Home » rampart-dist-1.4-src » org.apache » rampart » builder » [javadoc | source]

    1   /*
    2    * Copyright 2004,2005 The Apache Software Foundation.
    3    *
    4    * Licensed under the Apache License, Version 2.0 (the "License");
    5    * you may not use this file except in compliance with the License.
    6    * You may obtain a copy of the License at
    7    *
    8    *      http://www.apache.org/licenses/LICENSE-2.0
    9    *
   10    * Unless required by applicable law or agreed to in writing, software
   11    * distributed under the License is distributed on an "AS IS" BASIS,
   12    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   13    * See the License for the specific language governing permissions and
   14    * limitations under the License.
   15    */
   16   
   17   package org.apache.rampart.builder;
   18   
   19   import org.apache.axiom.om.OMElement;
   20   import org.apache.commons.logging.Log;
   21   import org.apache.commons.logging.LogFactory;
   22   import org.apache.rahas.TrustException;
   23   import org.apache.rampart.RampartConstants;
   24   import org.apache.rampart.RampartException;
   25   import org.apache.rampart.RampartMessageData;
   26   import org.apache.rampart.policy.RampartPolicyData;
   27   import org.apache.rampart.policy.model.RampartConfig;
   28   import org.apache.rampart.util.RampartUtil;
   29   import org.apache.ws.secpolicy.SPConstants;
   30   import org.apache.ws.secpolicy.model.AlgorithmSuite;
   31   import org.apache.ws.secpolicy.model.SupportingToken;
   32   import org.apache.ws.secpolicy.model.Token;
   33   import org.apache.ws.security.WSConstants;
   34   import org.apache.ws.security.WSEncryptionPart;
   35   import org.apache.ws.security.WSSecurityException;
   36   import org.apache.ws.security.conversation.ConversationException;
   37   import org.apache.ws.security.handler.WSHandlerConstants;
   38   import org.apache.ws.security.message.WSSecDKEncrypt;
   39   import org.apache.ws.security.message.WSSecDKSign;
   40   import org.apache.ws.security.message.WSSecEncrypt;
   41   import org.apache.ws.security.message.WSSecEncryptedKey;
   42   import org.apache.ws.security.message.WSSecSignature;
   43   import org.w3c.dom.Document;
   44   import org.w3c.dom.Element;
   45   
   46   import java.util.HashMap;
   47   import java.util.Iterator;
   48   import java.util.Vector;
   49   
   50   public class AsymmetricBindingBuilder extends BindingBuilder {
   51   
   52       private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
   53       private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);	
   54       private boolean dotDebug = false;
   55       
   56       private Token sigToken;
   57   
   58       private WSSecSignature sig;
   59   
   60       private WSSecEncryptedKey encrKey;
   61       
   62       private String encryptedKeyId;
   63       
   64       private byte[] encryptedKeyValue;
   65   
   66       private Vector signatureValues = new Vector();
   67   
   68       private Element encrTokenElement;
   69       
   70       private Element sigDKTElement;
   71       
   72       private Element encrDKTElement;
   73   
   74       private Vector sigParts = new Vector();
   75       
   76       private Element signatureElement; 
   77       
   78       public AsymmetricBindingBuilder(){
   79       	dotDebug = tlog.isDebugEnabled();
   80       }
   81   
   82       public void build(RampartMessageData rmd) throws RampartException {
   83           log.debug("AsymmetricBindingBuilder build invoked");
   84   
   85           RampartPolicyData rpd = rmd.getPolicyData();
   86           if (rpd.isIncludeTimestamp()) {
   87               this.addTimestamp(rmd);
   88           }
   89   
   90           if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
   91               this.doEncryptBeforeSig(rmd);
   92           } else {
   93               this.doSignBeforeEncrypt(rmd);
   94           }
   95   
   96           log.debug("AsymmetricBindingBuilder build invoked : DONE");
   97       }
   98   
   99       private void doEncryptBeforeSig(RampartMessageData rmd)
  100               throws RampartException {
  101       	
  102       	long t0 = 0, t1 = 0, t2 = 0;
  103       	if(dotDebug){
  104       		t0 = System.currentTimeMillis();
  105       	}
  106           RampartPolicyData rpd = rmd.getPolicyData();
  107           Document doc = rmd.getDocument();
  108           RampartConfig config = rpd.getRampartConfig();
  109   
  110           /*
  111            * We need to hold on to these two element to use them as refence in the
  112            * case of encypting the signature
  113            */
  114           Element encrDKTokenElem = null;
  115           WSSecEncrypt encr = null;
  116           Element refList = null;
  117           WSSecDKEncrypt dkEncr = null;
  118   
  119           /*
  120            * We MUST use keys derived from the same token
  121            */
  122           Token encryptionToken = null;
  123           if(rmd.isInitiator()) {
  124               encryptionToken = rpd.getRecipientToken();
  125           } else {
  126               encryptionToken = rpd.getInitiatorToken();
  127           }
  128           Vector encrParts = RampartUtil.getEncryptedParts(rmd);
  129           
  130           //Signed parts are determined before encryption because encrypted signed  headers
  131           //will not be included otherwise
  132           this.sigParts = RampartUtil.getSignedParts(rmd);
  133           
  134           if(encryptionToken == null && encrParts.size() > 0) {
  135               throw new RampartException("encryptionTokenMissing");
  136           }
  137           
  138           if (encryptionToken != null && encrParts.size() > 0) {
  139               
  140               //Check for RampartConfig assertion
  141               if(rpd.getRampartConfig() == null) {
  142                   //We'er missing the extra info rampart needs
  143                   throw new RampartException("rampartConigMissing");
  144               }
  145               
  146               if (encryptionToken.isDerivedKeys()) {
  147                   try {
  148                       this.setupEncryptedKey(rmd, encryptionToken);
  149                       // Create the DK encryption builder
  150                       dkEncr = new WSSecDKEncrypt();
  151                       dkEncr.setParts(encrParts);
  152                       dkEncr.setExternalKey(this.encryptedKeyValue, 
  153                               this.encryptedKeyId);
  154                       dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
  155                       dkEncr.prepare(doc);
  156   
  157                       // Get and add the DKT element
  158                       this.encrDKTElement = dkEncr.getdktElement();
  159                       encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
  160   
  161                       refList = dkEncr.encryptForExternalRef(null, encrParts);
  162   
  163                   } catch (WSSecurityException e) {
  164                       throw new RampartException("errorCreatingEncryptedKey", e);
  165                   } catch (ConversationException e) {
  166                       throw new RampartException("errorInDKEncr", e);
  167                   }
  168               } else {
  169                   try {
  170                       encr = new WSSecEncrypt();
  171                       encr.setParts(encrParts);
  172                       encr.setWsConfig(rmd.getConfig());
  173                       encr.setDocument(doc);
  174                       RampartUtil.setEncryptionUser(rmd, encr);
  175                       encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
  176                       RampartUtil.setKeyIdentifierType(rpd,encr, encryptionToken);
  177                       encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
  178                       encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
  179   
  180                       Element bstElem = encr.getBinarySecurityTokenElement();
  181                       if (bstElem != null) {
  182                           RampartUtil.appendChildToSecHeader(rmd, bstElem);
  183                       }
  184   
  185                       this.encrTokenElement = encr.getEncryptedKeyElement();
  186                       this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
  187                               encrTokenElement);
  188   
  189                       refList = encr.encryptForExternalRef(null, encrParts);
  190   
  191                   } catch (WSSecurityException e) {
  192                       throw new RampartException("errorInEncryption", e);
  193                   }
  194               }
  195   
  196               RampartUtil.appendChildToSecHeader(rmd, refList);
  197               
  198               if(dotDebug){
  199               	t1 = System.currentTimeMillis();
  200               }
  201               
  202               this.setInsertionLocation(encrTokenElement);
  203   
  204               RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);
  205               
  206               HashMap sigSuppTokMap = null;
  207               HashMap endSuppTokMap = null;
  208               HashMap sgndEndSuppTokMap = null;
  209               HashMap sgndEncSuppTokMap = null;
  210               HashMap endEncSuppTokMap = null;
  211               HashMap sgndEndEncSuppTokMap = null;
  212               
  213               if(this.timestampElement != null){
  214               	sigParts.add(new WSEncryptionPart(RampartUtil
  215                       .addWsuIdToElement((OMElement) this.timestampElement)));
  216               }
  217               
  218               if (rmd.isInitiator()) {
  219   
  220                   // Now add the supporting tokens
  221                   SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
  222                   sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);           
  223                   
  224                   SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
  225                   endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
  226                   
  227                   SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();           
  228                   sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
  229                   
  230                   SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
  231                   sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
  232                   
  233                   SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
  234                   endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
  235                   
  236                   SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();           
  237                   sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
  238                   
  239                   SupportingToken supportingToks = rpd.getSupportingTokens();
  240                   this.handleSupportingTokens(rmd, supportingToks);
  241                   
  242                   SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
  243                   this.handleSupportingTokens(rmd, encryptedSupportingToks);
  244           
  245                   //Setup signature parts
  246                   sigParts = addSignatureParts(sigSuppTokMap, sigParts);
  247                   sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
  248                   sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
  249                   sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
  250                   
  251               } else {
  252                   addSignatureConfirmation(rmd, sigParts);
  253               }
  254               
  255               if(( sigParts.size() > 0 &&
  256                       rmd.isInitiator() && rpd.getInitiatorToken() != null) || 
  257                       (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
  258                   this.doSignature(rmd);
  259               }
  260   
  261               if (rmd.isInitiator()) {
  262                   
  263                   endSuppTokMap.putAll(endEncSuppTokMap);
  264                   // Do endorsed signatures
  265                   Vector endSigVals = this.doEndorsedSignatures(rmd,
  266                           endSuppTokMap);
  267                   for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
  268                       signatureValues.add(iter.next());
  269                   }
  270   
  271                   sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
  272                   // Do signed endorsing signatures
  273                   Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
  274                           sgndEndSuppTokMap);
  275                   for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
  276                       signatureValues.add(iter.next());
  277                   }
  278               }
  279               
  280               if(dotDebug){
  281               	t2 = System.currentTimeMillis();
  282               	tlog.debug("Encryption took :" + (t1 - t0)
  283               				+", Signature tool :" + (t2 - t1) );
  284               }
  285   
  286               // Check for signature protection
  287               if (rpd.isSignatureProtection() && this.mainSigId != null) {
  288               	long t3 = 0, t4 = 0;
  289               	if(dotDebug){
  290               		t3 = System.currentTimeMillis();
  291               	}
  292                   Vector secondEncrParts = new Vector();
  293   
  294                   // Now encrypt the signature using the above token
  295                   secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
  296                           "Element"));
  297                   
  298                   if(rmd.isInitiator()) {
  299                       for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
  300                           secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
  301                       }
  302                   }
  303   
  304                   Element secondRefList = null;
  305   
  306                   if (encryptionToken.isDerivedKeys()) {
  307                       try {
  308   
  309                           secondRefList = dkEncr.encryptForExternalRef(null,
  310                                   secondEncrParts);
  311                           RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
  312                                   secondRefList);
  313   
  314                       } catch (WSSecurityException e) {
  315                           throw new RampartException("errorCreatingEncryptedKey",
  316                                   e);
  317                       }
  318                   } else {
  319                       try {
  320                           // Encrypt, get hold of the ref list and add it
  321                           secondRefList = encr.encryptForExternalRef(null,
  322                                   secondEncrParts);
  323   
  324                           // Insert the ref list after the encrypted key elem
  325                           this.setInsertionLocation(RampartUtil
  326                                   .insertSiblingAfter(rmd, encrTokenElement,
  327                                           secondRefList));
  328                       } catch (WSSecurityException e) {
  329                           throw new RampartException("errorInEncryption", e);
  330                       }
  331                   }
  332                   if(dotDebug){
  333               		t4 = System.currentTimeMillis();
  334               		tlog.debug("Signature protection took :" + (t4 - t3));
  335               	}
  336               }
  337           }
  338           
  339           
  340   
  341       }
  342   
  343       private void doSignBeforeEncrypt(RampartMessageData rmd)
  344               throws RampartException {
  345       	
  346       	long t0 = 0, t1 = 0, t2 = 0;
  347       	        
  348           RampartPolicyData rpd = rmd.getPolicyData();
  349           Document doc = rmd.getDocument();
  350   
  351           HashMap sigSuppTokMap = null;
  352           HashMap endSuppTokMap = null;
  353           HashMap sgndEndSuppTokMap = null;
  354           HashMap sgndEncSuppTokMap = null;
  355           HashMap endEncSuppTokMap = null;
  356           HashMap sgndEndEncSuppTokMap = null;
  357           
  358           sigParts = RampartUtil.getSignedParts(rmd);
  359           
  360           //Add timestamp
  361           if(this.timestampElement != null){
  362           	sigParts.add(new WSEncryptionPart(RampartUtil
  363                   .addWsuIdToElement((OMElement) this.timestampElement)));
  364           }else{
  365           	this.setInsertionLocation(null);
  366           }
  367           
  368           if(dotDebug){
  369       		t0 = System.currentTimeMillis();
  370       	}
  371           
  372           if (rmd.isInitiator()) {
  373              
  374               //      Now add the supporting tokens
  375               SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
  376               sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);           
  377               
  378               SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
  379               endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
  380               
  381               SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();           
  382               sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
  383               
  384               SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
  385               sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
  386               
  387               SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
  388               endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
  389               
  390               SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();           
  391               sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
  392               
  393               SupportingToken supportingToks = rpd.getSupportingTokens();
  394               this.handleSupportingTokens(rmd, supportingToks);
  395               
  396               SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
  397               this.handleSupportingTokens(rmd, encryptedSupportingToks);
  398       
  399               //Setup signature parts
  400               sigParts = addSignatureParts(sigSuppTokMap, sigParts);
  401               sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
  402               sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
  403               sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
  404               
  405           } else {
  406               addSignatureConfirmation(rmd, sigParts);
  407           }
  408   
  409           if( sigParts.size() > 0 && 
  410                   ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || 
  411                   (!rmd.isInitiator() && rpd.getRecipientToken() != null))) {
  412               // Do signature
  413               this.doSignature(rmd);
  414           }
  415           
  416           //Do endorsed signature
  417   
  418           if (rmd.isInitiator()) {
  419               
  420               // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
  421               endSuppTokMap.putAll(endEncSuppTokMap);
  422               // Do endorsed signatures
  423               Vector endSigVals = this.doEndorsedSignatures(rmd,
  424                       endSuppTokMap);
  425               for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
  426                   signatureValues.add(iter.next());
  427               }
  428   
  429               //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
  430               sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
  431               // Do signed endorsing signatures
  432               Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
  433                       sgndEndSuppTokMap);
  434               for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
  435                   signatureValues.add(iter.next());
  436               }
  437           }
  438           
  439           if(dotDebug){
  440       		t1 = System.currentTimeMillis();
  441       	}
  442                
  443           Vector encrParts = RampartUtil.getEncryptedParts(rmd);
  444           
  445           //Check for signature protection
  446           if(rpd.isSignatureProtection() && this.mainSigId != null) {
  447               encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
  448           }
  449           
  450           if(rmd.isInitiator()) {
  451               for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
  452                   encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
  453               }
  454           }
  455   
  456           //Do encryption
  457           Token encrToken = rpd.getRecipientToken();
  458           if(encrToken != null && encrParts.size() > 0) {
  459               Element refList = null;
  460               AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
  461               if(encrToken.isDerivedKeys()) {
  462                   
  463                   try {
  464                       WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
  465                       
  466                       if(this.encrKey == null) {
  467                           this.setupEncryptedKey(rmd, encrToken);
  468                       }
  469                       
  470                       dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
  471                       dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
  472                               + WSConstants.ENC_KEY_VALUE_TYPE);
  473                       dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
  474                       dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
  475                       dkEncr.prepare(doc);
  476                       
  477                       
  478                       if(this.encrTokenElement != null) {
  479                           this.encrDKTElement = RampartUtil.insertSiblingAfter(
  480                                   rmd, this.encrTokenElement, dkEncr.getdktElement());
  481                       } else {
  482                           this.encrDKTElement = RampartUtil.insertSiblingBefore(
  483                                   rmd, this.sigDKTElement, dkEncr.getdktElement());
  484                       }
  485                       
  486                       refList = dkEncr.encryptForExternalRef(null, encrParts);
  487                       
  488                       RampartUtil.insertSiblingAfter(rmd, 
  489                                                       this.encrDKTElement, 
  490                                                       refList);
  491                                                       
  492                   } catch (WSSecurityException e) {
  493                       throw new RampartException("errorInDKEncr", e);
  494                   } catch (ConversationException e) {
  495                       throw new RampartException("errorInDKEncr", e);
  496                   }
  497               } else {
  498                   try {
  499                       
  500                       WSSecEncrypt encr = new WSSecEncrypt();
  501                       
  502                       RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
  503                       
  504                       encr.setWsConfig(rmd.getConfig());
  505                       
  506                       encr.setDocument(doc);
  507                       RampartUtil.setEncryptionUser(rmd, encr);
  508                       encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
  509                       encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
  510                       encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
  511                               .getRampartConfig(), rmd.getCustomClassLoader()));
  512                       
  513                       if(this.timestampElement != null){
  514                       	this.setInsertionLocation(this.timestampElement);
  515                       }else{
  516                       	this.setInsertionLocation(null);
  517                       }
  518                       
  519                       if(encr.getBSTTokenId() != null) {
  520                           this.setInsertionLocation(RampartUtil
  521                                   .insertSiblingAfterOrPrepend(rmd,
  522                                           this.getInsertionLocation(),
  523                                           encr.getBinarySecurityTokenElement()));
  524                       }
  525                       
  526                       
  527                       Element encryptedKeyElement = encr.getEncryptedKeyElement();
  528                                          
  529                       //Encrypt, get hold of the ref list and add it
  530                       refList = encr.encryptForInternalRef(null, encrParts);
  531                       
  532                       //Add internal refs
  533                       encryptedKeyElement.appendChild(refList);
  534                       
  535                       this.setInsertionLocation(RampartUtil
  536                               .insertSiblingAfterOrPrepend(rmd,
  537                                       this.getInsertionLocation(),
  538                                       encryptedKeyElement)); 
  539   
  540   //                    RampartUtil.insertSiblingAfter(rmd,
  541   //                                                    this.getInsertionLocation(),
  542   //                                                    refList);
  543                   } catch (WSSecurityException e) {
  544                       throw new RampartException("errorInEncryption", e);
  545                   }    
  546               }
  547           }
  548           
  549           if(dotDebug){
  550       		t2 = System.currentTimeMillis();
  551       		tlog.debug("Signature took :" + (t1 - t0)
  552       				+", Encryption took :" + (t2 - t1) );
  553       	}
  554           
  555       }
  556   
  557       private void doSignature(RampartMessageData rmd) throws RampartException {
  558   
  559           RampartPolicyData rpd = rmd.getPolicyData();
  560           Document doc = rmd.getDocument();
  561           
  562           long t0 = 0, t1 = 0;
  563           if(dotDebug){
  564       		t0 = System.currentTimeMillis();
  565       	}
  566           if(rmd.isInitiator()) {
  567               sigToken = rpd.getInitiatorToken();
  568           } else {
  569               sigToken = rpd.getRecipientToken();
  570           }
  571   
  572           if (sigToken.isDerivedKeys()) {
  573               // Set up the encrypted key to use
  574               if(this.encrKey == null) {
  575                   setupEncryptedKey(rmd, sigToken);
  576               }
  577               
  578               WSSecDKSign dkSign = new WSSecDKSign();
  579               dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
  580   
  581               // Set the algo info
  582               dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
  583                       .getSymmetricSignature());
  584               dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
  585                       .getSignatureDerivedKeyLength() / 8);
  586               dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
  587                       + WSConstants.ENC_KEY_VALUE_TYPE);
  588               try {
  589                   dkSign.prepare(doc, rmd.getSecHeader());
  590   
  591                   if (rpd.isTokenProtection()) {
  592                       sigParts.add(new WSEncryptionPart(encrKey.getId()));
  593                   }
  594   
  595                   dkSign.setParts(sigParts);
  596   
  597                   dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
  598   
  599                   // Do signature
  600                   dkSign.computeSignature();
  601   
  602                    ;
  603                   // Add elements to header
  604                    this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
  605                           this.getInsertionLocation(), dkSign.getdktElement());
  606                   this.setInsertionLocation(this.sigDKTElement);
  607                   
  608                   this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
  609                           this.getInsertionLocation(), dkSign
  610                                   .getSignatureElement()));
  611                                   
  612                   this.mainSigId = RampartUtil
  613                           .addWsuIdToElement((OMElement) dkSign
  614                                   .getSignatureElement());
  615   
  616                   signatureValues.add(dkSign.getSignatureValue());
  617                   
  618                   signatureElement = dkSign.getSignatureElement();
  619               } catch (WSSecurityException e) {
  620                   throw new RampartException("errorInDerivedKeyTokenSignature", e);
  621               } catch (ConversationException e) {
  622                   throw new RampartException("errorInDerivedKeyTokenSignature", e);
  623               }
  624   
  625           } else {
  626               sig = this.getSignatureBuider(rmd, sigToken);
  627               Element bstElem = sig.getBinarySecurityTokenElement();
  628               if(bstElem != null) {
  629                   bstElem = RampartUtil.insertSiblingAfter(rmd, this
  630                                           .getInsertionLocation(), bstElem);
  631                   this.setInsertionLocation(bstElem);
  632               }
  633               
  634               if (rmd.getPolicyData().isTokenProtection()
  635                       && sig.getBSTTokenId() != null) {
  636                   sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
  637               }
  638   
  639               try {
  640                   sig.addReferencesToSign(sigParts, rmd.getSecHeader());
  641                   sig.computeSignature();
  642   
  643                   signatureElement = sig.getSignatureElement();
  644                   
  645                   this.setInsertionLocation(RampartUtil.insertSiblingAfter(
  646                                   rmd, this.getInsertionLocation(), signatureElement));
  647   
  648                   this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
  649               } catch (WSSecurityException e) {
  650                   throw new RampartException("errorInSignatureWithX509Token", e);
  651               }
  652               signatureValues.add(sig.getSignatureValue());
  653           }
  654           
  655           if(dotDebug){
  656       		t1 = System.currentTimeMillis();
  657       		tlog.debug("Signature took :" + (t1 - t0));
  658       	}
  659   
  660       }
  661   
  662       /**
  663        * @param rmd
  664        * @throws RampartException
  665        */
  666       private void setupEncryptedKey(RampartMessageData rmd, Token token) 
  667       throws RampartException {
  668           if(!rmd.isInitiator() && token.isDerivedKeys()) {
  669                   
  670                   //If we already have them, simply return
  671                   if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
  672                       return;
  673                   }
  674                   
  675                   //Use the secret from the incoming EncryptedKey element
  676                   Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
  677                   if(resultsObj != null) {
  678                       encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
  679                       encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
  680                       
  681                       //In the case where we don't have the EncryptedKey in the 
  682                       //request, for the control to have reached this state,
  683                       //the scenario MUST be a case where this is the response
  684                       //message by a listener created for an async client
  685                       //Therefor we will create a new EncryptedKey
  686                       if(encryptedKeyId == null && encryptedKeyValue == null) {
  687                           createEncryptedKey(rmd, token);
  688                       }
  689                   } else {
  690                       throw new RampartException("noSecurityResults");
  691                   }
  692           } else {
  693               createEncryptedKey(rmd, token);
  694           }
  695          
  696       }
  697   
  698       /**
  699        * Create an encrypted key element
  700        * @param rmd
  701        * @param token
  702        * @throws RampartException
  703        */
  704       private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
  705           //Set up the encrypted key to use
  706           encrKey = this.getEncryptedKeyBuilder(rmd, token);
  707   
  708           Element bstElem = encrKey.getBinarySecurityTokenElement();
  709           if (bstElem != null) {
  710               // If a BST is available then use it
  711               RampartUtil.appendChildToSecHeader(rmd, bstElem);
  712           }
  713           
  714           // Add the EncryptedKey
  715           encrTokenElement = encrKey.getEncryptedKeyElement();
  716           this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
  717                   encrTokenElement);
  718           encryptedKeyValue = encrKey.getEphemeralKey();
  719           encryptedKeyId = encrKey.getId();
  720   
  721           //Store the token for client - response verification 
  722           // and server - response creation
  723           try {
  724               org.apache.rahas.Token tok = new org.apache.rahas.Token(
  725                       encryptedKeyId, (OMElement)encrTokenElement , null, null);
  726               tok.setSecret(encryptedKeyValue);
  727               rmd.getTokenStorage().add(tok);
  728           } catch (TrustException e) {
  729               throw new RampartException("errorInAddingTokenIntoStore", e);
  730           }
  731       }
  732   }

Home » rampart-dist-1.4-src » org.apache » rampart » builder » [javadoc | source]