Author: coheigea
Date: Wed Jun 24 11:10:44 2015
New Revision: 1687238
URL: http://svn.apache.org/r1687238
Log:
Some refactoring of previous commits
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1687238&r1=1687237&r2=1687238&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
Wed Jun 24 11:10:44 2015
@@ -21,9 +21,9 @@ package org.apache.wss4j.dom.action;
import java.security.cert.X509Certificate;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.crypto.Crypto;
@@ -94,10 +94,19 @@ public class EncryptionAction implements
|| !encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey
== null) {
CallbackHandler callbackHandler =
handler.getPasswordCallbackHandler(reqData);
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(encryptionToken.getUser(),
WSConstants.ENCR, callbackHandler, reqData);
- ephemeralKey = passwordCallback.getKey();
- byte[] encryptedKey = passwordCallback.getEncryptedSecret();
+ // Get secret key for encryption from a CallbackHandler
+ WSPasswordCallback pwcb =
+ new WSPasswordCallback(encryptionToken.getUser(),
WSPasswordCallback.SECRET_KEY);
+ pwcb.setAlgorithm(wsEncrypt.getSymmetricEncAlgorithm());
+ try {
+ callbackHandler.handle(new Callback[] {pwcb});
+ } catch (Exception e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
+ "empty", new Object[] {"WSHandler: password callback
failed"});
+ }
+
+ ephemeralKey = pwcb.getKey();
+ byte[] encryptedKey = pwcb.getEncryptedSecret();
wsEncrypt.setEncryptedEphemeralKey(encryptedKey);
}
wsEncrypt.setEphemeralKey(ephemeralKey);
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1687238&r1=1687237&r2=1687238&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Wed Jun 24 11:10:44 2015
@@ -145,28 +145,30 @@ public class EncryptedKeyProcessor imple
X509Certificate[] certs = null;
STRParser.REFERENCE_TYPE referenceType = null;
- if
(SecurityTokenReference.SECURITY_TOKEN_REFERENCE.equals(keyInfoChildElement.getLocalName())
- &&
WSConstants.WSSE_NS.equals(keyInfoChildElement.getNamespaceURI())) {
- STRParserParameters parameters = new STRParserParameters();
- parameters.setData(data);
- parameters.setWsDocInfo(wsDocInfo);
- parameters.setStrElement(keyInfoChildElement);
-
- STRParser strParser = new EncryptedKeySTRParser();
- STRParserResult parserResult =
strParser.parseSecurityTokenReference(parameters);
-
- certs = parserResult.getCertificates();
- referenceType = parserResult.getCertificatesReferenceType();
- } else {
- certs = getCertificatesFromX509Data(keyInfoChildElement, data);
- }
-
boolean symmetricKeyWrap =
isSymmetricKeyWrap(encryptedKeyTransportMethod);
- if (!symmetricKeyWrap && (certs == null || certs.length < 1 ||
certs[0] == null)) {
- throw new WSSecurityException(
+ if (!symmetricKeyWrap) {
+ if
(SecurityTokenReference.SECURITY_TOKEN_REFERENCE.equals(keyInfoChildElement.getLocalName())
+ &&
WSConstants.WSSE_NS.equals(keyInfoChildElement.getNamespaceURI())) {
+ STRParserParameters parameters = new STRParserParameters();
+ parameters.setData(data);
+ parameters.setWsDocInfo(wsDocInfo);
+ parameters.setStrElement(keyInfoChildElement);
+
+ STRParser strParser = new EncryptedKeySTRParser();
+ STRParserResult parserResult =
strParser.parseSecurityTokenReference(parameters);
+
+ certs = parserResult.getCertificates();
+ referenceType = parserResult.getCertificatesReferenceType();
+ } else {
+ certs = getCertificatesFromX509Data(keyInfoChildElement, data);
+ }
+
+ if (certs == null || certs.length < 1 || certs[0] == null) {
+ throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"noCertsFound",
new Object[] {"decryption (KeyId)"});
+ }
}
// Check for compliance against the defined AlgorithmSuite
@@ -197,9 +199,31 @@ public class EncryptedKeyProcessor imple
Cipher cipher = null;
if (symmetricKeyWrap) {
+ // See if we have a KeyName
+ String keyName = "";
+ if (keyInfoChildElement != null) {
+ Element keyNmElem =
+ XMLUtils.getDirectChildElement(
+ keyInfoChildElement, "KeyName", WSConstants.SIG_NS
+ );
+ if (keyNmElem != null) {
+ keyName = XMLUtils.getElementText(keyNmElem);
+ }
+ }
+
// Get secret key for decryption from a CallbackHandler
- WSPasswordCallback pwcb = new WSPasswordCallback("",
WSPasswordCallback.SECRET_KEY);
+ WSPasswordCallback pwcb = new WSPasswordCallback(keyName,
WSPasswordCallback.SECRET_KEY);
pwcb.setEncryptedSecret(encryptedEphemeralKey);
+
+ // Get the (first) encryption algorithm
+ String uri = getFirstDataRefURI(refList);
+ if (uri != null) {
+ Element ee =
+
EncryptionUtils.findEncryptedDataElement(refList.getOwnerDocument(),
+ wsDocInfo,
uri);
+ String algorithmURI = X509Util.getEncAlgo(ee);
+ pwcb.setAlgorithm(algorithmURI);
+ }
try {
data.getCallbackHandler().handle(new Callback[] {pwcb});
} catch (Exception e) {
