Author: ruchithf
Date: Wed Nov 7 15:59:35 2007
New Revision: 592962
URL: http://svn.apache.org/viewvc?rev=592962&view=rev
Log:
EncryptedKeySHA1 reference uses the the base64 encoded value of the SHA-1
digest of encrypted bytes of the ephemeral key.
Updated wss4j to support this.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
Wed Nov 7 15:59:35 2007
@@ -162,6 +162,13 @@
public static final java.lang.String TAG_BINARY_SECURITY_TOKEN =
"binary-security-token";
+ /**
+ * Tag denoting the encrypted key bytes
+ *
+ * The value under this tag is a byte array
+ */
+ public static final Object TAG_ENCRYPTED_EPHEMERAL_KEY =
"encrypted-ephemeral-key-bytes";
+
public WSSecurityEngineResult(
int act,
SAMLAssertion ass
@@ -200,11 +207,13 @@
public WSSecurityEngineResult(
int act,
byte[] decryptedKey,
+ byte[] encryptedKeyBytes,
String encyptedKeyId,
List dataRefUris
) {
put(TAG_ACTION, new Integer(act));
put(TAG_DECRYPTED_KEY, decryptedKey);
+ put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
put(TAG_DATA_REF_URIS, dataRefUris);
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
Wed Nov 7 15:59:35 2007
@@ -19,7 +19,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.SOAP11Constants;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
@@ -27,6 +26,7 @@
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
@@ -40,6 +40,8 @@
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Vector;
@@ -435,7 +437,7 @@
keyInfo = new KeyInfo(document);
SecurityTokenReference secToken = new
SecurityTokenReference(document);
- secToken.setKeyIdentifierEncKeySHA1(secretKey.getEncoded());
+
secToken.setKeyIdentifierEncKeySHA1(getSHA1(encryptedEphemeralKey));
keyInfo.addUnknownElement(secToken.getElement());
}
@@ -720,4 +722,19 @@
this.encryptSymmKey = encryptSymmKey;
}
+ private String getSHA1(byte[] input) throws WSSecurityException {
+ try {
+ MessageDigest sha = null;
+ sha = MessageDigest.getInstance("SHA-1");
+ sha.reset();
+ sha.update(input);
+ byte[] data = sha.digest();
+
+ return Base64.encode(data);
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ }
+ }
+
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Wed Nov 7 15:59:35 2007
@@ -69,6 +69,11 @@
protected byte[] ephemeralKey;
/**
+ * Encrypted bytes of the ephemeral key
+ */
+ protected byte[] encryptedEphemeralKey;
+
+ /**
* Remote user's alias to obtain the cert to encrypt the ephemeral key
*/
protected String encrUser = null;
@@ -205,9 +210,9 @@
new Object[] { "public key algorithm too weak to encrypt "
+ "symmetric key" });
}
- byte[] encryptedKey = null;
+
try {
- encryptedKey = cipher.doFinal(keyBytes);
+ this.encryptedEphemeralKey = cipher.doFinal(keyBytes);
} catch (IllegalStateException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e1);
@@ -219,7 +224,7 @@
null, null, e1);
}
Text keyText = WSSecurityUtil.createBase64EncodedTextNode(document,
- encryptedKey);
+ this.encryptedEphemeralKey);
/*
* Now we need to setup the EncryptedKey header block 1) create a
@@ -494,6 +499,10 @@
public boolean isCertSet() {
return (useThisCert == null ? true : false) ;
+ }
+
+ public byte[] getEncryptedEphemeralKey() {
+ return encryptedEphemeralKey;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
Wed Nov 7 15:59:35 2007
@@ -108,6 +108,8 @@
protected String strUri = null;
private byte[] secretKey = null;
+
+ private String encrKeySha1value = null;
protected BinarySecurity bstToken = null;
@@ -416,7 +418,7 @@
break;
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
- secRef.setKeyIdentifierEncKeySHA1(this.secretKey);
+
secRef.setKeyIdentifierEncKeySHA1(this.encrKeySha1value);
break;
case WSConstants.CUSTOM_SYMM_SIGNING :
@@ -829,6 +831,10 @@
public void setCustomTokenId(String customTokenId) {
this.customTokenId = customTokenId;
+ }
+
+ public void setEncrKeySha1value(String encrKeySha1value) {
+ this.encrKeySha1value = encrKeySha1value;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Wed Nov 7 15:59:35 2007
@@ -299,20 +299,10 @@
}
- public void setKeyIdentifierEncKeySHA1(byte[] secret)
+ public void setKeyIdentifierEncKeySHA1(String value)
throws WSSecurityException {
Document doc = this.element.getOwnerDocument();
- MessageDigest sha = null;
- try {
- sha = MessageDigest.getInstance("SHA-1");
- } catch (NoSuchAlgorithmException e1) {
- throw new WSSecurityException(0, "noSHA1availabe");
- }
- sha.reset();
- sha.update(secret);
- byte[] data = sha.digest();
-
- org.w3c.dom.Text text = doc.createTextNode(Base64.encode(data));
+ org.w3c.dom.Text text = doc.createTextNode(value);
createKeyIdentifier(doc, ENC_KEY_SHA1_URI, text);
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=592962&r1=592961&r2=592962&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Wed Nov 7 15:59:35 2007
@@ -20,8 +20,8 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
@@ -46,9 +46,8 @@
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
+
import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -58,7 +57,8 @@
private static Log log =
LogFactory.getLog(EncryptedKeyProcessor.class.getName());
private static Log tlog =
LogFactory.getLog("org.apache.ws.security.TIME");
-
+ private byte[] encryptedEphemeralKey;
+
private byte[] decryptedBytes = null;
private String encryptedKeyId = null;
@@ -79,7 +79,8 @@
encryptedKeyId = elem.getAttributeNS(null, "Id");
returnResults.add(0, new WSSecurityEngineResult(WSConstants.ENCR,
- this.decryptedBytes,
+ this.decryptedBytes,
+
this.encryptedEphemeralKey,
this.encryptedKeyId,
dataRefUris));
}
@@ -297,8 +298,9 @@
}
try {
+ encryptedEphemeralKey =
getDecodedBase64EncodedData(xencCipherValue);
decryptedBytes =
-
cipher.doFinal(getDecodedBase64EncodedData(xencCipherValue));
+ cipher.doFinal(encryptedEphemeralKey);
} catch (IllegalStateException e2) {
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e2);
} catch (IllegalBlockSizeException e2) {
@@ -521,6 +523,10 @@
*/
public byte[] getDecryptedBytes() {
return decryptedBytes;
+ }
+
+ public byte[] getEncryptedEphemeralKey() {
+ return encryptedEphemeralKey;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
