You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/09/11 18:05:52 UTC
svn commit: r1383463 [1/2] - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
main/java/org/apache/xml/security/stax/impl/processor/input/
main/java/org/apache/xml/security/stax/impl/processor/output/
main/java/org...
Author: giger
Date: Tue Sep 11 16:05:51 2012
New Revision: 1383463
URL: http://svn.apache.org/viewvc?rev=1383463&view=rev
Log:
- SecurityToken refactoring
- Fix for SANTUARIO-339
Added:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java
- copied, changed from r1378632, santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java (with props)
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java
- copied, changed from r1378632, santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java
Removed:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityTokenProvider.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509IssuerSerialSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SKISecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/X509SubjectNameSecurityToken.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/securityEvent/KeyValueTokenSecurityEvent.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureVerificationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java Tue Sep 11 16:05:51 2012
@@ -22,17 +22,13 @@ import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
-import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamWriter;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
import org.apache.xml.security.stax.impl.OutputProcessorChainImpl;
import org.apache.xml.security.stax.impl.SecurityContextImpl;
@@ -40,6 +36,8 @@ import org.apache.xml.security.stax.impl
import org.apache.xml.security.stax.impl.processor.output.FinalOutputProcessor;
import org.apache.xml.security.stax.impl.processor.output.XMLEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.processor.output.XMLSignatureOutputProcessor;
+import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
/**
@@ -163,14 +161,15 @@ public class OutboundXMLSec {
if (key instanceof PrivateKey && (x509Certificates == null || x509Certificates.length == 0)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound");
}
-
- final SecurityToken securityToken = new XMLSecSecurityToken(key, x509Certificates);
+
final String securityTokenid = IDGenerator.generateID("SIG");
-
+ final OutboundSecurityToken securityToken = new GenericOutboundSecurityToken(securityTokenid, XMLSecurityConstants.DefaultToken, key, x509Certificates);
+
final SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
+ @SuppressWarnings("unchecked")
@Override
- public SecurityToken getSecurityToken() throws XMLSecurityException {
+ public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
return securityToken;
}
@@ -192,7 +191,9 @@ public class OutboundXMLSec {
if (transportCert != null) {
transportCerts = new X509Certificate[]{transportCert};
}
- final SecurityToken transportSecurityToken = new XMLSecSecurityToken(transportKey, transportCerts);
+
+ final OutboundSecurityToken transportSecurityToken =
+ new GenericOutboundSecurityToken("", XMLSecurityConstants.DefaultToken, transportKey, transportCerts);
// Now sort out the session key
Key key = securityProperties.getEncryptionKey();
@@ -219,15 +220,16 @@ public class OutboundXMLSec {
key = keyGen.generateKey();
}
-
- final XMLSecSecurityToken securityToken = new XMLSecSecurityToken(key, null);
- securityToken.setKeyWrappingToken(transportSecurityToken);
+
final String securityTokenid = IDGenerator.generateID(null);
-
+ final GenericOutboundSecurityToken securityToken = new GenericOutboundSecurityToken(securityTokenid, XMLSecurityConstants.DefaultToken, key);
+ securityToken.setKeyWrappingToken(transportSecurityToken);
+
final SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
+ @SuppressWarnings("unchecked")
@Override
- public SecurityToken getSecurityToken() throws XMLSecurityException {
+ public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
return securityToken;
}
@@ -237,123 +239,6 @@ public class OutboundXMLSec {
}
};
securityContextImpl.registerSecurityTokenProvider(securityTokenid, securityTokenProvider);
-
securityContextImpl.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, securityTokenid);
}
-
- private static class XMLSecSecurityToken implements SecurityToken {
- private Key key;
- private X509Certificate[] certs;
- private boolean asymmetric;
- private SecurityToken keyWrappingToken;
-
- public XMLSecSecurityToken(Key key, X509Certificate[] certs) {
- this.key = key;
- this.certs = certs;
- if (key instanceof PrivateKey || key instanceof PublicKey || certs != null) {
- asymmetric = true;
- }
- }
-
- public String getId() {
- return null;
- }
-
- public Object getProcessor() {
- return null;
- }
-
- public boolean isAsymmetric() {
- return asymmetric;
- }
-
- public Key getSecretKey(
- String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID
- ) throws XMLSecurityException {
- if (key instanceof SecretKey || key instanceof PrivateKey) {
- return key;
- }
- return null;
- }
-
- public PublicKey getPublicKey(
- String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID
- ) throws XMLSecurityException {
- if (key instanceof PublicKey) {
- return (PublicKey)key;
- } else if (certs != null && certs.length > 0) {
- return certs[0].getPublicKey();
- }
- return null;
- }
-
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return certs;
- }
-
- public void verify() throws XMLSecurityException {
- }
-
- public void setKeyWrappingToken(SecurityToken keyWrappingToken) {
- this.keyWrappingToken = keyWrappingToken;
- }
-
- public SecurityToken getKeyWrappingToken() {
- return keyWrappingToken;
- }
-
- public XMLSecurityConstants.TokenType getTokenType() {
- return null;
- }
-
- @Override
- public List<QName> getElementPath() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public XMLSecEvent getXMLSecEvent() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public List<SecurityToken> getWrappedTokens()
- throws XMLSecurityException {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public void addWrappedToken(SecurityToken securityToken) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void addTokenUsage(TokenUsage tokenUsage)
- throws XMLSecurityException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public List<TokenUsage> getTokenUsages() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public void setElementPath(List<QName> elementPath) {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void setXMLSecEvent(XMLSecEvent xmlSecEvent) {
- // TODO Auto-generated method stub
-
- }
- };
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java Tue Sep 11 16:05:51 2012
@@ -25,6 +25,7 @@ import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
+import java.util.Map;
/**
* This class represents the different token types which can occur in WS-Security
@@ -65,14 +66,6 @@ public interface SecurityToken {
String getId();
/**
- * Returns the responsible processor for this token
- *
- * @return
- */
- Object getProcessor();
-
-
- /**
* Returns the absolute path to the XMLElement
*
* @return A list containing full qualified element names
@@ -91,7 +84,14 @@ public interface SecurityToken {
*
* @return true if asymmetric token, false if symmetric token
*/
- boolean isAsymmetric();
+ boolean isAsymmetric() throws XMLSecurityException;
+
+ /**
+ * Returns the secret key's if already initialized, null otherwise
+ * @return Algorithm-URI key map
+ * @throws XMLSecurityException
+ */
+ Map<String, Key> getSecretKey() throws XMLSecurityException;
/**
* Returns the secret key
@@ -104,6 +104,13 @@ public interface SecurityToken {
Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID) throws XMLSecurityException;
/**
+ * Returns the public key if one exists and already initialized, null otherwise
+ * @return
+ * @throws XMLSecurityException
+ */
+ PublicKey getPublicKey() throws XMLSecurityException;
+
+ /**
* Returns the public key if one exist for this token type
*
* @param algorithmURI
@@ -149,8 +156,4 @@ public interface SecurityToken {
void addTokenUsage(TokenUsage tokenUsage) throws XMLSecurityException;
List<TokenUsage> getTokenUsages();
-
- void setElementPath(List<QName> elementPath);
-
- void setXMLSecEvent(XMLSecEvent xmlSecEvent);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityTokenProvider.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityTokenProvider.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityTokenProvider.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityTokenProvider.java Tue Sep 11 16:05:51 2012
@@ -32,7 +32,7 @@ public interface SecurityTokenProvider {
* @return The SecurityToken
* @throws XMLSecurityException if the token couldn't be loaded
*/
- public SecurityToken getSecurityToken() throws XMLSecurityException;
+ public <T> T getSecurityToken() throws XMLSecurityException;
public String getId();
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Tue Sep 11 16:05:51 2012
@@ -22,10 +22,7 @@ import java.security.InvalidKeyException
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
-import java.security.PublicKey;
import java.util.Deque;
-import java.util.Hashtable;
-import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
@@ -44,7 +41,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent;
@@ -90,46 +87,40 @@ public class XMLEncryptedKeyInputHandler
final SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
- private SecurityToken securityToken = null;
+ private AbstractInboundSecurityToken securityToken = null;
+ @SuppressWarnings("unchecked")
public SecurityToken getSecurityToken() throws XMLSecurityException {
if (this.securityToken != null) {
return this.securityToken;
}
- this.securityToken = new AbstractSecurityToken(
+ this.securityToken = new AbstractInboundSecurityToken(
securityContext, null, encryptedKeyType.getId(), null) {
- private final Map<String, Key> keyTable = new Hashtable<String, Key>();
-
- public boolean isAsymmetric() {
- return false;
- }
+ private byte[] decryptedKey = null;
+ @Override
public Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID)
throws XMLSecurityException {
- if (keyTable.containsKey(algorithmURI)) {
- return keyTable.get(algorithmURI);
- } else {
- String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
- Key key = new SecretKeySpec(getSecret(this, correlationID), algoFamily);
- keyTable.put(algorithmURI, key);
+ Key key = getSecretKey().get(algorithmURI);
+ if (key != null) {
return key;
}
- }
- @Override
- public PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID)
- throws XMLSecurityException {
- return null;
+ String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
+ key = new SecretKeySpec(getSecret(this, correlationID), algoFamily);
+ setSecretKey(algorithmURI, key);
+ return key;
}
+ @Override
public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
return getWrappingSecurityToken(this);
}
+ @Override
public XMLSecurityConstants.TokenType getTokenType() {
return XMLSecurityConstants.EncryptedKeyToken;
}
@@ -154,6 +145,10 @@ public class XMLEncryptedKeyInputHandler
private byte[] getSecret(SecurityToken wrappedSecurityToken, String correlationID) throws XMLSecurityException {
+ if (this.decryptedKey != null) {
+ return this.decryptedKey;
+ }
+
String algorithmURI = encryptedKeyType.getEncryptionMethod().getAlgorithm();
if (algorithmURI == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
@@ -186,7 +181,7 @@ public class XMLEncryptedKeyInputHandler
Key key = cipher.unwrap(encryptedKeyType.getCipherData().getCipherValue(),
asyncEncAlgo.getJCEName(),
Cipher.SECRET_KEY);
- return key.getEncoded();
+ return this.decryptedKey = key.getEncoded();
} catch (NoSuchPaddingException e) {
throw new XMLSecurityException(
@@ -221,7 +216,7 @@ public class XMLEncryptedKeyInputHandler
//fire a tokenSecurityEvent
TokenSecurityEvent tokenSecurityEvent = new EncryptedKeyTokenSecurityEvent();
- tokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
+ tokenSecurityEvent.setSecurityToken((SecurityToken)securityTokenProvider.getSecurityToken());
tokenSecurityEvent.setCorrelationID(encryptedKeyType.getId());
securityContext.registerSecurityEvent(tokenSecurityEvent);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Tue Sep 11 16:05:51 2012
@@ -25,6 +25,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithmFactory;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
@@ -114,13 +115,12 @@ public abstract class AbstractSignatureE
if (wrappingSecurityTokenProvider == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE);
}
- final SecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
+ final OutboundSecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
if (wrappingSecurityToken == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE);
}
- signatureAlgorithm.engineInitSign(wrappingSecurityToken
- .getSecretKey(getSecurityProperties().getSignatureAlgorithm(), null, null));
+ signatureAlgorithm.engineInitSign(wrappingSecurityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm()));
SignedInfoProcessor signedInfoProcessor = newSignedInfoProcessor(signatureAlgorithm, subOutputProcessorChain);
@@ -194,7 +194,7 @@ public abstract class AbstractSignatureE
protected abstract void createKeyInfoStructureForSignature(
OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
+ OutboundSecurityToken securityToken,
boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java Tue Sep 11 16:05:51 2012
@@ -29,7 +29,6 @@ import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
@@ -39,7 +38,6 @@ import org.apache.commons.logging.LogFac
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.SecurePart;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.SecurityTokenProvider;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
@@ -47,6 +45,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.EncryptionPartDef;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
/**
@@ -77,18 +76,20 @@ public class XMLEncryptOutputProcessor e
try {
String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
+
EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
encryptionPartDef.setModifier(securePart.getModifier());
encryptionPartDef.setEncRefId(IDGenerator.generateID(null));
encryptionPartDef.setKeyId(securityTokenProvider.getId());
- encryptionPartDef.setSymmetricKey(securityTokenProvider.getSecurityToken().getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null, null));
+ encryptionPartDef.setSymmetricKey(securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
internalEncryptionOutputProcessor =
createInternalEncryptionOutputProcessor(
- encryptionPartDef, xmlSecStartElement,
+ encryptionPartDef, xmlSecStartElement,
outputProcessorChain.getDocumentContext().getEncoding(),
- securityTokenProvider.getSecurityToken().getKeyWrappingToken()
+ securityToken.getKeyWrappingToken()
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalEncryptionOutputProcessor.setAction(getAction());
@@ -114,7 +115,7 @@ public class XMLEncryptOutputProcessor e
EncryptionPartDef encryptionPartDef,
XMLSecStartElement startElement,
String encoding,
- final SecurityToken keyWrappingToken
+ final OutboundSecurityToken keyWrappingToken
) throws XMLStreamException, XMLSecurityException {
try {
final AbstractInternalEncryptionOutputProcessor processor =
@@ -129,10 +130,8 @@ public class XMLEncryptOutputProcessor e
// Do not write out a KeyInfo element
return;
}
- PublicKey pubKey = keyWrappingToken.getPublicKey(
- getSecurityProperties().getEncryptionKeyTransportAlgorithm(), null, null);
- SecretKey secretKey = (SecretKey)keyWrappingToken.getSecretKey(
- getSecurityProperties().getEncryptionKeyTransportAlgorithm(), null, null);
+ PublicKey pubKey = keyWrappingToken.getPublicKey();
+ Key secretKey = keyWrappingToken.getSecretKey(getSecurityProperties().getEncryptionKeyTransportAlgorithm());
if (pubKey == null && secretKey == null) {
// Do not write out a KeyInfo element
return;
@@ -167,9 +166,10 @@ public class XMLEncryptOutputProcessor e
String tokenId = outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
-
- Key ephemeralKey =
- securityTokenProvider.getSecurityToken().getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null, null);
+
+ final OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
+ Key ephemeralKey =
+ securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm());
if (pubKey != null) {
int blockSize = cipher.getBlockSize();
if (blockSize > 0 && blockSize < ephemeralKey.getEncoded().length) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Tue Sep 11 16:05:51 2012
@@ -26,7 +26,6 @@ import java.util.List;
import javax.xml.stream.XMLStreamException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
@@ -34,6 +33,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
/**
@@ -82,7 +82,7 @@ public class XMLSignatureEndingOutputPro
@Override
protected void createKeyInfoStructureForSignature(
OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
+ OutboundSecurityToken securityToken,
boolean useSingleCertificate)
throws XMLStreamException, XMLSecurityException {
XMLSecurityConstants.KeyIdentifierType keyIdentifierType = getSecurityProperties().getSignatureKeyIdentifierType();
Copied: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java (from r1378632, santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java)
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java?p2=santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java&p1=santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java&r1=1378632&r2=1383463&rev=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/AbstractInboundSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -29,58 +29,53 @@ import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import java.security.Key;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
+import java.util.*;
/**
* @author $Author: coheigea $
* @version $Revision: 1359731 $ $Date: 2012-07-10 16:39:40 +0100 (Tue, 10 Jul 2012) $
*/
-public abstract class AbstractSecurityToken implements SecurityToken {
+public abstract class AbstractInboundSecurityToken implements SecurityToken {
- //todo Probably we should introduce a dynamic proxy
- //for this class which then could test for invocation count and could also be
- //used for SecurityEvents and such.
- //prevent recursive key references:
- private int invocationCount = 0;
+ //prevent recursive key references
+ private boolean invocated = false;
private SecurityContext securityContext;
private CallbackHandler callbackHandler;
private final String id;
- private Object processor;
private List<QName> elementPath;
private XMLSecEvent xmlSecEvent;
private XMLSecurityConstants.KeyIdentifierType keyIdentifierType;
private final List<SecurityToken> wrappedTokens = new ArrayList<SecurityToken>();
+ private SecurityToken keyWrappingToken;
private final List<TokenUsage> tokenUsages = new ArrayList<TokenUsage>();
+ private final Map<String, Key> keyTable = new Hashtable<String, Key>();
+ private PublicKey publicKey;
+ private X509Certificate[] x509Certificates;
- public AbstractSecurityToken(String id) {
- this.id = id;
- }
-
- public AbstractSecurityToken(SecurityContext securityContext, CallbackHandler callbackHandler,
- String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
+ public AbstractInboundSecurityToken(SecurityContext securityContext, CallbackHandler callbackHandler,
+ String id, XMLSecurityConstants.KeyIdentifierType keyIdentifierType) {
this.securityContext = securityContext;
this.callbackHandler = callbackHandler;
this.id = id;
this.keyIdentifierType = keyIdentifierType;
}
- private void incrementAndTestInvocationCount() throws XMLSecurityException {
- invocationCount++;
- if (invocationCount >= 10) {
+ private void testAndSetInvocation() throws XMLSecurityException {
+ if (invocated) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
}
+ invocated = true;
}
- private void decrementInvocationCount() {
- invocationCount--;
+ private void unsetInvocation() {
+ invocated = false;
}
public XMLSecurityConstants.KeyIdentifierType getKeyIdentifierType() {
@@ -91,14 +86,6 @@ public abstract class AbstractSecurityTo
return this.id;
}
- public Object getProcessor() {
- return processor;
- }
-
- public void setProcessor(Object processor) {
- this.processor = processor;
- }
-
@Override
public List<QName> getElementPath() {
return elementPath;
@@ -113,22 +100,53 @@ public abstract class AbstractSecurityTo
return xmlSecEvent;
}
- @Override
public void setXMLSecEvent(XMLSecEvent xmlSecEvent) {
this.xmlSecEvent = xmlSecEvent;
}
- public CallbackHandler getCallbackHandler() {
+ protected CallbackHandler getCallbackHandler() {
return callbackHandler;
}
- protected abstract Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException;
+ @Override
+ public boolean isAsymmetric() throws XMLSecurityException {
+ if (getSecretKey() instanceof PrivateKey || getPublicKey() != null) {
+ return true;
+ }
+ return false;
+ }
+
+ public void setSecretKey(String algorithmURI, Key key) {
+ if (algorithmURI == null) {
+ throw new IllegalArgumentException("algorithmURI must not be null");
+ }
+ if (key != null) {
+ this.keyTable.put(algorithmURI, key);
+ }
+ }
@Override
- public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
+ public Map<String, Key> getSecretKey() throws XMLSecurityException {
+ return Collections.unmodifiableMap(keyTable);
+ }
+
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
+ String correlationID) throws XMLSecurityException {
+ if (algorithmURI == null) {
+ return null;
+ }
+ Key key = keyTable.get(algorithmURI);
+ //workaround for user set keys which aren't declared in the xml
+ if (key == null) {
+ key = keyTable.get("");
+ }
+ return key;
+ }
+
+ @Override
+ public final Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
String correlationID) throws XMLSecurityException {
- incrementAndTestInvocationCount();
+ testAndSetInvocation();
Key key = getKey(algorithmURI, keyUsage, correlationID);
//todo remove correlationID null check when we have implemented a better api to access the key
if (key != null && this.securityContext != null && correlationID != null) {
@@ -145,17 +163,35 @@ public abstract class AbstractSecurityTo
}
this.securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
}
- decrementInvocationCount();
+ unsetInvocation();
return key;
}
- protected abstract PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException;
+ public void setPublicKey(PublicKey publicKey) {
+ this.publicKey = publicKey;
+ }
@Override
- public PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ if (this.publicKey != null) {
+ return this.publicKey;
+ }
+ X509Certificate[] x509Certificates = getX509Certificates();
+ if (x509Certificates != null && x509Certificates.length > 0) {
+ this.publicKey = x509Certificates[0].getPublicKey();
+ }
+ return this.publicKey;
+ }
+
+ protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
String correlationID) throws XMLSecurityException {
- incrementAndTestInvocationCount();
+ return getPublicKey();
+ }
+
+ @Override
+ public final PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
+ String correlationID) throws XMLSecurityException {
+ testAndSetInvocation();
PublicKey publicKey = getPubKey(algorithmURI, keyUsage, correlationID);
//todo remove correlationID null check when we have implemented a better api to access the key
if (publicKey != null && this.securityContext != null && correlationID != null) {
@@ -174,12 +210,16 @@ public abstract class AbstractSecurityTo
}
securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
}
- decrementInvocationCount();
+ unsetInvocation();
return publicKey;
}
+ public void setX509Certificates(X509Certificate[] x509Certificates) {
+ this.x509Certificates = x509Certificates;
+ }
+
public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return null;
+ return x509Certificates;
}
public void verify() throws XMLSecurityException {
@@ -197,18 +237,27 @@ public abstract class AbstractSecurityTo
@Override
public void addTokenUsage(TokenUsage tokenUsage) throws XMLSecurityException {
- incrementAndTestInvocationCount();
+ testAndSetInvocation();
if (!this.tokenUsages.contains(tokenUsage)) {
this.tokenUsages.add(tokenUsage);
}
if (getKeyWrappingToken() != null) {
getKeyWrappingToken().addTokenUsage(tokenUsage);
}
- decrementInvocationCount();
+ unsetInvocation();
}
@Override
public List<TokenUsage> getTokenUsages() {
return tokenUsages;
}
+
+ @Override
+ public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return keyWrappingToken;
+ }
+
+ public void setKeyWrappingToken(SecurityToken keyWrappingToken) {
+ this.keyWrappingToken = keyWrappingToken;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/DsaKeyValueSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -20,13 +20,11 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
-import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -37,21 +35,14 @@ import java.security.spec.InvalidKeySpec
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
*/
-public class DsaKeyValueSecurityToken extends AbstractSecurityToken {
+public class DsaKeyValueSecurityToken extends AbstractInboundSecurityToken {
- private PublicKey publicKey;
+ private DSAKeyValueType dsaKeyValueType;
public DsaKeyValueSecurityToken(DSAKeyValueType dsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
super(securityContext, callbackHandler, null, keyIdentifierType);
-
- try {
- this.publicKey = buildPublicKey(dsaKeyValueType);
- } catch (InvalidKeySpecException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
+ this.dsaKeyValueType = dsaKeyValueType;
}
private PublicKey buildPublicKey(DSAKeyValueType dsaKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException {
@@ -65,15 +56,17 @@ public class DsaKeyValueSecurityToken ex
}
@Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return this.publicKey;
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ if (super.getPublicKey() == null) {
+ try {
+ setPublicKey(buildPublicKey(this.dsaKeyValueType));
+ } catch (InvalidKeySpecException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+ return super.getPublicKey();
}
@Override
@@ -85,10 +78,4 @@ public class DsaKeyValueSecurityToken ex
public XMLSecurityConstants.TokenType getTokenType() {
return XMLSecurityConstants.KeyValueToken;
}
-
- //todo move to super class?
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -18,35 +18,26 @@
*/
package org.apache.xml.security.stax.impl.securityToken;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.spec.ECFieldFp;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.EllipticCurve;
-import java.security.spec.InvalidKeySpecException;
-
-import javax.security.auth.callback.CallbackHandler;
-
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.impl.algorithms.ECDSAUtils;
+import javax.security.auth.callback.CallbackHandler;
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.*;
+
/**
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
*/
-public class ECKeyValueSecurityToken extends AbstractSecurityToken {
+public class ECKeyValueSecurityToken extends AbstractInboundSecurityToken {
private ECKeyValueType ecKeyValueType;
- private PublicKey publicKey;
public ECKeyValueSecurityToken(ECKeyValueType ecKeyValueType, SecurityContext securityContext,
CallbackHandler callbackHandler,
@@ -102,24 +93,17 @@ public class ECKeyValueSecurityToken ext
}
@Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- if (this.publicKey == null) {
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ if (super.getPublicKey() == null) {
try {
- this.publicKey = buildPublicKey(this.ecKeyValueType);
+ setPublicKey(buildPublicKey(this.ecKeyValueType));
} catch (InvalidKeySpecException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
} catch (NoSuchAlgorithmException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
}
}
- return this.publicKey;
+ return super.getPublicKey();
}
@Override
@@ -131,10 +115,4 @@ public class ECKeyValueSecurityToken ext
public XMLSecurityConstants.TokenType getTokenType() {
return XMLSecurityConstants.KeyValueToken;
}
-
- //todo move to super class?
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
}
Added: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java?rev=1383463&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java (added)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.stax.impl.securityToken;
+
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+/**
+ * @author $Author: $
+ * @version $Revision: $ $Date: $
+ */
+public class GenericOutboundSecurityToken implements OutboundSecurityToken {
+
+ private String id;
+ private XMLSecurityConstants.TokenType tokenType;
+ private Object processor;
+ private final List<OutboundSecurityToken> wrappedTokens = new ArrayList<OutboundSecurityToken>();
+ private OutboundSecurityToken keyWrappingToken;
+ private final Map<String, Key> keyTable = new Hashtable<String, Key>();
+ private PublicKey publicKey;
+ private X509Certificate[] x509Certificates;
+
+ public GenericOutboundSecurityToken(String id, XMLSecurityConstants.TokenType tokenType, Key key, X509Certificate[] x509Certificates) {
+ this(id, tokenType, key);
+ this.x509Certificates = x509Certificates;
+ }
+
+ public GenericOutboundSecurityToken(String id, XMLSecurityConstants.TokenType tokenType, Key key) {
+ this(id, tokenType);
+ setSecretKey("", key);
+ }
+
+ public GenericOutboundSecurityToken(String id, XMLSecurityConstants.TokenType tokenType) {
+ this.id = id;
+ this.tokenType = tokenType;
+ }
+
+ @Override
+ public String getId() {
+ return id;
+ }
+
+ @Override
+ public Object getProcessor() {
+ return processor;
+ }
+
+ public void setProcessor(Object processor) {
+ this.processor = processor;
+ }
+
+ @Override
+ public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
+ if (algorithmURI == null) {
+ return null;
+ }
+ Key key = keyTable.get(algorithmURI);
+ //workaround for user set keys which aren't declared in the xml
+ if (key == null) {
+ key = keyTable.get("");
+ }
+ return key;
+ }
+
+ public void setSecretKey(String algorithmURI, Key key) {
+ if (algorithmURI == null) {
+ throw new IllegalArgumentException("algorithmURI must not be null");
+ }
+ if (key != null) {
+ this.keyTable.put(algorithmURI, key);
+ }
+ }
+
+ @Override
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ if (this.publicKey != null) {
+ return this.publicKey;
+ }
+ if (this.x509Certificates != null && this.x509Certificates.length > 0) {
+ return this.publicKey = this.x509Certificates[0].getPublicKey();
+ }
+ return null;
+ }
+
+ @Override
+ public X509Certificate[] getX509Certificates() throws XMLSecurityException {
+ return this.x509Certificates;
+ }
+
+ @Override
+ public OutboundSecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ return keyWrappingToken;
+ }
+
+ public void setKeyWrappingToken(OutboundSecurityToken keyWrappingToken) {
+ this.keyWrappingToken = keyWrappingToken;
+ }
+
+ @Override
+ public List<OutboundSecurityToken> getWrappedTokens() throws XMLSecurityException {
+ return Collections.unmodifiableList(wrappedTokens);
+ }
+
+ @Override
+ public void addWrappedToken(OutboundSecurityToken securityToken) {
+ wrappedTokens.add(securityToken);
+ }
+
+ @Override
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return tokenType;
+ }
+}
Propchange: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/GenericOutboundSecurityToken.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/KeyNameSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -18,69 +18,31 @@
*/
package org.apache.xml.security.stax.impl.securityToken;
-import java.security.Key;
-import java.security.PublicKey;
-
-import javax.security.auth.callback.CallbackHandler;
-
import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
+import javax.security.auth.callback.CallbackHandler;
+
/**
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
*/
-public class KeyNameSecurityToken extends AbstractSecurityToken {
+public class KeyNameSecurityToken extends AbstractInboundSecurityToken {
- private Key key;
private String keyName;
public KeyNameSecurityToken(String keyName, SecurityContext securityContext, CallbackHandler callbackHandler,
- XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
super(securityContext, callbackHandler, null, keyIdentifierType);
this.keyName = keyName;
}
@Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return key;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- if (key instanceof PublicKey) {
- return (PublicKey)key;
- }
- return null;
- }
-
- public void setKey(Key key) {
- this.key = key;
- }
-
- @Override
- public boolean isAsymmetric() {
- if (key instanceof PublicKey) {
- return true;
- }
- return false;
- }
-
- @Override
public XMLSecurityConstants.TokenType getTokenType() {
return XMLSecurityConstants.KeyNameToken;
}
- //todo move to super class?
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
-
public String getKeyName() {
return keyName;
}
Copied: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java (from r1378632, santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java)
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java?p2=santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java&p1=santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java&r1=1378632&r2=1383463&rev=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/OutboundSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -16,46 +16,21 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.xml.security.stax.ext;
+package org.apache.xml.security.stax.impl.securityToken;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
-import javax.xml.namespace.QName;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
/**
- * This class represents the different token types which can occur in WS-Security
- * <p/>
- * Sometimes it isn't known (@see EncryptedKeyInputProcessor) which kind of Token(Asymmetric, Symmetric)
- * we have at creation time. So we use a generic interface for both types.
- *
* @author $Author$
* @version $Revision$ $Date$
*/
-public interface SecurityToken {
-
- public enum TokenUsage {
- Signature,
- MainSignature,
- Encryption,
- MainEncryption,
- SupportingTokens,
- SignedSupportingTokens,
- EndorsingSupportingTokens,
- SignedEndorsingSupportingTokens,
- SignedEncryptedSupportingTokens,
- EncryptedSupportingTokens,
- EndorsingEncryptedSupportingTokens,
- SignedEndorsingEncryptedSupportingTokens,
- }
-
- public enum KeyInfoUsage {
- SIGNATURE_VERIFICATION,
- DECRYPTION
- }
+public interface OutboundSecurityToken {
/**
* Returns the token id aka wsu:Id
@@ -71,73 +46,44 @@ public interface SecurityToken {
*/
Object getProcessor();
-
- /**
- * Returns the absolute path to the XMLElement
- *
- * @return A list containing full qualified element names
- */
- List<QName> getElementPath();
-
- /**
- * Returns the first XMLEvent for this token
- *
- * @return
- */
- XMLSecEvent getXMLSecEvent();
-
- /**
- * Returns the token type
- *
- * @return true if asymmetric token, false if symmetric token
- */
- boolean isAsymmetric();
-
/**
* Returns the secret key
*
- * @param algorithmURI for the requested key
- * @param keyUsage
- * @return The requested key for the specified algorithmURI, or null if no matching key is found
- * @throws XMLSecurityException if the key can't be loaded
+ * @return The key
+ * @throws org.apache.xml.security.stax.ext.XMLSecurityException
+ * if the key can't be loaded
*/
- Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID) throws XMLSecurityException;
+ Key getSecretKey(String algorithmURI) throws XMLSecurityException;
/**
* Returns the public key if one exist for this token type
*
- * @param algorithmURI
- * @param keyUsage
* @return The Public-Key for asymmetric algorithms
- * @throws XMLSecurityException if the key can't be loaded
+ * @throws org.apache.xml.security.stax.ext.XMLSecurityException
+ * if the key can't be loaded
*/
- PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage, String correlationID) throws XMLSecurityException;
+ PublicKey getPublicKey() throws XMLSecurityException;
/**
* Returns the certificate chain if one exists for this token type
*
* @return The certificate chain
- * @throws XMLSecurityException if the certificates can't be retrieved
+ * @throws org.apache.xml.security.stax.ext.XMLSecurityException
+ * if the certificates can't be retrieved
*/
X509Certificate[] getX509Certificates() throws XMLSecurityException;
- /**
- * Verifies the key if applicable
- *
- * @throws XMLSecurityException if the key couldn't be verified or the key isn't valid
- */
- void verify() throws XMLSecurityException;
/**
* Returns the key wrapping token
*
* @return The wrapping SecurityToken
*/
- SecurityToken getKeyWrappingToken() throws XMLSecurityException;
+ OutboundSecurityToken getKeyWrappingToken() throws XMLSecurityException;
- List<SecurityToken> getWrappedTokens() throws XMLSecurityException;
+ List<OutboundSecurityToken> getWrappedTokens() throws XMLSecurityException;
- void addWrappedToken(SecurityToken securityToken);
+ void addWrappedToken(OutboundSecurityToken securityToken);
/**
* Returns the KeyIdentifierType
@@ -145,12 +91,4 @@ public interface SecurityToken {
* @return the KeyIdentifierType
*/
XMLSecurityConstants.TokenType getTokenType();
-
- void addTokenUsage(TokenUsage tokenUsage) throws XMLSecurityException;
-
- List<TokenUsage> getTokenUsages();
-
- void setElementPath(List<QName> elementPath);
-
- void setXMLSecEvent(XMLSecEvent xmlSecEvent);
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/RsaKeyValueSecurityToken.java Tue Sep 11 16:05:51 2012
@@ -20,13 +20,11 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import javax.security.auth.callback.CallbackHandler;
import java.math.BigInteger;
-import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -37,21 +35,14 @@ import java.security.spec.RSAPublicKeySp
* @author $Author: coheigea $
* @version $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
*/
-public class RsaKeyValueSecurityToken extends AbstractSecurityToken {
+public class RsaKeyValueSecurityToken extends AbstractInboundSecurityToken {
- private PublicKey publicKey;
+ private RSAKeyValueType rsaKeyValueType;
public RsaKeyValueSecurityToken(RSAKeyValueType rsaKeyValueType, SecurityContext securityContext, CallbackHandler callbackHandler,
XMLSecurityConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
super(securityContext, callbackHandler, null, keyIdentifierType);
-
- try {
- this.publicKey = buildPublicKey(rsaKeyValueType);
- } catch (InvalidKeySpecException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
+ this.rsaKeyValueType = rsaKeyValueType;
}
private PublicKey buildPublicKey(RSAKeyValueType rsaKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException {
@@ -63,15 +54,17 @@ public class RsaKeyValueSecurityToken ex
}
@Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return this.publicKey;
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ if (super.getPublicKey() == null) {
+ try {
+ setPublicKey(buildPublicKey(this.rsaKeyValueType));
+ } catch (InvalidKeySpecException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+ return super.getPublicKey();
}
@Override
@@ -83,10 +76,4 @@ public class RsaKeyValueSecurityToken ex
public XMLSecurityConstants.TokenType getTokenType() {
return XMLSecurityConstants.KeyValueToken;
}
-
- //todo move to super class?
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1383463&r1=1383462&r2=1383463&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Tue Sep 11 16:05:51 2012
@@ -18,6 +18,14 @@
*/
package org.apache.xml.security.stax.impl.securityToken;
+import org.apache.xml.security.binding.xmldsig.*;
+import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.stax.ext.*;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.TokenType;
+import org.apache.xml.security.utils.RFC2253Parser;
+
+import javax.security.auth.callback.CallbackHandler;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Key;
@@ -26,27 +34,6 @@ import java.security.cert.CertificateExc
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
-import org.apache.xml.security.binding.xmldsig.KeyInfoType;
-import org.apache.xml.security.binding.xmldsig.KeyValueType;
-import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
-import org.apache.xml.security.binding.xmldsig.X509DataType;
-import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
-import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.stax.ext.SecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants.KeyIdentifierType;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants.KeyUsage;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants.TokenType;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.ext.XMLSecurityProperties;
-import org.apache.xml.security.stax.ext.XMLSecurityUtils;
-import org.apache.xml.security.utils.RFC2253Parser;
-
/**
* Factory to create SecurityToken Objects from keys in XML
*
@@ -70,25 +57,21 @@ public class SecurityTokenFactoryImpl ex
if (keyValueType != null) {
return getSecurityToken(keyValueType, securityProperties.getCallbackHandler(), securityContext);
}
-
+
// KeyName
- final String keyName =
- XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyName);
+ final String keyName =
+ XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyName);
if (keyName != null) {
- KeyNameSecurityToken token =
- new KeyNameSecurityToken(keyName, securityContext, securityProperties.getCallbackHandler(),
- XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME);
- if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- token.setKey(securityProperties.getSignatureVerificationKey());
- } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- token.setKey(securityProperties.getDecryptionKey());
- }
+ KeyNameSecurityToken token =
+ new KeyNameSecurityToken(keyName, securityContext, securityProperties.getCallbackHandler(),
+ XMLSecurityConstants.XMLKeyIdentifierType.KEY_NAME);
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
// X509Data
- final X509DataType x509DataType =
- XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
+ final X509DataType x509DataType =
+ XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
if (x509DataType != null) {
try {
return getSecurityToken(x509DataType, securityProperties, securityContext, keyInfoUsage);
@@ -97,44 +80,54 @@ public class SecurityTokenFactoryImpl ex
}
}
}
-
+
// Use a default key if it exists
if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION
- && securityProperties.getSignatureVerificationKey() != null) {
- DefaultSecurityToken token =
- new DefaultSecurityToken(securityContext, securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO);
- token.setKey(securityProperties.getSignatureVerificationKey());
+ && securityProperties.getSignatureVerificationKey() != null) {
+ AbstractInboundSecurityToken token =
+ new AbstractInboundSecurityToken(securityContext, securityProperties.getCallbackHandler(), null,
+ XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
+ @Override
+ public TokenType getTokenType() {
+ return XMLSecurityConstants.DefaultToken;
+ }
+ };
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
} else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION
- && securityProperties.getDecryptionKey() != null) {
- DefaultSecurityToken token =
- new DefaultSecurityToken(securityContext, securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO);
- token.setKey(securityProperties.getDecryptionKey());
+ && securityProperties.getDecryptionKey() != null) {
+ AbstractInboundSecurityToken token =
+ new AbstractInboundSecurityToken(securityContext, securityProperties.getCallbackHandler(), null,
+ XMLSecurityConstants.XMLKeyIdentifierType.NO_KEY_INFO) {
+ @Override
+ public TokenType getTokenType() {
+ return XMLSecurityConstants.DefaultToken;
+ }
+ };
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
}
-
+
private static SecurityToken getSecurityToken(KeyValueType keyValueType,
- final CallbackHandler callbackHandler, SecurityContext securityContext)
- throws XMLSecurityException {
+ final CallbackHandler callbackHandler, SecurityContext securityContext)
+ throws XMLSecurityException {
- final RSAKeyValueType rsaKeyValueType =
+ final RSAKeyValueType rsaKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_RSAKeyValue);
if (rsaKeyValueType != null) {
return new RsaKeyValueSecurityToken(rsaKeyValueType, securityContext,
callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
- final DSAKeyValueType dsaKeyValueType =
+ final DSAKeyValueType dsaKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_DSAKeyValue);
if (dsaKeyValueType != null) {
return new DsaKeyValueSecurityToken(dsaKeyValueType, securityContext,
callbackHandler, XMLSecurityConstants.XMLKeyIdentifierType.KEY_VALUE);
}
- final ECKeyValueType ecKeyValueType =
+ final ECKeyValueType ecKeyValueType =
XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig11_ECKeyValue);
if (ecKeyValueType != null) {
return new ECKeyValueSecurityToken(ecKeyValueType, securityContext,
@@ -142,167 +135,115 @@ public class SecurityTokenFactoryImpl ex
}
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
}
-
+
private static SecurityToken getSecurityToken(X509DataType x509DataType,
- XMLSecurityProperties securityProperties,
+ XMLSecurityProperties securityProperties,
SecurityContext securityContext,
SecurityToken.KeyInfoUsage keyInfoUsage)
- throws XMLSecurityException, Base64DecodingException {
+ throws XMLSecurityException, Base64DecodingException {
// X509Certificate
- byte[] certBytes =
- XMLSecurityUtils.getQNameType(
- x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
- XMLSecurityConstants.TAG_dsig_X509Certificate
- );
+ byte[] certBytes =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509Certificate
+ );
if (certBytes != null) {
X509Certificate cert = getCertificateFromBytes(certBytes);
TokenType tokenType = XMLSecurityConstants.X509V3Token;
if (cert.getVersion() == 1) {
tokenType = XMLSecurityConstants.X509V1Token;
}
- X509SecurityToken token =
- new X509SecurityToken(tokenType, securityContext,
- securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
+ X509SecurityToken token =
+ new X509SecurityToken(tokenType, securityContext,
+ securityProperties.getCallbackHandler(), "",
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_CERTIFICATE);
token.setX509Certificates(new X509Certificate[]{cert});
-
- if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- token.setKey(securityProperties.getSignatureVerificationKey());
- } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- token.setKey(securityProperties.getDecryptionKey());
- }
-
+
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
// Issuer Serial
- final X509IssuerSerialType issuerSerialType =
- XMLSecurityUtils.getQNameType(
- x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
- XMLSecurityConstants.TAG_dsig_X509IssuerSerial
- );
+ final X509IssuerSerialType issuerSerialType =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509IssuerSerial
+ );
if (issuerSerialType != null) {
if (issuerSerialType.getX509IssuerName() == null
- || issuerSerialType.getX509SerialNumber() == null
- || securityProperties.getSignatureVerificationKey() == null) {
+ || issuerSerialType.getX509SerialNumber() == null
+ || securityProperties.getSignatureVerificationKey() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
- X509IssuerSerialSecurityToken token =
- new X509IssuerSerialSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
+ X509IssuerSerialSecurityToken token =
+ new X509IssuerSerialSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
token.setIssuerName(issuerSerialType.getX509IssuerName());
token.setSerialNumber(issuerSerialType.getX509SerialNumber());
- //todo review: setKey should always be a secret resp. priv-key
- if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- token.setKey(securityProperties.getSignatureVerificationKey());
- } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- token.setKey(securityProperties.getDecryptionKey());
- }
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
// Subject Key Identifier
- byte[] skiBytes =
- XMLSecurityUtils.getQNameType(
- x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
- XMLSecurityConstants.TAG_dsig_X509SKI
- );
+ byte[] skiBytes =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509SKI
+ );
if (skiBytes != null) {
if (securityProperties.getSignatureVerificationKey() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
- X509SKISecurityToken token =
- new X509SKISecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
+ X509SKISecurityToken token =
+ new X509SKISecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "", XMLSecurityConstants.XMLKeyIdentifierType.X509_SKI);
token.setSkiBytes(skiBytes);
-
- if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- token.setKey(securityProperties.getSignatureVerificationKey());
- } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- token.setKey(securityProperties.getDecryptionKey());
- }
+
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
// Subject Name
- String subjectName =
- XMLSecurityUtils.getQNameType(
- x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
- XMLSecurityConstants.TAG_dsig_X509SubjectName
- );
+ String subjectName =
+ XMLSecurityUtils.getQNameType(
+ x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
+ XMLSecurityConstants.TAG_dsig_X509SubjectName
+ );
if (subjectName != null) {
if (securityProperties.getSignatureVerificationKey() == null) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
- String normalizedSubjectName =
- RFC2253Parser.normalize(subjectName);
- X509SubjectNameSecurityToken token =
- new X509SubjectNameSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
- securityProperties.getCallbackHandler(), "",
- XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
+ String normalizedSubjectName =
+ RFC2253Parser.normalize(subjectName);
+ X509SubjectNameSecurityToken token =
+ new X509SubjectNameSecurityToken(XMLSecurityConstants.X509V3Token, securityContext,
+ securityProperties.getCallbackHandler(), "",
+ XMLSecurityConstants.XMLKeyIdentifierType.X509_SUBJECT_NAME);
token.setSubjectName(normalizedSubjectName);
-
- if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- token.setKey(securityProperties.getSignatureVerificationKey());
- } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- token.setKey(securityProperties.getDecryptionKey());
- }
+
+ setTokenKey(securityProperties, keyInfoUsage, token);
return token;
}
-
+
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
}
-
- private static class DefaultSecurityToken extends AbstractSecurityToken {
- private Key key;
-
- public DefaultSecurityToken(SecurityContext securityContext,
- CallbackHandler callbackHandler, String id,
- KeyIdentifierType keyIdentifierType) {
- super(securityContext, callbackHandler, id, keyIdentifierType);
+ private static void setTokenKey(XMLSecurityProperties securityProperties, SecurityToken.KeyInfoUsage keyInfoUsage,
+ AbstractInboundSecurityToken token) {
+ Key key = null;
+ if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
+ key = securityProperties.getSignatureVerificationKey();
+ } else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
+ key = securityProperties.getDecryptionKey();
+ }
+ if (key instanceof PublicKey) {
+ token.setPublicKey((PublicKey) key);
+ } else {
+ token.setSecretKey("", key);
}
-
- @Override
- public boolean isAsymmetric() {
- if (key instanceof PublicKey) {
- return true;
- }
- return false;
- }
-
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
-
- @Override
- public TokenType getTokenType() {
- return XMLSecurityConstants.DefaultToken;
- }
-
- @Override
- protected Key getKey(String algorithmURI, KeyUsage keyUsage, String correlationID)
- throws XMLSecurityException {
- return key;
- }
-
- public void setKey(Key key) {
- this.key = key;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, KeyUsage keyUsage, String correlationID)
- throws XMLSecurityException {
- if (key instanceof PublicKey) {
- return (PublicKey)key;
- }
- return null;
- }
-
}
-
+
/**
* Construct an X509Certificate'from the byte array.
* <p/>