You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/11 15:51:25 UTC
svn commit: r773561 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/ src/org/apache/ws/security/message/
src/org/apache/ws/security/util/ test/wssec/
Author: coheigea
Date: Mon May 11 13:51:25 2009
New Revision: 773561
URL: http://svn.apache.org/viewvc?rev=773561&view=rev
Log:
[WSS-192] - Some refactoring of WSSecEncrypt
- Changed both WSSecEncrypt/WSSecEncryptedKey to convert the algorithm for encryption using Apache XML-Sec's JCEMapper
- This gives a wider range of acceptable algorithms than before
- Merged encryptForExternalRef/encryptForInternalRef (to encryptForRef), as both had almost identical functionality
- Only cloning KeyInfo now if there is more than one encryption part
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Mon May 11 13:51:25 2009
@@ -345,6 +345,7 @@
* Refer to WS Security specification X509 profile
*/
public static final int EMBEDDED_KEYNAME = 5;
+
/**
* Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
*/
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Mon May 11 13:51:25 2009
@@ -29,6 +29,7 @@
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -216,10 +217,8 @@
// algorithm that will encrypt the generated symmetric (session) key.
//
if (encryptSymmKey) {
- X509Certificate remoteCert = null;
- if (useThisCert != null) {
- remoteCert = useThisCert;
- } else {
+ X509Certificate remoteCert = useThisCert;
+ if (remoteCert == null) {
X509Certificate[] certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(
@@ -235,6 +234,7 @@
encryptedEphemeralKey = ephemeralKey;
}
}
+
/**
* Builds the SOAP envelope with encrypted Body and adds encrypted key.
@@ -257,19 +257,26 @@
if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME
|| keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
- return buildEmbedded(doc, secHeader);
- }
-
- if (doDebug) {
- log.debug("Beginning Encryption...");
+ encryptSymmKey = false;
+ document = doc;
+ //
+ // Generate a symmetric key from the specified key (password) for this
+ // algorithm, and set the cipher into encryption mode.
+ //
+ if (symmetricKey == null) {
+ if (embeddedKey == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "noKeySupplied");
+ }
+ symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, embeddedKey);
+ }
+ } else {
+ prepare(doc, crypto);
}
-
- prepare(doc, crypto);
if (envelope == null) {
envelope = document.getDocumentElement();
}
-
+
if (parts == null) {
parts = new Vector();
String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
@@ -282,12 +289,16 @@
parts.add(encP);
}
- Element refs = encryptForInternalRef(null, parts);
+ if (doDebug) {
+ log.debug("Beginning Encryption...");
+ }
+
+ Element refs = encryptForRef(null, parts);
if (encryptedKeyElement != null) {
addInternalRefElement(refs);
prependToHeader(secHeader);
} else {
- WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), refs);
+ addExternalRefElement(refs, secHeader);
}
if (bstToken != null) {
@@ -297,9 +308,10 @@
log.debug("Encryption complete.");
return doc;
}
-
+
+
/**
- * Encrypt one or more parts or elements of the message (internal).
+ * Encrypt one or more parts or elements of the message.
*
* This method takes a vector of <code>WSEncryptionPart</code> object that
* contain information about the elements to encrypt. The method call the
@@ -319,51 +331,12 @@
* @return Returns the updated <code>xenc:Reference</code> element
* @throws WSSecurityException
*/
- public Element encryptForInternalRef(Element dataRef, List references)
+ public Element encryptForRef(Element dataRef, List references)
throws WSSecurityException {
List encDataRefs =
- doEncryption(document, symmetricKey, references);
- Element referenceList = dataRef;
- if (referenceList == null) {
- referenceList =
- document.createElementNS(
- WSConstants.ENC_NS,
- WSConstants.ENC_PREFIX + ":ReferenceList"
- );
- }
- createDataRefList(document, referenceList, encDataRefs);
- return referenceList;
- }
-
- /**
- * Encrypt one or more parts or elements of the message (external).
- *
- * This method takes a vector of <code>WSEncryptionPart</code> object that
- * contain information about the elements to encrypt. The method call the
- * encryption method, takes the reference information generated during
- * encryption and add this to the <code>xenc:Reference</code> element.
- * This method can be called after <code>prepare()</code> and can be
- * called multiple times to encrypt a number of parts or elements.
- *
- * The method generates a <code>xenc:Reference</code> element that <i>must</i>
- * be added to the SecurityHeader. See <code>addExternalRefElement()</code>.
- *
- * If the <code>dataRef</code> parameter is <code>null</code> the method
- * creates and initializes a new Reference element.
- *
- * @param dataRef A <code>xenc:Reference</code> element or <code>null</code>
- * @param references A list containing WSEncryptionPart objects
- * @return Returns the updated <code>xenc:Reference</code> element
- * @throws WSSecurityException
- */
- public Element encryptForExternalRef(Element dataRef, List references)
- throws WSSecurityException {
-
- List encDataRefs =
- doEncryption(document, symmetricKey, references);
- Element referenceList = dataRef;
- if (referenceList == null) {
- referenceList =
+ doEncryption(symmetricKey, references);
+ if (dataRef == null) {
+ dataRef =
document.createElementNS(
WSConstants.ENC_NS,
WSConstants.ENC_PREFIX + ":ReferenceList"
@@ -374,12 +347,27 @@
//
if (!encryptSymmKey) {
WSSecurityUtil.setNamespace(
- referenceList, WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ dataRef, WSConstants.ENC_NS, WSConstants.ENC_PREFIX
);
}
}
- createDataRefList(document, referenceList, encDataRefs);
- return referenceList;
+ return createDataRefList(document, dataRef, encDataRefs);
+ }
+
+ /**
+ * @deprecated Use encryptForRef(dataRef, references) instead
+ */
+ public Element encryptForInternalRef(Element dataRef, List references)
+ throws WSSecurityException {
+ return encryptForRef(dataRef, references);
+ }
+
+ /**
+ * @deprecated Use encryptForRef(dataRef, references) instead
+ */
+ public Element encryptForExternalRef(Element dataRef, List references)
+ throws WSSecurityException {
+ return encryptForRef(dataRef, references);
}
/**
@@ -409,67 +397,24 @@
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), dataRef);
}
- private List doEncryption(Document doc, SecretKey secretKey, List references)
- throws WSSecurityException {
-
- KeyInfo keyInfo = null;
-
- if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
- keyInfo = new KeyInfo(document);
- SecurityTokenReference secToken = new SecurityTokenReference(document);
- secToken.addWSSENamespace();
- if (customReferenceValue != null) {
- secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
- } else {
- secToken.setKeyIdentifierEncKeySHA1(getSHA1(encryptedEphemeralKey));
- }
-
- keyInfo.addUnknownElement(secToken.getElement());
- Element keyInfoElement = keyInfo.getElement();
- keyInfoElement.setAttributeNS(
- WSConstants.XMLNS_NS, "xmlns:"+ WSConstants.SIG_PREFIX, WSConstants.SIG_NS
- );
- }
-
- return doEncryption(doc, secretKey, keyInfo, references);
- }
private List doEncryption(
- Document doc,
SecretKey secretKey,
- KeyInfo keyInfo,
List references
) throws WSSecurityException {
XMLCipher xmlCipher = null;
try {
xmlCipher = XMLCipher.getInstance(symEncAlgo);
- } catch (XMLEncryptionException e3) {
+ } catch (XMLEncryptionException ex) {
throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e3
- );
- }
-
- if (keyInfo == null) {
- keyInfo = new KeyInfo(document);
- SecurityTokenReference secToken = new SecurityTokenReference(document);
- secToken.addWSSENamespace();
- Reference ref = new Reference(document);
- if (encKeyIdDirectId) {
- ref.setURI(encKeyId);
- } else {
- ref.setURI("#" + encKeyId);
- }
- if (encKeyValueType != null) {
- ref.setValueType(encKeyValueType);
- }
- secToken.setReference(ref);
- keyInfo.addUnknownElement(secToken.getElement());
- Element keyInfoElement = keyInfo.getElement();
- keyInfoElement.setAttributeNS(
- WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
);
}
+ //
+ // Create the KeyInfo structure
+ //
+ KeyInfo keyInfo = createKeyInfo();
List encDataRef = new Vector();
for (int part = 0; part < references.size(); part++) {
@@ -480,22 +425,23 @@
String nmSpace = encPart.getNamespace();
String modifier = encPart.getEncModifier();
//
- // Third step: get the data to encrypt.
+ // Get the data to encrypt.
//
- Element body = null;
+ Element elementToEncrypt = null;
if (idToEnc != null) {
- body =
+ elementToEncrypt =
WSSecurityUtil.findElementById(
document.getDocumentElement(), idToEnc, WSConstants.WSU_NS
);
- if (body == null) {
- body =
+ if (elementToEncrypt == null) {
+ elementToEncrypt =
WSSecurityUtil.findElementById(document.getDocumentElement(), idToEnc, null);
}
} else {
- body = (Element) WSSecurityUtil.findElement(document, elemName, nmSpace);
+ elementToEncrypt =
+ (Element) WSSecurityUtil.findElement(document, elemName, nmSpace);
}
- if (body == null) {
+ if (elementToEncrypt == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noEncElement",
@@ -504,17 +450,16 @@
}
boolean content = modifier.equals("Content") ? true : false;
- String xencEncryptedDataId = wssConfig.getIdAllocator().createId("EncDataId-", body);
+ String xencEncryptedDataId =
+ wssConfig.getIdAllocator().createId("EncDataId-", elementToEncrypt);
encPart.setEncId(xencEncryptedDataId);
-
//
- // Fourth step: encrypt data, and set necessary attributes in
- // xenc:EncryptedData
+ // Encrypt data, and set necessary attributes in xenc:EncryptedData
//
try {
if (modifier.equals("Header")) {
Element elem =
- doc.createElementNS(
+ document.createElementNS(
WSConstants.WSSE11_NS, "wsse11:" + WSConstants.ENCRYPTED_HEADER
);
WSSecurityUtil.setNamespace(elem, WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX);
@@ -522,10 +467,17 @@
WSSecurityUtil.setNamespace(elem, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
elem.setAttributeNS(
WSConstants.WSU_NS, wsuPrefix + ":Id",
- wssConfig.getIdAllocator().createId("EncHeader-", body)
+ wssConfig.getIdAllocator().createId("EncHeader-", elementToEncrypt)
);
+ //
+ // Add the EncryptedHeader node to the element to be encrypted's parent
+ // (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
+ // Header node as well
+ //
+ elementToEncrypt.getParentNode().appendChild(elem);
+ elem.appendChild(elementToEncrypt);
- NamedNodeMap map = body.getAttributes();
+ NamedNodeMap map = elementToEncrypt.getAttributes();
for (int i = 0 ; i < map.getLength() ; i++) {
Attr attr = (Attr)map.item(i);
if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
@@ -541,22 +493,17 @@
);
}
}
- //
- // Add the EncryptedHeader node to the element to be encrypted's parent
- // (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
- // Header node as well
- //
- body.getParentNode().appendChild(elem);
- elem.appendChild(body);
}
xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
EncryptedData encData = xmlCipher.getEncryptedData();
encData.setId(xencEncryptedDataId);
encData.setKeyInfo(keyInfo);
- xmlCipher.doFinal(doc, body, content);
+ xmlCipher.doFinal(document, elementToEncrypt, content);
- keyInfo = new KeyInfo((Element) keyInfo.getElement().cloneNode(true), null);
+ if (part != (references.size() - 1)) {
+ keyInfo = new KeyInfo((Element) keyInfo.getElement().cloneNode(true), null);
+ }
} catch (Exception ex) {
throw new WSSecurityException(
WSSecurityException.FAILED_ENCRYPTION, null, null, ex
@@ -566,118 +513,76 @@
}
return encDataRef;
}
+
+
+ /**
+ * Create a KeyInfo object
+ */
+ private KeyInfo createKeyInfo() throws WSSecurityException {
- private Document buildEmbedded(Document doc, WSSecHeader secHeader)
- throws WSSecurityException {
- doDebug = log.isDebugEnabled();
-
- if (doDebug) {
- log.debug("Beginning Encryption embedded...");
- }
- envelope = doc.getDocumentElement();
- envelope.setAttributeNS(
- WSConstants.XMLNS_NS, "xmlns:" + WSConstants.ENC_PREFIX, WSConstants.ENC_NS
- );
+ KeyInfo keyInfo = new KeyInfo(document);
- //
- // Second step: generate a symmetric key from the specified key
- // (password) for this algorithm, and set the cipher into encryption
- // mode.
- //
- if (symmetricKey == null) {
- if (embeddedKey == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE, "noKeySupplied");
+ if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
+ SecurityTokenReference secToken = new SecurityTokenReference(document);
+ secToken.addWSSENamespace();
+ if (customReferenceValue != null) {
+ secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
+ } else {
+ secToken.setKeyIdentifierEncKeySHA1(getSHA1(encryptedEphemeralKey));
}
- symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, embeddedKey);
- }
-
- KeyInfo keyInfo = null;
- if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
- keyInfo = new KeyInfo(doc);
+ keyInfo.addUnknownElement(secToken.getElement());
+ } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName);
- } else if (keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
- //
- // This means that we want to embed a <wsse:SecurityTokenReference>
- // into keyInfo element. If we need this functionality, this.secRef
- // MUST be set before calling the build(doc, crypto) method. So if
- // secRef is null then throw an exception.
- //
- if (securityTokenReference == null) {
- throw new WSSecurityException(
- WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
- "You must set keyInfo element, if the keyIdentifier == EMBED_SECURITY_TOKEN_REF"
- );
+ } else if (securityTokenReference != null) {
+ Element tmpE = securityTokenReference.getElement();
+ tmpE.setAttributeNS(
+ WSConstants.XMLNS_NS, "xmlns:" + tmpE.getPrefix(), tmpE.getNamespaceURI()
+ );
+ keyInfo.addUnknownElement(securityTokenReference.getElement());
+ } else {
+ SecurityTokenReference secToken = new SecurityTokenReference(document);
+ secToken.addWSSENamespace();
+ Reference ref = new Reference(document);
+ if (encKeyIdDirectId) {
+ ref.setURI(encKeyId);
} else {
- keyInfo = new KeyInfo(doc);
- Element tmpE = securityTokenReference.getElement();
- tmpE.setAttributeNS(
- WSConstants.XMLNS_NS, "xmlns:" + tmpE.getPrefix(), tmpE.getNamespaceURI()
- );
- keyInfo.addUnknownElement(securityTokenReference.getElement());
+ ref.setURI("#" + encKeyId);
}
+ if (encKeyValueType != null) {
+ ref.setValueType(encKeyValueType);
+ }
+ secToken.setReference(ref);
+ keyInfo.addUnknownElement(secToken.getElement());
}
Element keyInfoElement = keyInfo.getElement();
keyInfoElement.setAttributeNS(
WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
);
-
- if (parts == null) {
- parts = new Vector();
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(envelope);
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- parts.add(encP);
- }
- List encDataRefs = doEncryption(doc, symmetricKey, keyInfo, parts);
-
- //
- // At this point data is encrypted with the symmetric key and can be
- // referenced via the above Id
- //
-
- //
- // Now we need to setup the wsse:Security header block 1) get (or
- // create) the wsse:Security header block 2) The last step sets up the
- // reference list that pints to the encrypted data
- //
- Element wsseSecurity = secHeader.getSecurityHeader();
-
- Element referenceList =
- doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":ReferenceList");
- referenceList = createDataRefList(doc, referenceList, encDataRefs);
- WSSecurityUtil.prependChildElement(wsseSecurity, referenceList);
-
- return doc;
+
+ return keyInfo;
}
+
private KeyGenerator getKeyGenerator() throws WSSecurityException {
- KeyGenerator keyGen = null;
try {
//
// Assume AES as default, so initialize it
//
- keyGen = KeyGenerator.getInstance("AES");
- if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
- keyGen = KeyGenerator.getInstance("DESede");
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
+ KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
+ if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
keyGen.init(128);
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
keyGen.init(192);
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
keyGen.init(256);
- } else {
- return null;
}
+ return keyGen;
} catch (NoSuchAlgorithmException e) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
);
}
- return keyGen;
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Mon May 11 13:51:25 2009
@@ -157,10 +157,8 @@
// Get the certificate that contains the public key for the public key
// algorithm that will encrypt the generated symmetric (session) key.
//
- X509Certificate remoteCert = null;
- if (useThisCert != null) {
- remoteCert = useThisCert;
- } else {
+ X509Certificate remoteCert = useThisCert;
+ if (remoteCert == null) {
X509Certificate[] certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(
@@ -192,22 +190,21 @@
X509Certificate remoteCert,
Crypto crypto
) throws WSSecurityException {
- String certUri = UUIDGenerator.getUUID();
Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
try {
- cipher.init(Cipher.ENCRYPT_MODE, remoteCert.getPublicKey());
+ cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
} catch (InvalidKeyException e) {
throw new WSSecurityException(
WSSecurityException.FAILED_ENCRYPTION, null, null, e
);
}
+ int blockSize = cipher.getBlockSize();
if (doDebug) {
log.debug(
- "cipher blksize: " + cipher.getBlockSize()
+ "cipher blksize: " + blockSize
+ ", symm key length: " + keyBytes.length
);
}
- int blockSize = cipher.getBlockSize();
if (blockSize > 0 && blockSize < keyBytes.length) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
@@ -243,13 +240,12 @@
// session key
//
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo);
- if(encKeyId == null || "".equals(encKeyId)) {
+ if (encKeyId == null || "".equals(encKeyId)) {
encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
}
encryptedKeyElement.setAttribute("Id", encKeyId);
KeyInfo keyInfo = new KeyInfo(document);
-
SecurityTokenReference secToken = new SecurityTokenReference(document);
switch (keyIdentifierType) {
@@ -282,6 +278,7 @@
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(document);
+ String certUri = UUIDGenerator.getUUID();
ref.setURI("#" + certUri);
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(remoteCert);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Mon May 11 13:51:25 2009
@@ -653,12 +653,6 @@
return doc.createTextNode(Base64.encode(data));
}
- public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey) {
- SecretKeySpec keySpec =
- new SecretKeySpec(rawKey, JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo));
- return (SecretKey) keySpec;
- }
-
public static SOAPConstants getSOAPConstants(Element startElement) {
Document doc = startElement.getOwnerDocument();
String ns = doc.getDocumentElement().getNamespaceURI();
@@ -671,21 +665,26 @@
public static String getSOAPNamespace(Element startElement) {
return getSOAPConstants(startElement).getEnvelopeURI();
}
+
+
+ /**
+ * Convert the raw key bytes into a SecretKey object of type symEncAlgo.
+ */
+ public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey) {
+ SecretKeySpec keySpec =
+ new SecretKeySpec(rawKey, JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo));
+ return (SecretKey) keySpec;
+ }
+ /**
+ * Translate the "cipherAlgo" URI to a JCE ID, and return a javax.crypto.Cipher instance
+ * of this type.
+ */
public static Cipher getCipherInstance(String cipherAlgo)
throws WSSecurityException {
- Cipher cipher = null;
try {
- if (WSConstants.KEYTRANSPORT_RSA15.equalsIgnoreCase(cipherAlgo)) {
- cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
- } else if (WSConstants.KEYTRANSPORT_RSAOEP.equalsIgnoreCase(cipherAlgo)) {
- cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
- } else {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM,
- "unsupportedKeyTransp", new Object[] {cipherAlgo}
- );
- }
+ String keyAlgorithm = JCEMapper.translateURItoJCEID(cipherAlgo);
+ return Cipher.getInstance(keyAlgorithm);
} catch (NoSuchPaddingException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
@@ -697,7 +696,6 @@
new Object[] { "No such algorithm: " + cipherAlgo }, ex
);
}
- return cipher;
}
/**
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java Mon May 11 13:51:25 2009
@@ -163,12 +163,12 @@
parts.add(encP);
/*
- * Encrypt the element (testMethod), create EncrypedData elements that reference
+ * Encrypt the element (testMethod), create EncryptedData elements that reference
* the EncryptedKey, and get a ReferenceList that can be put into the
* Security header. Be sure that the ReferenceList is after the
* EncryptedKey element in the Security header (strict layout)
*/
- Element refs = builder.encryptForExternalRef(null, parts);
+ Element refs = builder.encryptForRef(null, parts);
builder.addExternalRefElement(refs, secHeader);
/*
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java Mon May 11 13:51:25 2009
@@ -163,11 +163,11 @@
parts.add(encP);
/*
- * Encrypt the element (testMethod), create EncrypedData elements that reference
+ * Encrypt the element (testMethod), create EncryptedData elements that reference
* the EncryptedKey, and get a ReferenceList that can be put into the EncryptedKey
* itself as a child.
*/
- Element refs = builder.encryptForExternalRef(null, parts);
+ Element refs = builder.encryptForRef(null, parts);
/*
* We use this method because we want the reference list to be inside the
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java?rev=773561&r1=773560&r2=773561&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java Mon May 11 13:51:25 2009
@@ -169,12 +169,12 @@
parts.add(encP);
/*
- * Encrypt the parts (Body), create EncrypedData elements that reference
+ * Encrypt the parts (Body), create EncryptedData elements that reference
* the EncryptedKey, and get a ReferenceList that can be put into the
* Security header. Be sure that the ReferenceList is after the
* EncryptedKey element in the Security header (strict layout)
*/
- Element refs = builder.encryptForExternalRef(null, parts);
+ Element refs = builder.encryptForRef(null, parts);
builder.addExternalRefElement(refs, secHeader);
/*
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org