Author: werner
Date: Tue Oct 11 01:22:56 2005
New Revision: 312837
URL: http://svn.apache.org/viewcvs?rev=312837&view=rev
Log:
Some fixes and modifications for configurable JCE security
provider, setting of AES-128 as default symmetric encryption
algorithm.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Tue Oct
11 01:22:56 2005
@@ -186,6 +186,9 @@
* method to use triple DES as the symmetric algorithm to encrypt data.
* <p/>
* This is a required method as defined by XML encryption.
+ * The String to use in WSDD file (in accordance to w3c specifications:
+ * <br/>
+ * http://www.w3.org/2001/04/xmlenc#tripledes-cbc
*/
public static final String TRIPLE_DES =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
@@ -194,6 +197,9 @@
* method to use AES with 128 bit key as the symmetric algorithm to
encrypt data.
* <p/>
* This is a required method as defined by XML encryption.
+ * The String to use in WSDD file (in accordance to w3c specifications:
+ * <br/>
+ * http://www.w3.org/2001/04/xmlenc#aes128-cbc
*/
public static final String AES_128 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
@@ -202,6 +208,9 @@
* method to use AES with 256 bit key as the symmetric algorithm to
encrypt data.
* <p/>
* This is a required method as defined by XML encryption.
+ * The String to use in WSDD file (in accordance to w3c specifications:
+ * <br/>
+ * http://www.w3.org/2001/04/xmlenc#aes256-cbc
*/
public static final String AES_256 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
@@ -210,6 +219,9 @@
* method to use AES with 192 bit key as the symmetric algorithm to
encrypt data.
* <p/>
* This is a optional method as defined by XML encryption.
+ * The String to use in WSDD file (in accordance to w3c specifications:
+ * <br/>
+ * http://www.w3.org/2001/04/xmlenc#aes192-cbc
*/
public static final String AES_192 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Tue Oct
11 01:22:56 2005
@@ -70,8 +70,9 @@
protected WSSConfig() {
org.apache.xml.security.Init.init();
- addJceProvider("BC",
"org.bouncycastle.jce.provider.BouncyCastleProvider");
- setJceProviderId("BC");
+ if (addJceProvider("BC",
"org.bouncycastle.jce.provider.BouncyCastleProvider")) {
+ setJceProviderId("BC");
+ }
Transform.init();
try {
Transform.register(STRTransform.implementedTransformURI,
@@ -245,46 +246,51 @@
}
- public boolean addJceProvider(String id, String className) {
- /*
- * Check if provider already exists, if not add it, otherwise
- * not (don't allow overwrite to protect standard providers).
- *
- * After adding to hashmap, load the class and register with
- * standard security provider.
- */
- if (jceProvider.get(id) == null) {
- jceProvider.put(id, className);
- return loadProvider(id, className);
- }
- return false;
- }
+ /**
+ * Add a new JCE security provider to use for WSS4J.
+ *
+ * If the provider is not already known the method loads a security
provider
+ * class and adds the provider to the java security service.
+ *
+ *
+ * @param id
+ * The id string of the provider
+ * @param className
+ * Name of the class the implements the provider. This class
+ * must be a subclass of <code>java.security.Provider</code>
+ *
+ * @return Returns <code>true</code> if the provider was successfully
+ * added, <code>false</code> otherwise.
+ */
+ public boolean addJceProvider(String id, String className) {
+ if (jceProvider.get(id) == null && loadProvider(id, className))
{
+ jceProvider.put(id, className);
+ return true;
+ }
+ return false;
+ }
/**
- * Sets the JCE provider to use in all following security operations.
- *
- * The method checks if the provider is known. If yes it sets
- * the provider id and returns true. Otherwise the provider id
- * remains unchanged and the method returns false.
- *
- * @param id is the JCE provider's id
- * @return <code>true</code> if set, <code>false</code> otherwise
- * @see addJceProvider
- */
- public boolean setJceProviderId(String id) {
- /*
- * Check if provider exists, if yes just set id and
- * return, otherwsie do nothing and return false
- * (or shall we use exceptions here - which are more
- * expensive).
- */
- if (jceProvider.get(id) != null) {
- jceProviderId = id;
- JCEMapper.setProviderId(id);
- return true;
- }
- return false;
- }
+ * Sets the JCE provider to use in all following security operations.
+ *
+ * The method checks if the provider is known. If yes it sets the
provider
+ * id and returns true. Otherwise the provider id remains unchanged and
the
+ * method returns false.
+ *
+ * @param id
+ * is the JCE provider's id
+ * @return Returns <code>true</code> if set, <code>false</code>
+ * otherwise
+ * @see addJceProvider
+ */
+ public boolean setJceProviderId(String id) {
+ if (jceProvider.get(id) != null) {
+ jceProviderId = id;
+ JCEMapper.setProviderId(id);
+ return true;
+ }
+ return false;
+ }
public String getJceProviderId() {
return jceProviderId;
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
Tue Oct 11 01:22:56 2005
@@ -568,7 +568,7 @@
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSDoAllConstants.ENC_SYM_ALGO, "AES256");
+ * call.setProperty(WSDoAllConstants.ENC_SYM_ALGO, WSConstants.AES_256);
* </pre>
* However, the parameter in the WSDD deployment file overwrites the
* property setting (deployment setting overwrites application setting).
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
Tue Oct 11 01:22:56 2005
@@ -46,6 +46,7 @@
import javax.crypto.SecretKey;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.cert.X509Certificate;
import java.util.Vector;
@@ -61,7 +62,7 @@
private static Log log = LogFactory.getLog(WSEncryptBody.class.getName());
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
- protected String symEncAlgo = WSConstants.TRIPLE_DES;
+ protected String symEncAlgo = WSConstants.AES_128;
protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
protected String encCanonAlgo = null;
protected byte[] embeddedKey = null;
@@ -603,33 +604,51 @@
}
private KeyGenerator getKeyGenerator() throws WSSecurityException {
- KeyGenerator keyGen = null;
- try {
- if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
- keyGen = KeyGenerator.getInstance("DESede");
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
- keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2");
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
- keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22");
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
- keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42");
- } else {
- return null;
- }
- } catch (NoSuchAlgorithmException e) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
- }
- return keyGen;
- }
-
- /**
- * Create DOM subtree for <code>xenc:EncryptedKey</code>
- *
- * @param doc the SOAP enevelope parent document
- * @param keyTransportAlgo specifies which alogrithm to use to encrypt the
- * symmetric key
- * @return an <code>xenc:EncryptedKey</code> element
- */
+ KeyGenerator keyGen = null;
+ String id = wssConfig.getJceProviderId();
+ try {
+ /*
+ * Assume AES as default, so initialize it
+ */
+ if (id == null) {
+ keyGen = KeyGenerator.getInstance("AES");
+ } else {
+ keyGen = KeyGenerator.getInstance("AES", id);
+ }
+ if
(symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
+ if (id == null) {
+ keyGen =
KeyGenerator.getInstance("DESede");
+ } else {
+ keyGen =
KeyGenerator.getInstance("DESede", id);
+ }
+ } else if
(symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ keyGen.init(128);
+ } else if
(symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+ keyGen.init(192);
+ } else if
(symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ keyGen.init(256);
+ } else {
+ return null;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ } catch (NoSuchProviderException e) {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ }
+ return keyGen;
+ }
+
+ /**
+ * Create DOM subtree for <code>xenc:EncryptedKey</code>
+ *
+ * @param doc
+ * the SOAP enevelope parent document
+ * @param keyTransportAlgo
+ * specifies which alogrithm to use to encrypt the symmetric
key
+ * @return an <code>xenc:EncryptedKey</code> element
+ */
public static Element createEnrcyptedKey(Document doc,
String keyTransportAlgo) {
Element encryptedKey =
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Tue Oct 11 01:22:56 2005
@@ -264,7 +264,6 @@
try {
privateKey = crypto.getPrivateKey(alias, password);
- System.out.println("Private Key class: " +
privateKey.getClass().getName());
} catch (Exception e) {
throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e);
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=312837&r1=312836&r2=312837&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Tue Oct 11 01:22:56 2005
@@ -44,7 +44,6 @@
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
-import javax.xml.transform.TransformerException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Vector;
@@ -635,44 +634,56 @@
}
public static Cipher getCipherInstance(String cipherAlgo, String jceId)
- throws WSSecurityException {
- Cipher cipher = null;
- try {
- if (cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
- cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", jceId);
- } else if (
-
cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
- cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING", jceId);
- } else {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM,
- "unsupportedKeyTransp",
- new Object[]{cipherAlgo});
- }
- } catch (NoSuchPaddingException ex) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM,
- "unsupportedKeyTransp",
- new Object[]{"No such padding: " + cipherAlgo});
- } catch (NoSuchProviderException ex) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM,
- "unsupportedKeyTransp",
- new Object[]{"no provider: " + cipherAlgo});
- } catch (NoSuchAlgorithmException ex) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM,
- "unsupportedKeyTransp",
- new Object[]{"No such algorithm: " + cipherAlgo});
- }
- return cipher;
- }
-
- /**
- * Fetch the result of a given action from a given result vector
- * <p/>
- *
- * @param wsResultVector The result vector to fetch an action from
- * @param action The action to fetch
- * @return The result fetched from the result vector, null if the result
- * could not be found
- */
+ throws WSSecurityException {
+ Cipher cipher = null;
+ try {
+ if
(cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
+ if (jceId == null) {
+ cipher =
Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+ } else {
+ cipher =
Cipher.getInstance("RSA/ECB/PKCS1PADDING", jceId);
+ }
+ } else if (cipherAlgo
+
.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
+ if (jceId == null) {
+ cipher =
Cipher.getInstance("RSA/NONE/OAEPPADDING");
+ } else {
+ cipher =
Cipher.getInstance("RSA/NONE/OAEPPADDING", jceId);
+ }
+ } else {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM,
+ "unsupportedKeyTransp", new
Object[] { cipherAlgo });
+ }
+ } catch (NoSuchPaddingException ex) {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM,
+ "unsupportedKeyTransp", new Object[] {
"No such padding: "
+ + cipherAlgo });
+ } catch (NoSuchProviderException ex) {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM,
+ "unsupportedKeyTransp", new Object[] {
"no provider: "
+ + cipherAlgo });
+ } catch (NoSuchAlgorithmException ex) {
+ throw new WSSecurityException(
+
WSSecurityException.UNSUPPORTED_ALGORITHM,
+ "unsupportedKeyTransp",
+ new Object[] { "No such algorithm: " +
cipherAlgo });
+ }
+ return cipher;
+ }
+
+ /**
+ * Fetch the result of a given action from a given result vector <p/>
+ *
+ * @param wsResultVector
+ * The result vector to fetch an action from
+ * @param action
+ * The action to fetch
+ * @return The result fetched from the result vector, null if the result
+ * could not be found
+ */
public static WSSecurityEngineResult fetchActionResult(Vector
wsResultVector, int action) {
WSSecurityEngineResult wsResult = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
