You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2006/03/11 22:24:04 UTC
svn commit: r385172 - in
/webservices/wss4j/trunk/src/org/apache/ws/security/message:
WSSecDKEncrypt.java WSSecDerivedKeyBase.java WSSecEncrypt.java
WSSecEncryptedKey.java
Author: werner
Date: Sat Mar 11 13:24:01 2006
New Revision: 385172
URL: http://svn.apache.org/viewcvs?rev=385172&view=rev
Log:
Some code cleanup and refactoring. WSSecEncrypt is now a subclass of WSSecEncryptKey, reuse
of code.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java?rev=385172&r1=385171&r2=385172&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKEncrypt.java Sat Mar 11 13:24:01 2006
@@ -93,14 +93,27 @@
for (int part = 0; part < references.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
+
+ String idToEnc = encPart.getId();
+
String elemName = encPart.getName();
String nmSpace = encPart.getNamespace();
String modifier = encPart.getEncModifier();
/*
* Third step: get the data to encrypt.
*/
- Element body = (Element) WSSecurityUtil.findElement(envelope,
- elemName, nmSpace);
+ Element body = null;
+ if (idToEnc != null) {
+ body = WSSecurityUtil.findElementById(document
+ .getDocumentElement(), idToEnc, WSConstants.WSU_NS);
+ if (body == null) {
+ body = WSSecurityUtil.findElementById(document
+ .getDocumentElement(), idToEnc, null);
+ }
+ } else {
+ body = (Element) WSSecurityUtil.findElement(envelope, elemName,
+ nmSpace);
+ }
if (body == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noEncElement", new Object[] { "{" + nmSpace + "}"
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=385172&r1=385171&r2=385172&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Sat Mar 11 13:24:01 2006
@@ -74,7 +74,7 @@
* The Token identifier of the token that the <code>DerivedKeyToken</code>
* is (or to be) derived from.
*/
- protected String tokneIdentifier = null;
+ protected String tokenIdentifier = null;
/**
* The derived key will change depending on the sig/encr algorithm.
@@ -91,15 +91,27 @@
public void setExternalKey(byte[] ephemeralKey,
String tokenIdentifier) {
this.ephemeralKey = ephemeralKey;
- this.tokneIdentifier = tokenIdentifier;
+ this.tokenIdentifier = tokenIdentifier;
}
/**
- * @return Returns the tokneIdentifier.
+ * @return Returns the tokenIdentifier.
*/
- public String getTokneIdentifier() {
- return tokneIdentifier;
+ public String getTokenIdentifier() {
+ return tokenIdentifier;
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of the DerivedKeyToken element.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepare()</code>
+ * was not called before.
+ */
+ public String getId() {
+ return dktId;
}
/**
@@ -159,7 +171,7 @@
//Create the SecurityTokenRef to the Encrypted Key
SecurityTokenReference strEncKey = new SecurityTokenReference(document);
Reference ref = new Reference(document);
- ref.setURI("#" + this.tokneIdentifier);
+ ref.setURI("#" + this.tokenIdentifier);
strEncKey.setReference(ref);
dkt.setSecuityTokenReference(strEncKey);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=385172&r1=385171&r2=385172&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Sat Mar 11 13:24:01 2006
@@ -24,7 +24,6 @@
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
@@ -56,15 +55,13 @@
* @author Davanum Srinivas (dims@yahoo.com).
* @author Werner Dittmann (Werner.Dittmann@apache.org).
*/
-public class WSSecEncrypt extends WSSecBase {
+public class WSSecEncrypt extends WSSecEncryptedKey {
private static Log log = LogFactory.getLog(WSSecEncrypt.class.getName());
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
protected String symEncAlgo = WSConstants.AES_128;
- protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
-
protected String encCanonAlgo = null;
protected byte[] embeddedKey = null;
@@ -79,30 +76,10 @@
protected SecretKey symmetricKey = null;
/**
- * Symmetric key that's actually used.
- */
- protected SecretKey encryptionKey = null;
-
- /**
- * Parent node to which the EncryptedKeyElement should be added.
- */
- protected Element parentNode = null;
-
- /**
* SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
*/
protected SecurityTokenReference securityTokenReference = null;
- private BinarySecurity bstToken = null;
-
- private Element xencEncryptedKey = null;
-
- private Document document = null;
-
- private Element envelope = null;
-
- private String encKeyId = null;
-
/**
* Constructor.
*/
@@ -137,18 +114,6 @@
}
/**
- * Set the user name to get the encryption certificate.
- *
- * The public key of this certificate is used, thus no password necessary.
- * The user name is a keystore alias usually.
- *
- * @param user
- */
- public void setUserInfo(String user) {
- this.user = user;
- }
-
- /**
* Set the key name for EMBEDDED_KEYNAME
*
* @param embeddedKeyName
@@ -221,18 +186,6 @@
}
/**
- * Get the id generated during <code>prepare()</code>.
- *
- * Returns the the value of wsu:Id attribute of the EncryptedKey element.
- *
- * @return Return the wsu:Id of this token or null if <code>prepare()</code>
- * was not called before.
- */
- public String getId() {
- return encKeyId;
- }
-
- /**
* Initialize a WSSec Encrypt.
*
* The method prepares and initializes a WSSec Encrypt structure after the
@@ -245,7 +198,7 @@
* done explicitly.
*
* @param doc
- * The unsigned SOAP envelope as <code>Document</code>
+ * The SOAP envelope as <code>Document</code>
* @param crypto
* An instance of the Crypto API to handle keystore and
* certificates
@@ -261,11 +214,11 @@
* encrypted using the public key of the receiver
*/
- this.encryptionKey = this.symmetricKey;
- if (encryptionKey == null) {
+ if (symmetricKey == null) {
KeyGenerator keyGen = getKeyGenerator();
- this.encryptionKey = keyGen.generateKey();
+ this.symmetricKey = keyGen.generateKey();
}
+ byte[] encKey = this.symmetricKey.getEncoded();
/*
* Get the certificate that contains the public key for the public key
@@ -282,136 +235,7 @@
}
remoteCert = certs[0];
}
- String certUri = "EncCertId-" + remoteCert.hashCode();
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
- try {
- cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
- } catch (InvalidKeyException e) {
- throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
- null, null, e);
- }
- byte[] encKey = this.encryptionKey.getEncoded();
- if (doDebug) {
- log.debug("cipher blksize: " + cipher.getBlockSize()
- + ", symm key length: " + encKey.length);
- }
- if (cipher.getBlockSize() < encKey.length) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "unsupportedKeyTransp",
- new Object[] { "public key algorithm too weak to encrypt symmetric key" });
- }
- byte[] encryptedKey = null;
- try {
- encryptedKey = cipher.doFinal(encKey);
- } catch (IllegalStateException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
- null, null, e1);
- } catch (IllegalBlockSizeException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
- null, null, e1);
- } catch (BadPaddingException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
- null, null, e1);
- }
- Text keyText = WSSecurityUtil.createBase64EncodedTextNode(doc,
- encryptedKey);
-
- /*
- * Now we need to setup the EncryptedKey header block 1) create a
- * EncryptedKey element and set a wsu:Id for it 2) Generate ds:KeyInfo
- * element, this wraps the wsse:SecurityTokenReference 3) Create and set
- * up the SecurityTokenReference according to the keyIdentifer parameter
- * 4) Create the CipherValue element structure and insert the encrypted
- * session key
- */
- xencEncryptedKey = createEnrcyptedKey(doc, keyEncAlgo);
- encKeyId = "EncKeyId-" + xencEncryptedKey.hashCode();
- xencEncryptedKey.setAttributeNS(null, "Id", encKeyId);
-
- KeyInfo keyInfo = new KeyInfo(doc);
-
- SecurityTokenReference secToken = new SecurityTokenReference(doc);
-
- switch (keyIdentifierType) {
- case WSConstants.X509_KEY_IDENTIFIER:
- secToken.setKeyIdentifier(remoteCert);
- break;
-
- case WSConstants.SKI_KEY_IDENTIFIER:
- secToken.setKeyIdentifierSKI(remoteCert, crypto);
- break;
-
- case WSConstants.THUMBPRINT_IDENTIFIER:
- secToken.setKeyIdentifierThumb(remoteCert);
- break;
-
- case WSConstants.ISSUER_SERIAL:
- XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
- X509Data x509Data = new X509Data(doc);
- x509Data.add(data);
- secToken.setX509IssuerSerial(x509Data);
- break;
-
- case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(doc);
- ref.setURI("#" + certUri);
- bstToken = new X509Security(doc);
- ((X509Security) bstToken).setX509Certificate(remoteCert);
- bstToken.setID(certUri);
- ref.setValueType(bstToken.getValueType());
- secToken.setReference(ref);
- break;
-
- default:
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "unsupportedKeyId");
- }
- keyInfo.addUnknownElement(secToken.getElement());
- WSSecurityUtil.appendChildElement(doc, xencEncryptedKey, keyInfo
- .getElement());
-
- Element xencCipherValue = createCipherValue(doc, xencEncryptedKey);
- xencCipherValue.appendChild(keyText);
-
- envelope = doc.getDocumentElement();
- envelope.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:"
- + WSConstants.ENC_PREFIX, WSConstants.ENC_NS);
-
- }
-
- /**
- * Prepend the EncryptedKey element to the elements already in the Security
- * header.
- *
- * The method can be called any time after <code>prepare()</code>. This
- * allows to insert the EncryptedKey element at any position in the Security
- * header.
- *
- * @param secHeader
- * The security header that holds the Signature element.
- */
- public void prependToHeader(WSSecHeader secHeader) {
- WSSecurityUtil.prependChildElement(document, secHeader
- .getSecurityHeader(), xencEncryptedKey, false);
- }
-
- /**
- * Prepend the BinarySecurityToken to the elements already in the Security
- * header.
- *
- * The method can be called any time after <code>prepare()</code>. This
- * allows to insert the BST element at any position in the Security header.
- *
- * @param secHeader
- * The security header that holds the BST element.
- */
- public void prependBSTElementToHeader(WSSecHeader secHeader) {
- if (bstToken != null) {
- WSSecurityUtil.prependChildElement(document, secHeader
- .getSecurityHeader(), bstToken.getElement(), false);
- }
- bstToken = null;
+ prepareInternal(encKey, remoteCert, crypto);
}
/**
@@ -501,7 +325,7 @@
*/
public Element encryptForInternalRef(Element dataRef, Vector references)
throws WSSecurityException {
- Vector encDataRefs = doEncryption(document, this.encryptionKey,
+ Vector encDataRefs = doEncryption(document, this.symmetricKey,
references);
Element referenceList = dataRef;
if (referenceList == null) {
@@ -550,7 +374,7 @@
keyInfo.addUnknownElement(secToken.getElement());
- Vector encDataRefs = doEncryption(document, this.encryptionKey,
+ Vector encDataRefs = doEncryption(document, this.symmetricKey,
keyInfo, references);
Element referenceList = dataRef;
if (referenceList == null) {
@@ -572,7 +396,7 @@
* The internal <code>enc:Reference</code> element
*/
public void addInternalRefElement(Element dataRef) {
- WSSecurityUtil.appendChildElement(document, xencEncryptedKey, dataRef);
+ WSSecurityUtil.appendChildElement(document, encryptedKeyElement, dataRef);
}
/**
@@ -678,13 +502,12 @@
* (password) for this alogrithm, and set the cipher into encryption
* mode.
*/
- this.encryptionKey = this.symmetricKey;
- if (this.encryptionKey == null) {
+ if (this.symmetricKey == null) {
if (embeddedKey == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noKeySupplied");
}
- this.encryptionKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
+ this.symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
embeddedKey);
}
@@ -723,7 +546,7 @@
.getEnvelopeURI(), "Content");
parts.add(encP);
}
- Vector encDataRefs = doEncryption(doc, this.encryptionKey, keyInfo,
+ Vector encDataRefs = doEncryption(doc, this.symmetricKey, keyInfo,
parts);
/*
@@ -782,29 +605,6 @@
* specifies which alogrithm to use to encrypt the symmetric key
* @return an <code>xenc:EncryptedKey</code> element
*/
- public static Element createEnrcyptedKey(Document doc,
- String keyTransportAlgo) {
- Element encryptedKey = doc.createElementNS(WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX + ":EncryptedKey");
-
- WSSecurityUtil.setNamespace(encryptedKey, WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX);
- Element encryptionMethod = doc.createElementNS(WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX + ":EncryptionMethod");
- encryptionMethod.setAttributeNS(null, "Algorithm", keyTransportAlgo);
- WSSecurityUtil.appendChildElement(doc, encryptedKey, encryptionMethod);
- return encryptedKey;
- }
-
- public static Element createCipherValue(Document doc, Element encryptedKey) {
- Element cipherData = doc.createElementNS(WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX + ":CipherData");
- Element cipherValue = doc.createElementNS(WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX + ":CipherValue");
- cipherData.appendChild(cipherValue);
- WSSecurityUtil.appendChildElement(doc, encryptedKey, cipherData);
- return cipherValue;
- }
public static Element createDataRefList(Document doc,
Element referenceList, Vector encDataRefs) {
@@ -819,16 +619,7 @@
}
/**
- * Sets the parent node of the EncryptedKeyElement
- *
- * @param element
- */
- public void setParentNode(Element element) {
- parentNode = element;
- }
-
- /**
- * @return TODO
+ * @return The symmetric key
*/
public SecretKey getSymmetricKey() {
return symmetricKey;
@@ -844,17 +635,7 @@
}
/**
- * Get the symmetric key used for encryption. This may be the same as the
- * symmetric key field.
- *
- * @return The symmetric key
- */
- public SecretKey getEncryptionKey() {
- return this.encryptionKey;
- }
-
- /**
- * @return TODO
+ * @return Return the SecurityTokenRefernce
*/
public SecurityTokenReference getSecurityTokenReference() {
return securityTokenReference;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=385172&r1=385171&r2=385172&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Sat Mar 11 13:24:01 2006
@@ -54,14 +54,14 @@
private static Log log = LogFactory.getLog(WSSecEncryptedKey.class
.getName());
-
- protected boolean doDebug = false;
-
+
protected Document document;
+
/**
* soap:Envelope element
*/
protected Element envelope = null;
+
/**
* Session key used as the secret in key derivation
*/
@@ -76,17 +76,17 @@
* Algorithm used to encrypt the ephemeral key
*/
protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
-
+
/**
* xenc:EncryptedKey element
*/
protected Element encryptedKeyElement = null;
/**
- * The Token identifier of the token that the <code>DerivedKeyToken</code>
+ * The Token identifier of the token that the <code>DerivedKeyToken</code>
* is (or to be) derived from.
*/
- protected String tokneIdentifier = null;
+ protected String encKeyId = null;
/**
* BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE
@@ -94,10 +94,10 @@
*/
protected BinarySecurity bstToken = null;
-
/**
- * This will actually prepend the <code>EncryptedKey</code> to the
+ * This will actually prepend the <code>EncryptedKey</code> to the
* security header
+ *
* @param doc
* @param crypto
* @param secHeader
@@ -108,21 +108,49 @@
prependToHeader(secHeader);
prependBSTElementToHeader(secHeader);
}
-
- public void build(Document doc, Crypto crypto, WSSecHeader secHeader)
+
+ public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
throws WSSecurityException {
prepare(doc, crypto);
+ return doc;
}
-
+
/**
- * Prepare the ephemeralKey and the tokens required to be added to the
+ * Set the user name to get the encryption certificate.
+ *
+ * The public key of this certificate is used, thus no password necessary.
+ * The user name is a keystore alias usually.
+ *
+ * @param user
+ */
+ public void setUserInfo(String user) {
+ this.user = user;
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of the EncryptedKey element.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepare()</code>
+ * was not called before.
+ */
+ public String getId() {
+ return encKeyId;
+ }
+
+ /**
+ * Prepare the ephemeralKey and the tokens required to be added to the
* security header
+ *
* @param doc
+ * The SOAP envelope as <code>Document</code>
* @param crypto
+ * An instance of the Crypto API to handle keystore and
+ * certificates
* @throws WSSecurityException
*/
- protected void prepare(Document doc, Crypto crypto)
- throws WSSecurityException {
+ public void prepare(Document doc, Crypto crypto) throws WSSecurityException {
document = doc;
@@ -139,13 +167,33 @@
*/
X509Certificate remoteCert = null;
- X509Certificate[] certs = crypto.getCertificates(encrUser);
+ X509Certificate[] certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidX509Data", new Object[] { "for Encryption" });
}
remoteCert = certs[0];
+ prepareInternal(ephemeralKey, remoteCert, crypto);
+ }
+ /**
+ * Encrypt the symmetric key data and prepare the EncryptedKey element
+ *
+ * This method does the most work for to prepare the EncryptedKey element.
+ * It is also used by the WSSecEncrypt sub-class.
+ *
+ * @param keyBytes
+ * The bytes that represent the symmetric key
+ * @param remoteCert
+ * The certificate that contains the public key to encrypt the
+ * seymmetric key data
+ * @param crypto
+ * An instance of the Crypto API to handle keystore and
+ * certificates
+ * @throws WSSecurityException
+ */
+ protected void prepareInternal(byte[] keyBytes, X509Certificate remoteCert,
+ Crypto crypto) throws WSSecurityException {
String certUri = "EncCertId-" + remoteCert.hashCode();
Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
try {
@@ -154,21 +202,19 @@
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e);
}
-
if (doDebug) {
log.debug("cipher blksize: " + cipher.getBlockSize()
- + ", symm key length: " + this.ephemeralKey.length);
+ + ", symm key length: " + keyBytes.length);
}
- if (cipher.getBlockSize() < this.ephemeralKey.length) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
+ if (cipher.getBlockSize() < keyBytes.length) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
"unsupportedKeyTransp",
- new Object[] { "public key algorithm too weak to encrypt " +
- "symmetric key" });
+ new Object[] { "public key algorithm too weak to encrypt "
+ + "symmetric key" });
}
byte[] encryptedKey = null;
try {
- encryptedKey = cipher.doFinal(this.ephemeralKey);
+ encryptedKey = cipher.doFinal(keyBytes);
} catch (IllegalStateException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e1);
@@ -179,7 +225,7 @@
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e1);
}
- Text keyText = WSSecurityUtil.createBase64EncodedTextNode(doc,
+ Text keyText = WSSecurityUtil.createBase64EncodedTextNode(document,
encryptedKey);
/*
@@ -190,13 +236,13 @@
* 4) Create the CipherValue element structure and insert the encrypted
* session key
*/
- encryptedKeyElement = createEnrcyptedKey(doc, keyEncAlgo);
- this.tokneIdentifier = "EncKeyId-" + encryptedKeyElement.hashCode();
- encryptedKeyElement.setAttributeNS(null, "Id", this.tokneIdentifier);
+ encryptedKeyElement = createEnrcyptedKey(document, keyEncAlgo);
+ this.encKeyId = "EncKeyId-" + encryptedKeyElement.hashCode();
+ encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
- KeyInfo keyInfo = new KeyInfo(doc);
+ KeyInfo keyInfo = new KeyInfo(document);
- SecurityTokenReference secToken = new SecurityTokenReference(doc);
+ SecurityTokenReference secToken = new SecurityTokenReference(document);
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
@@ -212,16 +258,17 @@
break;
case WSConstants.ISSUER_SERIAL:
- XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
- X509Data x509Data = new X509Data(doc);
+ XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
+ remoteCert);
+ X509Data x509Data = new X509Data(document);
x509Data.add(data);
secToken.setX509IssuerSerial(x509Data);
break;
case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(doc);
+ Reference ref = new Reference(document);
ref.setURI("#" + certUri);
- bstToken = new X509Security(doc);
+ bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(remoteCert);
bstToken.setID(certUri);
ref.setValueType(bstToken.getValueType());
@@ -232,23 +279,22 @@
throw new WSSecurityException(WSSecurityException.FAILURE,
"unsupportedKeyId");
}
-
keyInfo.addUnknownElement(secToken.getElement());
- WSSecurityUtil.appendChildElement(doc, encryptedKeyElement, keyInfo
- .getElement());
+ WSSecurityUtil.appendChildElement(document, encryptedKeyElement,
+ keyInfo.getElement());
- Element xencCipherValue = createCipherValue(doc, encryptedKeyElement);
+ Element xencCipherValue = createCipherValue(document,
+ encryptedKeyElement);
xencCipherValue.appendChild(keyText);
- envelope = doc.getDocumentElement();
+ envelope = document.getDocumentElement();
envelope.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:"
+ WSConstants.ENC_PREFIX, WSConstants.ENC_NS);
-
-
}
-
+
/**
* Create an ephemeral key
+ *
* @return
* @throws WSSecurityException
*/
@@ -263,19 +309,18 @@
"Error in creating the ephemeral key", e);
}
}
-
+
/**
- * Sets the alias of the remote cert which is usef to encrypt the ephemeral
- * key
- * @param user
+ * Create DOM subtree for <code>xenc:EncryptedKey</code>
+ *
+ * @param doc
+ * the SOAP enevelope parent document
+ * @param keyTransportAlgo
+ * specifies which alogrithm to use to encrypt the symmetric key
+ * @return an <code>xenc:EncryptedKey</code> element
*/
- public void setEncryptionUser(String user) {
- this.encrUser = user;
- }
-
-
- protected Element createEnrcyptedKey(Document doc,
- String keyTransportAlgo) {
+
+ protected Element createEnrcyptedKey(Document doc, String keyTransportAlgo) {
Element encryptedKey = doc.createElementNS(WSConstants.ENC_NS,
WSConstants.ENC_PREFIX + ":EncryptedKey");
@@ -287,7 +332,7 @@
WSSecurityUtil.appendChildElement(doc, encryptedKey, encryptionMethod);
return encryptedKey;
}
-
+
protected Element createCipherValue(Document doc, Element encryptedKey) {
Element cipherData = doc.createElementNS(WSConstants.ENC_NS,
WSConstants.ENC_PREFIX + ":CipherData");
@@ -297,7 +342,7 @@
WSSecurityUtil.appendChildElement(doc, encryptedKey, cipherData);
return cipherValue;
}
-
+
/**
* Prepend the EncryptedKey element to the elements already in the Security
* header.
@@ -309,11 +354,11 @@
* @param secHeader
* The security header that holds the Signature element.
*/
- protected void prependToHeader(WSSecHeader secHeader) {
+ public void prependToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(document, secHeader
.getSecurityHeader(), encryptedKeyElement, false);
}
-
+
/**
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
@@ -324,7 +369,7 @@
* @param secHeader
* The security header that holds the BST element.
*/
- protected void prependBSTElementToHeader(WSSecHeader secHeader) {
+ public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
WSSecurityUtil.prependChildElement(document, secHeader
.getSecurityHeader(), bstToken.getElement(), false);
@@ -332,19 +377,10 @@
bstToken = null;
}
-
/**
* @return Returns the ephemeralKey.
*/
public byte[] getEphemeralKey() {
return ephemeralKey;
}
-
- /**
- * @return Returns the tokneIdentifier.
- */
- public String getTokneIdentifier() {
- return tokneIdentifier;
- }
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org