001: /*
002: * EncryptionProcessor.java
003: *
004: * Created on August 1, 2006, 3:30 PM
005: *
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.ws.security.opt.impl.enc;
028:
029: import com.sun.xml.security.core.xenc.EncryptedKeyType;
030: import com.sun.xml.security.core.xenc.ReferenceList;
031: import com.sun.xml.security.core.xenc.ReferenceType;
032: import com.sun.xml.ws.security.opt.api.EncryptedKey;
033: import com.sun.xml.ws.security.opt.api.SecurityElement;
034: import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
035: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
036: import com.sun.xml.ws.security.opt.impl.util.WSSElementFactory;
037: import com.sun.xml.ws.security.opt.impl.message.ETHandler;
038: import com.sun.xml.wss.impl.AlgorithmSuite;
039: import com.sun.xml.wss.XWSSecurityException;
040: import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
041: import com.sun.xml.wss.impl.MessageConstants;
042: import com.sun.xml.wss.impl.PolicyTypeUtil;
043: import com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy;
044: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
045: import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
046: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
047: import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
048: import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
049: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
050: import com.sun.xml.wss.logging.LogDomainConstants;
051: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
052: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy.FeatureBinding;
053: import com.sun.xml.wss.logging.impl.opt.crypto.LogStringsMessages;
054: import java.security.Key;
055: import java.security.cert.X509Certificate;
056: import java.util.ArrayList;
057: import java.util.Iterator;
058: import java.util.List;
059: import java.util.logging.Level;
060: import java.util.logging.Logger;
061: import javax.xml.bind.JAXBElement;
062:
063: /*
064: * @author K.Venugopal@sun.com
065: */
066: public class EncryptionProcessor {
067: private static byte[] crlf = null;
068: private static final Logger logger = Logger.getLogger(
069: LogDomainConstants.IMPL_OPT_CRYPTO_DOMAIN,
070: LogDomainConstants.IMPL_OPT_CRYPTO_DOMAIN_BUNDLE);
071: static {
072: try {
073: crlf = "\r\n".getBytes("US-ASCII");
074: } catch (java.io.UnsupportedEncodingException ue) {
075: //log;
076: logger.log(Level.SEVERE, LogStringsMessages
077: .WSS_1917_CRLF_INIT_FAILED(), ue);
078: }
079: }
080:
081: /** Creates a new instance of EncryptionProcessor */
082: public EncryptionProcessor() {
083: }
084:
085: public void process(JAXBFilterProcessingContext context)
086: throws XWSSecurityException {
087: boolean ekRefList = false;
088: String referenceType = null;
089: String x509TokenId = null;
090: WSSElementFactory elementFactory = new WSSElementFactory(
091: context.getSOAPVersion());
092: X509Certificate _x509Cert = null;
093: KeyInfoStrategy keyInfoStrategy = null;
094: String symmetricKeyName = null;
095: AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
096: ((NamespaceContextEx) context.getNamespaceContext())
097: .addEncryptionNS();
098: ((NamespaceContextEx) context.getNamespaceContext())
099: .addSignatureNS();
100: ReferenceList dataRefList = null;
101: EncryptedKeyType ekt = null;
102: WSSPolicy wssPolicy = (WSSPolicy) context.getSecurityPolicy();
103: EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) wssPolicy
104: .getFeatureBinding();
105: WSSPolicy keyBinding = (WSSPolicy) wssPolicy.getKeyBinding();
106: EncryptedKey ek = null;
107: KeyInfo edKeyInfo = null;
108:
109: if (logger.isLoggable(Level.FINEST)) {
110: logger.log(Level.FINEST, LogStringsMessages
111: .WSS_1952_ENCRYPTION_KEYBINDING_VALUE(keyBinding));
112: }
113:
114: if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
115: DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding
116: .clone();
117: WSSPolicy originalKeyBinding = dtk.getOriginalKeyBinding();
118:
119: if (PolicyTypeUtil
120: .x509CertificateBinding(originalKeyBinding)) {
121: AuthenticationTokenPolicy.X509CertificateBinding ckBindingClone = (AuthenticationTokenPolicy.X509CertificateBinding) originalKeyBinding
122: .clone();
123: //create a symmetric key binding and set it as original key binding of dkt
124: SymmetricKeyBinding skb = new SymmetricKeyBinding();
125: skb.setKeyBinding(ckBindingClone);
126: // set the x509 binding as key binding of symmetric binding
127: dtk.setOriginalKeyBinding(skb);
128: //keyBinding = dtk;
129: EncryptionPolicy ep = (EncryptionPolicy) wssPolicy
130: .clone();
131: ep.setKeyBinding(dtk);
132: context.setSecurityPolicy(ep);
133: wssPolicy = ep;
134: }
135: }
136:
137: TokenProcessor tp = new TokenProcessor(
138: (EncryptionPolicy) wssPolicy, context);
139: BuilderResult tokenInfo = tp.process();
140: Key dataEncKey = null;
141: Key dkEncKey = null;
142: dataEncKey = tokenInfo.getDataProtectionKey();
143: ek = tokenInfo.getEncryptedKey();
144: ArrayList targets = featureBinding.getTargetBindings();
145: Iterator targetItr = targets.iterator();
146:
147: ETHandler edBuilder = new ETHandler(context.getSOAPVersion());
148: EncryptionPolicy.FeatureBinding binding = (FeatureBinding) wssPolicy
149: .getFeatureBinding();
150: dataRefList = new ReferenceList();
151:
152: if (ek == null || binding.getUseStandAloneRefList()) {
153: edKeyInfo = tokenInfo.getKeyInfo();
154: }
155:
156: boolean refAdded = false;
157: while (targetItr.hasNext()) {
158: EncryptionTarget target = (EncryptionTarget) targetItr
159: .next();
160: boolean contentOnly = target.getContentOnly();
161: //target.getDataEncryptionAlgorithm();
162: //target.getCipherReferenceTransforms();//TODO support this
163:
164: List edList = edBuilder.buildEDList(
165: (EncryptionPolicy) wssPolicy, target, context,
166: dataEncKey, edKeyInfo);
167: for (int i = 0; i < edList.size(); i++) {
168: JAXBElement<ReferenceType> rt = elementFactory
169: .createDataReference((SecurityElement) edList
170: .get(i));
171: dataRefList.getDataReferenceOrKeyReference().add(rt);
172:
173: refAdded = true;
174: }
175: }
176: if (refAdded) {
177: if (ek == null || (binding.getUseStandAloneRefList())) {
178: context.getSecurityHeader().add(
179: elementFactory
180: .createGSHeaderElement(dataRefList));
181: } else {
182: ek.setReferenceList(dataRefList);
183: }
184: }
185: }
186:
187: private void checkBSP5607(String elemName, String uri,
188: boolean contentOnly) throws XWSSecurityException {
189: // BSP: 5607
190: if (!contentOnly
191: && (MessageConstants.SOAP_1_1_NS.equalsIgnoreCase(uri) || MessageConstants.SOAP_1_2_NS
192: .equalsIgnoreCase(uri))
193: && ("Header".equalsIgnoreCase(elemName)
194: || "Envelope".equalsIgnoreCase(elemName) || "Body"
195: .equalsIgnoreCase(elemName))) {
196: logger.log(Level.SEVERE, LogStringsMessages
197: .WSS_1918_ILLEGAL_ENCRYPTION_TARGET(uri, elemName));
198: throw new XWSSecurityException("Encryption of SOAP "
199: + elemName + " is not allowed"); // BSP 5607
200: }
201: }
202: }
|