You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/01/18 12:26:38 UTC
svn commit: r1725235 - in
/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax:
impl/InboundWSSecurityContextImpl.java setup/ConfigurationConverter.java
setup/WSSec.java
Author: coheigea
Date: Mon Jan 18 11:26:38 2016
New Revision: 1725235
URL: http://svn.apache.org/viewvc?rev=1725235&view=rev
Log:
More checkstyle work
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1725235&r1=1725234&r2=1725235&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Mon Jan 18 11:26:38 2016
@@ -99,7 +99,7 @@ public class InboundWSSecurityContextImp
if (WSSecurityEventConstants.OPERATION.equals(securityEvent.getSecurityEventType())) {
operationSecurityEventOccured = true;
- identifySecurityTokenDepenedenciesAndUsage(securityEventQueue);
+ identifySecurityTokenDependenciesAndUsage(securityEventQueue);
Iterator<SecurityEvent> securityEventIterator = securityEventQueue.descendingIterator();
while (securityEventIterator.hasNext()) {
@@ -138,7 +138,7 @@ public class InboundWSSecurityContextImp
}
}
- private void identifySecurityTokenDepenedenciesAndUsage(
+ private void identifySecurityTokenDependenciesAndUsage(
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
List<TokenSecurityEvent<? extends InboundSecurityToken>> messageSignatureTokens = Collections.emptyList();
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java?rev=1725235&r1=1725234&r2=1725235&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java Mon Jan 18 11:26:38 2016
@@ -507,48 +507,10 @@ public final class ConfigurationConverte
properties.setSignatureCanonicalizationAlgorithm(sigC14nAlgo);
Object sigParts = config.get(ConfigurationConstants.SIGNATURE_PARTS);
- if (sigParts != null) {
- if (sigParts instanceof String) {
- List<SecurePart> parts = new ArrayList<>();
- splitEncParts((String)sigParts, parts, WSSConstants.NS_SOAP11);
- for (SecurePart part : parts) {
- part.setDigestMethod(sigDigestAlgo);
- properties.addSignaturePart(part);
- }
- } else if (sigParts instanceof List<?>) {
- List<?> sigPartsList = (List<?>)sigParts;
- for (Object obj : sigPartsList) {
- if (obj instanceof SecurePart) {
- SecurePart securePart = (SecurePart)obj;
- securePart.setDigestMethod(sigDigestAlgo);
- properties.addSignaturePart(securePart);
- }
- }
- }
- }
+ configureParts(sigParts, properties, sigDigestAlgo, true, true);
sigParts = config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
- if (sigParts != null) {
- if (sigParts instanceof String) {
- List<SecurePart> parts = new ArrayList<>();
- splitEncParts((String)sigParts, parts, WSSConstants.NS_SOAP11);
- for (SecurePart part : parts) {
- part.setRequired(false);
- part.setDigestMethod(sigDigestAlgo);
- properties.addSignaturePart(part);
- }
- } else if (sigParts instanceof List<?>) {
- List<?> sigPartsList = (List<?>)sigParts;
- for (Object obj : sigPartsList) {
- if (obj instanceof SecurePart) {
- SecurePart securePart = (SecurePart)obj;
- securePart.setDigestMethod(sigDigestAlgo);
- securePart.setRequired(false);
- properties.addSignaturePart(securePart);
- }
- }
- }
- }
+ configureParts(sigParts, properties, sigDigestAlgo, false, true);
String iterations = getString(ConfigurationConstants.DERIVED_KEY_ITERATIONS, config);
if (iterations != null) {
@@ -564,44 +526,10 @@ public final class ConfigurationConverte
}
Object encParts = config.get(ConfigurationConstants.ENCRYPTION_PARTS);
- if (encParts != null) {
- if (encParts instanceof String) {
- List<SecurePart> parts = new ArrayList<>();
- splitEncParts((String)encParts, parts, WSSConstants.NS_SOAP11);
- for (SecurePart part : parts) {
- properties.addEncryptionPart(part);
- }
- } else if (encParts instanceof List<?>) {
- List<?> encPartsList = (List<?>)encParts;
- for (Object obj : encPartsList) {
- if (obj instanceof SecurePart) {
- SecurePart securePart = (SecurePart)obj;
- properties.addEncryptionPart(securePart);
- }
- }
- }
- }
+ configureParts(encParts, properties, null, true, false);
encParts = config.get(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS);
- if (encParts != null) {
- if (encParts instanceof String) {
- List<SecurePart> parts = new ArrayList<>();
- splitEncParts((String)encParts, parts, WSSConstants.NS_SOAP11);
- for (SecurePart part : parts) {
- part.setRequired(false);
- properties.addEncryptionPart(part);
- }
- } else if (encParts instanceof List<?>) {
- List<?> encPartsList = (List<?>)encParts;
- for (Object obj : encPartsList) {
- if (obj instanceof SecurePart) {
- SecurePart securePart = (SecurePart)obj;
- securePart.setRequired(false);
- properties.addEncryptionPart(securePart);
- }
- }
- }
- }
+ configureParts(encParts, properties, null, false, false);
String encSymcAlgo = getString(ConfigurationConstants.ENC_SYM_ALGO, config);
properties.setEncryptionSymAlgorithm(encSymcAlgo);
@@ -692,6 +620,39 @@ public final class ConfigurationConverte
properties.setDerivedKeyKeyIdentifier(convertedDerivedKeyIdentifier);
}
}
+
+ private static void configureParts(Object secureParts, WSSSecurityProperties properties,
+ String digestAlgo, boolean required, boolean signature) {
+ if (secureParts != null) {
+ if (secureParts instanceof String) {
+ List<SecurePart> parts = new ArrayList<>();
+ splitEncParts((String)secureParts, parts, WSSConstants.NS_SOAP11);
+ for (SecurePart part : parts) {
+ part.setRequired(required);
+ if (signature) {
+ part.setDigestMethod(digestAlgo);
+ properties.addSignaturePart(part);
+ } else {
+ properties.addEncryptionPart(part);
+ }
+ }
+ } else if (secureParts instanceof List<?>) {
+ List<?> sigPartsList = (List<?>)secureParts;
+ for (Object obj : sigPartsList) {
+ if (obj instanceof SecurePart) {
+ SecurePart securePart = (SecurePart)obj;
+ securePart.setRequired(required);
+ if (signature) {
+ securePart.setDigestMethod(digestAlgo);
+ properties.addSignaturePart(securePart);
+ } else {
+ properties.addEncryptionPart(securePart);
+ }
+ }
+ }
+ }
+ }
+ }
public static WSSConstants.DerivedKeyTokenReference convertDerivedReference(String derivedTokenReference) {
if ("EncryptedKey".equals(derivedTokenReference)) {
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java?rev=1725235&r1=1725234&r2=1725235&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java Mon Jan 18 11:26:38 2016
@@ -186,60 +186,9 @@ public class WSSec {
securityProperties.setTimestampTTL(300);
}
} else if (WSSConstants.SIGNATURE.equals(action)) {
- if (!WSSConstants.NS_XMLDSIG_HMACSHA1.equals(securityProperties.getSignatureAlgorithm())) {
- if (securityProperties.getSignatureKeyStore() == null
- && securityProperties.getSignatureCryptoProperties() == null
- && securityProperties.getSignatureCrypto() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "signatureKeyStoreNotSet");
- }
- if (securityProperties.getSignatureUser() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noSignatureUser");
- }
- if (securityProperties.getCallbackHandler() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
- }
- }
- if (securityProperties.getSignatureAlgorithm() == null) {
- securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_RSASHA1);
- }
- if (securityProperties.getSignatureDigestAlgorithm() == null) {
- securityProperties.setSignatureDigestAlgorithm(WSSConstants.NS_XMLDSIG_SHA1);
- }
- if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
- securityProperties.setSignatureCanonicalizationAlgorithm(WSSConstants.NS_C14N_EXCL);
- }
- if (securityProperties.getSignatureKeyIdentifier() == null) {
- securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
- }
- checkDefaultSecureParts(true, securityProperties);
+ checkOutboundSignatureProperties(securityProperties);
} else if (WSSConstants.ENCRYPT.equals(action)) {
- if (securityProperties.getEncryptionUseThisCertificate() == null
- && securityProperties.getEncryptionKeyStore() == null
- && securityProperties.getEncryptionCryptoProperties() == null
- && !securityProperties.isUseReqSigCertForEncryption()
- && securityProperties.isEncryptSymmetricEncryptionKey()
- && securityProperties.getEncryptionCrypto() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
- }
- if (securityProperties.getEncryptionUser() == null
- && securityProperties.getEncryptionUseThisCertificate() == null
- && !securityProperties.isUseReqSigCertForEncryption()
- && securityProperties.isEncryptSymmetricEncryptionKey()) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noEncryptionUser");
- }
- if (securityProperties.getEncryptionSymAlgorithm() == null) {
- securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
- }
- if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
- //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
- securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
- }
- if (securityProperties.getEncryptionKeyIdentifier() == null) {
- securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
- }
- checkDefaultSecureParts(false, securityProperties);
+ checkOutboundEncryptionProperties(securityProperties);
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
if (securityProperties.getTokenUser() == null) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noTokenUser");
@@ -273,83 +222,9 @@ public class WSSec {
}
checkDefaultSecureParts(true, securityProperties);
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
- if (securityProperties.getCallbackHandler() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
- }
- if (securityProperties.getSignatureAlgorithm() == null) {
- securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
- }
- if (securityProperties.getSignatureDigestAlgorithm() == null) {
- securityProperties.setSignatureDigestAlgorithm(WSSConstants.NS_XMLDSIG_SHA1);
- }
- if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
- securityProperties.setSignatureCanonicalizationAlgorithm(WSSConstants.NS_C14N_EXCL);
- }
- if (securityProperties.getSignatureKeyIdentifier() == null) {
- securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
- }
- if (securityProperties.getEncryptionSymAlgorithm() == null) {
- securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
- }
- if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
- //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
- securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
- }
- if (securityProperties.getEncryptionKeyIdentifier() == null) {
- securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
- }
- if (securityProperties.getDerivedKeyKeyIdentifier() == null) {
- securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
- }
- if (securityProperties.getDerivedKeyTokenReference() == null) {
- securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
- }
- if (securityProperties.getDerivedKeyTokenReference() != WSSConstants.DerivedKeyTokenReference.DirectReference) {
- securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
- }
- checkDefaultSecureParts(true, securityProperties);
+ checkOutboundSignatureDerivedProperties(securityProperties);
} else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
- if (securityProperties.getCallbackHandler() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
- }
- if (securityProperties.getEncryptionUseThisCertificate() == null
- && securityProperties.getEncryptionKeyStore() == null
- && securityProperties.getEncryptionCryptoProperties() == null
- && !securityProperties.isUseReqSigCertForEncryption()
- && securityProperties.isEncryptSymmetricEncryptionKey()
- && securityProperties.getEncryptionCrypto() == null) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
- }
- if (securityProperties.getEncryptionUser() == null
- && securityProperties.getEncryptionUseThisCertificate() == null
- && !securityProperties.isUseReqSigCertForEncryption()
- && securityProperties.isEncryptSymmetricEncryptionKey()) {
- throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noEncryptionUser");
- }
- if (securityProperties.getEncryptionSymAlgorithm() == null) {
- securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
- }
- if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
- //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
- //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
- securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
- }
- if (securityProperties.getEncryptionKeyIdentifier() == null) {
- securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
- }
- if (securityProperties.getDerivedKeyKeyIdentifier() == null) {
- securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
- }
- if (securityProperties.getDerivedKeyTokenReference() == null) {
- securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
- }
- if (securityProperties.getDerivedKeyTokenReference() != WSSConstants.DerivedKeyTokenReference.DirectReference) {
- securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
- }
- checkDefaultSecureParts(false, securityProperties);
+ checkOutboundEncryptionDerivedProperties(securityProperties);
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
if (securityProperties.getCallbackHandler() == null) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
@@ -405,6 +280,147 @@ public class WSSec {
}
return new WSSSecurityProperties(securityProperties);
}
+
+ private static void checkOutboundSignatureProperties(WSSSecurityProperties securityProperties) throws WSSConfigurationException {
+ if (!WSSConstants.NS_XMLDSIG_HMACSHA1.equals(securityProperties.getSignatureAlgorithm())) {
+ if (securityProperties.getSignatureKeyStore() == null
+ && securityProperties.getSignatureCryptoProperties() == null
+ && securityProperties.getSignatureCrypto() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "signatureKeyStoreNotSet");
+ }
+ if (securityProperties.getSignatureUser() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noSignatureUser");
+ }
+ if (securityProperties.getCallbackHandler() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
+ }
+ }
+ if (securityProperties.getSignatureAlgorithm() == null) {
+ securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_RSASHA1);
+ }
+ if (securityProperties.getSignatureDigestAlgorithm() == null) {
+ securityProperties.setSignatureDigestAlgorithm(WSSConstants.NS_XMLDSIG_SHA1);
+ }
+ if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
+ securityProperties.setSignatureCanonicalizationAlgorithm(WSSConstants.NS_C14N_EXCL);
+ }
+ if (securityProperties.getSignatureKeyIdentifier() == null) {
+ securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
+ }
+ checkDefaultSecureParts(true, securityProperties);
+ }
+
+ private static void checkOutboundSignatureDerivedProperties(WSSSecurityProperties securityProperties) throws WSSConfigurationException {
+ if (securityProperties.getCallbackHandler() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
+ }
+ if (securityProperties.getSignatureAlgorithm() == null) {
+ securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
+ }
+ if (securityProperties.getSignatureDigestAlgorithm() == null) {
+ securityProperties.setSignatureDigestAlgorithm(WSSConstants.NS_XMLDSIG_SHA1);
+ }
+ if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
+ securityProperties.setSignatureCanonicalizationAlgorithm(WSSConstants.NS_C14N_EXCL);
+ }
+ if (securityProperties.getSignatureKeyIdentifier() == null) {
+ securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
+ }
+ if (securityProperties.getEncryptionSymAlgorithm() == null) {
+ securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
+ }
+ if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
+ //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
+ securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
+ }
+ if (securityProperties.getEncryptionKeyIdentifier() == null) {
+ securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
+ }
+ if (securityProperties.getDerivedKeyKeyIdentifier() == null) {
+ securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
+ }
+ if (securityProperties.getDerivedKeyTokenReference() == null) {
+ securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
+ }
+ if (securityProperties.getDerivedKeyTokenReference() != WSSConstants.DerivedKeyTokenReference.DirectReference) {
+ securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
+ }
+ checkDefaultSecureParts(true, securityProperties);
+ }
+
+ private static void checkOutboundEncryptionProperties(WSSSecurityProperties securityProperties) throws WSSConfigurationException {
+ if (securityProperties.getEncryptionUseThisCertificate() == null
+ && securityProperties.getEncryptionKeyStore() == null
+ && securityProperties.getEncryptionCryptoProperties() == null
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncryptionKey()
+ && securityProperties.getEncryptionCrypto() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
+ }
+ if (securityProperties.getEncryptionUser() == null
+ && securityProperties.getEncryptionUseThisCertificate() == null
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncryptionKey()) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noEncryptionUser");
+ }
+ if (securityProperties.getEncryptionSymAlgorithm() == null) {
+ securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
+ }
+ if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
+ //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
+ securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
+ }
+ if (securityProperties.getEncryptionKeyIdentifier() == null) {
+ securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
+ }
+ checkDefaultSecureParts(false, securityProperties);
+ }
+
+ private static void checkOutboundEncryptionDerivedProperties(WSSSecurityProperties securityProperties) throws WSSConfigurationException {
+ if (securityProperties.getCallbackHandler() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
+ }
+ if (securityProperties.getEncryptionUseThisCertificate() == null
+ && securityProperties.getEncryptionKeyStore() == null
+ && securityProperties.getEncryptionCryptoProperties() == null
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncryptionKey()
+ && securityProperties.getEncryptionCrypto() == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
+ }
+ if (securityProperties.getEncryptionUser() == null
+ && securityProperties.getEncryptionUseThisCertificate() == null
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncryptionKey()) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noEncryptionUser");
+ }
+ if (securityProperties.getEncryptionSymAlgorithm() == null) {
+ securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
+ }
+ if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
+ //"RSA-OAEP is RECOMMENDED for the transport of AES keys"
+ //@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
+ securityProperties.setEncryptionKeyTransportAlgorithm(WSSConstants.NS_XENC_RSAOAEPMGF1P);
+ }
+ if (securityProperties.getEncryptionKeyIdentifier() == null) {
+ securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
+ }
+ if (securityProperties.getDerivedKeyKeyIdentifier() == null) {
+ securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier);
+ }
+ if (securityProperties.getDerivedKeyTokenReference() == null) {
+ securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
+ }
+ if (securityProperties.getDerivedKeyTokenReference() != WSSConstants.DerivedKeyTokenReference.DirectReference) {
+ securityProperties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
+ }
+ checkDefaultSecureParts(false, securityProperties);
+ }
private static void checkDefaultSecureParts(boolean signature, WSSSecurityProperties securityProperties) {
if (signature) {