All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.wss4j.dom.message.WSSecDKEncrypt Maven / Gradle / Ivy

There is a newer version: 3.0.4
Show newest version
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.wss4j.dom.message;

import java.util.ArrayList;
import java.util.List;

import javax.crypto.SecretKey;

import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.encryption.Serializer;
import org.apache.xml.security.keys.KeyInfo;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/**
 * Encrypts and signs parts of a message with derived keys derived from a
 * symmetric key. This symmetric key will be included as an EncryptedKey
 */
public class WSSecDKEncrypt extends WSSecDerivedKeyBase {

    private String symEncAlgo = WSConstants.AES_128;
    private int derivedKeyLength = -1;

    private List attachmentEncryptedDataElements;

    private Serializer encryptionSerializer;

    public WSSecDKEncrypt(WSSecHeader securityHeader) {
        super(securityHeader);
    }

    public WSSecDKEncrypt(Document doc) {
        super(doc);
    }

    @Override
    public void prepare() throws WSSecurityException {
        super.prepare();

        attachmentEncryptedDataElements = new ArrayList<>();
    }

    public Document build() throws WSSecurityException {

        //
        // Setup the encrypted key
        //
        prepare();
        //
        // prepend elements in the right order to the security header
        //
        prependDKElementToHeader();

        Element externRefList = encrypt();

        addAttachmentEncryptedDataElements();

        addExternalRefElement(externRefList);

        return getDocument();
    }

    public void addAttachmentEncryptedDataElements() {
        if (attachmentEncryptedDataElements != null) {
            for (int i = 0; i < attachmentEncryptedDataElements.size(); i++) {
                Element encryptedData = attachmentEncryptedDataElements.get(i);
                Element securityHeaderElement = getSecurityHeader().getSecurityHeaderElement();
                WSSecurityUtil.prependChildElement(securityHeaderElement, encryptedData);
            }
        }
    }

    public Element encrypt() throws WSSecurityException {
        if (getParts().isEmpty()) {
            getParts().add(WSSecurityUtil.getDefaultEncryptionPart(getDocument()));
        }

        return encryptForExternalRef(null, getParts());
    }

    /**
     * Encrypt one or more parts or elements of the message (external).
     *
     * This method takes a vector of WSEncryptionPart object that
     * contain information about the elements to encrypt. The method call the
     * encryption method, takes the reference information generated during
     * encryption and add this to the xenc:Reference element.
     * This method can be called after prepare() and can be
     * called multiple times to encrypt a number of parts or elements.
     *
     * The method generates a xenc:Reference element that must
     * be added to the SecurityHeader. See addExternalRefElement().
     *
     * If the dataRef parameter is null the method
     * creates and initializes a new Reference element.
     *
     * @param dataRef A xenc:Reference element or null
     * @param references A list containing WSEncryptionPart objects
     * @return Returns the updated xenc:Reference element
     * @throws WSSecurityException
     */
    public Element encryptForExternalRef(Element dataRef, List references)
        throws WSSecurityException {

        KeyInfo keyInfo = createKeyInfo();

        SecretKey key = getDerivedKey(symEncAlgo);

        Encryptor encryptor = new Encryptor();
        encryptor.setDoc(getDocument());
        encryptor.setSecurityHeader(getSecurityHeader());
        encryptor.setIdAllocator(getIdAllocator());
        encryptor.setCallbackLookup(callbackLookup);
        encryptor.setAttachmentCallbackHandler(attachmentCallbackHandler);
        encryptor.setStoreBytesInAttachment(storeBytesInAttachment);
        encryptor.setEncryptionSerializer(encryptionSerializer);
        encryptor.setWsDocInfo(getWsDocInfo());
        List encDataRefs =
            encryptor.doEncryption(keyInfo, key, symEncAlgo, references, attachmentEncryptedDataElements);

        if (dataRef == null) {
            dataRef =
                getDocument().createElementNS(
                    WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":ReferenceList"
                );
        }
        return WSSecEncrypt.createDataRefList(getDocument(), dataRef, encDataRefs);
    }

    /**
     * Create a KeyInfo object
     * @throws ConversationException
     */
    private KeyInfo createKeyInfo() throws WSSecurityException {
        KeyInfo keyInfo = new KeyInfo(getDocument());
        SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
        secToken.addWSSENamespace();
        Reference ref = new Reference(getDocument());
        ref.setURI("#" + getId());
        String ns =
            ConversationConstants.getWSCNs(getWscVersion())
                + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN;
        ref.setValueType(ns);
        secToken.setReference(ref);

        keyInfo.addUnknownElement(secToken.getElement());
        Element keyInfoElement = keyInfo.getElement();
        keyInfoElement.setAttributeNS(
            WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
        );

        return keyInfo;
    }

    /**
     * Adds (prepends) the external Reference element to the Security header.
     *
     * The reference element must be created by the
     * encryptForExternalRef()  method. The method adds the
     * reference element in the SecurityHeader.
     *
     * @param referenceList The external enc:Reference element
     */
    public void addExternalRefElement(Element referenceList) {
        if (referenceList != null) {
            Node node = getdktElement().getNextSibling();
            Element securityHeaderElement = getSecurityHeader().getSecurityHeaderElement();
            if (node != null && Node.ELEMENT_NODE == node.getNodeType()) {
                securityHeaderElement.insertBefore(referenceList, node);
            } else {
                // If (at this moment) DerivedKeyToken is the LAST element of
                // the security header
                securityHeaderElement.appendChild(referenceList);
            }
        }
    }


    /**
     * Set the symmetric encryption algorithm URI to use
     * @param algo the symmetric encryption algorithm URI to use
     */
    public void setSymmetricEncAlgorithm(String algo) {
        symEncAlgo = algo;
    }

    protected int getDerivedKeyLength() throws WSSecurityException {
        return derivedKeyLength > 0 ? derivedKeyLength : KeyUtils.getKeyLength(symEncAlgo);
    }

    public void setDerivedKeyLength(int keyLength) {
        derivedKeyLength = keyLength;
    }

    public List getAttachmentEncryptedDataElements() {
        return attachmentEncryptedDataElements;
    }

    public Serializer getEncryptionSerializer() {
        return encryptionSerializer;
    }

    public void setEncryptionSerializer(Serializer encryptionSerializer) {
        this.encryptionSerializer = encryptionSerializer;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy