src/org/apache/ws/sandbox/security/conversation/KeyDerivator.java - ws-wss4j - Git at Google

 /*
  * Copyright  2003-2004 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  */

 package org.apache.ws.sandbox.security.conversation;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.sandbox.security.conversation.dkalgo.AlgoFactory;
 import org.apache.ws.sandbox.security.conversation.dkalgo.DerivationAlgorithm;
 import org.apache.ws.sandbox.security.conversation.message.info.DerivedKeyInfo;
 import org.apache.ws.security.message.token.SecurityTokenReference;

 import java.util.Hashtable;

 /**
  * @author Ruchith
  * @version 1.0
  */

 public class KeyDerivator {

     private Log log = LogFactory.getLog(KeyDerivator.class.getName());

     public byte[] generateKey(Hashtable sessionTable, String identifier) throws
             WSSecurityException, ConversationException, WSSecurityException {

         log.debug("KeyDerivator: Inside generate key");
         String[] uuidAndDerivedKeyTokenId = ConversationUtil.
                 getUuidAndDerivedKeyTokenId(identifier);
         //Get the session from teh session table
         ConversationSession convSession = (ConversationSession) sessionTable.get(uuidAndDerivedKeyTokenId[0]);
         log.debug("KeyDerivator: session found: " + uuidAndDerivedKeyTokenId[0]);
         if (convSession != null) {
             int freq = convSession.getContextInfo().getFrequency(); //Key generation frequency
             if (freq == 0) { //If the frequency is zero then no need for key derivation
                 return convSession.getContextInfo().getSharedSecret();
             } else { //Derived keys are required
                 return deriveKey(convSession, uuidAndDerivedKeyTokenId[1]);
             }
         } else {
             /** @todo Check the list of expired sessions and figureout whether the session is expired or not */
             throw new ConversationException("Conversation Session not found");
         }
     }

     private byte[] deriveKey(ConversationSession convSession,
                              String derivedKeyTokenId) throws
             WSSecurityException, ConversationException {

         //The derived key info object of the current derived key
         DerivedKeyInfo dkInfo = (DerivedKeyInfo) convSession.getDerivedKeys().get(derivedKeyTokenId);
         SecurityTokenReference secTokRef = dkInfo.getSecurityTokenReference();
         log.debug("KeyDerivator: deriveKey: security token reference: " + secTokRef);
 //        if (secTokRef != null) {
 //            if (secTokRef.toString().equals("<wsse:SecurityTokenReference/>")) {//No security token reference
 //                log.debug("KeyDerivator: deriveKey: No security token refernece available");
 //                return deriveTokenFromContext(convSession, dkInfo);
 //            } else {
 //                String contextIdentifier = convSession.getContextInfo().getIdentifier();
 //
 //                String wsuId = secTokRef.getReference().getURI();
 //
 //                Element sctEle = WSSecurityUtil.getElementByWsuId(WSSConfig.getDefaultWSConfig(), secTokRef.getElement().getOwnerDocument(), wsuId);
 //
 //                try {
 //                    SecurityContextToken sct = new SecurityContextToken(sctEle);
 //                    if (contextIdentifier.equals(sct.getIdentifier()))
 //                        return deriveTokenFromContext(convSession, dkInfo);
 //                    else
 //                        throw new ConversationException("Derivation source cannot be determined");
 //                } catch (WSSecurityException secEx) {
 //                    /** @todo Supporting other tokens other than SCT as the derivation source */
 //                    //Here we should check whether it is some other type of a token
 //                    //E.g. DerivedKeyToken
 //                }
 //
 //                if (secTokRef.getReference().getURI().equals(contextIdentifier)) { //If the reference is to the SecurityContextToken
 //                    return deriveTokenFromContext(convSession, dkInfo);
 //                } else {
 //                    //Derive from some other security token other than the relevent security context
 //                    /** @todo Derive from some other security token other than the relevent security context
 //                     * For example this can be another DerivedKeyToken
 //                     * */
 //                    throw new ConversationException("KeyDerivator:  Deriving from some " +
 //                            "other security token other than the " +
 //                            "relevent security context: Not implemented :-(");
 //
 //                }
 //            }
 //        } else { //There is no SecurityTokenRefernece
             log.debug("KeyDerivator: deriveKey: No security token refernece available");
             return deriveTokenFromContext(convSession, dkInfo);
   //      }

     }

     /**
      * Derive the key from the related security context information
      *
      * @param convSession
      * @param dkInfo
      * @return
      * @throws ConversationException
      */
     private byte[] deriveTokenFromContext(ConversationSession convSession,
                                           DerivedKeyInfo dkInfo) throws
             ConversationException {

         log.debug("KeyDerivator: deriving key from contecxt :" + convSession.getContextInfo().getIdentifier() + " for dkt: " + dkInfo.getId());
         byte[] secret = convSession.getContextInfo().getSharedSecret(); //Shared secret
         String labelAndNonce = getLabelAndNonce(convSession, dkInfo); //Label and nonce
         long keyLength = getKeyLength(convSession, dkInfo); //Length of the key to generated
         int offset = getOffset(convSession, dkInfo);
         DerivationAlgorithm derivationAlgo = AlgoFactory.getInstance(dkInfo.
                 getAlgorithm()); //Derivation algorithm
         return derivationAlgo.createKey(secret, labelAndNonce, offset, keyLength);
     }

     /**
      * The label+nonce value used for the seed in calculating the derived key
      *
      * @param convSession
      * @param dkInfo
      * @return relevan label+nonce
      */
     private String getLabelAndNonce(ConversationSession convSession,
                                     DerivedKeyInfo dkInfo) throws
             ConversationException {
         String label, nonce;
         if ((label = dkInfo.getLabel()) != null || (label = convSession.getLabel()) != null) {
             if ((nonce = dkInfo.getNonce()) != null) {
                 log.debug("KeyDerivator: Inside get label and nocne : " + label + nonce);
                 return label + nonce;
             } else {
                 throw new ConversationException("Nonce value not available");
             }
         } else {
             throw new ConversationException("Label cannot be found");
         }
     }

     /**
      * This return teh key length of the derived key to be generated
      *
      * @param convSession
      * @param dkInfo
      * @return length of the key to be returned
      * @throws ConversationException
      */
     private long getKeyLength(ConversationSession convSession,
                               DerivedKeyInfo dkInfo) throws ConversationException {

         long length;
         if ((length = dkInfo.getLength()) != -1) { //If the length info is there in the token return it
             log.debug("KeyDerivator: Inside get length: " + length);
             return length;
         } else if ((length = convSession.getKeyLength()) != -1) { //Get length info from the session
             log.debug("KeyDerivator: Inside get length: " + length);
             return length;
         } else {
             throw new ConversationException("Length information not available");
         }
     }

     /**
      * @param convSession
      * @param dkInfo
      * @return
      * @throws ConversationException
      */
     private int getOffset(ConversationSession convSession, DerivedKeyInfo dkInfo) throws
             ConversationException {
         int offset = dkInfo.getOffset();
         int generation = dkInfo.getGeneration();
         long lengthFromDkInfo = dkInfo.getLength();

         if (generation != -1 && offset != -1) { //If both generation and offset values are set
             throw new ConversationException("Generation and Offset both cannot be used simultaneously: " +
                     "Generation : " + generation +
                     "Offset : " + offset);
         } else if (convSession.getKeyLength() != -1) { //Session is configured to use fixed size keys
             if (generation == -1){
           		log.debug("Generation set to zero");
           		generation = 0;
           return (int)convSession.getKeyLength() * generation;
 //                throw new ConversationException("Generation value is not avaliable (fixed size keys are used: " +
 //                        "Key size : " + convSession.getKeyLength() + ")");
             }else{
                 return (int) convSession.getKeyLength() * generation;
             }
         } else if (offset != -1) { //Fixed size keys are NOT used: The length and offset values should be available in the DKT
             return offset;
         } else if (generation != -1) { //Here length should be specified in the DKT
             if (dkInfo.getLength() != -1)
                 return generation * (int) dkInfo.getLength();
             else
                 throw new ConversationException("Length information not available");
         } else {
             return 0; //If generation and offset info are not available offset will be 0
         }
     }

 }
	/*
	* Copyright 2003-2004 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	package org.apache.ws.sandbox.security.conversation;

	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;
	import org.apache.ws.security.WSSecurityException;
	import org.apache.ws.sandbox.security.conversation.dkalgo.AlgoFactory;
	import org.apache.ws.sandbox.security.conversation.dkalgo.DerivationAlgorithm;
	import org.apache.ws.sandbox.security.conversation.message.info.DerivedKeyInfo;
	import org.apache.ws.security.message.token.SecurityTokenReference;

	import java.util.Hashtable;

	/**
	* @author Ruchith
	* @version 1.0
	*/

	public class KeyDerivator {

	private Log log = LogFactory.getLog(KeyDerivator.class.getName());

	public byte[] generateKey(Hashtable sessionTable, String identifier) throws
	WSSecurityException, ConversationException, WSSecurityException {

	log.debug("KeyDerivator: Inside generate key");
	String[] uuidAndDerivedKeyTokenId = ConversationUtil.
	getUuidAndDerivedKeyTokenId(identifier);
	//Get the session from teh session table
	ConversationSession convSession = (ConversationSession) sessionTable.get(uuidAndDerivedKeyTokenId[0]);
	log.debug("KeyDerivator: session found: " + uuidAndDerivedKeyTokenId[0]);
	if (convSession != null) {
	int freq = convSession.getContextInfo().getFrequency(); //Key generation frequency
	if (freq == 0) { //If the frequency is zero then no need for key derivation
	return convSession.getContextInfo().getSharedSecret();
	} else { //Derived keys are required
	return deriveKey(convSession, uuidAndDerivedKeyTokenId[1]);
	}
	} else {
	/** @todo Check the list of expired sessions and figureout whether the session is expired or not */
	throw new ConversationException("Conversation Session not found");
	}
	}

	private byte[] deriveKey(ConversationSession convSession,
	String derivedKeyTokenId) throws
	WSSecurityException, ConversationException {

	//The derived key info object of the current derived key
	DerivedKeyInfo dkInfo = (DerivedKeyInfo) convSession.getDerivedKeys().get(derivedKeyTokenId);
	SecurityTokenReference secTokRef = dkInfo.getSecurityTokenReference();
	log.debug("KeyDerivator: deriveKey: security token reference: " + secTokRef);
	// if (secTokRef != null) {
	// if (secTokRef.toString().equals("<wsse:SecurityTokenReference/>")) {//No security token reference
	// log.debug("KeyDerivator: deriveKey: No security token refernece available");
	// return deriveTokenFromContext(convSession, dkInfo);
	// } else {
	// String contextIdentifier = convSession.getContextInfo().getIdentifier();
	//
	// String wsuId = secTokRef.getReference().getURI();
	//
	// Element sctEle = WSSecurityUtil.getElementByWsuId(WSSConfig.getDefaultWSConfig(), secTokRef.getElement().getOwnerDocument(), wsuId);
	//
	// try {
	// SecurityContextToken sct = new SecurityContextToken(sctEle);
	// if (contextIdentifier.equals(sct.getIdentifier()))
	// return deriveTokenFromContext(convSession, dkInfo);
	// else
	// throw new ConversationException("Derivation source cannot be determined");
	// } catch (WSSecurityException secEx) {
	// /** @todo Supporting other tokens other than SCT as the derivation source */
	// //Here we should check whether it is some other type of a token
	// //E.g. DerivedKeyToken
	// }
	//
	// if (secTokRef.getReference().getURI().equals(contextIdentifier)) { //If the reference is to the SecurityContextToken
	// return deriveTokenFromContext(convSession, dkInfo);
	// } else {
	// //Derive from some other security token other than the relevent security context
	// /** @todo Derive from some other security token other than the relevent security context
	// * For example this can be another DerivedKeyToken
	// * */
	// throw new ConversationException("KeyDerivator: Deriving from some " +
	// "other security token other than the " +
	// "relevent security context: Not implemented :-(");
	//
	// }
	// }
	// } else { //There is no SecurityTokenRefernece
	log.debug("KeyDerivator: deriveKey: No security token refernece available");
	return deriveTokenFromContext(convSession, dkInfo);
	// }

	}

	/**
	* Derive the key from the related security context information
	*
	* @param convSession
	* @param dkInfo
	* @return
	* @throws ConversationException
	*/
	private byte[] deriveTokenFromContext(ConversationSession convSession,
	DerivedKeyInfo dkInfo) throws
	ConversationException {

	log.debug("KeyDerivator: deriving key from contecxt :" + convSession.getContextInfo().getIdentifier() + " for dkt: " + dkInfo.getId());
	byte[] secret = convSession.getContextInfo().getSharedSecret(); //Shared secret
	String labelAndNonce = getLabelAndNonce(convSession, dkInfo); //Label and nonce
	long keyLength = getKeyLength(convSession, dkInfo); //Length of the key to generated
	int offset = getOffset(convSession, dkInfo);
	DerivationAlgorithm derivationAlgo = AlgoFactory.getInstance(dkInfo.
	getAlgorithm()); //Derivation algorithm
	return derivationAlgo.createKey(secret, labelAndNonce, offset, keyLength);
	}

	/**
	* The label+nonce value used for the seed in calculating the derived key
	*
	* @param convSession
	* @param dkInfo
	* @return relevan label+nonce
	*/
	private String getLabelAndNonce(ConversationSession convSession,
	DerivedKeyInfo dkInfo) throws
	ConversationException {
	String label, nonce;
	if ((label = dkInfo.getLabel()) != null \|\| (label = convSession.getLabel()) != null) {
	if ((nonce = dkInfo.getNonce()) != null) {
	log.debug("KeyDerivator: Inside get label and nocne : " + label + nonce);
	return label + nonce;
	} else {
	throw new ConversationException("Nonce value not available");
	}
	} else {
	throw new ConversationException("Label cannot be found");
	}
	}

	/**
	* This return teh key length of the derived key to be generated
	*
	* @param convSession
	* @param dkInfo
	* @return length of the key to be returned
	* @throws ConversationException
	*/
	private long getKeyLength(ConversationSession convSession,
	DerivedKeyInfo dkInfo) throws ConversationException {

	long length;
	if ((length = dkInfo.getLength()) != -1) { //If the length info is there in the token return it
	log.debug("KeyDerivator: Inside get length: " + length);
	return length;
	} else if ((length = convSession.getKeyLength()) != -1) { //Get length info from the session
	log.debug("KeyDerivator: Inside get length: " + length);
	return length;
	} else {
	throw new ConversationException("Length information not available");
	}
	}

	/**
	* @param convSession
	* @param dkInfo
	* @return
	* @throws ConversationException
	*/
	private int getOffset(ConversationSession convSession, DerivedKeyInfo dkInfo) throws
	ConversationException {
	int offset = dkInfo.getOffset();
	int generation = dkInfo.getGeneration();
	long lengthFromDkInfo = dkInfo.getLength();

	if (generation != -1 && offset != -1) { //If both generation and offset values are set
	throw new ConversationException("Generation and Offset both cannot be used simultaneously: " +
	"Generation : " + generation +
	"Offset : " + offset);
	} else if (convSession.getKeyLength() != -1) { //Session is configured to use fixed size keys
	if (generation == -1){
	log.debug("Generation set to zero");
	generation = 0;
	return (int)convSession.getKeyLength() * generation;
	// throw new ConversationException("Generation value is not avaliable (fixed size keys are used: " +
	// "Key size : " + convSession.getKeyLength() + ")");
	}else{
	return (int) convSession.getKeyLength() * generation;
	}
	} else if (offset != -1) { //Fixed size keys are NOT used: The length and offset values should be available in the DKT
	return offset;
	} else if (generation != -1) { //Here length should be specified in the DKT
	if (dkInfo.getLength() != -1)
	return generation * (int) dkInfo.getLength();
	else
	throw new ConversationException("Length information not available");
	} else {
	return 0; //If generation and offset info are not available offset will be 0
	}
	}

	}