You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/07/11 17:53:56 UTC
svn commit: r1360243 - in
/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss:
ext/ impl/processor/input/ impl/processor/output/ impl/securityToken/
Author: coheigea
Date: Wed Jul 11 15:53:55 2012
New Revision: 1360243
URL: http://svn.apache.org/viewvc?rev=1360243&view=rev
Log:
Moved some Crypto references back to WSS4J
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java Wed Jul 11 15:53:55 2012
@@ -18,18 +18,18 @@
*/
package org.swssf.wss.ext;
-import org.apache.xml.security.stax.crypto.Crypto;
-import org.apache.xml.security.stax.crypto.MerlinBase;
-import org.apache.xml.security.stax.ext.XMLSecurityConfigurationException;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.ext.XMLSecurityProperties;
-
import java.net.URL;
import java.security.KeyStore;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
+import org.apache.xml.security.stax.crypto.Crypto;
+import org.apache.xml.security.stax.crypto.MerlinBase;
+import org.apache.xml.security.stax.ext.XMLSecurityConfigurationException;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+
/**
* Main configuration class to supply keys etc.
* This class is subject to change in the future.
@@ -269,4 +269,182 @@ public class WSSSecurityProperties exten
throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "signatureVerificationCryptoFailure", e);
}
}
+
+ private Class<? extends MerlinBase> decryptionCryptoClass;
+ private KeyStore decryptionKeyStore;
+
+ /**
+ * Returns the decryption keystore
+ *
+ * @return A keystore for decryption operation
+ */
+ public KeyStore getDecryptionKeyStore() {
+ return decryptionKeyStore;
+ }
+
+ /**
+ * loads a java keystore from the given url for decrypt operations
+ *
+ * @param url The URL to the keystore
+ * @param keyStorePassword The keyStorePassword
+ * @throws Exception thrown if something goes wrong while loading the keystore
+ */
+ public void loadDecryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(url.openStream(), keyStorePassword);
+ this.decryptionKeyStore = keyStore;
+ }
+
+ /**
+ * Returns the decryption crypto class
+ *
+ * @return
+ */
+ public Class<? extends MerlinBase> getDecryptionCryptoClass() {
+ if (decryptionCryptoClass != null) {
+ return decryptionCryptoClass;
+ }
+ decryptionCryptoClass = org.apache.xml.security.stax.crypto.Merlin.class;
+ return decryptionCryptoClass;
+ }
+
+ /**
+ * Sets a custom decryption class
+ *
+ * @param decryptionCryptoClass
+ */
+ public void setDecryptionCryptoClass(Class<? extends MerlinBase> decryptionCryptoClass) {
+ this.decryptionCryptoClass = decryptionCryptoClass;
+ }
+
+ private Crypto cachedDecryptionCrypto;
+ private KeyStore cachedDecryptionKeyStore;
+
+ /**
+ * returns the decryptionCrypto for the key-management
+ *
+ * @return A Crypto instance
+ * @throws XMLSecurityException thrown if something goes wrong
+ */
+ public Crypto getDecryptionCrypto() throws XMLSecurityException {
+
+ if (this.getDecryptionKeyStore() == null) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "decryptionKeyStoreNotSet");
+ }
+
+ if (this.getDecryptionKeyStore() == cachedDecryptionKeyStore) {
+ return cachedDecryptionCrypto;
+ }
+
+ Class<? extends MerlinBase> decryptionCryptoClass = this.getDecryptionCryptoClass();
+
+ try {
+ MerlinBase decryptionCrypto = decryptionCryptoClass.newInstance();
+ decryptionCrypto.setKeyStore(this.getDecryptionKeyStore());
+ cachedDecryptionCrypto = decryptionCrypto;
+ cachedDecryptionKeyStore = this.getDecryptionKeyStore();
+ return decryptionCrypto;
+ } catch (Exception e) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "decryptionCryptoFailure", e);
+ }
+ }
+
+ private Class<? extends MerlinBase> encryptionCryptoClass;
+ private KeyStore encryptionKeyStore;
+ private String encryptionUser;
+
+ /**
+ * Returns the encryption keystore
+ *
+ * @return A keystore for encryption operation
+ */
+ public KeyStore getEncryptionKeyStore() {
+ return encryptionKeyStore;
+ }
+
+ /**
+ * loads a java keystore from the given url for encrypt operations
+ *
+ * @param url The URL to the keystore
+ * @param keyStorePassword The keyStorePassword
+ * @throws Exception thrown if something goes wrong while loading the keystore
+ */
+ public void loadEncryptionKeystore(URL url, char[] keyStorePassword) throws Exception {
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(url.openStream(), keyStorePassword);
+ this.encryptionKeyStore = keyStore;
+ }
+
+ /**
+ * Returns the encryption crypto class
+ *
+ * @return
+ */
+ public Class<? extends MerlinBase> getEncryptionCryptoClass() {
+ if (encryptionCryptoClass != null) {
+ return encryptionCryptoClass;
+ }
+ encryptionCryptoClass = org.apache.xml.security.stax.crypto.Merlin.class;
+ return encryptionCryptoClass;
+ }
+
+ /**
+ * Sets a custom encryption class
+ *
+ * @param encryptionCryptoClass
+ */
+ public void setEncryptionCryptoClass(Class<? extends MerlinBase> encryptionCryptoClass) {
+ this.encryptionCryptoClass = encryptionCryptoClass;
+ }
+
+ private Crypto cachedEncryptionCrypto;
+ private KeyStore cachedEncryptionKeyStore;
+
+ /**
+ * returns the encryptionCrypto for the key-management
+ *
+ * @return A Crypto instance
+ * @throws XMLSecurityException thrown if something goes wrong
+ */
+ public Crypto getEncryptionCrypto() throws XMLSecurityException {
+
+ if (this.getEncryptionKeyStore() == null) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
+ }
+
+ if (this.getEncryptionKeyStore() == cachedEncryptionKeyStore) {
+ return cachedEncryptionCrypto;
+ }
+
+ Class<? extends MerlinBase> encryptionCryptoClass = this.getEncryptionCryptoClass();
+
+ try {
+ MerlinBase encryptionCrypto = encryptionCryptoClass.newInstance();
+ encryptionCrypto.setKeyStore(this.getEncryptionKeyStore());
+ cachedEncryptionCrypto = encryptionCrypto;
+ cachedEncryptionKeyStore = this.getEncryptionKeyStore();
+ return encryptionCrypto;
+ } catch (Exception e) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "encryptionCryptoFailure", e);
+ }
+ }
+
+ /**
+ * Returns the alias for the encryption key in the keystore
+ *
+ * @return the alias for the encryption key in the keystore as string
+ */
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ /**
+ * Specifies the the alias for the encryption key in the keystore
+ *
+ * @param encryptionUser the the alias for the encryption key in the keystore as string
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java Wed Jul 11 15:53:55 2012
@@ -76,7 +76,7 @@ public class BinarySecurityTokenInputHan
//ignore
}
if (crypto == null) {
- crypto = securityProperties.getDecryptionCrypto();
+ crypto = ((WSSSecurityProperties)securityProperties).getDecryptionCrypto();
}
this.binarySecurityToken = SecurityTokenFactoryImpl.getSecurityToken(
binarySecurityTokenType,
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java Wed Jul 11 15:53:55 2012
@@ -20,6 +20,7 @@ package org.swssf.wss.impl.processor.inp
import org.swssf.binding.wssc.AbstractDerivedKeyTokenType;
import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.wss.ext.WSSecurityException;
import org.swssf.wss.impl.derivedKey.DerivedKeyUtils;
@@ -90,7 +91,7 @@ public class DerivedKeyTokenInputHandler
this.referencedSecurityToken = SecurityTokenFactoryImpl.getSecurityToken(
derivedKeyTokenType.getSecurityTokenReference(),
- securityProperties.getDecryptionCrypto(),
+ ((WSSSecurityProperties)securityProperties).getDecryptionCrypto(),
securityProperties.getCallbackHandler(),
inputProcessorChain.getSecurityContext()
);
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java Wed Jul 11 15:53:55 2012
@@ -26,7 +26,6 @@ import org.apache.xml.security.binding.x
import org.swssf.wss.ext.*;
import org.swssf.wss.securityEvent.EncryptedKeyTokenSecurityEvent;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.crypto.Crypto;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
@@ -103,7 +102,7 @@ public class EncryptedKeyInputHandler ex
return keyTable.get(algorithmURI);
} else {
String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
- Key key = new SecretKeySpec(getSecret(securityProperties.getDecryptionCrypto(), this), algoFamily);
+ Key key = new SecretKeySpec(getSecret(this), algoFamily);
keyTable.put(algorithmURI, key);
return key;
}
@@ -116,7 +115,7 @@ public class EncryptedKeyInputHandler ex
}
public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return getWrappingSecurityToken(securityProperties.getDecryptionCrypto(), this);
+ return getWrappingSecurityToken(this);
}
public WSSConstants.TokenType getTokenType() {
@@ -125,7 +124,7 @@ public class EncryptedKeyInputHandler ex
private SecurityToken wrappingSecurityToken = null;
- private SecurityToken getWrappingSecurityToken(Crypto crypto, SecurityToken wrappedSecurityToken)
+ private SecurityToken getWrappingSecurityToken(SecurityToken wrappedSecurityToken)
throws XMLSecurityException {
if (wrappingSecurityToken != null) {
return this.wrappingSecurityToken;
@@ -133,8 +132,7 @@ public class EncryptedKeyInputHandler ex
KeyInfoType keyInfoType = encryptedKeyType.getKeyInfo();
this.wrappingSecurityToken = SecurityTokenFactory.getInstance().getSecurityToken(
keyInfoType,
- crypto,
- securityProperties.getCallbackHandler(),
+ SecurityToken.KeyInfoUsage.DECRYPTION,
securityProperties,
securityContext
);
@@ -142,7 +140,7 @@ public class EncryptedKeyInputHandler ex
return this.wrappingSecurityToken;
}
- private byte[] getSecret(Crypto crypto, SecurityToken wrappedSecurityToken) throws XMLSecurityException {
+ private byte[] getSecret(SecurityToken wrappedSecurityToken) throws XMLSecurityException {
String algorithmURI = encryptedKeyType.getEncryptionMethod().getAlgorithm();
if (algorithmURI == null) {
@@ -153,7 +151,7 @@ public class EncryptedKeyInputHandler ex
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
}
- final SecurityToken wrappingSecurityToken = getWrappingSecurityToken(crypto, wrappedSecurityToken);
+ final SecurityToken wrappingSecurityToken = getWrappingSecurityToken(wrappedSecurityToken);
try {
WSSConstants.KeyUsage keyUsage;
if (wrappingSecurityToken.isAsymmetric()) {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java Wed Jul 11 15:53:55 2012
@@ -26,7 +26,6 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig.ObjectType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSUtils;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.wss.ext.WSSecurityException;
@@ -158,8 +157,7 @@ public class WSSSignatureInputHandler ex
protected SecurityToken retrieveSecurityToken(KeyInfoType keyInfoType,
XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException {
- return SecurityTokenFactory.getInstance().getSecurityToken(keyInfoType,
- ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto(), securityProperties.getCallbackHandler(),
+ return SecurityTokenFactory.getInstance().getSecurityToken(keyInfoType, SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION,
securityProperties, securityContext);
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Wed Jul 11 15:53:55 2012
@@ -86,10 +86,11 @@ public class BinarySecurityTokenOutputPr
x509Certificates[0] = x509Certificate;
} else {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(getSecurityProperties().getEncryptionUser());
- x509Certificates = getSecurityProperties().getEncryptionCrypto().getX509Certificates(cryptoType);
+ cryptoType.setAlias(((WSSSecurityProperties)getSecurityProperties()).getEncryptionUser());
+ x509Certificates = ((WSSSecurityProperties)getSecurityProperties()).getEncryptionCrypto().getX509Certificates(cryptoType);
if (x509Certificates == null || x509Certificates.length == 0) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound", getSecurityProperties().getEncryptionUser());
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound",
+ ((WSSSecurityProperties)getSecurityProperties()).getEncryptionUser());
}
}
key = null;
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1360243&r1=1360242&r2=1360243&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Wed Jul 11 15:53:55 2012
@@ -47,23 +47,30 @@ public class SecurityTokenFactoryImpl ex
public SecurityTokenFactoryImpl() {
}
- public SecurityToken getSecurityToken(KeyInfoType keyInfoType, Crypto crypto, final CallbackHandler callbackHandler,
+ public SecurityToken getSecurityToken(KeyInfoType keyInfoType, SecurityToken.KeyInfoUsage keyInfoUsage,
XMLSecurityProperties securityProperties, SecurityContext securityContext) throws XMLSecurityException {
+ Crypto crypto = null;
+ if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
+ crypto = ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto();
+ } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
+ crypto = ((WSSSecurityProperties)securityProperties).getDecryptionCrypto();
+ }
+
if (keyInfoType != null) {
final SecurityTokenReferenceType securityTokenReferenceType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
if (securityTokenReferenceType != null) {
- return getSecurityToken(securityTokenReferenceType, crypto, callbackHandler, securityContext);
+ return getSecurityToken(securityTokenReferenceType, crypto, securityProperties.getCallbackHandler(), securityContext);
}
final KeyValueType keyValueType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_dsig_KeyValue);
if (keyValueType != null) {
- return getSecurityToken(keyValueType, crypto, callbackHandler, securityContext);
+ return getSecurityToken(keyValueType, crypto, securityProperties.getCallbackHandler(), securityContext);
}
} else if (crypto.getDefaultX509Identifier() != null) {
return new X509DefaultSecurityToken(
- (WSSecurityContext) securityContext, crypto, callbackHandler, crypto.getDefaultX509Identifier(),
+ (WSSecurityContext) securityContext, crypto, securityProperties.getCallbackHandler(), crypto.getDefaultX509Identifier(),
crypto.getDefaultX509Identifier(), null
);
}