axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject cvs commit: ws-axis/contrib/wss4j/src/org/apache/ws/security/message EnvelopeIdResolver.java WSEnvelopeBuilder.java WSEnvelopeBuilder2.java
Date Tue, 14 Oct 2003 12:05:53 GMT
dims        2003/10/14 05:05:53

  Added:       contrib/wss4j/src/org/apache/ws/security/message
                        EnvelopeIdResolver.java WSEnvelopeBuilder.java
                        WSEnvelopeBuilder2.java
  Log:
  ******* WORK IN PROGRESS *******
  
  Initial check-in of my sandbox for ws-security related code.
  
  Revision  Changes    Path
  1.1                  ws-axis/contrib/wss4j/src/org/apache/ws/security/message/EnvelopeIdResolver.java
  
  Index: EnvelopeIdResolver.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.ws.security.message;
  
  import org.apache.ws.security.WSConstants;
  import org.apache.ws.security.util.WSSecurityUtil;
  import org.apache.xml.security.c14n.Canonicalizer;
  import org.apache.xml.security.signature.XMLSignatureInput;
  import org.apache.xml.security.utils.XMLUtils;
  import org.apache.xml.security.utils.resolver.ResourceResolverException;
  import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
  import org.apache.xml.utils.URI;
  import org.apache.xpath.CachedXPathAPI;
  import org.w3c.dom.Attr;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.NodeList;
  
  import java.util.Set;
  
  /**
   * XML-Security resolver that is used for resolving same-document URI like URI="#id".
   * It is desgined to only work with SOAPEnvelopes.
   * <p>
   * @author  Davanum Srinivas (dims@yahoo.com).
   */
  public class EnvelopeIdResolver extends ResourceResolverSpi {
      private static EnvelopeIdResolver resolver = null;
  
      /**
       * Singleton instance of the resolver.
       * <p>
       * @return   
       */
      public synchronized static ResourceResolverSpi getInstance() {
          if (resolver == null) {
              resolver = new EnvelopeIdResolver();
          }
  
          return resolver;
      }
  
      /**
       * This is the workhorse method used to resolve resources.
       * <p>
       * @param   uri                         
       * @param   BaseURI                     
       * @return                              
       * @throws  ResourceResolverException  
       */
      public XMLSignatureInput engineResolve(Attr uri, String BaseURI) throws ResourceResolverException
{
          String uriNodeValue = uri.getNodeValue();
          NodeList resultNodes = null;
          Document doc = uri.getOwnerDocument();
  
          // Xalan fix for catching all namespaces
          XMLUtils.circumventBug2650(doc);
  
          CachedXPathAPI cXPathAPI = new CachedXPathAPI();
  
          /*
           * URI="#chapter1"
           * Identifies a node-set containing the element with ID attribute
           * value 'chapter1' of the XML resource containing the signature.
           * XML Signature (and its applications) modify this node-set to
           * include the element plus all descendents including namespaces and
           * attributes -- but not comments.
           */
          String id = uriNodeValue.substring(1);
          Element selectedElem = WSSecurityUtil.findBodyElement(doc);
  
          if (selectedElem == null) {
              throw new ResourceResolverException("generic.EmptyMessage", new Object[]{"Body
element not found"}, uri, BaseURI);
          }
  
          String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
  
          if ((cId == null) || (cId.length() == 0)) {
              cId = selectedElem.getAttributeNS(WSConstants.SOAP_SEC_NS, "id");
          }
  
          if (!id.equals(cId)) {
              selectedElem = WSSecurityUtil.getElementById(doc, uriNodeValue);
  
              if (selectedElem != null) {
                  cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
              }
          }
  
          if (!id.equals(cId)) {
              throw new ResourceResolverException("generic.EmptyMessage", new Object[]{"Id
not found"}, uri, BaseURI);
          }
  
          try {
              resultNodes = cXPathAPI.selectNodeList(selectedElem, Canonicalizer.XPATH_C14N_OMIT_COMMENTS_SINGLE_NODE);
          } catch (javax.xml.transform.TransformerException ex) {
              throw new ResourceResolverException("generic.EmptyMessage", ex, uri, BaseURI);
          }
  
          Set resultSet = XMLUtils.convertNodelistToSet(resultNodes);
          XMLSignatureInput result = new XMLSignatureInput(resultSet, cXPathAPI);
          result.setMIMEType("text/xml");
  
          try {
              URI uriNew = new URI(new URI(BaseURI), uri.getNodeValue());
              result.setSourceURI(uriNew.toString());
          } catch (URI.MalformedURIException ex) {
              result.setSourceURI(BaseURI);
          }
  
          return result;
      }
  
      /**
       * This method helps the ResourceResolver to decide whether a
       * ResourceResolverSpi is able to perform the requested action.
       * <p>
       * @param   uri       
       * @param   BaseURI   
       * @return            
       */
      public boolean engineCanResolve(Attr uri, String BaseURI) {
          if (uri == null) {
              return false;
          }
  
          String uriNodeValue = uri.getNodeValue();
  
          return uriNodeValue.startsWith("#");
      }
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/src/org/apache/ws/security/message/WSEnvelopeBuilder.java
  
  Index: WSEnvelopeBuilder.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.ws.security.message;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  import org.apache.ws.security.WSConstants;
  import org.apache.ws.security.components.crypto.Crypto;
  import org.apache.ws.security.components.crypto.CryptoFactory;
  import org.apache.ws.security.message.token.*;
  import org.apache.ws.security.util.AxisUtil;
  import org.apache.ws.security.util.WSSecurityUtil;
  import org.apache.xml.security.c14n.Canonicalizer;
  import org.apache.xml.security.keys.KeyInfo;
  import org.apache.xml.security.signature.XMLSignature;
  import org.apache.xml.security.transforms.Transforms;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.Node;
  
  import javax.xml.soap.*;
  import java.security.cert.X509Certificate;
  import java.util.Iterator;
  
  /**
   * Builds X509 WS-Security SOAP Envelopes.
   * <p>
   * @author  Davanum Srinivas (dims@yahoo.com).
   */
  public class WSEnvelopeBuilder {
      private static Log log = LogFactory.getLog(WSEnvelopeBuilder.class.getName());
      protected String actor = null;
      protected boolean useSingleCert = true;
      protected String user = null;
      protected String password = null;
  
      /** Constructor. */
      public WSEnvelopeBuilder() {
      }
  
      /**
       * Constructor.
       * <p>
       * @param  actor   
       */
      public WSEnvelopeBuilder(String actor) {
          this.actor = actor;
      }
  
      /**
       * set the single cert flag.
       * <p>
       * @param  useSingleCert   
       */
      public void setUseSingleCertificate(boolean useSingleCert) {
          this.useSingleCert = useSingleCert;
      }
  
      /**
       * Get the single cert flag.
       * <p>
       * @return   
       */
      public boolean isUseSingleCertificate() {
          return this.useSingleCert;
      }
  
      /**
       * add a body id.
       * <p>
       * @param   doc         
       * @return              
       * @throws  Exception  
       */
      protected String setBodyID(Document doc) throws Exception {
          Element bodyElement = WSSecurityUtil.findBodyElement(doc);
  
          if (bodyElement == null) {
              throw new Exception("Element node not found");
          }
  
          String id = bodyElement.getAttributeNS(WSConstants.WSU_NS, "Id");
  
          if ((id == null) || (id.length() == 0)) {
              id = "digestSource";
  
              String prefix = WSSecurityUtil.setNamespace(bodyElement, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
              bodyElement.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
          }
  
          return id;
      }
  
      /**
       * add a security header if one does not exist.
       * <p>
       * @param   env             
       * @return                  
       * @throws  SOAPException  
       */
      protected SOAPHeaderElement insertSecurityHeader(SOAPEnvelope env) throws SOAPException
{
          SOAPHeader header = env.getHeader();
  
          if (header == null) {
              header = env.addHeader();
          }
  
          Iterator headerElements = header.examineHeaderElements(actor);
          SOAPHeaderElement he;
  
          while (headerElements.hasNext()) {
              he = (SOAPHeaderElement) headerElements.next();
  
              Name nm = he.getElementName();
  
              // find the ws-security header
              if (nm.getLocalName().equalsIgnoreCase(WSConstants.WSSE_LN) && nm.getURI().equalsIgnoreCase(WSConstants.WSSE_NS))
{
                  return he;
              }
          }
  
          // if no ws-security header add one
          Name headerName = env.createName(WSConstants.WSSE_LN, WSConstants.WSSE_PREFIX, WSConstants.WSSE_NS);
          he = header.addHeaderElement(headerName);
          he.setActor(actor);
  
          return he;
      }
  
      /**
       * insert element into security header.
       * <p>
       * @param   doc         
       * @param   elem        
       * @throws  Exception  
       */
      protected void insertIntoSecurityHeader(Document doc, Element elem) throws Exception
{
          Element wsSecHeaderElement = WSSecurityUtil.getSecurityHeader(doc, actor);
  
          if (wsSecHeaderElement == null) {
              throw new Exception("No header found");
          }
  
          Node firstChild = wsSecHeaderElement.getFirstChild();
  
          if (firstChild == null) {
              wsSecHeaderElement.appendChild(elem);
          } else {
              wsSecHeaderElement.insertBefore(elem, firstChild);
          }
      }
  
      /**
       * Set the user name token info.
       * <p>
       * @param  user       
       * @param  password   
       */
      public void setUserInfo(String user, String password) {
          this.user = user;
          this.password = password;
      }
  
      /**
       * builds a signed soap envelope.
       * <p>
       * @param   envelope    
       * @return              
       * @throws  Exception  
       */
      public SOAPEnvelope build(SOAPEnvelope envelope) throws Exception {
          log.debug("Beginning signing...");
  
          Crypto crypto = CryptoFactory.getInstance();
  
          if (crypto == null) {
              throw new Exception("no credentials");
          }
  
          insertSecurityHeader(envelope);
  
          Document doc = AxisUtil.toDocument(envelope);
  
          // Set the id of the elements to be used as digest source
          String id = setBodyID(doc);
          String uri = id + (useSingleCert ? "X509Token" : "PKIToken");
          XMLSignature sig = null;
  
          if (user == null) {
              sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
          } else {
              sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
          }
  
          Transforms transforms = new Transforms(doc);
          transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
          sig.addResourceResolver(EnvelopeIdResolver.getInstance());
          sig.addDocument("#" + id, transforms);
  
          Reference ref = new Reference(doc);
          ref.setURI("#" + uri);
  
          SecurityTokenReference secRef = new SecurityTokenReference(doc);
          secRef.setReference(ref);
  
          KeyInfo info = sig.getKeyInfo();
          info.addUnknownElement(secRef.getElement());
  
          if (user == null) {
              X509Certificate[] certs = crypto.getCertificates();
              BinarySecurity token = null;
  
              if (!useSingleCert) {
                  token = new PKIPathSecurity(doc);
                  ((PKIPathSecurity) token).setX509Certificates(certs, true);
              } else {
                  token = new X509Security(doc);
                  ((X509Security) token).setX509Certificate(certs[0]);
              }
  
              token.setID(uri);
              insertIntoSecurityHeader(doc, sig.getElement());
              sig.sign(crypto.getPrivateKey());
              insertIntoSecurityHeader(doc, token.getElement());
          } else if (user != null) {
              UsernameToken token2 = new UsernameToken(doc);
              token2.setName(this.user);
              token2.setPassword(this.password);
              token2.setID(uri);
              insertIntoSecurityHeader(doc, sig.getElement());
              sig.sign(sig.createSecretKey(token2.getSecretKey()));
              insertIntoSecurityHeader(doc, token2.getElement());
          }
  
          log.debug("Signing complete.");
  
          return AxisUtil.toSOAPMessage(doc).getSOAPPart().getEnvelope();
      }
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/src/org/apache/ws/security/message/WSEnvelopeBuilder2.java
  
  Index: WSEnvelopeBuilder2.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.ws.security.message;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  import org.apache.ws.security.WSConstants;
  import org.apache.ws.security.components.crypto.Crypto;
  import org.apache.ws.security.components.crypto.CryptoFactory;
  import org.apache.ws.security.util.AxisUtil;
  import org.apache.ws.security.util.WSSecurityUtil;
  import org.apache.xml.security.encryption.XMLCipher;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  
  import javax.crypto.Cipher;
  import javax.crypto.KeyGenerator;
  import javax.crypto.SecretKey;
  import javax.xml.soap.SOAPEnvelope;
  import java.security.cert.X509Certificate;
  
  /**
   * Builds X509 WS-Security SOAP Envelopes.
   * <p>
   * @author  Davanum Srinivas (dims@yahoo.com).
   */
  public class WSEnvelopeBuilder2 extends WSEnvelopeBuilder {
      private static Log log = LogFactory.getLog(WSEnvelopeBuilder2.class.getName());
  
      /** Constructor. */
      public WSEnvelopeBuilder2() {
      }
  
      /**
       * Constructor.
       * <p>
       * @param  actor   
       */
      public WSEnvelopeBuilder2(String actor) {
          this.actor = actor;
      }
  
      /**
       * builds a signed soap envelope.
       * <p>
       * @param   soapEnvelope          
       * @return              
       * @throws  Exception  
       */
      public SOAPEnvelope build(SOAPEnvelope soapEnvelope) throws Exception {
          log.debug("Beginning Encryption...");
  
          Document doc = AxisUtil.toDocument(soapEnvelope);
          Element envelope = doc.getDocumentElement();
  
          envelope.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.ENC_PREFIX,
WSConstants.ENC_NS);
  
          Element nsContext = WSSecurityUtil.createNamespaceContext(doc);
  
          Element body = (Element) WSSecurityUtil.selectSingleNode(envelope, "env:Body", nsContext);
          XMLCipher xmlCipher = XMLCipher.getInstance(WSConstants.ENC_NS + "tripledes-cbc");
          KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
          SecretKey symmetricKey = keyGen.generateKey();
          xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
  
          Element firstChild = (Element) WSSecurityUtil.selectSingleNode(body, "*", nsContext);
          xmlCipher.doFinal(doc, firstChild);
  
          Element xencEncryptedData = (Element) WSSecurityUtil.selectSingleNode(body, "xenc:EncryptedData",
nsContext);
          String xencEncryptedDataId = "enc1";
          String xencEncryptedDataRef = "#" + xencEncryptedDataId;
  
          xencEncryptedData.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsu", WSConstants.WSU_NS);
          xencEncryptedData.setAttributeNS(WSConstants.WSU_NS, "wsu:Id", xencEncryptedDataId);
  
          Element wsseSecurity = WSSecurityUtil.findWsseSecurityHeaderBlock(doc, envelope,
true);
          Element xencEncryptedKey = createSubtreeXencEncryptedKey(doc, xencEncryptedDataRef);
          WSSecurityUtil.prependChildElement(doc, wsseSecurity, xencEncryptedKey, true);
  
          Element wsseKeyIdentifier = (Element) WSSecurityUtil.selectSingleNode(xencEncryptedKey,
"wsse:KeyIdentifier", nsContext);
          X509Certificate remoteCert = null;
          Crypto crypto = CryptoFactory.getInstance();
  
          if (crypto == null) {
              throw new Exception("no credentials");
          }
  
          remoteCert = crypto.getCertificates()[0];
  
          byte encodedCert[] = remoteCert.getEncoded();
          org.w3c.dom.Text certText = WSSecurityUtil.createBase64EncodedTextNode(doc, encodedCert);
          wsseKeyIdentifier.appendChild(certText);
  
          Cipher cipher = Cipher.getInstance("RSA");
          cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
  
          byte[] encryptedKey = cipher.doFinal(symmetricKey.getEncoded());
          org.w3c.dom.Text keyText = WSSecurityUtil.createBase64EncodedTextNode(doc, encryptedKey);
          Element xencCipherValue = (Element) WSSecurityUtil.selectSingleNode(xencEncryptedKey,
"xenc:CipherData/xenc:CipherValue", nsContext);
          xencCipherValue.appendChild(keyText);
          log.debug("Encryption complete.");
  
          return AxisUtil.toSOAPMessage(doc).getSOAPPart().getEnvelope();
      }
  
      /**
       * create dom subtree
       * <p>
       * @param   doc                
       * @param   dataReferenceUri   
       * @return                     
       */
      public static Element createSubtreeXencEncryptedKey(Document doc, String dataReferenceUri)
{
          Element encryptedKey = doc.createElementNS(WSConstants.ENC_NS, "xenc:EncryptedKey");
          encryptedKey.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:xenc", WSConstants.ENC_NS);
          Element encryptionMethod = doc.createElementNS(WSConstants.ENC_NS, "xenc:EncryptionMethod");
          encryptionMethod.setAttributeNS(null, "Algorithm", WSConstants.ENC_NS + "rsa-1_5");
          WSSecurityUtil.appendChildElement(doc, encryptedKey, encryptionMethod);
  
          Element keyIdentifier = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
          keyIdentifier.setAttributeNS(null, "ValueType", "wsse:X509v3");
          keyIdentifier.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
          WSSecurityUtil.appendChildElement(doc, encryptedKey, keyIdentifier);
  
          Element cipherData = doc.createElementNS(WSConstants.ENC_NS, "xenc:CipherData");
          Element cipherValue = doc.createElementNS(WSConstants.ENC_NS, "xenc:CipherValue");
          cipherData.appendChild(cipherValue);
          WSSecurityUtil.appendChildElement(doc, encryptedKey, cipherData);
  
          Element referenceList = doc.createElementNS(WSConstants.ENC_NS, "xenc:ReferenceList");
          Element dataReference = doc.createElementNS(WSConstants.ENC_NS, "xenc:DataReference");
          dataReference.setAttributeNS(null, "URI", dataReferenceUri);
          referenceList.appendChild(dataReference);
          WSSecurityUtil.appendChildElement(doc, encryptedKey, referenceList);
  
          return encryptedKey;
      }
  }
  
  
  

Mime
View raw message