken, transportKey, transportCerts);
    // Now sort out the session key
    Key key = securityProperties.getEncryptionKey();
    if (key == null) {
        if (transportCert == null && transportKey == null) {
            throw new XMLSecurityException("stax.encryption.encryptionKeyMissing");
        }
        // If none is configured then generate one
        String keyAlgorithm = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(securityProperties.getEncryptionSymAlgorithm());
        KeyGenerator keyGen;
        try {
            keyGen = KeyGenerator.getInstance(keyAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new XMLSecurityException(e);
        }
        // whereas bouncy castle expects the block size of 128 or 192 bits
        if (keyAlgorithm.contains("AES")) {
            int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(securityProperties.getEncryptionSymAlgorithm());
            keyGen.init(keyLength);
        }
        key = keyGen.generateKey();
    }
    final String securityTokenid = IDGenerator.generateID(null);
    final GenericOutboundSecurityToken securityToken = new GenericOutboundSecurityToken(securityTokenid, SecurityTokenConstants.DefaultToken, key);
    securityToken.setKeyWrappingToken(transportSecurityToken);
    final SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<OutboundSecurityToken>() {

        @Override
        public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
            return securityToken;
        }

        @Override
        public String getId() {
            return securityTokenid;
        }
    };
    outboundSecurityContext.registerSecurityTokenProvider(securityTokenid, securityTokenProvider);
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, securityTokenid);
}