Google Git
Sign in
apache / axis-site / f545f87a6b723b56329b1ebb949e3b91067c8436 / . / axis2 / java / rampart / code-coverage / org.apache.rampart.builder / SymmetricBindingBuilder.java.html
blob: c0ac01c9fed683d6ae5a939962261c5aca1326e0 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>SymmetricBindingBuilder.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> &gt; <a href="index.source.html" class="el_package">org.apache.rampart.builder</a> &gt; <span class="el_source">SymmetricBindingBuilder.java</span></div><h1>SymmetricBindingBuilder.java</h1><pre class="source lang-java linenums">/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;
<span class="fc" id="L59">public class SymmetricBindingBuilder extends BindingBuilder {</span>
<span class="fc" id="L61"> private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);</span>
<span class="fc" id="L62"> private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG); </span>
public void build(RampartMessageData rmd) throws RampartException {
<span class="fc" id="L66"> log.debug(&quot;SymmetricBindingBuilder build invoked&quot;);</span>
<span class="fc" id="L68"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc bfc" id="L69" title="All 2 branches covered."> if(rpd.isIncludeTimestamp()) {</span>
<span class="fc" id="L70"> this.addTimestamp(rmd);</span>
}
<span class="fc bfc" id="L73" title="All 2 branches covered."> if(rmd.isInitiator()) {</span>
//Setup required tokens
<span class="fc" id="L75"> initializeTokens(rmd);</span>
}
<span class="fc bfc" id="L79" title="All 2 branches covered."> if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {</span>
<span class="fc" id="L80"> this.doEncryptBeforeSig(rmd);</span>
} else {
<span class="fc" id="L82"> this.doSignBeforeEncrypt(rmd);</span>
}
<span class="fc" id="L85"> log.debug(&quot;SymmetricBindingBuilder build invoked : DONE&quot;);</span>
<span class="fc" id="L87"> }</span>
private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
<span class="fc" id="L91"> long t0 = 0, t1 = 0, t2 = 0;</span>
<span class="fc" id="L93"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L95"> List&lt;byte[]&gt; signatureValues = new ArrayList&lt;byte[]&gt;();</span>
<span class="pc bpc" id="L97" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L98"> t0 = System.currentTimeMillis();</span>
}
<span class="fc" id="L101"> Token encryptionToken = rpd.getEncryptionToken();</span>
<span class="fc" id="L102"> List&lt;WSEncryptionPart&gt; encrParts = RampartUtil.getEncryptedParts(rmd);</span>
<span class="fc" id="L104"> List&lt;WSEncryptionPart&gt; sigParts = RampartUtil.getSignedParts(rmd);</span>
<span class="pc bpc" id="L106" title="3 of 4 branches missed."> if(encryptionToken == null &amp;&amp; encrParts.size() &gt; 0) {</span>
<span class="nc" id="L107"> throw new RampartException(&quot;encryptionTokenMissing&quot;);</span>
}
<span class="pc bpc" id="L110" title="2 of 4 branches missed."> if(encryptionToken != null &amp;&amp; encrParts.size() &gt; 0) {</span>
//The encryption token can be an IssuedToken or a
//SecureConversationToken
<span class="fc" id="L113"> String tokenId = null;</span>
<span class="fc" id="L114"> org.apache.rahas.Token tok = null;</span>
<span class="pc bpc" id="L116" title="1 of 2 branches missed."> if(encryptionToken instanceof IssuedToken) {</span>
<span class="nc" id="L117"> tokenId = rmd.getIssuedEncryptionTokenId();</span>
<span class="nc bnc" id="L118" title="All 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L119"> log.debug(&quot;Issued EncryptionToken Id : &quot; + tokenId);</span>
}
<span class="pc bpc" id="L121" title="1 of 2 branches missed."> } else if(encryptionToken instanceof SecureConversationToken) {</span>
<span class="nc" id="L122"> tokenId = rmd.getSecConvTokenId();</span>
<span class="nc bnc" id="L123" title="All 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L124"> log.debug(&quot;SCT Id : &quot; + tokenId);</span>
}
<span class="pc bpc" id="L126" title="1 of 2 branches missed."> } else if (encryptionToken instanceof X509Token) {</span>
<span class="pc bpc" id="L127" title="1 of 2 branches missed."> if (rmd.isInitiator()) {</span>
<span class="fc" id="L128"> tokenId = setupEncryptedKey(rmd, encryptionToken);</span>
} else {
<span class="nc" id="L130"> tokenId = getEncryptedKey(rmd);</span>
}
} //TODO SAMLToken
<span class="pc bpc" id="L134" title="2 of 4 branches missed."> if(tokenId == null || tokenId.length() == 0) {</span>
<span class="nc" id="L135"> throw new RampartException(&quot;noSecurityToken&quot;);</span>
}
//Hack to handle reference id issues
//TODO Need a better fix
<span class="pc bpc" id="L140" title="1 of 2 branches missed."> if(tokenId.startsWith(&quot;#&quot;)) {</span>
<span class="nc" id="L141"> tokenId = tokenId.substring(1);</span>
}
/*
* Get hold of the token from the token storage
*/
<span class="fc" id="L147"> tok = this.getToken(rmd, tokenId);</span>
/*
* Attach the token into the message based on token inclusion
* values
*/
<span class="fc" id="L153"> boolean attached = false;</span>
<span class="fc" id="L154"> Element encrTokenElement = null;</span>
<span class="fc" id="L155"> Element refList = null;</span>
<span class="fc" id="L156"> WSSecDKEncrypt dkEncr = null;</span>
<span class="fc" id="L157"> WSSecEncrypt encr = null;</span>
<span class="fc" id="L158"> Element encrDKTokenElem = null;</span>
<span class="pc bpc" id="L160" title="4 of 8 branches missed."> if(SPConstants.INCLUDE_TOEKN_ALWAYS == encryptionToken.getInclusion() ||</span>
SPConstants.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion() ||
(rmd.isInitiator() &amp;&amp; SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encryptionToken.getInclusion())) {
<span class="nc" id="L163"> encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());</span>
<span class="nc" id="L164"> attached = true;</span>
<span class="pc bpc" id="L165" title="2 of 4 branches missed."> } else if(encryptionToken instanceof X509Token &amp;&amp; rmd.isInitiator()) {</span>
<span class="fc" id="L166"> encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());</span>
}
<span class="fc" id="L169"> Document doc = rmd.getDocument();</span>
<span class="fc" id="L171"> AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();</span>
<span class="fc bfc" id="L172" title="All 2 branches covered."> if(encryptionToken.isDerivedKeys()) {</span>
<span class="fc" id="L173"> log.debug(&quot;Use drived keys&quot;);</span>
<span class="fc" id="L175"> dkEncr = new WSSecDKEncrypt();</span>
<span class="pc bpc" id="L177" title="3 of 4 branches missed."> if(attached &amp;&amp; tok.getAttachedReference() != null) {</span>
<span class="nc" id="L179"> dkEncr.setExternalKey(tok.getSecret(), (Element) doc</span>
.importNode((Element) tok.getAttachedReference(),
true));
<span class="pc bpc" id="L183" title="1 of 2 branches missed."> } else if(tok.getUnattachedReference() != null) {</span>
<span class="nc" id="L184"> dkEncr.setExternalKey(tok.getSecret(), (Element) doc</span>
.importNode((Element) tok.getUnattachedReference(),
true));
} else {
<span class="fc" id="L188"> dkEncr.setExternalKey(tok.getSecret(), tok.getId());</span>
}
try {
<span class="fc" id="L191"> dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());</span>
<span class="fc" id="L192"> dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);</span>
<span class="fc" id="L193"> dkEncr.prepare(doc);</span>
<span class="fc" id="L194"> encrDKTokenElem = dkEncr.getdktElement();</span>
<span class="fc" id="L195"> RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);</span>
<span class="fc" id="L197"> refList = dkEncr.encryptForExternalRef(null, encrParts);</span>
<span class="nc" id="L199"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L200"> throw new RampartException(&quot;errorInDKEncr&quot;);</span>
<span class="nc" id="L201"> } catch (ConversationException e) {</span>
<span class="nc" id="L202"> throw new RampartException(&quot;errorInDKEncr&quot;);</span>
<span class="fc" id="L203"> }</span>
} else {
<span class="fc" id="L205"> log.debug(&quot;NO derived keys, use the shared secret&quot;);</span>
<span class="fc" id="L206"> encr = new WSSecEncrypt();</span>
<span class="fc" id="L208"> encr.setWsConfig(rmd.getConfig());</span>
<span class="fc" id="L209"> encr.setEncKeyId(tokenId);</span>
<span class="fc" id="L210"> RampartUtil.setEncryptionUser(rmd, encr);</span>
<span class="fc" id="L211"> encr.setEphemeralKey(tok.getSecret());</span>
<span class="fc" id="L212"> encr.setDocument(doc);</span>
<span class="fc" id="L213"> encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());</span>
// SymmKey is already encrypted, no need to do it again
<span class="fc" id="L215"> encr.setEncryptSymmKey(false);</span>
<span class="pc bpc" id="L216" title="3 of 4 branches missed."> if (!rmd.isInitiator() &amp;&amp; tok instanceof EncryptedKeyToken) {</span>
// TODO was encr.setUseKeyIdentifier(true); - verify
<span class="nc" id="L218"> encr.setEncKeyIdDirectId(true);</span>
<span class="nc" id="L219"> encr.setCustomReferenceValue(((EncryptedKeyToken)tok).getSHA1());</span>
<span class="nc" id="L220"> encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);</span>
}
try {
<span class="fc" id="L225"> encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd</span>
.getRampartConfig(), rmd.getCustomClassLoader()));
//Encrypt, get hold of the ref list and add it
<span class="fc" id="L228"> refList = encr.encryptForExternalRef(null, encrParts);</span>
<span class="nc" id="L229"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L230"> throw new RampartException(&quot;errorInEncryption&quot;, e);</span>
<span class="fc" id="L231"> }</span>
}
<span class="fc" id="L234"> this.mainRefListElement = RampartUtil.appendChildToSecHeader(rmd, refList);</span>
<span class="pc bpc" id="L236" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L237"> t1 = System.currentTimeMillis();</span>
}
// Sometimes encryption token is not included in the the message
<span class="pc bpc" id="L241" title="1 of 2 branches missed."> if (encrTokenElement != null) {</span>
<span class="fc" id="L242"> this.setInsertionLocation(encrTokenElement);</span>
<span class="nc bnc" id="L243" title="All 2 branches missed."> } else if (timestampElement != null) {</span>
<span class="nc" id="L244"> this.setInsertionLocation(timestampElement);</span>
}
<span class="fc" id="L247"> RampartUtil.handleEncryptedSignedHeaders(encrParts, sigParts, doc);</span>
<span class="fc" id="L249"> HashMap sigSuppTokMap = null;</span>
<span class="fc" id="L250"> HashMap endSuppTokMap = null;</span>
<span class="fc" id="L251"> HashMap sgndEndSuppTokMap = null;</span>
<span class="fc" id="L252"> HashMap sgndEncSuppTokMap = null;</span>
<span class="fc" id="L253"> HashMap endEncSuppTokMap = null;</span>
<span class="fc" id="L254"> HashMap sgndEndEncSuppTokMap = null;</span>
<span class="pc bpc" id="L257" title="1 of 2 branches missed."> if(this.timestampElement != null){</span>
<span class="fc" id="L258"> sigParts.add(new WSEncryptionPart(RampartUtil</span>
.addWsuIdToElement((OMElement) this.timestampElement)));
}
<span class="pc bpc" id="L262" title="1 of 2 branches missed."> if(rmd.isInitiator()) {</span>
// Now add the supporting tokens
<span class="fc" id="L265"> SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();</span>
<span class="fc" id="L266"> sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); </span>
<span class="fc" id="L268"> SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();</span>
<span class="fc" id="L269"> endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);</span>
<span class="fc" id="L271"> SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); </span>
<span class="fc" id="L272"> sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);</span>
<span class="fc" id="L274"> SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();</span>
<span class="fc" id="L275"> sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);</span>
<span class="fc" id="L277"> SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();</span>
<span class="fc" id="L278"> endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);</span>
<span class="fc" id="L280"> SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); </span>
<span class="fc" id="L281"> sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);</span>
<span class="fc" id="L283"> List&lt;SupportingToken&gt; supportingToks = rpd.getSupportingTokensList();</span>
<span class="pc bpc" id="L284" title="1 of 2 branches missed."> for (SupportingToken supportingTok : supportingToks) {</span>
<span class="nc" id="L285"> this.handleSupportingTokens(rmd, supportingTok);</span>
<span class="nc" id="L286"> } </span>
<span class="fc" id="L288"> SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();</span>
<span class="fc" id="L289"> this.handleSupportingTokens(rmd, encryptedSupportingToks);</span>
//Setup signature parts
<span class="fc" id="L292"> sigParts = addSignatureParts(sigSuppTokMap, sigParts);</span>
<span class="fc" id="L293"> sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);</span>
<span class="fc" id="L294"> sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);</span>
<span class="fc" id="L295"> sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);</span>
<span class="fc" id="L297"> } else {</span>
<span class="nc" id="L298"> addSignatureConfirmation(rmd, sigParts);</span>
}
//Sign the message
//We should use the same key in the case of EncryptBeforeSig
<span class="pc bpc" id="L304" title="1 of 2 branches missed."> if ( sigParts.size() &gt; 0) {</span>
<span class="fc" id="L305"> signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));</span>
<span class="fc" id="L306"> this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation()); </span>
}
<span class="pc bpc" id="L309" title="1 of 2 branches missed."> if(rmd.isInitiator()) {</span>
<span class="fc" id="L311"> endSuppTokMap.putAll(endEncSuppTokMap);</span>
//Do endorsed signatures
<span class="fc" id="L313"> List&lt;byte[]&gt; endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);</span>
<span class="pc bpc" id="L314" title="1 of 2 branches missed."> for (byte[] endSigVal : endSigVals) {</span>
<span class="nc" id="L315"> signatureValues.add(endSigVal);</span>
<span class="nc" id="L316"> }</span>
<span class="fc" id="L318"> sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);</span>
//Do signed endorsing signatures
<span class="fc" id="L320"> List&lt;byte[]&gt; sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);</span>
<span class="pc bpc" id="L321" title="1 of 2 branches missed."> for (byte[] sigEndSigVal : sigEndSigVals) {</span>
<span class="nc" id="L322"> signatureValues.add(sigEndSigVal);</span>
<span class="nc" id="L323"> }</span>
}
<span class="pc bpc" id="L326" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L327"> t2 = System.currentTimeMillis();</span>
<span class="nc" id="L328"> tlog.debug(&quot;Encryption took :&quot; + (t1 - t0)</span>
+&quot;, Signature tool :&quot; + (t2 - t1) );
}
//Check for signature protection and encryption of UsernameToken
<span class="pc bpc" id="L333" title="6 of 8 branches missed."> if(rpd.isSignatureProtection() &amp;&amp; this.mainSigId != null || </span>
encryptedTokensIdList.size() &gt; 0 &amp;&amp; rmd.isInitiator()) {
<span class="nc" id="L335"> long t3 = 0, t4 = 0;</span>
<span class="nc bnc" id="L336" title="All 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L337"> t3 = System.currentTimeMillis();</span>
}
<span class="nc" id="L339"> log.debug(&quot;Signature protection&quot;);</span>
<span class="nc" id="L340"> List&lt;WSEncryptionPart&gt; secondEncrParts = new ArrayList&lt;WSEncryptionPart&gt;();</span>
//Now encrypt the signature using the above token
<span class="nc bnc" id="L343" title="All 2 branches missed."> if(rpd.isSignatureProtection()) {</span>
<span class="nc" id="L344"> secondEncrParts.add(new WSEncryptionPart(this.mainSigId, &quot;Element&quot;));</span>
}
<span class="nc bnc" id="L347" title="All 2 branches missed."> if(rmd.isInitiator()) {</span>
<span class="nc bnc" id="L348" title="All 2 branches missed."> for (String anEncryptedTokensIdList : encryptedTokensIdList) {</span>
<span class="nc" id="L349"> secondEncrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, &quot;Element&quot;));</span>
<span class="nc" id="L350"> }</span>
}
<span class="nc" id="L353"> Element secondRefList = null;</span>
<span class="nc bnc" id="L355" title="All 2 branches missed."> if(encryptionToken.isDerivedKeys()) {</span>
try {
<span class="nc" id="L357"> secondRefList = dkEncr.encryptForExternalRef(null, </span>
secondEncrParts);
<span class="nc" id="L359"> RampartUtil.insertSiblingAfter(</span>
rmd,
encrDKTokenElem,
secondRefList);
<span class="nc" id="L363"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L364"> throw new RampartException(&quot;errorInDKEncr&quot;);</span>
<span class="nc" id="L365"> }</span>
} else {
try {
//Encrypt, get hold of the ref list and add it
<span class="nc" id="L369"> secondRefList = encr.encryptForExternalRef(null,</span>
encrParts);
<span class="nc" id="L371"> RampartUtil.insertSiblingAfter(</span>
rmd,
encrTokenElement,
secondRefList);
<span class="nc" id="L375"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L376"> throw new RampartException(&quot;errorInEncryption&quot;, e);</span>
<span class="nc" id="L377"> } </span>
}
<span class="nc bnc" id="L379" title="All 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L380"> t4 = System.currentTimeMillis();</span>
<span class="nc" id="L381"> tlog.debug(&quot;Signature protection took :&quot; + (t4 - t3));</span>
}
}
<span class="fc" id="L385"> } else {</span>
<span class="nc" id="L386"> throw new RampartException(&quot;encryptionTokenMissing&quot;);</span>
}
<span class="fc" id="L388"> }</span>
private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
<span class="fc" id="L393"> long t0 = 0, t1 = 0, t2 = 0;</span>
<span class="fc" id="L395"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L396"> Document doc = rmd.getDocument();</span>
<span class="pc bpc" id="L398" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L399"> t0 = System.currentTimeMillis();</span>
}
<span class="fc" id="L401"> Token sigToken = rpd.getSignatureToken();</span>
<span class="fc" id="L403"> String encrTokId = null;</span>
<span class="fc" id="L404"> String sigTokId = null;</span>
<span class="fc" id="L406"> org.apache.rahas.Token encrTok = null;</span>
<span class="fc" id="L407"> org.apache.rahas.Token sigTok = null;</span>
<span class="fc" id="L409"> Element sigTokElem = null;</span>
<span class="fc" id="L411"> List&lt;byte[]&gt; signatureValues = new ArrayList&lt;byte[]&gt;();</span>
<span class="pc bpc" id="L413" title="1 of 2 branches missed."> if(sigToken != null) {</span>
<span class="fc bfc" id="L414" title="All 2 branches covered."> if(sigToken instanceof SecureConversationToken) {</span>
<span class="fc" id="L415"> sigTokId = rmd.getSecConvTokenId();</span>
<span class="pc bpc" id="L416" title="1 of 2 branches missed."> } else if(sigToken instanceof IssuedToken) {</span>
<span class="nc" id="L417"> sigTokId = rmd.getIssuedSignatureTokenId();</span>
<span class="pc bpc" id="L418" title="1 of 2 branches missed."> } else if(sigToken instanceof X509Token) {</span>
<span class="fc bfc" id="L419" title="All 2 branches covered."> if (rmd.isInitiator()) {</span>
<span class="fc" id="L420"> sigTokId = setupEncryptedKey(rmd, sigToken);</span>
} else {
<span class="fc" id="L422"> sigTokId = getEncryptedKey(rmd);</span>
}
}
} else {
<span class="nc" id="L426"> throw new RampartException(&quot;signatureTokenMissing&quot;);</span>
}
<span class="pc bpc" id="L429" title="2 of 4 branches missed."> if(sigTokId == null || sigTokId.length() == 0) {</span>
<span class="nc" id="L430"> throw new RampartException(&quot;noSecurityToken&quot;);</span>
}
<span class="fc" id="L433"> sigTok = this.getToken(rmd, sigTokId);</span>
<span class="pc bpc" id="L435" title="2 of 8 branches missed."> if(SPConstants.INCLUDE_TOEKN_ALWAYS == sigToken.getInclusion() ||</span>
SPConstants.INCLUDE_TOKEN_ONCE == sigToken.getInclusion() ||
(rmd.isInitiator() &amp;&amp;
SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == sigToken.getInclusion())) {
<span class="fc" id="L439"> sigTokElem = RampartUtil.appendChildToSecHeader(rmd, </span>
sigTok.getToken());
<span class="fc" id="L441"> this.setInsertionLocation(sigTokElem);</span>
<span class="pc bpc" id="L442" title="1 of 6 branches missed."> } else if ((rmd.isInitiator() &amp;&amp; sigToken instanceof X509Token)</span>
|| sigToken instanceof SecureConversationToken) {
<span class="fc" id="L444"> sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());</span>
//Set the insertion location
<span class="fc" id="L447"> this.setInsertionLocation(sigTokElem);</span>
}
<span class="fc" id="L451"> HashMap sigSuppTokMap = null;</span>
<span class="fc" id="L452"> HashMap endSuppTokMap = null;</span>
<span class="fc" id="L453"> HashMap sgndEndSuppTokMap = null;</span>
<span class="fc" id="L454"> HashMap sgndEncSuppTokMap = null;</span>
<span class="fc" id="L455"> HashMap endEncSuppTokMap = null;</span>
<span class="fc" id="L456"> HashMap sgndEndEncSuppTokMap = null;</span>
<span class="fc" id="L458"> List&lt;WSEncryptionPart&gt; sigParts = RampartUtil.getSignedParts(rmd);</span>
<span class="fc bfc" id="L460" title="All 2 branches covered."> if(this.timestampElement != null){</span>
<span class="fc" id="L461"> sigParts.add(new WSEncryptionPart(RampartUtil</span>
.addWsuIdToElement((OMElement) this.timestampElement)));
}
<span class="fc bfc" id="L465" title="All 2 branches covered."> if(rmd.isInitiator()) {</span>
// Now add the supporting tokens
<span class="fc" id="L467"> SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();</span>
<span class="fc" id="L468"> sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); </span>
<span class="fc" id="L470"> SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();</span>
<span class="fc" id="L471"> endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);</span>
<span class="fc" id="L473"> SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); </span>
<span class="fc" id="L474"> sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);</span>
<span class="fc" id="L476"> SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();</span>
<span class="fc" id="L477"> sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);</span>
<span class="fc" id="L479"> SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();</span>
<span class="fc" id="L480"> endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);</span>
<span class="fc" id="L482"> SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); </span>
<span class="fc" id="L483"> sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);</span>
<span class="fc" id="L485"> List&lt;SupportingToken&gt; supportingToks = rpd.getSupportingTokensList();</span>
<span class="fc bfc" id="L486" title="All 2 branches covered."> for (SupportingToken supportingTok : supportingToks) {</span>
<span class="fc" id="L487"> this.handleSupportingTokens(rmd, supportingTok);</span>
<span class="fc" id="L488"> } </span>
<span class="fc" id="L490"> SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();</span>
<span class="fc" id="L491"> this.handleSupportingTokens(rmd, encryptedSupportingToks);</span>
//Setup signature parts
<span class="fc" id="L494"> sigParts = addSignatureParts(sigSuppTokMap, sigParts);</span>
<span class="fc" id="L495"> sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);</span>
<span class="fc" id="L496"> sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);</span>
<span class="fc" id="L497"> sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);</span>
<span class="fc" id="L499"> } else {</span>
<span class="fc" id="L500"> addSignatureConfirmation(rmd, sigParts);</span>
}
<span class="fc bfc" id="L503" title="All 2 branches covered."> if (sigParts.size() &gt; 0 ) {</span>
//Sign the message
<span class="fc" id="L505"> signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));</span>
<span class="fc" id="L507"> this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());</span>
}
<span class="fc bfc" id="L511" title="All 2 branches covered."> if(rmd.isInitiator()) {</span>
// Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
<span class="fc" id="L513"> endSuppTokMap.putAll(endEncSuppTokMap);</span>
//Do endorsed signatures
<span class="fc" id="L515"> List&lt;byte[]&gt; endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);</span>
<span class="fc bfc" id="L517" title="All 2 branches covered."> for (byte[] endSigVal : endSigVals) {</span>
<span class="fc" id="L518"> signatureValues.add(endSigVal);</span>
<span class="fc" id="L519"> }</span>
//Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
<span class="fc" id="L522"> sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);</span>
//Do signed endorsing signatures
<span class="fc" id="L524"> List&lt;byte[]&gt; sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);</span>
<span class="fc bfc" id="L525" title="All 2 branches covered."> for (byte[] sigEndSigVal : sigEndSigVals) {</span>
<span class="fc" id="L526"> signatureValues.add(sigEndSigVal);</span>
<span class="fc" id="L527"> }</span>
}
<span class="pc bpc" id="L530" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L531"> t1 = System.currentTimeMillis();</span>
}
//Encryption
<span class="fc" id="L535"> Token encrToken = rpd.getEncryptionToken();</span>
<span class="fc" id="L536"> Element encrTokElem = null;</span>
<span class="pc bpc" id="L537" title="1 of 2 branches missed."> if(sigToken.equals(encrToken)) {</span>
//Use the same token
<span class="fc" id="L539"> encrTokId = sigTokId;</span>
<span class="fc" id="L540"> encrTok = sigTok;</span>
<span class="fc" id="L541"> encrTokElem = sigTokElem;</span>
} else {
<span class="nc" id="L543"> encrTokId = rmd.getIssuedEncryptionTokenId();</span>
<span class="nc" id="L544"> encrTok = this.getToken(rmd, encrTokId);</span>
<span class="nc bnc" id="L546" title="All 8 branches missed."> if(SPConstants.INCLUDE_TOEKN_ALWAYS == encrToken.getInclusion() ||</span>
SPConstants.INCLUDE_TOKEN_ONCE == encrToken.getInclusion() ||
(rmd.isInitiator() &amp;&amp; SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encrToken.getInclusion())) {
<span class="nc" id="L549"> encrTokElem = (Element)encrTok.getToken();</span>
//Add the encrToken element before the sigToken element
<span class="nc" id="L552"> RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);</span>
}
}
<span class="fc" id="L557"> List&lt;WSEncryptionPart&gt; encrParts = RampartUtil.getEncryptedParts(rmd);</span>
//Check for signature protection
<span class="pc bpc" id="L560" title="1 of 4 branches missed."> if(rpd.isSignatureProtection() &amp;&amp; this.mainSigId != null) {</span>
//Now encrypt the signature using the above token
<span class="fc" id="L562"> encrParts.add(new WSEncryptionPart(this.mainSigId, &quot;Element&quot;));</span>
}
<span class="fc bfc" id="L565" title="All 2 branches covered."> if(rmd.isInitiator()) {</span>
<span class="fc bfc" id="L566" title="All 2 branches covered."> for (String anEncryptedTokensIdList : encryptedTokensIdList) {</span>
<span class="fc" id="L567"> encrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, &quot;Element&quot;));</span>
<span class="fc" id="L568"> }</span>
}
<span class="fc" id="L571"> Element refList = null;</span>
<span class="fc bfc" id="L572" title="All 2 branches covered."> if(encrParts.size() &gt; 0) {</span>
//The sec conv token can be used without derived keys
<span class="fc bfc" id="L574" title="All 2 branches covered."> if(encrToken.isDerivedKeys()) {</span>
try {
<span class="fc" id="L577"> WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();</span>
//Check whether it is security policy 1.2 and use the secure conversation accordingly
<span class="fc bfc" id="L580" title="All 2 branches covered."> if (SPConstants.SP_V12 == encrToken.getVersion()) {</span>
<span class="fc" id="L581"> dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);</span>
}
<span class="fc bfc" id="L584" title="All 4 branches covered."> if(encrTokElem != null &amp;&amp; encrTok.getAttachedReference() != null) {</span>
<span class="fc" id="L586"> dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc</span>
.importNode((Element) encrTok.getAttachedReference(),
true));
<span class="pc bpc" id="L589" title="1 of 2 branches missed."> } else if(encrTok.getUnattachedReference() != null) {</span>
<span class="nc" id="L590"> dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc</span>
.importNode((Element) encrTok.getUnattachedReference(),
true));
<span class="pc bpc" id="L593" title="1 of 4 branches missed."> } else if (!rmd.isInitiator() &amp;&amp; encrToken.isDerivedKeys()) { </span>
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
// 7.7 Encrypted Key reference
<span class="fc" id="L598"> SecurityTokenReference tokenRef = new SecurityTokenReference(doc);</span>
<span class="pc bpc" id="L599" title="1 of 2 branches missed."> if(encrTok instanceof EncryptedKeyToken) {</span>
<span class="fc" id="L600"> tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)encrTok).getSHA1());</span>
}
<span class="fc" id="L602"> dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());</span>
<span class="fc" id="L603"> tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this</span>
<span class="fc" id="L605"> } else {</span>
<span class="fc" id="L606"> dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());</span>
}
<span class="fc bfc" id="L609" title="All 2 branches covered."> if(encrTok instanceof EncryptedKeyToken) {</span>
<span class="fc" id="L610"> dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + &quot;#&quot;</span>
+ WSConstants.ENC_KEY_VALUE_TYPE);
}
<span class="fc" id="L614"> dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());</span>
<span class="fc" id="L615"> dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);</span>
<span class="fc" id="L616"> dkEncr.prepare(doc);</span>
<span class="fc" id="L617"> Element encrDKTokenElem = null;</span>
<span class="fc" id="L618"> encrDKTokenElem = dkEncr.getdktElement();</span>
<span class="fc bfc" id="L619" title="All 2 branches covered."> if(encrTokElem != null) {</span>
<span class="fc" id="L620"> RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);</span>
<span class="pc bpc" id="L621" title="1 of 2 branches missed."> } else if (timestampElement != null){</span>
<span class="fc" id="L622"> RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);</span>
} else {
<span class="nc" id="L624"> RampartUtil.insertSiblingBefore(rmd, this.getInsertionLocation(), encrDKTokenElem);</span>
}
<span class="fc" id="L627"> refList = dkEncr.encryptForExternalRef(null, encrParts);</span>
<span class="fc" id="L629"> RampartUtil.insertSiblingAfter(rmd, </span>
encrDKTokenElem,
refList);
<span class="nc" id="L633"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L634"> throw new RampartException(&quot;errorInDKEncr&quot;);</span>
<span class="nc" id="L635"> } catch (ConversationException e) {</span>
<span class="nc" id="L636"> throw new RampartException(&quot;errorInDKEncr&quot;);</span>
<span class="fc" id="L637"> } </span>
} else {
try {
<span class="fc" id="L641"> WSSecEncrypt encr = new WSSecEncrypt();</span>
<span class="fc" id="L643"> encr.setWsConfig(rmd.getConfig());</span>
//Hack to handle reference id issues
//TODO Need a better fix
<span class="pc bpc" id="L646" title="1 of 2 branches missed."> if(encrTokId.startsWith(&quot;#&quot;)) {</span>
<span class="nc" id="L647"> encrTokId = encrTokId.substring(1);</span>
}
<span class="fc" id="L649"> encr.setEncKeyId(encrTokId);</span>
<span class="fc" id="L651"> encr.setEphemeralKey(encrTok.getSecret());</span>
<span class="fc" id="L652"> RampartUtil.setEncryptionUser(rmd, encr);</span>
<span class="fc" id="L653"> encr.setDocument(doc);</span>
<span class="fc" id="L654"> encr.setEncryptSymmKey(false);</span>
<span class="fc" id="L655"> encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());</span>
// Use key identifier in the KeyInfo in server side
<span class="fc bfc" id="L657" title="All 2 branches covered."> if (!rmd.isInitiator()) {</span>
<span class="pc bpc" id="L658" title="1 of 2 branches missed."> if(encrTok instanceof EncryptedKeyToken) {</span>
// TODO was encr.setUseKeyIdentifier(true); verify
<span class="fc" id="L660"> encr.setEncKeyIdDirectId(true);</span>
<span class="fc" id="L661"> encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());</span>
<span class="fc" id="L662"> encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);</span>
}
}
<span class="fc" id="L665"> encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd</span>
.getRampartConfig(), rmd.getCustomClassLoader()));
//Encrypt, get hold of the ref list and add it
<span class="fc" id="L669"> refList = encr.encryptForExternalRef(null, encrParts); </span>
<span class="fc bfc" id="L671" title="All 2 branches covered."> if(encrTokElem != null) {</span>
<span class="fc" id="L672"> RampartUtil.insertSiblingAfter(rmd,</span>
encrTokElem,
refList);
} else {
<span class="fc" id="L676"> RampartUtil.insertSiblingBeforeOrPrepend(rmd,</span>
this.getInsertionLocation(),
refList);
}
<span class="nc" id="L681"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L682"> throw new RampartException(&quot;errorInEncryption&quot;, e);</span>
<span class="fc" id="L683"> } </span>
}
}
<span class="pc bpc" id="L687" title="1 of 2 branches missed."> if(tlog.isDebugEnabled()){</span>
<span class="nc" id="L688"> t2 = System.currentTimeMillis();</span>
<span class="nc" id="L689"> tlog.debug(&quot;Signature took :&quot; + (t1 - t0)</span>
+&quot;, Encryption took :&quot; + (t2 - t1) );
}
<span class="fc" id="L694"> }</span>
/**
* @param rmd
* @param sigToken
* @return
* @throws RampartException
*/
private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
throws RampartException {
try {
<span class="fc" id="L705"> WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd, </span>
sigToken);
<span class="fc" id="L707"> String id = encrKey.getId();</span>
<span class="fc" id="L708"> byte[] secret = encrKey.getEphemeralKey();</span>
//Create a rahas token from this info and store it so we can use
//it in the next steps
<span class="fc" id="L712"> Date created = new Date();</span>
<span class="fc" id="L713"> Date expires = new Date();</span>
//TODO make this lifetime configurable ???
<span class="fc" id="L715"> expires.setTime(System.currentTimeMillis() + 300000);</span>
<span class="fc" id="L716"> org.apache.rahas.EncryptedKeyToken tempTok = new org.apache.rahas.EncryptedKeyToken(</span>
id,
(OMElement) encrKey.getEncryptedKeyElement(),
created,
expires);
<span class="fc" id="L723"> tempTok.setSecret(secret);</span>
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
<span class="fc" id="L727"> tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));</span>
<span class="fc" id="L729"> rmd.getTokenStorage().add(tempTok);</span>
<span class="fc" id="L731"> String bstTokenId = encrKey.getBSTTokenId();</span>
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
<span class="pc bpc" id="L734" title="3 of 4 branches missed."> if(bstTokenId != null &amp;&amp; bstTokenId.length() &gt; 0) {</span>
<span class="nc" id="L735"> RampartUtil.appendChildToSecHeader(rmd, </span>
encrKey.getBinarySecurityTokenElement());
}
<span class="fc" id="L739"> return id;</span>
<span class="nc" id="L741"> } catch (TrustException e) {</span>
<span class="nc" id="L742"> throw new RampartException(&quot;errorInAddingTokenIntoStore&quot;);</span>
}
}
private String getSHA1(byte[] input) throws RampartException{
<span class="fc" id="L748"> MessageDigest sha = null;</span>
try {
<span class="fc" id="L750"> sha = MessageDigest.getInstance(&quot;SHA-1&quot;);</span>
<span class="nc" id="L751"> } catch (NoSuchAlgorithmException e1) {</span>
<span class="nc" id="L752"> throw new RampartException(&quot;noSHA1availabe&quot;, e1);</span>
<span class="fc" id="L753"> }</span>
<span class="fc" id="L754"> sha.reset();</span>
<span class="fc" id="L755"> sha.update(input);</span>
<span class="fc" id="L756"> byte[] data = sha.digest();</span>
<span class="fc" id="L758"> return Base64.encode(data);</span>
}
private String getEncryptedKey(RampartMessageData rmd) throws RampartException {
<span class="fc" id="L763"> List&lt;WSHandlerResult&gt; results</span>
= (List&lt;WSHandlerResult&gt;) rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
<span class="pc bpc" id="L766" title="1 of 2 branches missed."> for (WSHandlerResult result : results) {</span>
<span class="fc" id="L768"> List&lt;WSSecurityEngineResult&gt; wsSecEngineResults = result.getResults();</span>
<span class="pc bpc" id="L770" title="1 of 2 branches missed."> for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {</span>
<span class="fc" id="L771"> Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);</span>
<span class="fc bfc" id="L772" title="All 2 branches covered."> if (actInt == WSConstants.ENCR) {</span>
<span class="pc bpc" id="L774" title="1 of 4 branches missed."> if (wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID) != null &amp;&amp;</span>
((String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID)).length() != 0) {
try {
<span class="fc" id="L779"> String encryptedKeyID = (String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID);</span>
<span class="fc" id="L781"> Date created = new Date();</span>
<span class="fc" id="L782"> Date expires = new Date();</span>
<span class="fc" id="L783"> expires.setTime(System.currentTimeMillis() + 300000);</span>
<span class="fc" id="L784"> EncryptedKeyToken tempTok = new EncryptedKeyToken(encryptedKeyID, created, expires);</span>
<span class="fc" id="L785"> tempTok.setSecret((byte[]) wsSecEngineResult.get(WSSecurityEngineResult.TAG_SECRET));</span>
<span class="fc" id="L786"> tempTok.setSHA1(getSHA1((byte[]) wsSecEngineResult.</span>
get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
<span class="fc" id="L788"> rmd.getTokenStorage().add(tempTok);</span>
<span class="fc" id="L790"> return encryptedKeyID;</span>
<span class="nc" id="L792"> } catch (TrustException e) {</span>
<span class="nc" id="L793"> throw new RampartException(&quot;errorInAddingTokenIntoStore&quot;);</span>
}
}
}
<span class="fc" id="L798"> }</span>
<span class="nc" id="L799"> }</span>
<span class="nc" id="L800"> return null;</span>
}
/**
* Setup the required tokens
* @param rmd
* @throws RampartException
*/
private void initializeTokens(RampartMessageData rmd) throws RampartException {
<span class="fc" id="L811"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L813"> MessageContext msgContext = rmd.getMsgContext();</span>
<span class="pc bpc" id="L814" title="2 of 4 branches missed."> if(rpd.isSymmetricBinding() &amp;&amp; !msgContext.isServerSide()) {</span>
<span class="pc bpc" id="L815" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L816"> log.debug(&quot;Processing symmetric binding: &quot; +</span>
&quot;Setting up encryption token and signature token&quot;);
}
//Setting up encryption token and signature token
<span class="fc" id="L821"> Token sigTok = rpd.getSignatureToken();</span>
<span class="fc" id="L822"> Token encrTok = rpd.getEncryptionToken();</span>
<span class="pc bpc" id="L823" title="1 of 2 branches missed."> if(sigTok instanceof IssuedToken) {</span>
<span class="nc" id="L824"> log.debug(&quot;SignatureToken is an IssuedToken&quot;);</span>
<span class="nc bnc" id="L825" title="All 2 branches missed."> if(rmd.getIssuedSignatureTokenId() == null) {</span>
<span class="nc" id="L826"> log.debug(&quot;No Issuedtoken found, requesting a new token&quot;);</span>
<span class="nc" id="L828"> IssuedToken issuedToken = (IssuedToken)sigTok;</span>
<span class="nc" id="L830"> String id = RampartUtil.getIssuedToken(rmd, </span>
issuedToken);
<span class="nc" id="L832"> rmd.setIssuedSignatureTokenId(id);</span>
<span class="nc" id="L834"> }</span>
<span class="fc bfc" id="L836" title="All 2 branches covered."> } else if(sigTok instanceof SecureConversationToken) {</span>
<span class="fc" id="L838"> log.debug(&quot;SignatureToken is a SecureConversationToken&quot;);</span>
//TODO check for an existing token and use it
<span class="fc" id="L842"> String secConvTokenId = rmd.getSecConvTokenId();</span>
//The RSTR has to be secured with the cancelled token
<span class="fc" id="L845"> String action = msgContext.getOptions().getAction();</span>
<span class="pc bpc" id="L846" title="3 of 8 branches missed."> boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) || </span>
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
//In the case of the cancel req or resp we should mark the token as cancelled
<span class="fc bfc" id="L852" title="All 4 branches covered."> if(secConvTokenId != null &amp;&amp; cancelReqResp) {</span>
try {
<span class="fc" id="L854"> rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);</span>
<span class="fc" id="L855"> msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);</span>
//remove from the local map of contexts
<span class="fc" id="L858"> String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);</span>
<span class="fc" id="L859"> RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);</span>
<span class="nc" id="L860"> } catch (TrustException e) {</span>
<span class="nc" id="L861"> throw new RampartException(&quot;errorExtractingToken&quot;);</span>
<span class="fc" id="L862"> }</span>
}
<span class="pc bpc" id="L865" title="2 of 8 branches missed."> if (secConvTokenId == null</span>
|| (secConvTokenId != null &amp;&amp;
(!RampartUtil.isTokenValid(rmd, secConvTokenId) &amp;&amp; !cancelReqResp))) {
<span class="fc" id="L869"> log.debug(&quot;No SecureConversationToken found, requesting a new token&quot;);</span>
<span class="fc" id="L871"> SecureConversationToken secConvTok = </span>
(SecureConversationToken) sigTok;
try {
<span class="fc" id="L876"> String id = RampartUtil.getSecConvToken(rmd, secConvTok);</span>
<span class="fc" id="L877"> rmd.setSecConvTokenId(id);</span>
<span class="nc" id="L879"> } catch (TrustException e) {</span>
<span class="nc" id="L880"> throw new RampartException(&quot;errorInObtainingSct&quot;, e);</span>
<span class="fc" id="L881"> }</span>
}
}
//If it was the ProtectionToken assertion then sigTok is the
//same as encrTok
<span class="pc bpc" id="L887" title="2 of 4 branches missed."> if(sigTok.equals(encrTok) &amp;&amp; sigTok instanceof IssuedToken) {</span>
<span class="nc" id="L889"> log.debug(&quot;Symmetric binding uses a ProtectionToken, both&quot; +</span>
&quot; SignatureToken and EncryptionToken are the same&quot;);
<span class="nc" id="L892"> rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());</span>
} else {
//Now we'll have to obtain the encryption token as well :-)
//ASSUMPTION: SecureConversationToken is used as a
//ProtectionToken therefore we only have to process a issued
//token here
<span class="fc" id="L899"> log.debug(&quot;Obtaining the Encryption Token&quot;);</span>
<span class="pc bpc" id="L901" title="1 of 2 branches missed."> if(rmd.getIssuedEncryptionTokenId() != null) {</span>
<span class="nc" id="L903"> log.debug(&quot;EncrytionToken not alredy set&quot;);</span>
<span class="nc" id="L905"> IssuedToken issuedToken = (IssuedToken)encrTok;</span>
<span class="nc" id="L907"> String id = RampartUtil.getIssuedToken(rmd, </span>
issuedToken);
<span class="nc" id="L909"> rmd.setIssuedEncryptionTokenId(id);</span>
}
}
}
//TODO : Support processing IssuedToken and SecConvToken assertoins
//in supporting tokens, right now we only support UsernameTokens and
//X.509 Tokens
<span class="fc" id="L919"> }</span>
}
</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html>