Examples of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType

Package org.apache.wss4j.policy.model.AlgorithmSuite

Examples of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType

org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType

    private boolean checkEncryptionAlgorithms(
        WSSecurityEngineResult result, 
        AlgorithmSuite algorithmPolicy,
        AssertionInfo ai
    ) {
        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
        String transportMethod = 
            (String)result.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD);
        if (transportMethod != null 
            && !algorithmSuiteType.getSymmetricKeyWrap().equals(transportMethod)
            && !algorithmSuiteType.getAsymmetricKeyWrap().equals(transportMethod)) {
            ai.setNotAsserted(
                "The Key transport method does not match the requirement"
            );
            return false;
        }
        
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs != null) {
            for (WSDataRef dataRef : dataRefs) {
                String encryptionAlgorithm = dataRef.getAlgorithm();
                if (!algorithmSuiteType.getEncryption().equals(encryptionAlgorithm)) {
                    ai.setNotAsserted(
                        "The encryption algorithm does not match the requirement"
                    );
                    return false;
                }

View Full Code Here

            (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
        if (x509Cert != null && !checkPublicKeyLength(x509Cert.getPublicKey(), algorithmPolicy, ai)) {
            return false;
        }
        
        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
        byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
        if (signature) {
            Principal principal = (Principal)result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
            if (principal instanceof WSDerivedKeyTokenPrincipal) {
                int requiredLength = algorithmSuiteType.getSignatureDerivedKeyLength();
                if (secret == null || secret.length != (requiredLength / 8)) {
                    ai.setNotAsserted(
                        "The signature derived key length does not match the requirement"
                    );
                    return false;
                }
            } else if (secret != null 
                && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8)
                    || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
                ai.setNotAsserted(
                    "The symmetric key length does not match the requirement"
                );
                return false;
            }
        } else if (secret != null 
            && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8)
                || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
            ai.setNotAsserted(
                "The symmetric key length does not match the requirement"
            );
            return false;
        }

View Full Code Here

    private boolean checkPublicKeyLength(
        PublicKey publicKey, 
        AlgorithmSuite algorithmPolicy,
        AssertionInfo ai
    ) {
        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
        if (publicKey instanceof RSAPublicKey) {
            int modulus = ((RSAPublicKey)publicKey).getModulus().bitLength();
            if (modulus < algorithmSuiteType.getMinimumAsymmetricKeyLength()
                || modulus > algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                ai.setNotAsserted(
                    "The asymmetric key length does not match the requirement"
                );
                return false;
            }
        } else if (publicKey instanceof DSAPublicKey) {
            int length = ((DSAPublicKey)publicKey).getParams().getP().bitLength();
            if (length < algorithmSuiteType.getMinimumAsymmetricKeyLength()
                || length > algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                ai.setNotAsserted(
                    "The asymmetric key length does not match the requirement"
                );
                return false;
            }

View Full Code Here

            // Translate into WSS4J's AlgorithmSuite class
            if (algorithmSuite == null) {
                algorithmSuite = new AlgorithmSuite();
            }
            
            AlgorithmSuiteType algorithmSuiteType = cxfAlgorithmSuite.getAlgorithmSuiteType();
            // Set asymmetric key lengths
            if (algorithmSuite.getMaximumAsymmetricKeyLength() 
                < algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                algorithmSuite.setMaximumAsymmetricKeyLength(
                    algorithmSuiteType.getMaximumAsymmetricKeyLength());
            }
            if (algorithmSuite.getMinimumAsymmetricKeyLength() 
                > algorithmSuiteType.getMinimumAsymmetricKeyLength()) {
                algorithmSuite.setMinimumAsymmetricKeyLength(
                    algorithmSuiteType.getMinimumAsymmetricKeyLength());
            }
            
            // Set symmetric key lengths
            if (algorithmSuite.getMaximumSymmetricKeyLength() 
                < algorithmSuiteType.getMaximumSymmetricKeyLength()) {
                algorithmSuite.setMaximumSymmetricKeyLength(
                    algorithmSuiteType.getMaximumSymmetricKeyLength());
            }
            if (algorithmSuite.getMinimumSymmetricKeyLength() 
                > algorithmSuiteType.getMinimumSymmetricKeyLength()) {
                algorithmSuite.setMinimumSymmetricKeyLength(
                    algorithmSuiteType.getMinimumSymmetricKeyLength());
            }
                
            algorithmSuite.addEncryptionMethod(algorithmSuiteType.getEncryption());
            algorithmSuite.addKeyWrapAlgorithm(algorithmSuiteType.getSymmetricKeyWrap());
            algorithmSuite.addKeyWrapAlgorithm(algorithmSuiteType.getAsymmetricKeyWrap());
    
            algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getAsymmetricSignature());
            algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getSymmetricSignature());
            algorithmSuite.addDigestAlgorithm(algorithmSuiteType.getDigest());
            algorithmSuite.addC14nAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
    
            algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
            algorithmSuite.addTransformAlgorithm(SPConstants.STRT10);
            algorithmSuite.addTransformAlgorithm(WSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE);

View Full Code Here

            doSignature(token, wrapper);
            
            properties.setIncludeSignatureToken(true);
            properties.setSignatureAlgorithm(
                tbinding.getAlgorithmSuite().getSymmetricSignature());
            AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
            properties.setSignatureDigestAlgorithm(algType.getDigest());
        } else if (token instanceof X509Token || token instanceof KeyValueToken) {
            doSignature(token, wrapper);
        } else if (token instanceof SamlToken) {
            addSamlToken((SamlToken)token, false, true);
            signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
            
            WSSSecurityProperties properties = getProperties();
            properties.setSignatureAlgorithm(
                       tbinding.getAlgorithmSuite().getAsymmetricSignature());
            AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
            properties.setSignatureDigestAlgorithm(algType.getDigest());
        } else if (token instanceof UsernameToken) {
            throw new Exception("Endorsing UsernameTokens are not supported in the streaming code");
        } else if (token instanceof KerberosToken) {
            WSSSecurityProperties properties = getProperties();
            properties.addAction(WSSConstants.SIGNATURE);
            configureSignature(wrapper, token, false);
            
            addKerberosToken((KerberosToken)token, false, true, false);
            signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
            
            properties.setSignatureAlgorithm(
                       tbinding.getAlgorithmSuite().getSymmetricSignature());
            AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
            properties.setSignatureDigestAlgorithm(algType.getDigest());
        }
    }

View Full Code Here

            writer.writeStartElement("wst", "BinarySecret", namespace);
            writer.writeAttribute("Type", namespace + "/Nonce");
            if (algorithmSuite == null) {
                requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
            } else {
                AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
                requestorEntropy = WSSecurityUtil
                    .generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
            }
            writer.writeCharacters(Base64.encode(requestorEntropy));


            writer.writeEndElement();
            writer.writeEndElement();

View Full Code Here

            alsoIncludeToken = true;
        }
        
        String encrUser = setEncryptionUser(encrKey, wrapper, false, crypto);
        
        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
        encrKey.setSymmetricEncAlgorithm(algType.getEncryption());
        encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
        
        encrKey.prepare(saaj.getSOAPPart(), crypto);
        
        if (alsoIncludeToken) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);

View Full Code Here

        }


        String password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
        sig.setUserInfo(user, password);
        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
        sig.setDigestAlgo(algType.getDigest());
        sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
        sig.setWsConfig(wssConfig);
        try {
            sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
        } catch (WSSecurityException e) {

View Full Code Here

        Collection<AssertionInfo> algorithmSuiteAis = aim.get(algorithmSuite.getName());
        for (AssertionInfo ai : algorithmSuiteAis) {
            ai.setAsserted(true);
        }
        
        AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
        String namespace = algorithmSuiteType.getNamespace();
        if (namespace != null) {
            Collection<AssertionInfo> algAis = 
                aim.get(new QName(namespace, algorithmSuiteType.getName()));
            if (algAis != null) {
                for (AssertionInfo algAi : algAis) {
                    algAi.setAsserted(true);
                }
            }

View Full Code Here

                    
                    dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
                    dkEncr.setParts(encrParts);
                    dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                            + WSConstants.ENC_KEY_VALUE_TYPE);
                    AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
                    dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
                    dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
                    dkEncr.prepare(saaj.getSOAPPart());
                    
                    addDerivedKeyElement(dkEncr.getdktElement());
                    Element refList = dkEncr.encryptForExternalRef(null, encrParts);
                    insertBeforeBottomUp(refList);
                    return dkEncr;
                } catch (Exception e) {
                    LOG.log(Level.FINE, e.getMessage(), e);
                    policyNotAsserted(recToken, e);
                }
            } else {
                try {
                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
                    encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                    
                    encr.setDocument(saaj.getSOAPPart());
                    Crypto crypto = getEncryptionCrypto(recToken);
                    
                    SecurityToken securityToken = getSecurityToken();
                    if (!isRequestor() && securityToken != null 
                        && recToken.getToken() instanceof SamlToken) {
                        String tokenType = securityToken.getTokenType();
                        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
                            || WSConstants.SAML_NS.equals(tokenType)) {
                            encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                            encr.setCustomEKTokenId(securityToken.getId());
                        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
                            || WSConstants.SAML2_NS.equals(tokenType)) {
                            encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                            encr.setCustomEKTokenId(securityToken.getId());
                        } else {
                            setKeyIdentifierType(encr, recToken, encrToken);
                        }
                    } else {
                        setKeyIdentifierType(encr, recToken, encrToken);
                    }
                    //
                    // Using a stored cert is only suitable for the Issued Token case, where
                    // we're extracting the cert from a SAML Assertion on the provider side
                    //
                    if (!isRequestor() && securityToken != null 
                        && securityToken.getX509Certificate() != null) {
                        encr.setUseThisCert(securityToken.getX509Certificate());
                    } else {
                        setEncryptionUser(encr, recToken, false, crypto);
                    }
                    if (!encr.isCertSet() && crypto == null) {
                        policyNotAsserted(recToken, "Missing security configuration. "
                                + "Make sure jaxws:client element is configured " 
                                + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
                    }
                    AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
                    encr.setSymmetricEncAlgorithm(algType.getEncryption());
                    encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
                    encr.prepare(saaj.getSOAPPart(), crypto);
                    
                    if (encr.getBSTTokenId() != null) {
                        encr.prependBSTElementToHeader(secHeader);
                    }

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType

org.apache.cxf.systest.sts.batch.SimpleBatchSTSClient

org.apache.cxf.ws.security.trust.AbstractSTSClient

org.apache.cxf.ws.security.wss4j.AlgorithmSuiteTranslater

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractStaxBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.StaxSymmetricBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.