001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.keyinfo;
024:
025: import com.sun.xml.ws.security.opt.api.EncryptedKey;
026: import com.sun.xml.ws.security.opt.api.SecurityElement;
027: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
028: import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
029: import com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey;
030: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
031: import com.sun.xml.wss.XWSSecurityException;
032: import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
033: import com.sun.xml.wss.impl.MessageConstants;
034: import com.sun.xml.wss.impl.misc.Base64;
035: import com.sun.xml.wss.impl.misc.SecurityUtil;
036: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
037: import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
038: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
039: import java.security.Key;
040: import java.security.MessageDigest;
041:
042: import java.security.cert.X509Certificate;
043: import java.util.HashMap;
044: import java.util.logging.Level;
045: import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
046:
047: /**
048: *
049: * @author K.Venugopal@sun.com
050: */
051: public class SymmetricTokenBuilder extends TokenBuilder {
052:
053: private Key dataProtectionKey = null;
054: private Key keyProtectionKey = null;
055: private SymmetricKeyBinding binding = null;
056: private String dataProtectionAlg;
057: private String keyProtectionAlg;
058:
059: /** Creates a new instance of SymmetricTokenBuilder */
060: public SymmetricTokenBuilder(SymmetricKeyBinding binding,
061: JAXBFilterProcessingContext context, String dpAlgo,
062: String kpAlgo) {
063: super (context);
064: this .binding = binding;
065: this .dataProtectionAlg = dpAlgo;
066: this .keyProtectionAlg = kpAlgo;
067: }
068:
069: public BuilderResult process() throws XWSSecurityException {
070:
071: //TODO : Fix me
072: boolean wss11Receiver = "true".equals(context
073: .getExtraneousProperty("EnableWSS11PolicyReceiver"));
074: boolean wss11Sender = "true".equals(context
075: .getExtraneousProperty("EnableWSS11PolicySender"));
076: boolean sendEKSHA1 = wss11Receiver && wss11Sender;
077: boolean wss10 = !wss11Sender;
078: ((NamespaceContextEx) context.getNamespaceContext())
079: .addEncryptionNS();
080: if (sendEKSHA1) {
081: if (context
082: .getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE) == null) {
083: sendEKSHA1 = false;
084: }
085: }
086: BuilderResult stbResult = new BuilderResult();
087: if (!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
088:
089: if (keyProtectionAlg != null
090: && !"".equals(keyProtectionAlg)) {
091: dataProtectionKey = SecurityUtil
092: .generateSymmetricKey(dataProtectionAlg);
093: }
094:
095: keyProtectionKey = binding.getSecretKey();
096: if (dataProtectionKey == null) {
097: dataProtectionKey = keyProtectionKey;
098: keyProtectionKey = null;
099: buildKIWithKeyName(binding.getKeyIdentifier());
100: }
101: stbResult.setKeyInfo(super .keyInfo);
102: stbResult.setDataProtectionKey(dataProtectionKey);
103: } else if (sendEKSHA1) {
104: //get the signing key and EKSHA1 reference from the Subject, it was stored from the incoming message
105: String ekSha1Ref = (String) context
106: .getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
107: buildKeyInfoWithEKSHA1(ekSha1Ref);
108: dataProtectionKey = binding.getSecretKey();
109: stbResult.setKeyInfo(super .keyInfo);
110: stbResult.setDataProtectionKey(dataProtectionKey);
111: } else if (wss11Sender || wss10) {
112: dataProtectionKey = binding.getSecretKey();
113: //TODO :: REMOVE ONCE THE CHANGE IS MADE IN FITERS
114: AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
115: if (!binding.getCertAlias().equals(MessageConstants._EMPTY)) {
116: certificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
117: //x509Binding.newPrivateKeyBinding();
118: certificateBinding.setCertificateIdentifier(binding
119: .getCertAlias());
120: X509Certificate x509Cert = context
121: .getSecurityEnvironment().getCertificate(
122: context.getExtraneousProperties(),
123: certificateBinding
124: .getCertificateIdentifier(),
125: false);
126: certificateBinding.setX509Certificate(x509Cert);
127: certificateBinding.setReferenceType("Direct");
128: } else if (context.getX509CertificateBinding() != null) {
129: certificateBinding = context
130: .getX509CertificateBinding();
131: context.setX509CertificateBinding(null);
132: } else {
133: throw new XWSSecurityException(
134: "Internal Error: X509CertificateBinding not set on context");
135: }
136:
137: X509Certificate x509Cert = certificateBinding
138: .getX509Certificate();
139: String x509TokenId = certificateBinding.getUUID();
140: if (x509TokenId == null || x509TokenId.equals("")) {
141: x509TokenId = context.generateID();
142: }
143:
144: SecurityUtil.checkIncludeTokenPolicyOpt(context,
145: certificateBinding, x509TokenId);
146:
147: if (logger.isLoggable(Level.FINEST)) {
148: logger.log(Level.FINEST,
149: "Certificate for SymmetricBinding is: "
150: + x509Cert);
151: logger.log(Level.FINEST,
152: "BinaryToken ID for SymmetricBinding is: "
153: + x509TokenId);
154: }
155: BinarySecurityToken bst = null;
156: SecurityHeaderElement ek = null;
157:
158: HashMap ekCache = context.getEncryptedKeyCache();
159: String ekId = (String) ekCache.get(x509TokenId);
160:
161: keyProtectionKey = x509Cert.getPublicKey();
162: if (ekId == null) {
163:
164: TokenBuilder builder = new X509TokenBuilder(context,
165: certificateBinding);
166: BuilderResult result = builder.process();
167: KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) result
168: .getKeyInfo();
169: context.setExtraneousProperty("SecretKey",
170: dataProtectionKey);
171: ek = (SecurityHeaderElement) elementFactory
172: .createEncryptedKey(context.generateID(),
173: keyProtectionAlg, ekKI,
174: keyProtectionKey, dataProtectionKey);
175: context.getSecurityHeader().add(ek);
176: ekId = ek.getId();
177: ekCache.put(x509TokenId, ekId);
178: context.addToCurrentSecretMap(ekId, dataProtectionKey);
179: stbResult.setEncryptedKey((EncryptedKey) ek);
180: //store EKSHA1 of KeyValue contents in context
181: try {
182: byte[] cipherVal = ((JAXBEncryptedKey) ek)
183: .getCipherValue();
184: byte[] ekSha1 = MessageDigest.getInstance("SHA-1")
185: .digest(cipherVal);
186: String encEkSha1 = Base64.encode(ekSha1);
187: context.setExtraneousProperty("EncryptedKeySHA1",
188: encEkSha1);
189: } catch (java.security.NoSuchAlgorithmException nsa) {
190: throw new XWSSecurityException(nsa);
191: }
192: } else {
193: //skbX509TokenInserted = true;
194: //ekId = (String)ekCache.get(x509TokenId);
195: if (ekId == null || ekId.length() == 0) {
196: logger.log(Level.SEVERE, LogStringsMessages
197: .WSS_1804_WRONG_ENCRYPTED_KEY());
198: throw new XWSSecurityException(
199: "Invalid EncryptedKey Id ");
200: }
201: dataProtectionKey = context
202: .getCurrentSecretFromMap(ekId);
203: }
204: String valType = null;
205: if (wss11Sender) {
206: valType = MessageConstants.EncryptedKey_NS;
207: }
208: com.sun.xml.ws.security.opt.api.keyinfo.SecurityTokenReference str = buildSTR(
209: certificateBinding.getUUID(), buildDirectReference(
210: ekId, valType));
211: //str.setTokenType(MessageConstants.EncryptedKey_NS);
212: buildKeyInfo((SecurityTokenReference) str);
213: stbResult.setDataProtectionKey(dataProtectionKey);
214: stbResult.setKeyInfo(super .keyInfo);
215: stbResult.setEncryptedKey((EncryptedKey) ek);
216: }
217:
218: return stbResult;
219: }
220:
221: }
|