You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/06/22 12:09:09 UTC
svn commit: r1686823 - in
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom:
processor/EncryptedKeyProcessor.java util/EncryptionUtils.java
Author: coheigea
Date: Mon Jun 22 10:09:09 2015
New Revision: 1686823
URL: http://svn.apache.org/r1686823
Log:
Make it easier to retrieve MGF algorithm from an EncryptedKey
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1686823&r1=1686822&r2=1686823&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Mon Jun 22 10:09:09 2015
@@ -63,8 +63,6 @@ import org.apache.wss4j.dom.util.Encrypt
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.X509Util;
import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
public class EncryptedKeyProcessor implements Processor {
private static final org.slf4j.Logger LOG =
@@ -189,13 +187,13 @@ public class EncryptedKeyProcessor imple
if (WSConstants.KEYTRANSPORT_RSAOEP.equals(encryptedKeyTransportMethod)
|| WSConstants.KEYTRANSPORT_RSAOEP_XENC11.equals(encryptedKeyTransportMethod)) {
// Get the DigestMethod if it exists
- String digestAlgorithm = getDigestAlgorithm(elem);
+ String digestAlgorithm = EncryptionUtils.getDigestAlgorithm(elem);
String jceDigestAlgorithm = "SHA-1";
if (digestAlgorithm != null && !"".equals(digestAlgorithm)) {
jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
}
- String mgfAlgorithm = getMGFAlgorithm(elem);
+ String mgfAlgorithm = EncryptionUtils.getMGFAlgorithm(elem);
MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
if (mgfAlgorithm != null) {
if (WSConstants.MGF_SHA224.equals(mgfAlgorithm)) {
@@ -210,7 +208,7 @@ public class EncryptedKeyProcessor imple
}
PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
- byte[] pSourceBytes = getPSource(elem);
+ byte[] pSourceBytes = EncryptionUtils.getPSource(elem);
if (pSourceBytes != null) {
pSource = new PSource.PSpecified(pSourceBytes);
}
@@ -241,7 +239,7 @@ public class EncryptedKeyProcessor imple
if (xopUri != null && xopUri.startsWith("cid:")) {
encryptedEphemeralKey = WSSecurityUtil.getBytesFromAttachment(xopUri, data);
} else {
- encryptedEphemeralKey = getDecodedBase64EncodedData(xencCipherValue);
+ encryptedEphemeralKey = EncryptionUtils.getDecodedBase64EncodedData(xencCipherValue);
}
String keyAlgorithm = JCEMapper.translateURItoJCEID(encryptedKeyTransportMethod);
@@ -265,6 +263,7 @@ public class EncryptedKeyProcessor imple
WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD,
encryptedKeyTransportMethod
);
+ result.put(WSSecurityEngineResult.TAG_TOKEN_ELEMENT, elem);
String tokenId = elem.getAttributeNS(null, "Id");
if (!"".equals(tokenId)) {
result.put(WSSecurityEngineResult.TAG_ID, tokenId);
@@ -325,72 +324,6 @@ public class EncryptedKeyProcessor imple
return null;
}
- /**
- * Method getDecodedBase64EncodedData
- *
- * @param element
- * @return a byte array containing the decoded data
- * @throws WSSecurityException
- */
- private static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException {
- try {
- String text = XMLUtils.getElementText(element);
- if (text == null) {
- return null;
- }
- return Base64.decode(text);
- } catch (Base64DecodingException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, e, "decoding.general"
- );
- }
- }
-
- private static String getDigestAlgorithm(Node encBodyData) throws WSSecurityException {
- Element tmpE =
- XMLUtils.getDirectChildElement(
- encBodyData, "EncryptionMethod", WSConstants.ENC_NS
- );
- if (tmpE != null) {
- Element digestElement =
- XMLUtils.getDirectChildElement(tmpE, "DigestMethod", WSConstants.SIG_NS);
- if (digestElement != null) {
- return digestElement.getAttributeNS(null, "Algorithm");
- }
- }
- return null;
- }
-
- private static String getMGFAlgorithm(Node encBodyData) throws WSSecurityException {
- Element tmpE =
- XMLUtils.getDirectChildElement(
- encBodyData, "EncryptionMethod", WSConstants.ENC_NS
- );
- if (tmpE != null) {
- Element mgfElement =
- XMLUtils.getDirectChildElement(tmpE, "MGF", WSConstants.ENC11_NS);
- if (mgfElement != null) {
- return mgfElement.getAttributeNS(null, "Algorithm");
- }
- }
- return null;
- }
-
- private static byte[] getPSource(Node encBodyData) throws WSSecurityException {
- Element tmpE =
- XMLUtils.getDirectChildElement(
- encBodyData, "EncryptionMethod", WSConstants.ENC_NS
- );
- if (tmpE != null) {
- Element pSourceElement =
- XMLUtils.getDirectChildElement(tmpE, "OAEPparams", WSConstants.ENC_NS);
- if (pSourceElement != null) {
- return getDecodedBase64EncodedData(pSourceElement);
- }
- }
- return null;
- }
-
private Element getKeyInfoChildElement(
Element xencEncryptedKey, RequestData data
) throws WSSecurityException {
@@ -442,7 +375,7 @@ public class EncryptedKeyProcessor imple
cryptoType.setIssuerSerial(issuerSerial.getIssuer(), issuerSerial.getSerialNumber());
return data.getDecCrypto().getX509Certificates(cryptoType);
} else if (WSConstants.X509_CERT_LN.equals(x509Child.getLocalName())) {
- byte[] token = getDecodedBase64EncodedData(x509Child);
+ byte[] token = EncryptionUtils.getDecodedBase64EncodedData(x509Child);
if (token == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[] {"0"});
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java?rev=1686823&r1=1686822&r2=1686823&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java Mon Jun 22 10:09:09 2015
@@ -33,6 +33,8 @@ import org.apache.wss4j.dom.message.Call
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -47,6 +49,7 @@ import javax.security.auth.callback.Call
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
+
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
@@ -411,4 +414,69 @@ public final class EncryptionUtils {
}
}
+ public static String getDigestAlgorithm(Node encBodyData) throws WSSecurityException {
+ Element tmpE =
+ XMLUtils.getDirectChildElement(
+ encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+ );
+ if (tmpE != null) {
+ Element digestElement =
+ XMLUtils.getDirectChildElement(tmpE, "DigestMethod", WSConstants.SIG_NS);
+ if (digestElement != null) {
+ return digestElement.getAttributeNS(null, "Algorithm");
+ }
+ }
+ return null;
+ }
+
+ public static String getMGFAlgorithm(Node encBodyData) throws WSSecurityException {
+ Element tmpE =
+ XMLUtils.getDirectChildElement(
+ encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+ );
+ if (tmpE != null) {
+ Element mgfElement =
+ XMLUtils.getDirectChildElement(tmpE, "MGF", WSConstants.ENC11_NS);
+ if (mgfElement != null) {
+ return mgfElement.getAttributeNS(null, "Algorithm");
+ }
+ }
+ return null;
+ }
+
+ public static byte[] getPSource(Node encBodyData) throws WSSecurityException {
+ Element tmpE =
+ XMLUtils.getDirectChildElement(
+ encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+ );
+ if (tmpE != null) {
+ Element pSourceElement =
+ XMLUtils.getDirectChildElement(tmpE, "OAEPparams", WSConstants.ENC_NS);
+ if (pSourceElement != null) {
+ return getDecodedBase64EncodedData(pSourceElement);
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Method getDecodedBase64EncodedData
+ *
+ * @param element
+ * @return a byte array containing the decoded data
+ * @throws WSSecurityException
+ */
+ public static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException {
+ try {
+ String text = XMLUtils.getElementText(element);
+ if (text == null) {
+ return null;
+ }
+ return Base64.decode(text);
+ } catch (Base64DecodingException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "decoding.general"
+ );
+ }
+ }
}