You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2004/03/07 11:47:50 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/axis/security WSDoAllSender.java
werner 2004/03/07 02:47:50
Modified: wss4j/src/org/apache/ws/security WSSecurityEngine.java
wss4j/src/org/apache/ws/security/message WSSignEnvelope.java
WSEncryptBody.java
wss4j/src/org/apache/ws/axis/security WSDoAllSender.java
Log:
Added function to manually select the signature algo, function to
autodetect signature algo according to certificate public key algo.
Support for RSA-OAEP keytransport.
Revision Changes Path
1.5 +5 -1 ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
Index: WSSecurityEngine.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WSSecurityEngine.java 6 Mar 2004 11:53:11 -0000 1.4
+++ WSSecurityEngine.java 7 Mar 2004 10:47:50 -0000 1.5
@@ -652,7 +652,11 @@
Cipher cipher = null;
if (keyEncAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
cipher = Cipher.getInstance("RSA");
- } else {
+ }
+ else if (keyEncAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
+ cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
+ }
+ else {
throw new WSSecurityException
(WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp", new Object[]{keyEncAlgo});
1.5 +20 -6 ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java
Index: WSSignEnvelope.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WSSignEnvelope.java 6 Mar 2004 04:21:59 -0000 1.4
+++ WSSignEnvelope.java 7 Mar 2004 10:47:50 -0000 1.5
@@ -59,7 +59,7 @@
protected boolean useSingleCert = true;
- protected String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ protected String sigAlgo = null;
protected String canonAlgo = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
static {
@@ -215,6 +215,25 @@
// Set the id of the elements to be used as digest source
// String id = setBodyID(doc);
+ X509Certificate[] certs = crypto.getCertificates(user);
+ if (certs == null || certs.length <= 0) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidX509Data", new Object[]{"for Signature"});
+ }
+ if (sigAlgo == null) {
+ String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
+ log.debug("automatic sig algo detection: " + pubKeyAlgo);
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ }
+ else {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidX509Data", new Object[]{"for Signature - unkown public key Algo"});
+ }
+ }
XMLSignature sig = null;
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
/*
@@ -229,11 +248,6 @@
String keyInfoUri = "id-" + info.hashCode();
info.setId(keyInfoUri);
- X509Certificate[] certs = crypto.getCertificates(user);
- if (certs == null || certs.length <= 0) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidX509Data", new Object[]{"for Signature"});
- }
if( tlog.isDebugEnabled() ) {
t1=System.currentTimeMillis();
}
1.2 +27 -3 ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java
Index: WSEncryptBody.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSEncryptBody.java 13 Feb 2004 20:43:08 -0000 1.1
+++ WSEncryptBody.java 7 Mar 2004 10:47:50 -0000 1.2
@@ -56,7 +56,7 @@
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
protected String symEncAlgo = WSConstants.TRIPLE_DES;
- protected String keyTransportAlgo = WSConstants.KEYTRANSPORT_RSA15;
+ protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
protected String encCanonAlgo = null;
protected byte[] embeddedKey = null;
@@ -100,6 +100,19 @@
}
/**
+ * Sets the algorithm to encode the symmetric key.
+ * <p/>
+ * Default is the <code>WSConstants.KEYTRANSPORT_RSA15</code>
+ * algorithm.
+ *
+ * @param keyEnc specifies the key encoding algorithm.
+ * @see WSConstants.KEYTRANSPORT_RSA15
+ * @see WSConstants.KEYTRANSPORT_RSAOEP
+ */
+ public void setKeyEnc(String keyEnc) {
+ keyEncAlgo = keyEnc;
+ }
+ /**
* Set the user name to get the encryption certificate. The public
* key of this certificate is used, thus no password necessary.
* The user name is a keystore alias usually.
@@ -314,7 +327,18 @@
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
}
- Cipher cipher = Cipher.getInstance("RSA");
+ Cipher cipher = null;
+ if (keyEncAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
+ cipher = Cipher.getInstance("RSA");
+ }
+ else if (keyEncAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
+ cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
+ }
+ else {
+ throw new WSSecurityException
+ (WSSecurityException.UNSUPPORTED_ALGORITHM,
+ "unsupportedKeyTransp", new Object[]{keyEncAlgo});
+ }
cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
byte[] encryptedKey = cipher.doFinal(symmetricKey.getEncoded());
Text keyText =
@@ -337,7 +361,7 @@
* data that was encrypted with this encrypted session key :-)
*/
Element wsseSecurity = insertSecurityHeader(doc, true);
- Element xencEncryptedKey = createEnrcyptedKey(doc, keyTransportAlgo);
+ Element xencEncryptedKey = createEnrcyptedKey(doc, keyEncAlgo);
WSSecurityUtil.prependChildElement(
doc,
wsseSecurity,
1.5 +3 -8 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java
Index: WSDoAllSender.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WSDoAllSender.java 6 Mar 2004 11:53:11 -0000 1.4
+++ WSDoAllSender.java 7 Mar 2004 10:47:50 -0000 1.5
@@ -267,13 +267,9 @@
if (encSymmAlgo != null) {
wsEncrypt.setSymmetricEncAlgorithm(encSymmAlgo);
}
- /*
- * Enable this later
-
if (encKeyTransport != null) {
- wsEncrypt.setKeyTransport(encKeyTransport);
+ wsEncrypt.setKeyEnc(encKeyTransport);
}
- */
wsEncrypt.setUserInfo(encUser);
if (encryptParts.size() > 0) {
wsEncrypt.setParts(encryptParts);
@@ -300,11 +296,10 @@
if (sigKeyId != 0) {
wsSign.setKeyIdentifierType(sigKeyId);
}
- /*
if (sigAlgorithm != null) {
- wsSign.setSignatureAlgorithm(sigAlogorithm);
+ wsSign.setSignatureAlgorithm(sigAlgorithm);
}
- */
+
wsSign.setUserInfo(username, password);
if (signatureParts.size() > 0) {
wsSign.setParts(signatureParts);