| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.wss4j.dom.action; |
| |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| import org.w3c.dom.Node; |
| |
| import javax.crypto.SecretKey; |
| |
| import org.apache.wss4j.common.SignatureEncryptionActionToken; |
| import org.apache.wss4j.common.derivedKey.ConversationConstants; |
| import org.apache.wss4j.common.ext.WSPasswordCallback; |
| import org.apache.wss4j.common.ext.WSSecurityException; |
| import org.apache.wss4j.dom.WSConstants; |
| import org.apache.wss4j.dom.handler.RequestData; |
| import org.apache.wss4j.dom.message.WSSecDerivedKeyBase; |
| import org.apache.wss4j.dom.message.WSSecEncryptedKey; |
| import org.apache.wss4j.dom.message.WSSecHeader; |
| import org.apache.wss4j.dom.message.token.SecurityContextToken; |
| import org.apache.xml.security.stax.impl.util.IDGenerator; |
| |
| public abstract class AbstractDerivedAction { |
| |
| protected Node findEncryptedKeySibling(RequestData reqData) { |
| Element secHeader = reqData.getSecHeader().getSecurityHeaderElement(); |
| return findSibling(secHeader, WSConstants.ENC_NS, "EncryptedKey"); |
| } |
| |
| protected Node findSCTSibling(RequestData reqData) { |
| String namespace = ConversationConstants.WSC_NS_05_12; |
| if (!reqData.isUse200512Namespace()) { |
| namespace = ConversationConstants.WSC_NS_05_02; |
| } |
| Element secHeader = reqData.getSecHeader().getSecurityHeaderElement(); |
| return findSibling(secHeader, namespace, "SecurityContextToken"); |
| } |
| |
| protected Node findSibling(Element secHeader, String namespace, String localName) { |
| if (secHeader == null) { |
| return null; |
| } |
| Node firstChild = secHeader.getFirstChild(); |
| while (firstChild != null) { |
| if (firstChild instanceof Element |
| && namespace.equals(((Element)firstChild).getNamespaceURI()) |
| && localName.equals(((Element)firstChild).getLocalName()) |
| && firstChild.getNextSibling() != null) { |
| return firstChild.getNextSibling(); |
| } |
| firstChild = firstChild.getNextSibling(); |
| } |
| return null; |
| } |
| |
| // Use a previous derived action which has already set up a SecurityContextToken |
| protected void setupSCTReference(WSSecDerivedKeyBase derivedKeyBase, |
| SignatureEncryptionActionToken previousActionToken, |
| boolean use200512Namespace) throws WSSecurityException { |
| if (use200512Namespace) { |
| derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT_05_12); |
| } else { |
| derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT); |
| } |
| |
| String tokenIdentifier = previousActionToken.getKeyIdentifier(); |
| derivedKeyBase.setTokenIdentifier(tokenIdentifier); |
| } |
| |
| protected Element setupSCTReference(WSSecDerivedKeyBase derivedKeyBase, |
| WSPasswordCallback passwordCallback, |
| SignatureEncryptionActionToken actionToken, |
| boolean use200512Namespace, |
| Document doc) throws WSSecurityException { |
| if (use200512Namespace) { |
| derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT_05_12); |
| } else { |
| derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT); |
| } |
| |
| String tokenIdentifier = IDGenerator.generateID("uuid:"); |
| derivedKeyBase.setTokenIdentifier(tokenIdentifier); |
| |
| actionToken.setKey(passwordCallback.getKey()); |
| actionToken.setKeyIdentifier(tokenIdentifier); |
| |
| int version = ConversationConstants.VERSION_05_12; |
| if (!use200512Namespace) { |
| version = ConversationConstants.VERSION_05_02; |
| } |
| |
| SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier); |
| return sct.getElement(); |
| } |
| |
| // Use a previous derived action which has already set up an EncryptedKey |
| protected void setupEKReference(WSSecDerivedKeyBase derivedKeyBase, |
| SignatureEncryptionActionToken previousActionToken) throws WSSecurityException { |
| derivedKeyBase.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); |
| |
| String tokenIdentifier = previousActionToken.getKeyIdentifier(); |
| derivedKeyBase.setTokenIdentifier(tokenIdentifier); |
| } |
| |
| protected Element setupEKReference(WSSecDerivedKeyBase derivedKeyBase, |
| WSSecHeader securityHeader, |
| SignatureEncryptionActionToken actionToken, |
| String keyTransportAlgorithm, |
| String mgfAlgorithm, |
| SecretKey symmetricKey) throws WSSecurityException { |
| derivedKeyBase.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); |
| |
| WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(securityHeader); |
| encrKeyBuilder.setUserInfo(actionToken.getUser()); |
| if (actionToken.getDerivedKeyIdentifier() != 0) { |
| encrKeyBuilder.setKeyIdentifierType(actionToken.getDerivedKeyIdentifier()); |
| } else { |
| encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); |
| } |
| |
| if (actionToken.getDigestAlgorithm() != null) { |
| encrKeyBuilder.setDigestAlgorithm(actionToken.getDigestAlgorithm()); |
| } |
| if (keyTransportAlgorithm != null) { |
| encrKeyBuilder.setKeyEncAlgo(keyTransportAlgorithm); |
| } |
| if (mgfAlgorithm != null) { |
| encrKeyBuilder.setMGFAlgorithm(mgfAlgorithm); |
| } |
| encrKeyBuilder.prepare(actionToken.getCrypto(), symmetricKey); |
| |
| String tokenIdentifier = encrKeyBuilder.getId(); |
| |
| actionToken.setKey(symmetricKey.getEncoded()); |
| actionToken.setKeyIdentifier(tokenIdentifier); |
| derivedKeyBase.setTokenIdentifier(tokenIdentifier); |
| |
| return encrKeyBuilder.getEncryptedKeyElement(); |
| } |
| } |