Source Code Cross Referenced for DerivedKeyTokenBuilder.java in  » 6.0-JDK-Modules-com.sun » xws-security » com » sun » xml » ws » security » opt » impl » keyinfo » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         * The contents of this file are subject to the terms
003:         * of the Common Development and Distribution License
004:         * (the License).  You may not use this file except in
005:         * compliance with the License.
006:         *
007:         * You can obtain a copy of the license at
008:         * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009:         * See the License for the specific language governing
010:         * permissions and limitations under the License.
011:         *
012:         * When distributing Covered Code, include this CDDL
013:         * Header Notice in each file and include the License file
014:         * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015:         * If applicable, add the following below the CDDL Header,
016:         * with the fields enclosed by brackets [] replaced by
017:         * you own identifying information:
018:         * "Portions Copyrighted [year] [name of copyright owner]"
019:         *
020:         * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021:         */
022:
023:        package com.sun.xml.ws.security.opt.impl.keyinfo;
024:
025:        import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
026:        import com.sun.xml.ws.security.opt.api.reference.DirectReference;
027:        import com.sun.xml.ws.security.DerivedKeyToken;
028:        import com.sun.xml.ws.security.impl.DerivedKeyTokenImpl;
029:        import com.sun.xml.ws.security.secext10.SecurityTokenReferenceType;
030:        import com.sun.xml.wss.impl.AlgorithmSuite;
031:        import com.sun.xml.wss.XWSSecurityException;
032:        import com.sun.xml.wss.impl.PolicyTypeUtil;
033:        import com.sun.xml.wss.impl.misc.SecurityUtil;
034:        import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
035:        import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
036:        import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
037:        import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
038:        import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
039:        import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
040:        import java.security.Key;
041:        import java.util.logging.Level;
042:        import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
043:
044:        import javax.xml.bind.JAXBElement;
045:
046:        /**
047:         *
048:         * @author K.Venugopal@sun.com
049:         */
050:        public class DerivedKeyTokenBuilder extends TokenBuilder {
051:
052:            private DerivedTokenKeyBinding dtk = null;
053:
054:            /** Creates a new instance of DerivedKeyTokenBuilder */
055:            public DerivedKeyTokenBuilder(JAXBFilterProcessingContext context,
056:                    DerivedTokenKeyBinding dtk) {
057:                super (context);
058:                this .dtk = dtk;
059:            }
060:
061:            public BuilderResult process() throws XWSSecurityException {
062:
063:                String algorithm = null;
064:                WSSPolicy originalKeyBinding = dtk.getOriginalKeyBinding();
065:                AlgorithmSuite algSuite = context.getAlgorithmSuite();
066:                BuilderResult dktResult = new BuilderResult();
067:
068:                if (algSuite != null) {
069:                    algorithm = algSuite.getEncryptionAlgorithm();
070:                    if (logger.isLoggable(Level.FINEST)) {
071:                        logger
072:                                .log(Level.FINEST,
073:                                        "Algorithm used for Derived Keys: "
074:                                                + algorithm);
075:                    }
076:                } else {
077:                    throw new XWSSecurityException(
078:                            "Internal Error: Algorithm Suite is not set in context");
079:                }
080:                //The offset and length to be used for DKT
081:                long offset = 0; // Default 0
082:                long length = SecurityUtil.getLengthFromAlgorithm(algorithm);
083:
084:                WSSPolicy policy = (WSSPolicy) context.getSecurityPolicy();
085:                if (length == 32 && PolicyTypeUtil.signaturePolicy(policy)) {
086:                    length = 24;
087:                }
088:                String dpTokenID = "";
089:                byte[] secret = null;
090:                BuilderResult result = null;
091:                // findbugs :correctness error, will lead to NPE if result was accessed later.
092:                /*if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
093:                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1805_DERIVEDKEYS_WITH_ASYMMETRICBINDING_UNSUPPORTED());
094:                    //throw new XWSSecurityException("Asymmetric Binding with DerivedKeys under X509Token Policy Not Yet Supported");
095:                } else*/
096:                if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
097:                    //SymmetricKeyBinding skb = (SymmetricKeyBinding)originalKeyBinding;
098:                    SymmetricKeyBinding skb = null;
099:                    if (context.getSymmetricKeyBinding() != null) {
100:                        skb = context.getSymmetricKeyBinding();
101:                        context.setSymmetricKeyBinding(null);
102:                    } else {
103:                        throw new XWSSecurityException(
104:                                "Internal Error: SymmetricBinding not set on context");
105:                    }
106:                    String dataEncAlgo = SecurityUtil
107:                            .getDataEncryptionAlgo(context);
108:
109:                    String keyAlgo = skb.getKeyAlgorithm();
110:                    if (keyAlgo == null || "".equals(keyAlgo)) {
111:                        if (context.getAlgorithmSuite() != null)
112:                            keyAlgo = context.getAlgorithmSuite()
113:                                    .getAsymmetricKeyAlgorithm();
114:                    }
115:                    SymmetricTokenBuilder stb = new SymmetricTokenBuilder(skb,
116:                            context, dataEncAlgo, keyAlgo);
117:                    result = stb.process();
118:                    Key originalKey = result.getDataProtectionKey();
119:                    secret = originalKey.getEncoded();
120:                    if (logger.isLoggable(Level.FINEST)) {
121:                        logger.log(Level.FINEST,
122:                                "SymmetricBinding under Derived Keys");
123:                        logger.log(Level.FINEST, "DataEncryption Algorithm:"
124:                                + dataEncAlgo);
125:                        logger.log(Level.FINEST, "Key Algorithm:" + keyAlgo);
126:                    }
127:                } else if (PolicyTypeUtil
128:                        .secureConversationTokenKeyBinding(originalKeyBinding)) {
129:                    SecureConversationTokenKeyBinding skb = (SecureConversationTokenKeyBinding) originalKeyBinding;
130:                    SCTBuilder builder = new SCTBuilder(
131:                            context,
132:                            (SecureConversationTokenKeyBinding) originalKeyBinding);
133:                    result = builder.process();
134:                    secret = context.getSecureConversationContext()
135:                            .getProofKey();
136:                    if (logger.isLoggable(Level.FINEST)) {
137:                        logger
138:                                .log(Level.FINEST,
139:                                        "SecureConversation token binding under Derived Keys");
140:                    }
141:                } else if (PolicyTypeUtil
142:                        .issuedTokenKeyBinding(originalKeyBinding)) {
143:                    IssuedTokenBuilder itb = new IssuedTokenBuilder(context,
144:                            (IssuedTokenKeyBinding) originalKeyBinding);
145:                    result = itb.process();
146:                    Key originalKey = result.getDataProtectionKey();
147:                    //ignore derived key when issuedtoken is public key
148:                    if (context.getTrustContext().getProofKey() == null) {
149:                        dktResult.setDataProtectionKey(originalKey);
150:                        //keyinfo
151:                        dktResult.setKeyInfo(result.getKeyInfo());
152:                        return dktResult;
153:                    }
154:
155:                    secret = originalKey.getEncoded();
156:                    dpTokenID = result.getDPTokenId();
157:
158:                    if (logger.isLoggable(Level.FINEST)) {
159:                        logger
160:                                .log(Level.FINEST,
161:                                        "Issued Token Binding token binding under Derived Keys");
162:                    }
163:                } else {
164:                    if (originalKeyBinding != null) {
165:                        throw new XWSSecurityException(
166:                                "Unsupported Key Binding:" + originalKeyBinding);
167:                    } else {
168:                        throw new XWSSecurityException(
169:                                "Internal Error: Null original key binding");
170:                    }
171:                }
172:
173:                DerivedKeyToken dkt = new DerivedKeyTokenImpl(offset, length,
174:                        secret);
175:                Key dataKey = null;
176:                try {
177:                    String jceAlgo = SecurityUtil
178:                            .getSecretKeyAlgorithm(algorithm);
179:                    dataKey = dkt.generateSymmetricKey(jceAlgo);
180:                } catch (Exception e) {
181:                    logger.log(Level.SEVERE, LogStringsMessages
182:                            .WSS_1806_ERROR_GENERATING_SYMMETRIC_KEY());
183:                    throw new XWSSecurityException(e);
184:                }
185:                SecurityTokenReferenceType str = null;
186:                Object strObj = result.getKeyInfo().getContent().get(0);
187:                if (strObj instanceof  JAXBElement) {
188:                    str = (SecurityTokenReferenceType) ((JAXBElement) strObj)
189:                            .getValue();
190:                } else {
191:                    str = (SecurityTokenReferenceType) strObj;
192:                }
193:
194:                DerivedKey dk = null;
195:                if (dpTokenID.length() == 0) {
196:                    dk = elementFactory.createDerivedKey(dtk.getUUID(),
197:                            algorithm, dkt.getNonce(), dkt.getOffset(), dkt
198:                                    .getLength(), dkt.getLabel(), str);
199:                } else {
200:                    dk = elementFactory.createDerivedKey(dtk.getUUID(),
201:                            algorithm, dkt.getNonce(), dkt.getOffset(), dkt
202:                                    .getLength(), dkt.getLabel(), str,
203:                            dpTokenID);
204:                }
205:                DirectReference dr = elementFactory.createDirectReference();
206:                dr.setURI("#" + dk.getId());
207:                SecurityTokenReference str2 = buildSTR(context.generateID(), dr);
208:                context.getSecurityHeader().add(dk);
209:                //Construct the STR for Encryption or Signature
210:                buildKeyInfo(str2);
211:                dktResult.setKeyInfo(super.keyInfo);
212:                dktResult.setDataProtectionKey(dataKey);
213:                return dktResult;
214:            }
215:        }