Search in sources :

Example 6 with OutboundSecurityToken

use of org.apache.xml.security.stax.securityToken.OutboundSecurityToken in project santuario-java by apache.

the class XMLEncryptOutputProcessor method processEvent.

@Override
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
    if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
        XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
        // avoid double encryption when child elements matches too
        if (getActiveInternalEncryptionOutputProcessor() == null) {
            SecurePart securePart = securePartMatches(xmlSecStartElement, outputProcessorChain, XMLSecurityConstants.ENCRYPTION_PARTS);
            if (securePart != null) {
                LOG.debug("Matched encryptionPart for encryption");
                String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
                SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
                final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
                encryptionPartDef.setSecurePart(securePart);
                encryptionPartDef.setModifier(securePart.getModifier());
                encryptionPartDef.setEncRefId(IDGenerator.generateID(null));
                encryptionPartDef.setKeyId(securityTokenProvider.getId());
                encryptionPartDef.setSymmetricKey(securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
                outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
                AbstractInternalEncryptionOutputProcessor internalEncryptionOutputProcessor = createInternalEncryptionOutputProcessor(encryptionPartDef, xmlSecStartElement, outputProcessorChain.getDocumentContext().getEncoding(), (OutboundSecurityToken) securityToken.getKeyWrappingToken());
                internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                internalEncryptionOutputProcessor.setAction(getAction());
                internalEncryptionOutputProcessor.init(outputProcessorChain);
                setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
            }
        }
    }
    outputProcessorChain.processEvent(xmlSecEvent);
}
Also used : XMLSecStartElement(org.apache.xml.security.stax.ext.stax.XMLSecStartElement) EncryptionPartDef(org.apache.xml.security.stax.impl.EncryptionPartDef) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken)

Example 7 with OutboundSecurityToken

use of org.apache.xml.security.stax.securityToken.OutboundSecurityToken in project santuario-java by apache.

the class OutboundXMLSec method configureEncryptionKeys.

private void configureEncryptionKeys(final OutboundSecurityContextImpl outboundSecurityContext) throws XMLSecurityException {
    // Sort out transport keys / key wrapping keys first.
    Key transportKey = securityProperties.getEncryptionTransportKey();
    X509Certificate transportCert = securityProperties.getEncryptionUseThisCertificate();
    X509Certificate[] transportCerts = null;
    if (transportCert != null) {
        transportCerts = new X509Certificate[] { transportCert };
    }
    final OutboundSecurityToken transportSecurityToken = new GenericOutboundSecurityToken(IDGenerator.generateID(null), SecurityTokenConstants.DefaultToken, transportKey, transportCerts);
    // Now sort out the session key
    Key key = securityProperties.getEncryptionKey();
    if (key == null) {
        if (transportCert == null && transportKey == null) {
            throw new XMLSecurityException("stax.encryption.encryptionKeyMissing");
        }
        // If none is configured then generate one
        String keyAlgorithm = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(securityProperties.getEncryptionSymAlgorithm());
        KeyGenerator keyGen;
        try {
            keyGen = KeyGenerator.getInstance(keyAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new XMLSecurityException(e);
        }
        // whereas bouncy castle expects the block size of 128 or 192 bits
        if (keyAlgorithm.contains("AES")) {
            int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(securityProperties.getEncryptionSymAlgorithm());
            keyGen.init(keyLength);
        }
        key = keyGen.generateKey();
    }
    final String securityTokenid = IDGenerator.generateID(null);
    final GenericOutboundSecurityToken securityToken = new GenericOutboundSecurityToken(securityTokenid, SecurityTokenConstants.DefaultToken, key);
    securityToken.setKeyWrappingToken(transportSecurityToken);
    final SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<OutboundSecurityToken>() {

        @Override
        public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
            return securityToken;
        }

        @Override
        public String getId() {
            return securityTokenid;
        }
    };
    outboundSecurityContext.registerSecurityTokenProvider(securityTokenid, securityTokenProvider);
    outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, securityTokenid);
}
Also used : GenericOutboundSecurityToken(org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken) OutboundSecurityToken(org.apache.xml.security.stax.securityToken.OutboundSecurityToken) GenericOutboundSecurityToken(org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyGenerator(javax.crypto.KeyGenerator) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) SecurityTokenProvider(org.apache.xml.security.stax.securityToken.SecurityTokenProvider)

Aggregations

OutboundSecurityToken (org.apache.xml.security.stax.securityToken.OutboundSecurityToken)7 Key (java.security.Key)4 X509Certificate (java.security.cert.X509Certificate)4 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)4 GenericOutboundSecurityToken (org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken)4 SecurityTokenProvider (org.apache.xml.security.stax.securityToken.SecurityTokenProvider)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 XMLSecAttribute (org.apache.xml.security.stax.ext.stax.XMLSecAttribute)2 XMLSecStartElement (org.apache.xml.security.stax.ext.stax.XMLSecStartElement)2 SecurityTokenConstants (org.apache.xml.security.stax.securityToken.SecurityTokenConstants)2 NoSuchProviderException (java.security.NoSuchProviderException)1 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)1 ArrayList (java.util.ArrayList)1 Cipher (javax.crypto.Cipher)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 KeyGenerator (javax.crypto.KeyGenerator)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1