001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.enc;
024:
025: import com.sun.xml.ws.security.opt.api.EncryptedKey;
026: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
027: import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
028: import com.sun.xml.ws.security.opt.api.keyinfo.TokenBuilder;
029: import com.sun.xml.ws.security.opt.impl.keyinfo.DerivedKeyTokenBuilder;
030: import com.sun.xml.ws.security.opt.impl.keyinfo.IssuedTokenBuilder;
031: import com.sun.xml.ws.security.opt.impl.keyinfo.SCTBuilder;
032: import com.sun.xml.ws.security.opt.impl.keyinfo.SamlTokenBuilder;
033: import com.sun.xml.ws.security.opt.impl.keyinfo.SecurityTokenReference;
034: import com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder;
035: import com.sun.xml.ws.security.opt.impl.keyinfo.X509TokenBuilder;
036: import com.sun.xml.ws.security.opt.impl.reference.DirectReference;
037: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
038: import com.sun.xml.ws.security.opt.impl.util.WSSElementFactory;
039: import com.sun.xml.wss.XWSSecurityException;
040: import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
041: import com.sun.xml.wss.impl.MessageConstants;
042: import com.sun.xml.wss.impl.PolicyTypeUtil;
043: import com.sun.xml.wss.impl.misc.SecurityUtil;
044: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
045: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
046: import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
047: import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
048: import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
049: import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
050: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
051: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
052: import com.sun.xml.wss.logging.LogDomainConstants;
053: import com.sun.xml.wss.logging.impl.opt.crypto.LogStringsMessages;
054: import java.security.Key;
055: import java.util.logging.Level;
056: import java.util.logging.Logger;
057:
058: /**
059: *
060: * @author K.Venugopal@sun.com
061: */
062:
063: public class TokenProcessor {
064: private static final Logger logger = Logger.getLogger(
065: LogDomainConstants.IMPL_OPT_CRYPTO_DOMAIN,
066: LogDomainConstants.IMPL_OPT_CRYPTO_DOMAIN_BUNDLE);
067:
068: private Key dataEncKey = null;
069: private Key dkEncKey = null;
070: private WSSElementFactory elementFactory = null;
071: private WSSPolicy keyBinding = null;
072: private JAXBFilterProcessingContext context = null;
073: private EncryptionPolicy ep = null;
074: private TokenBuilder builder = null;
075:
076: private EncryptedKey ek = null;
077: private KeyInfo keyInfo = null;
078:
079: /** Creates a new instance of TokenProcessor */
080: public TokenProcessor(EncryptionPolicy ep,
081: JAXBFilterProcessingContext context) {
082: this .context = context;
083: this .ep = ep;
084: this .keyBinding = (WSSPolicy) ep.getKeyBinding();
085: this .elementFactory = new WSSElementFactory(context
086: .getSOAPVersion());
087: }
088:
089: public Key getDataEncKey() {
090: return dataEncKey;
091: }
092:
093: public Key getKeyEncKey() {
094: return dkEncKey;
095: }
096:
097: public EncryptedKey getEncryptedKey() {
098: return ek;
099: }
100:
101: public KeyInfo getKeyInfo() {
102: return keyInfo;
103: }
104:
105: public BuilderResult process() throws XWSSecurityException {
106:
107: String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
108: //XMLCipher.RSA_v1dot5;
109: String dataEncAlgo = MessageConstants.TRIPLE_DES_BLOCK_ENCRYPTION;
110: EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) ep
111: .getFeatureBinding();
112: String tmp = featureBinding.getDataEncryptionAlgorithm();
113: if (tmp == null || "".equals(tmp)) {
114: if (context.getAlgorithmSuite() != null) {
115: tmp = context.getAlgorithmSuite()
116: .getEncryptionAlgorithm();
117: } else {
118: //warn that data encryption algorithm not set
119: if (logger.isLoggable(Level.FINEST)) {
120: logger
121: .log(
122: Level.FINEST,
123: LogStringsMessages
124: .WSS_1950_DATAENCRYPTION_ALGORITHM_NOTSET());
125: }
126: }
127: }
128: //TODO :: Change to getDataEncryptionAlgorith,
129: if (tmp != null && !"".equals(tmp)) {
130: dataEncAlgo = tmp;
131: }
132:
133: if (context.getAlgorithmSuite() != null) {
134: keyEncAlgo = context.getAlgorithmSuite()
135: .getAsymmetricKeyAlgorithm();
136: }
137: if (PolicyTypeUtil.usernameTokenPolicy(keyBinding)) {
138: logger.log(Level.SEVERE, LogStringsMessages
139: .WSS_1902_UNSUPPORTED_USERNAMETOKEN_KEYBINDING());
140: throw new XWSSecurityException(
141: "UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
142: } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
143: AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = null;
144: if (context.getX509CertificateBinding() != null) {
145: certificateBinding = context
146: .getX509CertificateBinding();
147: context.setX509CertificateBinding(null);
148: } else {
149: certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
150: }
151:
152: String x509TokenId = certificateBinding.getUUID();
153: if (x509TokenId == null || x509TokenId.equals("")) {
154: x509TokenId = context.generateID();
155: }
156:
157: builder = new X509TokenBuilder(context, certificateBinding);
158: BuilderResult xtbResult = builder.process();
159: KeyInfo ekKI = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) xtbResult
160: .getKeyInfo();
161:
162: tmp = null;
163: tmp = certificateBinding.getKeyAlgorithm();
164: if (tmp != null && !tmp.equals("")) {
165: keyEncAlgo = tmp;
166: }
167:
168: dataEncKey = SecurityUtil.generateSymmetricKey(dataEncAlgo);
169: //ekRefList = true;
170: dkEncKey = certificateBinding.getX509Certificate()
171: .getPublicKey();
172: String ekId = context.generateID();
173: ek = elementFactory.createEncryptedKey(ekId, keyEncAlgo,
174: ekKI, dkEncKey, dataEncKey);
175: context.getSecurityHeader().add((SecurityHeaderElement) ek);
176: xtbResult.setKeyInfo(null);
177:
178: DirectReference dr = elementFactory.createDirectReference();
179: dr.setURI("#" + ekId);
180: boolean wss11Sender = "true".equals(context
181: .getExtraneousProperty("EnableWSS11PolicySender"));
182: if (wss11Sender) {
183: dr.setValueType(MessageConstants.EncryptedKey_NS);
184: }
185: SecurityTokenReference str = elementFactory
186: .createSecurityTokenReference(dr);
187: keyInfo = elementFactory.createKeyInfo(str);
188:
189: xtbResult.setKeyInfo(keyInfo);
190: xtbResult.setEncryptedKey(ek);
191: xtbResult.setDataProtectionKey(dataEncKey);
192: xtbResult.setKeyProtectionKey(dkEncKey);
193: return xtbResult;
194:
195: } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
196: SymmetricKeyBinding skb = null;
197: if (context.getSymmetricKeyBinding() != null) {
198: skb = context.getSymmetricKeyBinding();
199: context.setSymmetricKeyBinding(null);
200: } else {
201: skb = (SymmetricKeyBinding) keyBinding;
202: }
203: builder = new SymmetricTokenBuilder(skb, context,
204: dataEncAlgo, keyEncAlgo);
205: BuilderResult skbResult = builder.process();
206: this .dataEncKey = skbResult.getDataProtectionKey();
207: keyInfo = (com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo) skbResult
208: .getKeyInfo();
209: return skbResult;
210:
211: } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
212: DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding) keyBinding;
213: ((NamespaceContextEx) context.getNamespaceContext())
214: .addSCNS();
215: builder = new DerivedKeyTokenBuilder(context, dtk);
216: BuilderResult dtkResult = builder.process();
217: //dtkResult.setEncryptedKey(null);
218: return dtkResult;
219: } else if (PolicyTypeUtil
220: .secureConversationTokenKeyBinding(keyBinding)) {
221: ((NamespaceContextEx) context.getNamespaceContext())
222: .addSCNS();
223: SCTBuilder builder = new SCTBuilder(context,
224: (SecureConversationTokenKeyBinding) keyBinding);
225: BuilderResult sctResult = builder.process();
226: return sctResult;
227: } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
228: IssuedTokenBuilder itb = new IssuedTokenBuilder(context,
229: (IssuedTokenKeyBinding) keyBinding);
230: BuilderResult itbResult = itb.process();
231: return itbResult;
232: } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
233: ((NamespaceContextEx) context.getNamespaceContext())
234: .addSAMLNS();
235: SamlTokenBuilder stb = new SamlTokenBuilder(
236: context,
237: (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding,
238: false);
239: return stb.process();
240: } else {
241: logger
242: .log(
243: Level.SEVERE,
244: LogStringsMessages
245: .WSS_1903_UNSUPPORTED_KEYBINDING_ENCRYPTIONPOLICY(keyBinding));
246: throw new UnsupportedOperationException(
247: "Unsupported Key Binding" + keyBinding);
248: }
249: }
250: }
|