| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>AsymmetricBindingBuilder.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> > <a href="index.source.html" class="el_package">org.apache.rampart.builder</a> > <span class="el_source">AsymmetricBindingBuilder.java</span></div><h1>AsymmetricBindingBuilder.java</h1><pre class="source lang-java linenums">/* |
| * Copyright 2004,2005 The Apache Software Foundation. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.rampart.builder; |
| |
| import org.apache.axiom.om.OMElement; |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| import org.apache.rahas.TrustException; |
| import org.apache.rampart.RampartConstants; |
| import org.apache.rampart.RampartException; |
| import org.apache.rampart.RampartMessageData; |
| import org.apache.rampart.policy.RampartPolicyData; |
| import org.apache.rampart.policy.SupportingPolicyData; |
| import org.apache.rampart.policy.model.RampartConfig; |
| import org.apache.rampart.util.RampartUtil; |
| import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| import org.apache.ws.secpolicy.model.SupportingToken; |
| import org.apache.ws.secpolicy.model.Token; |
| import org.apache.ws.secpolicy.model.X509Token; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSEncryptionPart; |
| import org.apache.ws.security.WSSecurityException; |
| import org.apache.ws.security.conversation.ConversationException; |
| import org.apache.ws.security.handler.WSHandlerConstants; |
| import org.apache.ws.security.handler.WSHandlerResult; |
| import org.apache.ws.security.message.WSSecDKEncrypt; |
| import org.apache.ws.security.message.WSSecDKSign; |
| import org.apache.ws.security.message.WSSecEncrypt; |
| import org.apache.ws.security.message.WSSecEncryptedKey; |
| import org.apache.ws.security.message.WSSecSignature; |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| |
| import javax.xml.crypto.dsig.Reference; |
| import java.util.*; |
| |
| <span class="fc" id="L51">public class AsymmetricBindingBuilder extends BindingBuilder {</span> |
| |
| <span class="fc" id="L53"> private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);</span> |
| <span class="fc" id="L54"> private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);</span> |
| |
| private WSSecEncryptedKey encrKey; |
| |
| private String encryptedKeyId; |
| |
| private byte[] encryptedKeyValue; |
| |
| <span class="fc" id="L62"> private List<byte[]> signatureValues = new ArrayList<byte[]>();</span> |
| |
| private Element encrTokenElement; |
| |
| private Element sigDKTElement; |
| |
| private Element encrDKTElement; |
| |
| <span class="fc" id="L70"> private List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();</span> |
| |
| private Element signatureElement; |
| |
| private Element refList; |
| |
| |
| public void build(RampartMessageData rmd) throws RampartException { |
| <span class="fc" id="L78"> log.debug("AsymmetricBindingBuilder build invoked");</span> |
| |
| <span class="fc" id="L80"> RampartPolicyData rpd = rmd.getPolicyData();</span> |
| <span class="fc bfc" id="L81" title="All 2 branches covered."> if (rpd.isIncludeTimestamp()) {</span> |
| <span class="fc" id="L82"> this.addTimestamp(rmd);</span> |
| } |
| |
| <span class="fc bfc" id="L85" title="All 2 branches covered."> if (RampartUtil.encryptFirst(rpd)) {</span> |
| <span class="fc" id="L86"> this.doEncryptBeforeSig(rmd);</span> |
| } else { |
| <span class="fc" id="L88"> this.doSignBeforeEncrypt(rmd);</span> |
| } |
| |
| <span class="fc" id="L91"> log.debug("AsymmetricBindingBuilder build invoked : DONE");</span> |
| <span class="fc" id="L92"> }</span> |
| |
| private void doEncryptBeforeSig(RampartMessageData rmd) |
| throws RampartException { |
| |
| <span class="fc" id="L97"> long t0 = 0, t1 = 0, t2 = 0;</span> |
| <span class="pc bpc" id="L98" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L99"> t0 = System.currentTimeMillis();</span> |
| } |
| <span class="fc" id="L101"> RampartPolicyData rpd = rmd.getPolicyData();</span> |
| <span class="fc" id="L102"> Document doc = rmd.getDocument();</span> |
| <span class="fc" id="L103"> RampartConfig config = rpd.getRampartConfig();</span> |
| |
| /* |
| * We need to hold on to these two element to use them as refence in the |
| * case of encypting the signature |
| */ |
| <span class="fc" id="L109"> Element encrDKTokenElem = null;</span> |
| <span class="fc" id="L110"> WSSecEncrypt encr = null;</span> |
| <span class="fc" id="L111"> refList = null;</span> |
| <span class="fc" id="L112"> WSSecDKEncrypt dkEncr = null;</span> |
| |
| /* |
| * We MUST use keys derived from the same token |
| */ |
| <span class="fc" id="L117"> Token encryptionToken = null;</span> |
| <span class="fc bfc" id="L118" title="All 2 branches covered."> if(rmd.isInitiator()) {</span> |
| <span class="fc" id="L119"> encryptionToken = rpd.getRecipientToken();</span> |
| } else { |
| <span class="fc" id="L121"> encryptionToken = rpd.getInitiatorToken();</span> |
| } |
| <span class="fc" id="L123"> List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);</span> |
| |
| //Signed parts are determined before encryption because encrypted signed headers |
| //will not be included otherwise |
| <span class="fc" id="L127"> this.sigParts = RampartUtil.getSignedParts(rmd);</span> |
| |
| <span class="pc bpc" id="L129" title="3 of 4 branches missed."> if(encryptionToken == null && encrParts.size() > 0) {</span> |
| <span class="nc" id="L130"> throw new RampartException("encryptionTokenMissing");</span> |
| } |
| |
| <span class="pc bpc" id="L133" title="2 of 4 branches missed."> if (encryptionToken != null && encrParts.size() > 0) {</span> |
| |
| //Check for RampartConfig assertion |
| <span class="pc bpc" id="L136" title="1 of 2 branches missed."> if(rpd.getRampartConfig() == null) {</span> |
| //We'er missing the extra info rampart needs |
| <span class="nc" id="L138"> throw new RampartException("rampartConigMissing");</span> |
| } |
| |
| <span class="fc bfc" id="L141" title="All 2 branches covered."> if (encryptionToken.isDerivedKeys()) {</span> |
| try { |
| <span class="fc" id="L143"> this.setupEncryptedKey(rmd, encryptionToken);</span> |
| // Create the DK encryption builder |
| <span class="fc" id="L145"> dkEncr = new WSSecDKEncrypt();</span> |
| <span class="fc" id="L146"> dkEncr.setParts(encrParts);</span> |
| <span class="fc" id="L147"> dkEncr.setExternalKey(this.encryptedKeyValue, </span> |
| this.encryptedKeyId); |
| <span class="fc" id="L149"> dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);</span> |
| <span class="fc" id="L150"> dkEncr.prepare(doc);</span> |
| |
| // Get and add the DKT element |
| <span class="fc" id="L153"> this.encrDKTElement = dkEncr.getdktElement();</span> |
| <span class="fc" id="L154"> encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);</span> |
| |
| <span class="fc" id="L156"> refList = dkEncr.encryptForExternalRef(null, encrParts);</span> |
| |
| <span class="nc" id="L158"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L159"> throw new RampartException("errorCreatingEncryptedKey", e);</span> |
| <span class="nc" id="L160"> } catch (ConversationException e) {</span> |
| <span class="nc" id="L161"> throw new RampartException("errorInDKEncr", e);</span> |
| <span class="fc" id="L162"> }</span> |
| } else { |
| try { |
| <span class="fc" id="L165"> encr = new WSSecEncrypt();</span> |
| <span class="fc" id="L166"> encr.setParts(encrParts);</span> |
| <span class="fc" id="L167"> encr.setWsConfig(rmd.getConfig());</span> |
| <span class="fc" id="L168"> encr.setDocument(doc);</span> |
| <span class="fc" id="L169"> RampartUtil.setEncryptionUser(rmd, encr);</span> |
| <span class="fc" id="L170"> encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());</span> |
| <span class="fc" id="L171"> RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken);</span> |
| <span class="fc" id="L172"> encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());</span> |
| <span class="fc" id="L173"> encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));</span> |
| |
| <span class="fc" id="L175"> Element bstElem = encr.getBinarySecurityTokenElement();</span> |
| <span class="pc bpc" id="L176" title="1 of 2 branches missed."> if (bstElem != null) {</span> |
| <span class="nc" id="L177"> RampartUtil.appendChildToSecHeader(rmd, bstElem);</span> |
| } |
| |
| <span class="fc" id="L180"> this.encrTokenElement = encr.getEncryptedKeyElement();</span> |
| <span class="fc" id="L181"> this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,</span> |
| encrTokenElement); |
| |
| <span class="fc" id="L184"> refList = encr.encryptForExternalRef(null, encrParts);</span> |
| |
| <span class="nc" id="L186"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L187"> throw new RampartException("errorInEncryption", e);</span> |
| <span class="fc" id="L188"> }</span> |
| } |
| |
| <span class="fc" id="L191"> refList = RampartUtil.appendChildToSecHeader(rmd, refList);</span> |
| |
| <span class="pc bpc" id="L193" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L194"> t1 = System.currentTimeMillis();</span> |
| } |
| |
| <span class="fc" id="L197"> this.setInsertionLocation(encrTokenElement);</span> |
| |
| <span class="fc" id="L199"> RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);</span> |
| |
| // TODO may contain deifferent types of objects as values, therefore cannot use strongly type maps |
| // need to figure out a way |
| <span class="fc" id="L203"> HashMap sigSuppTokMap = null;</span> |
| <span class="fc" id="L204"> HashMap endSuppTokMap = null;</span> |
| <span class="fc" id="L205"> HashMap sgndEndSuppTokMap = null;</span> |
| <span class="fc" id="L206"> HashMap sgndEncSuppTokMap = null;</span> |
| <span class="fc" id="L207"> HashMap endEncSuppTokMap = null;</span> |
| <span class="fc" id="L208"> HashMap sgndEndEncSuppTokMap = null;</span> |
| |
| <span class="pc bpc" id="L210" title="1 of 2 branches missed."> if(this.timestampElement != null){</span> |
| <span class="fc" id="L211"> sigParts.add(RampartUtil.createEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN,</span> |
| RampartUtil.addWsuIdToElement((OMElement) this.timestampElement))); |
| } |
| |
| <span class="fc bfc" id="L215" title="All 2 branches covered."> if (rmd.isInitiator()) {</span> |
| |
| // Now add the supporting tokens |
| <span class="fc" id="L218"> SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();</span> |
| <span class="fc" id="L219"> sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); </span> |
| |
| <span class="fc" id="L221"> SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();</span> |
| <span class="fc" id="L222"> endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);</span> |
| |
| <span class="fc" id="L224"> SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); </span> |
| <span class="fc" id="L225"> sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);</span> |
| |
| <span class="fc" id="L227"> SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();</span> |
| <span class="fc" id="L228"> sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);</span> |
| |
| <span class="fc" id="L230"> SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();</span> |
| <span class="fc" id="L231"> endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);</span> |
| |
| <span class="fc" id="L233"> SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); </span> |
| <span class="fc" id="L234"> sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);</span> |
| |
| <span class="fc" id="L236"> List<SupportingToken> supportingToks = rpd.getSupportingTokensList();</span> |
| <span class="pc bpc" id="L237" title="1 of 2 branches missed."> for (SupportingToken supportingTok : supportingToks) {</span> |
| <span class="nc" id="L238"> this.handleSupportingTokens(rmd, supportingTok);</span> |
| <span class="nc" id="L239"> } </span> |
| |
| <span class="fc" id="L241"> SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();</span> |
| <span class="fc" id="L242"> this.handleSupportingTokens(rmd, encryptedSupportingToks);</span> |
| |
| //Setup signature parts |
| <span class="fc" id="L245"> sigParts = addSignatureParts(sigSuppTokMap, sigParts);</span> |
| <span class="fc" id="L246"> sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);</span> |
| <span class="fc" id="L247"> sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);</span> |
| <span class="fc" id="L248"> sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);</span> |
| |
| <span class="fc" id="L250"> } else {</span> |
| <span class="fc" id="L251"> addSignatureConfirmation(rmd, sigParts);</span> |
| } |
| |
| <span class="pc bpc" id="L254" title="4 of 10 branches missed."> if(( sigParts.size() > 0 &&</span> |
| rmd.isInitiator() && rpd.getInitiatorToken() != null) || |
| (!rmd.isInitiator() && rpd.getRecipientToken() != null)) { |
| <span class="fc" id="L257"> this.doSignature(rmd);</span> |
| } |
| |
| <span class="fc bfc" id="L260" title="All 2 branches covered."> if (rmd.isInitiator()) {</span> |
| |
| <span class="pc bpc" id="L262" title="1 of 2 branches missed."> if (endSuppTokMap != null) {</span> |
| <span class="fc" id="L263"> endSuppTokMap.putAll(endEncSuppTokMap);</span> |
| } |
| // Do endorsed signatures |
| <span class="fc" id="L266"> List<byte[]> endSigVals = this.doEndorsedSignatures(rmd,</span> |
| endSuppTokMap); |
| <span class="pc bpc" id="L268" title="1 of 2 branches missed."> for (byte[] endSigVal : endSigVals) {</span> |
| <span class="nc" id="L269"> signatureValues.add(endSigVal);</span> |
| <span class="nc" id="L270"> }</span> |
| |
| <span class="fc" id="L272"> sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);</span> |
| // Do signed endorsing signatures |
| <span class="fc" id="L274"> List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd,</span> |
| sgndEndSuppTokMap); |
| <span class="pc bpc" id="L276" title="1 of 2 branches missed."> for (byte[] sigEndSigVal : sigEndSigVals) {</span> |
| <span class="nc" id="L277"> signatureValues.add(sigEndSigVal);</span> |
| <span class="nc" id="L278"> }</span> |
| } |
| |
| <span class="pc bpc" id="L281" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L282"> t2 = System.currentTimeMillis();</span> |
| <span class="nc" id="L283"> tlog.debug("Encryption took :" + (t1 - t0)</span> |
| +", Signature tool :" + (t2 - t1) ); |
| } |
| |
| // Check for signature protection |
| <span class="pc bpc" id="L288" title="1 of 4 branches missed."> if (rpd.isSignatureProtection() && this.mainSigId != null) {</span> |
| <span class="fc" id="L289"> long t3 = 0, t4 = 0;</span> |
| <span class="pc bpc" id="L290" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L291"> t3 = System.currentTimeMillis();</span> |
| } |
| |
| <span class="fc" id="L294"> List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();</span> |
| |
| // Now encrypt the signature using the above token |
| <span class="fc" id="L297"> secondEncrParts.add(new WSEncryptionPart(this.mainSigId,</span> |
| "Element")); |
| |
| <span class="fc bfc" id="L300" title="All 2 branches covered."> if(rmd.isInitiator()) {</span> |
| <span class="pc bpc" id="L301" title="1 of 2 branches missed."> for (String anEncryptedTokensIdList : encryptedTokensIdList) {</span> |
| <span class="nc" id="L302"> secondEncrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));</span> |
| <span class="nc" id="L303"> }</span> |
| } |
| |
| <span class="fc" id="L306"> Element secondRefList = null;</span> |
| |
| <span class="pc bpc" id="L308" title="1 of 2 branches missed."> if (encryptionToken.isDerivedKeys()) {</span> |
| try { |
| |
| <span class="nc" id="L311"> secondRefList = dkEncr.encryptForExternalRef(null,</span> |
| secondEncrParts); |
| <span class="nc" id="L313"> RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,</span> |
| secondRefList); |
| |
| <span class="nc" id="L316"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L317"> throw new RampartException("errorCreatingEncryptedKey",</span> |
| e); |
| <span class="nc" id="L319"> }</span> |
| } else { |
| try { |
| // Encrypt, get hold of the ref list and add it |
| <span class="fc" id="L323"> secondRefList = encr.encryptForExternalRef(null,</span> |
| secondEncrParts); |
| |
| // Insert the ref list after the encrypted key elem |
| <span class="fc" id="L327"> this.setInsertionLocation(RampartUtil</span> |
| .insertSiblingAfter(rmd, encrTokenElement, |
| secondRefList)); |
| <span class="nc" id="L330"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L331"> throw new RampartException("errorInEncryption", e);</span> |
| <span class="fc" id="L332"> }</span> |
| } |
| <span class="pc bpc" id="L334" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L335"> t4 = System.currentTimeMillis();</span> |
| <span class="nc" id="L336"> tlog.debug("Signature protection took :" + (t4 - t3));</span> |
| } |
| } |
| } |
| |
| |
| |
| <span class="fc" id="L343"> }</span> |
| |
| private void doSignBeforeEncrypt(RampartMessageData rmd) |
| throws RampartException { |
| |
| <span class="fc" id="L348"> long t0 = 0, t1 = 0, t2 = 0;</span> |
| |
| <span class="fc" id="L350"> RampartPolicyData rpd = rmd.getPolicyData();</span> |
| <span class="fc" id="L351"> Document doc = rmd.getDocument();</span> |
| |
| <span class="fc" id="L353"> HashMap sigSuppTokMap = null;</span> |
| <span class="fc" id="L354"> HashMap endSuppTokMap = null;</span> |
| <span class="fc" id="L355"> HashMap sgndEndSuppTokMap = null;</span> |
| <span class="fc" id="L356"> HashMap sgndEncSuppTokMap = null;</span> |
| <span class="fc" id="L357"> HashMap endEncSuppTokMap = null;</span> |
| <span class="fc" id="L358"> HashMap sgndEndEncSuppTokMap = null;</span> |
| |
| <span class="fc" id="L360"> sigParts = RampartUtil.getSignedParts(rmd);</span> |
| |
| //Add timestamp |
| <span class="fc bfc" id="L363" title="All 2 branches covered."> if(this.timestampElement != null){</span> |
| <span class="fc" id="L364"> sigParts.add(new WSEncryptionPart(RampartUtil</span> |
| .addWsuIdToElement((OMElement) this.timestampElement))); |
| }else{ |
| <span class="fc" id="L367"> this.setInsertionLocation(null);</span> |
| } |
| |
| <span class="pc bpc" id="L370" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L371"> t0 = System.currentTimeMillis();</span> |
| } |
| |
| <span class="fc bfc" id="L374" title="All 2 branches covered."> if (rmd.isInitiator()) {</span> |
| |
| // Now add the supporting tokens |
| <span class="fc" id="L377"> SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();</span> |
| <span class="fc" id="L378"> sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); </span> |
| |
| <span class="fc" id="L380"> SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();</span> |
| <span class="fc" id="L381"> endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);</span> |
| |
| <span class="fc" id="L383"> SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); </span> |
| <span class="fc" id="L384"> sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);</span> |
| |
| <span class="fc" id="L386"> SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();</span> |
| <span class="fc" id="L387"> sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);</span> |
| |
| <span class="fc" id="L389"> SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();</span> |
| <span class="fc" id="L390"> endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);</span> |
| |
| <span class="fc" id="L392"> SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); </span> |
| <span class="fc" id="L393"> sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);</span> |
| |
| <span class="fc" id="L395"> List<SupportingToken> supportingToks = rpd.getSupportingTokensList();</span> |
| <span class="fc bfc" id="L396" title="All 2 branches covered."> for (SupportingToken supportingTok : supportingToks) {</span> |
| <span class="fc" id="L397"> this.handleSupportingTokens(rmd, supportingTok);</span> |
| <span class="fc" id="L398"> } </span> |
| |
| <span class="fc" id="L400"> SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();</span> |
| <span class="fc" id="L401"> this.handleSupportingTokens(rmd, encryptedSupportingToks);</span> |
| |
| //Setup signature parts |
| <span class="fc" id="L404"> sigParts = addSignatureParts(sigSuppTokMap, sigParts);</span> |
| <span class="fc" id="L405"> sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);</span> |
| <span class="fc" id="L406"> sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);</span> |
| <span class="fc" id="L407"> sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);</span> |
| |
| <span class="fc" id="L409"> } else {</span> |
| <span class="fc" id="L410"> addSignatureConfirmation(rmd, sigParts);</span> |
| } |
| |
| <span class="pc bpc" id="L413" title="1 of 10 branches missed."> if( sigParts.size() > 0 && </span> |
| ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || |
| (!rmd.isInitiator() && rpd.getRecipientToken() != null))) { |
| // Do signature |
| <span class="fc" id="L417"> this.doSignature(rmd);</span> |
| } |
| |
| <span class="fc" id="L420"> List<SupportingPolicyData> supportingToks = rpd.getSupportingPolicyData();</span> |
| <span class="fc bfc" id="L421" title="All 2 branches covered."> for (SupportingPolicyData policyData : supportingToks) {</span> |
| <span class="pc bpc" id="L422" title="1 of 2 branches missed."> if (policyData != null) { // TODO do we need this null check ?</span> |
| <span class="fc" id="L423"> List<WSEncryptionPart> supportingSigParts = RampartUtil.getSupportingSignedParts(rmd,</span> |
| policyData); |
| |
| <span class="pc bpc" id="L426" title="6 of 10 branches missed."> if (supportingSigParts.size() > 0</span> |
| && ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || (!rmd |
| .isInitiator() && rpd.getRecipientToken() != null))) { |
| // Do signature for policies defined under SupportingToken. |
| <span class="fc" id="L430"> this.doSupportingSignature(rmd, supportingSigParts, policyData);</span> |
| } |
| } |
| <span class="fc" id="L433"> }</span> |
| |
| //Do endorsed signature |
| |
| <span class="fc bfc" id="L437" title="All 2 branches covered."> if (rmd.isInitiator()) {</span> |
| |
| // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens |
| <span class="pc bpc" id="L440" title="1 of 2 branches missed."> if (endSuppTokMap != null) {</span> |
| <span class="fc" id="L441"> endSuppTokMap.putAll(endEncSuppTokMap);</span> |
| } |
| // Do endorsed signatures |
| <span class="fc" id="L444"> List<byte[]> endSigVals = this.doEndorsedSignatures(rmd,</span> |
| endSuppTokMap); |
| <span class="pc bpc" id="L446" title="1 of 2 branches missed."> for (byte[] endSigVal : endSigVals) {</span> |
| <span class="nc" id="L447"> signatureValues.add(endSigVal);</span> |
| <span class="nc" id="L448"> }</span> |
| |
| //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens |
| <span class="pc bpc" id="L451" title="1 of 2 branches missed."> if (sgndEndSuppTokMap != null) {</span> |
| <span class="fc" id="L452"> sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);</span> |
| } |
| // Do signed endorsing signatures |
| <span class="fc" id="L455"> List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd,</span> |
| sgndEndSuppTokMap); |
| <span class="pc bpc" id="L457" title="1 of 2 branches missed."> for (byte[] sigEndSigVal : sigEndSigVals) {</span> |
| <span class="nc" id="L458"> signatureValues.add(sigEndSigVal);</span> |
| <span class="nc" id="L459"> }</span> |
| } |
| |
| <span class="pc bpc" id="L462" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L463"> t1 = System.currentTimeMillis();</span> |
| } |
| |
| <span class="fc" id="L466"> List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);</span> |
| |
| //Check for signature protection |
| <span class="pc bpc" id="L469" title="3 of 4 branches missed."> if(rpd.isSignatureProtection() && this.mainSigId != null) {</span> |
| <span class="nc" id="L470"> encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));</span> |
| } |
| |
| <span class="fc bfc" id="L473" title="All 2 branches covered."> if(rmd.isInitiator()) {</span> |
| <span class="pc bpc" id="L474" title="1 of 2 branches missed."> for (String anEncryptedTokensIdList : encryptedTokensIdList) {</span> |
| <span class="nc" id="L475"> encrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));</span> |
| <span class="nc" id="L476"> }</span> |
| } |
| |
| //Do encryption |
| Token encrToken; |
| <span class="fc bfc" id="L481" title="All 2 branches covered."> if (rmd.isInitiator()) {</span> |
| <span class="fc" id="L482"> encrToken = rpd.getRecipientToken();</span> |
| } else { |
| <span class="fc" id="L484"> encrToken = rpd.getInitiatorToken();</span> |
| } |
| |
| <span class="fc bfc" id="L487" title="All 4 branches covered."> if(encrToken != null && encrParts.size() > 0) {</span> |
| <span class="fc" id="L488"> Element refList = null;</span> |
| <span class="fc" id="L489"> AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();</span> |
| <span class="fc bfc" id="L490" title="All 2 branches covered."> if(encrToken.isDerivedKeys()) {</span> |
| |
| try { |
| <span class="fc" id="L493"> WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();</span> |
| |
| <span class="fc bfc" id="L495" title="All 2 branches covered."> if(this.encrKey == null) {</span> |
| <span class="fc" id="L496"> this.setupEncryptedKey(rmd, encrToken);</span> |
| } |
| |
| <span class="fc" id="L499"> dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);</span> |
| <span class="fc" id="L500"> dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"</span> |
| + WSConstants.ENC_KEY_VALUE_TYPE); |
| <span class="fc" id="L502"> dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());</span> |
| <span class="fc" id="L503"> dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);</span> |
| <span class="fc" id="L504"> dkEncr.prepare(doc);</span> |
| |
| |
| <span class="fc bfc" id="L507" title="All 2 branches covered."> if(this.encrTokenElement != null) {</span> |
| <span class="fc" id="L508"> this.encrDKTElement = RampartUtil.insertSiblingAfter(</span> |
| rmd, this.encrTokenElement, dkEncr.getdktElement()); |
| } else { |
| <span class="fc" id="L511"> this.encrDKTElement = RampartUtil.insertSiblingBefore(</span> |
| rmd, this.sigDKTElement, dkEncr.getdktElement()); |
| } |
| |
| <span class="fc" id="L515"> refList = dkEncr.encryptForExternalRef(null, encrParts);</span> |
| |
| <span class="fc" id="L517"> RampartUtil.insertSiblingAfter(rmd, </span> |
| this.encrDKTElement, |
| refList); |
| |
| <span class="nc" id="L521"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L522"> throw new RampartException("errorInDKEncr", e);</span> |
| <span class="nc" id="L523"> } catch (ConversationException e) {</span> |
| <span class="nc" id="L524"> throw new RampartException("errorInDKEncr", e);</span> |
| <span class="fc" id="L525"> }</span> |
| } else { |
| try { |
| |
| <span class="fc" id="L529"> WSSecEncrypt encr = new WSSecEncrypt();</span> |
| |
| <span class="fc" id="L531"> RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);</span> |
| |
| <span class="fc" id="L533"> encr.setWsConfig(rmd.getConfig());</span> |
| |
| <span class="fc" id="L535"> encr.setDocument(doc);</span> |
| <span class="fc" id="L536"> RampartUtil.setEncryptionUser(rmd, encr);</span> |
| <span class="fc" id="L537"> encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());</span> |
| <span class="fc" id="L538"> encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());</span> |
| <span class="fc" id="L539"> encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd</span> |
| .getRampartConfig(), rmd.getCustomClassLoader())); |
| |
| <span class="fc bfc" id="L542" title="All 2 branches covered."> if(this.timestampElement != null){</span> |
| <span class="fc" id="L543"> this.setInsertionLocation(this.timestampElement);</span> |
| }else{ |
| <span class="fc" id="L545"> this.setInsertionLocation(null);</span> |
| } |
| |
| <span class="pc bpc" id="L548" title="1 of 2 branches missed."> if(encr.getBSTTokenId() != null) {</span> |
| <span class="nc" id="L549"> this.setInsertionLocation(RampartUtil</span> |
| .insertSiblingAfterOrPrepend(rmd, |
| this.getInsertionLocation(), |
| encr.getBinarySecurityTokenElement())); |
| } |
| |
| |
| <span class="fc" id="L556"> Element encryptedKeyElement = encr.getEncryptedKeyElement();</span> |
| |
| //Encrypt, get hold of the ref list and add it |
| <span class="fc" id="L559"> refList = encr.encryptForInternalRef(null, encrParts);</span> |
| |
| //Add internal refs |
| <span class="fc" id="L562"> encryptedKeyElement.appendChild(refList);</span> |
| |
| <span class="fc" id="L564"> this.setInsertionLocation(RampartUtil</span> |
| .insertSiblingAfterOrPrepend(rmd, |
| this.getInsertionLocation(), |
| encryptedKeyElement)); |
| |
| // RampartUtil.insertSiblingAfter(rmd, |
| // this.getInsertionLocation(), |
| // refList); |
| <span class="nc" id="L572"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L573"> throw new RampartException("errorInEncryption", e);</span> |
| <span class="fc" id="L574"> } </span> |
| } |
| } |
| |
| <span class="fc" id="L578"> List<SupportingPolicyData> supportingTokens = rpd.getSupportingPolicyData();</span> |
| <span class="fc bfc" id="L579" title="All 2 branches covered."> for (SupportingPolicyData policyData : supportingTokens) {</span> |
| <span class="pc bpc" id="L580" title="1 of 2 branches missed."> if (policyData != null) { // TODO do we need this null check ?</span> |
| <span class="fc" id="L581"> Token supportingEncrToken = policyData.getEncryptionToken();</span> |
| <span class="fc" id="L582"> List<WSEncryptionPart> supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,</span> |
| policyData); |
| |
| <span class="pc bpc" id="L585" title="1 of 4 branches missed."> if (supportingEncrToken != null && supoortingEncrParts.size() > 0) {</span> |
| <span class="fc" id="L586"> doEncryptionWithSupportingToken(rpd, rmd, supportingEncrToken, doc,</span> |
| supoortingEncrParts); |
| } |
| } |
| <span class="fc" id="L590"> }</span> |
| |
| <span class="pc bpc" id="L592" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L593"> t2 = System.currentTimeMillis();</span> |
| <span class="nc" id="L594"> tlog.debug("Signature took :" + (t1 - t0)</span> |
| +", Encryption took :" + (t2 - t1) ); |
| } |
| |
| <span class="fc" id="L598"> }</span> |
| |
| private void doSupportingSignature(RampartMessageData rmd, List<WSEncryptionPart> supportingSigParts, |
| SupportingPolicyData supportingData) throws RampartException { |
| |
| Token supportingSigToken; |
| WSSecSignature supportingSig; |
| Element supportingSignatureElement; |
| |
| <span class="fc" id="L607"> long t0 = 0, t1 = 0;</span> |
| <span class="pc bpc" id="L608" title="1 of 2 branches missed."> if (tlog.isDebugEnabled()) {</span> |
| <span class="nc" id="L609"> t0 = System.currentTimeMillis();</span> |
| } |
| |
| <span class="fc" id="L612"> supportingSigToken = supportingData.getSignatureToken();</span> |
| |
| <span class="pc bpc" id="L614" title="1 of 2 branches missed."> if (!(supportingSigToken instanceof X509Token)) {</span> |
| <span class="nc" id="L615"> return;</span> |
| } |
| <span class="fc" id="L617"> supportingSig = this.getSignatureBuilder(rmd, supportingSigToken,</span> |
| ((X509Token) supportingSigToken).getUserCertAlias()); |
| <span class="fc" id="L619"> Element bstElem = supportingSig.getBinarySecurityTokenElement();</span> |
| <span class="pc bpc" id="L620" title="1 of 2 branches missed."> if (bstElem != null) {</span> |
| <span class="fc" id="L621"> bstElem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), bstElem);</span> |
| <span class="fc" id="L622"> this.setInsertionLocation(bstElem);</span> |
| } |
| |
| <span class="pc bpc" id="L625" title="3 of 4 branches missed."> if (rmd.getPolicyData().isTokenProtection() && supportingSig.getBSTTokenId() != null) {</span> |
| <span class="nc" id="L626"> supportingSigParts.add(new WSEncryptionPart(supportingSig.getBSTTokenId()));</span> |
| } |
| |
| try { |
| <span class="fc" id="L630"> supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());</span> |
| |
| <span class="fc" id="L632"> List<Reference> referenceList</span> |
| = supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader()); |
| |
| /** |
| * Before migration it was - this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this |
| * .getInsertionLocation(), supportingSignatureElement)); |
| * |
| * In this case we need to append <Signature>..</Signature> element to |
| * current insertion location |
| */ |
| <span class="fc" id="L642"> supportingSig.computeSignature(referenceList, false, this.getInsertionLocation());</span> |
| |
| <span class="nc" id="L644"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L645"> throw new RampartException("errorInSignatureWithX509Token", e);</span> |
| <span class="fc" id="L646"> }</span> |
| |
| <span class="fc" id="L648"> signatureValues.add(supportingSig.getSignatureValue());</span> |
| |
| <span class="pc bpc" id="L650" title="1 of 2 branches missed."> if (tlog.isDebugEnabled()) {</span> |
| <span class="nc" id="L651"> t1 = System.currentTimeMillis();</span> |
| <span class="nc" id="L652"> tlog.debug("Signature took :" + (t1 - t0));</span> |
| } |
| |
| <span class="fc" id="L655"> }</span> |
| |
| private void doSignature(RampartMessageData rmd) throws RampartException { |
| |
| <span class="fc" id="L659"> RampartPolicyData rpd = rmd.getPolicyData();</span> |
| <span class="fc" id="L660"> Document doc = rmd.getDocument();</span> |
| |
| <span class="fc" id="L662"> long t0 = 0, t1 = 0;</span> |
| <span class="pc bpc" id="L663" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L664"> t0 = System.currentTimeMillis();</span> |
| } |
| Token sigToken; |
| <span class="fc bfc" id="L667" title="All 2 branches covered."> if(rmd.isInitiator()) {</span> |
| <span class="fc" id="L668"> sigToken = rpd.getInitiatorToken();</span> |
| } else { |
| <span class="fc" id="L670"> sigToken = rpd.getRecipientToken();</span> |
| } |
| |
| /** |
| * Note : It doesn't make sense to use Derived Keys in an Asymmetric binding environment to sign messages. |
| * In asymmetric binding environment we always sign the message using sender's private key. We do *not* |
| * use a session/ephemeral key to sign the message. We always use PKC keys to sign and verify messages. |
| * Therefore we do not need to have following code segment. |
| * TODO Confirm and remove. |
| */ |
| <span class="fc bfc" id="L680" title="All 2 branches covered."> if (sigToken.isDerivedKeys()) {</span> |
| // Set up the encrypted key to use |
| <span class="fc bfc" id="L682" title="All 2 branches covered."> if(this.encrKey == null) {</span> |
| <span class="fc" id="L683"> setupEncryptedKey(rmd, sigToken);</span> |
| } |
| |
| <span class="fc" id="L686"> WSSecDKSign dkSign = new WSSecDKSign();</span> |
| |
| <span class="fc" id="L688"> dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);</span> |
| |
| // Set the algo info |
| <span class="fc" id="L691"> dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()</span> |
| .getSymmetricSignature()); |
| <span class="fc" id="L693"> dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()</span> |
| .getSignatureDerivedKeyLength() / 8); |
| <span class="fc" id="L695"> dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"</span> |
| + WSConstants.ENC_KEY_VALUE_TYPE); |
| try { |
| <span class="fc" id="L698"> dkSign.prepare(doc, rmd.getSecHeader());</span> |
| |
| <span class="pc bpc" id="L700" title="1 of 2 branches missed."> if (rpd.isTokenProtection()) {</span> |
| <span class="nc" id="L701"> sigParts.add(new WSEncryptionPart(encrKey.getId()));</span> |
| } |
| |
| <span class="fc" id="L704"> dkSign.setParts(sigParts);</span> |
| |
| <span class="fc" id="L706"> List<Reference> referenceList</span> |
| = dkSign.addReferencesToSign(sigParts, rmd.getSecHeader()); |
| |
| /** |
| * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security |
| * header. We need to add this just after Encrypted Key and just before <Signature>..</Signature> |
| * elements. (As a convention) |
| */ |
| |
| <span class="fc bfc" id="L715" title="All 2 branches covered."> if (refList == null) {</span> |
| //dkSign.appendDKElementToHeader(rmd.getSecHeader()); |
| <span class="fc" id="L717"> this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,</span> |
| this.getInsertionLocation(), dkSign.getdktElement()); |
| <span class="fc" id="L719"> this.setInsertionLocation(this.sigDKTElement);</span> |
| // Do signature |
| /** |
| * Create and prepend signature |
| */ |
| <span class="fc" id="L724"> dkSign.computeSignature(referenceList, false, this.getInsertionLocation());</span> |
| } else { |
| <span class="fc" id="L726"> this.sigDKTElement = RampartUtil.insertSiblingBefore(rmd, refList, dkSign.getdktElement());</span> |
| <span class="fc" id="L727"> this.setInsertionLocation(this.sigDKTElement);</span> |
| |
| // Do signature |
| /** |
| * Create and append signature |
| */ |
| <span class="fc" id="L733"> dkSign.computeSignature(referenceList, true, this.getInsertionLocation());</span> |
| } |
| |
| <span class="fc bfc" id="L736" title="All 2 branches covered."> if (RampartUtil.encryptFirst(rpd)) {</span> |
| // always add encrypt elements after signature. Because we need to first verify the signature |
| // and decrypt at receiver end. |
| <span class="fc" id="L739"> this.setInsertionLocation(dkSign.getSignatureElement());</span> |
| } else { |
| // append timestamp element as next insertion location. Cos in sign and encrypt case the |
| // receiver first need to decrypt the message => The decryption keys should appear first. |
| <span class="fc" id="L743"> this.setInsertionLocation(this.timestampElement);</span> |
| } |
| |
| <span class="fc" id="L746"> this.mainSigId = RampartUtil</span> |
| .addWsuIdToElement((OMElement) dkSign |
| .getSignatureElement()); |
| |
| <span class="fc" id="L750"> signatureValues.add(dkSign.getSignatureValue());</span> |
| |
| <span class="fc" id="L752"> signatureElement = dkSign.getSignatureElement();</span> |
| <span class="nc" id="L753"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L754"> throw new RampartException("errorInDerivedKeyTokenSignature", e);</span> |
| <span class="nc" id="L755"> } catch (ConversationException e) {</span> |
| <span class="nc" id="L756"> throw new RampartException("errorInDerivedKeyTokenSignature", e);</span> |
| <span class="fc" id="L757"> }</span> |
| |
| <span class="fc" id="L759"> } else {</span> |
| <span class="fc" id="L760"> WSSecSignature sig = this.getSignatureBuilder(rmd, sigToken);</span> |
| <span class="fc" id="L761"> Element bstElem = sig.getBinarySecurityTokenElement();</span> |
| <span class="fc bfc" id="L762" title="All 2 branches covered."> if(bstElem != null) {</span> |
| <span class="fc" id="L763"> bstElem = RampartUtil.insertSiblingAfter(rmd, this</span> |
| .getInsertionLocation(), bstElem); |
| <span class="fc" id="L765"> this.setInsertionLocation(bstElem);</span> |
| } |
| |
| <span class="pc bpc" id="L768" title="3 of 4 branches missed."> if (rmd.getPolicyData().isTokenProtection()</span> |
| && sig.getBSTTokenId() != null) { |
| <span class="nc" id="L770"> sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));</span> |
| } |
| |
| try { |
| <span class="fc" id="L774"> sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());</span> |
| |
| <span class="fc" id="L776"> List<Reference> referenceList</span> |
| = sig.addReferencesToSign(sigParts, rmd.getSecHeader()); |
| |
| // Do signature |
| <span class="fc bfc" id="L780" title="All 2 branches covered."> if (this.refList == null) {</span> |
| /** |
| * If <ReferenceData>..</ReferenceData> is null append <Signature>..</Signature> element |
| * to current insertion location. |
| */ |
| <span class="fc" id="L785"> sig.computeSignature(referenceList, false, this.getInsertionLocation());</span> |
| } else { |
| /** |
| * If <ReferenceData>..</ReferenceData> is not null prepend <Signature>..</Signature> element |
| * to reference data. |
| */ |
| <span class="fc" id="L791"> sig.computeSignature(referenceList, true, this.refList);</span> |
| } |
| |
| <span class="fc" id="L794"> signatureElement = sig.getSignatureElement();</span> |
| |
| <span class="fc" id="L796"> this.setInsertionLocation(signatureElement);</span> |
| |
| <span class="fc" id="L798"> this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);</span> |
| <span class="nc" id="L799"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L800"> throw new RampartException("errorInSignatureWithX509Token", e);</span> |
| <span class="fc" id="L801"> }</span> |
| <span class="fc" id="L802"> signatureValues.add(sig.getSignatureValue());</span> |
| } |
| |
| <span class="pc bpc" id="L805" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span> |
| <span class="nc" id="L806"> t1 = System.currentTimeMillis();</span> |
| <span class="nc" id="L807"> tlog.debug("Signature took :" + (t1 - t0));</span> |
| } |
| |
| <span class="fc" id="L810"> }</span> |
| |
| private void doEncryptionWithSupportingToken(RampartPolicyData rpd, RampartMessageData rmd, |
| Token encrToken, Document doc, List<WSEncryptionPart> encrParts) throws RampartException { |
| <span class="fc" id="L814"> Element refList = null;</span> |
| try { |
| <span class="pc bpc" id="L816" title="1 of 2 branches missed."> if (!(encrToken instanceof X509Token)) {</span> |
| <span class="nc" id="L817"> return;</span> |
| } |
| |
| <span class="fc" id="L820"> WSSecEncrypt encr = new WSSecEncrypt();</span> |
| |
| <span class="fc" id="L822"> RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);</span> |
| |
| <span class="fc" id="L824"> encr.setWsConfig(rmd.getConfig());</span> |
| |
| <span class="fc" id="L826"> encr.setDocument(doc);</span> |
| <span class="fc" id="L827"> RampartUtil.setEncryptionUser(rmd, encr, ((X509Token) encrToken).getEncryptionUser());</span> |
| <span class="fc" id="L828"> encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());</span> |
| <span class="fc" id="L829"> encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());</span> |
| <span class="fc" id="L830"> encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd</span> |
| .getCustomClassLoader())); |
| |
| <span class="pc bpc" id="L833" title="1 of 2 branches missed."> if (this.timestampElement != null) {</span> |
| <span class="fc" id="L834"> this.setInsertionLocation(this.timestampElement);</span> |
| } else { |
| <span class="nc" id="L836"> this.setInsertionLocation(null);</span> |
| } |
| |
| <span class="pc bpc" id="L839" title="1 of 2 branches missed."> if (encr.getBSTTokenId() != null) {</span> |
| <span class="fc" id="L840"> this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this</span> |
| .getInsertionLocation(), encr.getBinarySecurityTokenElement())); |
| } |
| |
| <span class="fc" id="L844"> Element encryptedKeyElement = encr.getEncryptedKeyElement();</span> |
| |
| // Encrypt, get hold of the ref list and add it |
| <span class="fc" id="L847"> refList = encr.encryptForInternalRef(null, encrParts);</span> |
| |
| // Add internal refs |
| <span class="fc" id="L850"> encryptedKeyElement.appendChild(refList);</span> |
| |
| <span class="fc" id="L852"> this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this</span> |
| .getInsertionLocation(), encryptedKeyElement)); |
| |
| <span class="nc" id="L855"> } catch (WSSecurityException e) {</span> |
| <span class="nc" id="L856"> throw new RampartException("errorInEncryption", e);</span> |
| <span class="fc" id="L857"> }</span> |
| <span class="fc" id="L858"> }</span> |
| |
| |
| /** |
| * @param rmd |
| * @throws RampartException |
| */ |
| private void setupEncryptedKey(RampartMessageData rmd, Token token) |
| throws RampartException { |
| <span class="pc bpc" id="L867" title="1 of 4 branches missed."> if(!rmd.isInitiator() && token.isDerivedKeys()) {</span> |
| |
| //If we already have them, simply return |
| <span class="pc bpc" id="L870" title="1 of 4 branches missed."> if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {</span> |
| <span class="fc" id="L871"> return;</span> |
| } |
| |
| //Use the secret from the incoming EncryptedKey element |
| <span class="fc" id="L875"> List<WSHandlerResult> resultsObj</span> |
| = (List<WSHandlerResult>)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS); |
| <span class="pc bpc" id="L877" title="1 of 2 branches missed."> if(resultsObj != null) {</span> |
| <span class="fc" id="L878"> encryptedKeyId = RampartUtil.getRequestEncryptedKeyId(resultsObj);</span> |
| <span class="fc" id="L879"> encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue(resultsObj);</span> |
| |
| //In the case where we don't have the EncryptedKey in the |
| //request, for the control to have reached this state, |
| //the scenario MUST be a case where this is the response |
| //message by a listener created for an async client |
| //Therefor we will create a new EncryptedKey |
| <span class="pc bpc" id="L886" title="3 of 4 branches missed."> if(encryptedKeyId == null && encryptedKeyValue == null) {</span> |
| <span class="nc" id="L887"> createEncryptedKey(rmd, token);</span> |
| } |
| } else { |
| <span class="nc" id="L890"> throw new RampartException("noSecurityResults");</span> |
| } |
| <span class="fc" id="L892"> } else {</span> |
| <span class="fc" id="L893"> createEncryptedKey(rmd, token);</span> |
| } |
| |
| <span class="fc" id="L896"> }</span> |
| |
| /** |
| * Create an encrypted key element |
| * @param rmd |
| * @param token |
| * @throws RampartException |
| */ |
| private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException { |
| //Set up the encrypted key to use |
| <span class="fc" id="L906"> encrKey = this.getEncryptedKeyBuilder(rmd, token);</span> |
| |
| <span class="fc" id="L908"> Element bstElem = encrKey.getBinarySecurityTokenElement();</span> |
| <span class="fc bfc" id="L909" title="All 2 branches covered."> if (bstElem != null) {</span> |
| // If a BST is available then use it |
| <span class="fc" id="L911"> RampartUtil.appendChildToSecHeader(rmd, bstElem);</span> |
| } |
| |
| // Add the EncryptedKey |
| <span class="fc" id="L915"> encrTokenElement = encrKey.getEncryptedKeyElement();</span> |
| <span class="fc" id="L916"> this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,</span> |
| encrTokenElement); |
| <span class="fc" id="L918"> encryptedKeyValue = encrKey.getEphemeralKey();</span> |
| <span class="fc" id="L919"> encryptedKeyId = encrKey.getId();</span> |
| |
| //Store the token for client - response verification |
| // and server - response creation |
| try { |
| <span class="fc" id="L924"> org.apache.rahas.Token tok = new org.apache.rahas.Token(</span> |
| encryptedKeyId, (OMElement)encrTokenElement , null, null); |
| <span class="fc" id="L926"> tok.setSecret(encryptedKeyValue);</span> |
| <span class="fc" id="L927"> rmd.getTokenStorage().add(tok);</span> |
| <span class="nc" id="L928"> } catch (TrustException e) {</span> |
| <span class="nc" id="L929"> throw new RampartException("errorInAddingTokenIntoStore", e);</span> |
| <span class="fc" id="L930"> }</span> |
| <span class="fc" id="L931"> }</span> |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html> |
