Author: ruchithf
Date: Wed Nov 7 17:05:18 2007
New Revision: 592988
URL: http://svn.apache.org/viewvc?rev=592988&view=rev
Log:
Fixed an EncryptedKeySHA1 reference issue
Updated to set the correct value type in the reference of derived key token
Made sure we don't add empty reference lists
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
Wed Nov 7 17:05:18 2007
@@ -27,6 +27,7 @@
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.Wss10;
@@ -149,6 +150,7 @@
dkEncr.setParts(encrParts);
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
+
dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
// Get and add the DKT element
@@ -420,6 +422,7 @@
Token encrToken = rpd.getRecipientToken();
if(encrToken != null && encrParts.size() > 0) {
Element refList = null;
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(encrToken.isDerivedKeys()) {
try {
@@ -430,7 +433,10 @@
}
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
-
dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 +
"#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+
dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
@@ -449,9 +455,9 @@
refList);
} catch (WSSecurityException e) {
- throw new RampartException("errorInDKEncr");
+ throw new RampartException("errorInDKEncr", e);
} catch (ConversationException e) {
- throw new RampartException("errorInDKEncr");
+ throw new RampartException("errorInDKEncr", e);
}
} else {
try {
@@ -479,8 +485,8 @@
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
-
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
-
encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -556,8 +562,9 @@
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
.getSymmetricSignature());
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
- .getMinimumSymmetricKeyLength() / 8);
-
+ .getSignatureDerivedKeyLength() / 8);
+ dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
try {
dkSign.prepare(doc, rmd.getSecHeader());
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Wed Nov 7 17:05:18 2007
@@ -16,35 +16,21 @@
package org.apache.rampart.builder;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.Vector;
-import java.util.Map.Entry;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
-import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.secpolicy.model.Wss10;
-import org.apache.ws.secpolicy.model.Wss11;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
@@ -65,6 +51,18 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+import java.util.Map.Entry;
+
public abstract class BindingBuilder {
private static Log log = LogFactory.getLog(BindingBuilder.class);
@@ -487,7 +485,9 @@
// attached use key identifier as defined in WSS1.1
section
// 7.7 Encrypted Key reference
SecurityTokenReference tokenRef = new
SecurityTokenReference(doc);
- tokenRef.setKeyIdentifierEncKeySHA1(tok.getSecret());
+ if(tok instanceof EncryptedKeyToken) {
+
tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)tok).getSHA1());;
+ }
dkSign.setExternalKey(tok.getSecret(),
tokenRef.getElement());
} else {
@@ -496,7 +496,12 @@
//Set the algo info
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+ if(tok instanceof EncryptedKeyToken) {
+ //Set the value type of the reference
+ dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 +
"#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ }
dkSign.prepare(doc, rmd.getSecHeader());
@@ -518,7 +523,6 @@
//Do signature
dkSign.computeSignature();
-
//Add elements to header
this.setInsertionLocation(RampartUtil
.insertSiblingAfter(rmd,
@@ -553,6 +557,8 @@
+
WSConstants.ENC_KEY_VALUE_TYPE);
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
} else {
+ //the tok has to be an EncryptedKey token
+
sig.setEncrKeySha1value(((EncryptedKeyToken)tok).getSHA1());
sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
Wed Nov 7 17:05:18 2007
@@ -20,6 +20,7 @@
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
@@ -28,6 +29,7 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
@@ -48,23 +50,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import com.sun.org.apache.xml.internal.serialize.XMLSerializer;
-
-import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
public class SymmetricBindingBuilder extends BindingBuilder {
@@ -179,6 +171,7 @@
Document doc = rmd.getDocument();
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(encryptionToken.isDerivedKeys()) {
log.debug("Use drived keys");
@@ -198,6 +191,8 @@
dkEncr.setExternalKey(tok.getSecret(), tok.getId());
}
try {
+
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+
dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
encrDKTokenElem = dkEncr.getdktElement();
RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
@@ -218,6 +213,7 @@
RampartUtil.setEncryptionUser(rmd, encr);
encr.setEphemeralKey(tok.getSecret());
encr.setDocument(doc);
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
// SymmKey is already encrypted, no need to do it again
encr.setEncryptSymmKey(false);
// Use key identifier in the KeyInfo in server side
@@ -523,106 +519,116 @@
}
Element refList = null;
-
- if(encrToken.isDerivedKeys() || encrToken instanceof
SecureConversationToken) {
-
- try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ if(encrParts.size() > 0) {
+ if(encrToken.isDerivedKeys() || encrToken instanceof
SecureConversationToken) {
- if(encrTokElem != null && encrTok.getAttachedReference() !=
null) {
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
- dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
- .importNode((Element)
encrTok.getAttachedReference(),
- true));
+ if(encrTokElem != null && encrTok.getAttachedReference()
!= null) {
+
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element)
doc
+ .importNode((Element)
encrTok.getAttachedReference(),
+ true));
+ } else if(encrTok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element)
doc
+ .importNode((Element)
encrTok.getUnattachedReference(),
+ true));
+ } else if (!rmd.isInitiator() &&
encrToken.isDerivedKeys()) {
+
+ // If the Encrypted key used to create the derived key
is not
+ // attached use key identifier as defined in WSS1.1
section
+ // 7.7 Encrypted Key reference
+ SecurityTokenReference tokenRef = new
SecurityTokenReference(doc);
+ if(encrTok instanceof EncryptedKeyToken) {
+
tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)encrTok).getSHA1());
+ }
+ dkEncr.setExternalKey(encrTok.getSecret(),
tokenRef.getElement());
+
+ } else {
+ dkEncr.setExternalKey(encrTok.getSecret(),
encrTok.getId());
+ }
- } else if(encrTok.getUnattachedReference() != null) {
- dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
- .importNode((Element)
encrTok.getUnattachedReference(),
- true));
- } else if (!rmd.isInitiator() && encrToken.isDerivedKeys()) {
-
- // If the Encrypted key used to create the derived key
is not
- // attached use key identifier as defined in WSS1.1
section
- // 7.7 Encrypted Key reference
- SecurityTokenReference tokenRef = new
SecurityTokenReference(doc);
-
tokenRef.setKeyIdentifierEncKeySHA1(encrTok.getSecret());
- dkEncr.setExternalKey(encrTok.getSecret(),
tokenRef.getElement());
-
- } else {
- dkEncr.setExternalKey(encrTok.getSecret(),
encrTok.getId());
- }
-
- dkEncr.prepare(doc);
- Element encrDKTokenElem = null;
- encrDKTokenElem = dkEncr.getdktElement();
- if(encrTokElem != null) {
- RampartUtil.insertSiblingAfter(rmd, encrTokElem,
encrDKTokenElem);
- } else {
- RampartUtil.insertSiblingAfter(rmd, this.timestampElement,
encrDKTokenElem);
- }
-
- refList = dkEncr.encryptForExternalRef(null, encrParts);
-
- RampartUtil.insertSiblingAfter(rmd,
- encrDKTokenElem,
- refList);
-
- } catch (WSSecurityException e) {
- throw new RampartException("errorInDKEncr");
- } catch (ConversationException e) {
- throw new RampartException("errorInDKEncr");
- }
- } else {
- try {
-
- WSSecEncrypt encr = new WSSecEncrypt();
-
- encr.setWsConfig(rmd.getConfig());
- //Hack to handle reference id issues
- //TODO Need a better fix
- if(encrTokId.startsWith("#")) {
- encrTokId = encrTokId.substring(1);
- }
- encr.setEncKeyId(encrTokId);
-
- encr.setEphemeralKey(encrTok.getSecret());
- RampartUtil.setEncryptionUser(rmd, encr);
- encr.setDocument(doc);
- encr.setEncryptSymmKey(false);
- // Use key identifier in the KeyInfo in server side
- if (!rmd.isInitiator()) {
- encr.setUseKeyIdentifier(true);
-
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- }
- encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
- .getRampartConfig(), rmd.getCustomClassLoader()));
-
-
- if (encrParts.size() > 0) {
-
- //Encrypt, get hold of the ref list and add it
- refList = encr.encryptForExternalRef(null, encrParts);
+ if(encrTok instanceof EncryptedKeyToken) {
+ dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11
+ "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ }
- if(this.timestampElement != null){
- this.setInsertionLocation(this.timestampElement);
- }else{
- this.setInsertionLocation(null);
- }
-
+
dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+
dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
+ dkEncr.prepare(doc);
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
if(encrTokElem != null) {
- RampartUtil.insertSiblingAfter(rmd,
- encrTokElem,
- refList);
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem,
encrDKTokenElem);
} else {
- RampartUtil.insertSiblingAfter(rmd,
- this.timestampElement,
- refList);
+ RampartUtil.insertSiblingAfter(rmd,
this.timestampElement, encrDKTokenElem);
}
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
}
-
- } catch (WSSecurityException e) {
- throw new RampartException("errorInEncryption", e);
- }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ if(encrTokId.startsWith("#")) {
+ encrTokId = encrTokId.substring(1);
+ }
+ encr.setEncKeyId(encrTokId);
+
+ encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setDocument(doc);
+ encr.setEncryptSymmKey(false);
+
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ // Use key identifier in the KeyInfo in server side
+ if (!rmd.isInitiator()) {
+ encr.setUseKeyIdentifier(true);
+
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+
+ if (encrParts.size() > 0) {
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ if(this.timestampElement != null){
+
this.setInsertionLocation(this.timestampElement);
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd,
+ encrTokElem,
+ refList);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd,
+ this.timestampElement,
+ refList);
+ }
+ }
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
}
if(dotDebug){
@@ -665,7 +671,7 @@
// Set the SHA1 value of the encrypted key, this is used when the
encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
- tempTok.setSHA1(getSHA1(secret));
+ tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
rmd.getTokenStorage().add(tempTok);
@@ -684,7 +690,7 @@
}
}
- private String getSHA1(byte[] secret) throws RampartException{
+ private String getSHA1(byte[] input) throws RampartException{
MessageDigest sha = null;
try {
@@ -693,7 +699,7 @@
throw new RampartException("noSHA1availabe", e1);
}
sha.reset();
- sha.update(secret);
+ sha.update(input);
byte[] data = sha.digest();
return Base64.encode(data);
@@ -724,9 +730,9 @@
Date created = new Date();
Date expires = new Date();
expires.setTime(System.currentTimeMillis() +
300000);
- org.apache.rahas.Token tempTok = new
org.apache.rahas.Token(encryptedKeyID,created,expires);
-
tempTok.setSecret((byte[])wser.getDecryptedKey());
-
+ EncryptedKeyToken tempTok = new
EncryptedKeyToken(encryptedKeyID,created,expires);
+
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY));
+
tempTok.setSHA1(getSHA1((byte[])wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
rmd.getTokenStorage().add(tempTok);
return encryptedKeyID;
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
Wed Nov 7 17:05:18 2007
@@ -27,6 +27,7 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.Header;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SignedEncryptedParts;
@@ -215,7 +216,7 @@
dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
dkSig.setExternalKey(encrKey.getEphemeralKey(),
encrKey.getId());
@@ -342,6 +343,7 @@
}
//check for derived keys
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(token.isDerivedKeys()) {
//Create a derived key and add
try {
@@ -361,8 +363,8 @@
}
//Set the algo info
-
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
+
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
dkSign.prepare(doc);
@@ -395,8 +397,8 @@
sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
WSConstants.SAML_ASSERTION_ID);
sig.setSecretKey(tok.getSecret());
-
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
-
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sig.prepare(rmd.getDocument(),
RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
Wed Nov 7 17:05:18 2007
@@ -48,8 +48,12 @@
private String asymmetricKeyWrap;
private String encryptionKeyDerivation;
+
+ private int encryptionDerivedKeyLength;
private String signatureKeyDerivation;
+
+ private int signatureDerivedKeyLength;
private int minimumSymmetricKeyLength;
@@ -95,7 +99,10 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L256;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 256;
+ this.encryptionDerivedKeyLength = 256;
} else if (Constants.ALGO_SUITE_BASIC192.equals(algoSuite)) {
this.digest = Constants.SHA1;
this.encryption = Constants.AES192;
@@ -103,6 +110,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if (Constants.ALGO_SUITE_BASIC128.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -111,6 +120,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L128;
this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
this.minimumSymmetricKeyLength = 128;
} else if (Constants.ALGO_SUITE_TRIPLE_DES.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -119,6 +130,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if (Constants.ALGO_SUITE_BASIC256_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -127,6 +140,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L256;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 256;
} else if (Constants.ALGO_SUITE_BASIC192_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -135,6 +150,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if (Constants.ALGO_SUITE_BASIC128_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -143,6 +160,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L128;
this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
this.minimumSymmetricKeyLength = 128;
} else if (Constants.ALGO_SUITE_TRIPLE_DES_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA1;
@@ -151,6 +170,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if (Constants.ALGO_SUITE_BASIC256_SHA256.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -159,6 +180,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L256;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 256;
this.minimumSymmetricKeyLength = 256;
} else if (Constants.ALGO_SUITE_BASIC192_SHA256.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -167,6 +190,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if (Constants.ALGO_SUITE_BASIC128_SHA256.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -175,6 +200,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L128;
this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
this.minimumSymmetricKeyLength = 128;
} else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -183,6 +210,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if
(Constants.ALGO_SUITE_BASIC256_SHA256_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -191,6 +220,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L256;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 256;
} else if
(Constants.ALGO_SUITE_BASIC192_SHA256_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -199,6 +230,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else if
(Constants.ALGO_SUITE_BASIC128_SHA256_RSA15.equals(algoSuite)) {
this.digest = Constants.SHA256;
@@ -207,6 +240,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L128;
this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
this.minimumSymmetricKeyLength = 128;
} else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
.equals(algoSuite)) {
@@ -216,6 +251,8 @@
this.asymmetricKeyWrap = Constants.KW_RSA15;
this.encryptionKeyDerivation = Constants.P_SHA1_L192;
this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
this.minimumSymmetricKeyLength = 192;
} else {
// throw new WSSPolicyException("Invalid algorithm suite : " +
@@ -448,5 +485,17 @@
// </sp:AlgorithmSuite>
writer.writeEndElement();
+ }
+
+ public int getEncryptionDerivedKeyLength() {
+ return encryptionDerivedKeyLength;
+ }
+
+ public int getSignatureDerivedKeyLength() {
+ return signatureDerivedKeyLength;
+ }
+
+ public void setAsymmetricKeyWrap(String asymmetricKeyWrap) {
+ this.asymmetricKeyWrap = asymmetricKeyWrap;
}
}
Modified:
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java?rev=592988&r1=592987&r2=592988&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
Wed Nov 7 17:05:18 2007
@@ -122,6 +122,7 @@
*/
private String issuerAddress;
+ private String encrKeySha1Value;
public Token(String id, Date created, Date expires) {
this.id = id;
