ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1154157 - in /webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security: WSSecurityException.java processor/EncryptedKeyProcessor.java
Date Fri, 05 Aug 2011 10:15:25 GMT
Author: coheigea
Date: Fri Aug  5 10:15:25 2011
New Revision: 1154157

URL: http://svn.apache.org/viewvc?rev=1154157&view=rev
Log:
Backmerging some of the ModifiedRequestTest changes to 1.5.x-fixes.

Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityException.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityException.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityException.java?rev=1154157&r1=1154156&r2=1154157&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityException.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityException.java
Fri Aug  5 10:15:25 2011
@@ -93,6 +93,7 @@ public class WSSecurityException extends
     }
 
     private int errorCode;
+    private Throwable cause;
 
     /**
      * Constructor.
@@ -104,7 +105,8 @@ public class WSSecurityException extends
      * @param exception
      */
     public WSSecurityException(int errorCode, String msgId, Object[] args, Throwable exception)
{
-        super(getMessage(errorCode, msgId, args), exception);
+        super(getMessage(errorCode, msgId, args));
+        this.cause = exception;
         this.errorCode = errorCode;
     }
 
@@ -159,7 +161,8 @@ public class WSSecurityException extends
      * @param errorMessage
      */
     public WSSecurityException(String errorMessage, Throwable t) {
-        super(errorMessage, t);
+        super(errorMessage);
+        this.cause = t;
     }
 
     /**
@@ -185,6 +188,25 @@ public class WSSecurityException extends
         }
         return null;
     }
+    
+    public Throwable getCause() {
+        return this.cause != null ? this.cause : super.getCause();
+    }
+            
+    /**
+     * Get message allowing for having cause's message included if verbose mode is on
+     * <p/>
+     * 
+     * @param verbose
+     * @return the message
+     */
+    public String getMessage(boolean verbose) {
+        if (verbose) {
+            return super.getMessage() + "; nested exception is: \n\t" + this.cause.toString();
+        } else {
+            return super.getMessage();
+        }
+    }
 
     /**
      * get the message from resource bundle.

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1154157&r1=1154156&r2=1154157&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Fri Aug  5 10:15:25 2011
@@ -35,15 +35,15 @@ import org.apache.ws.security.saml.SAMLK
 import org.apache.ws.security.saml.SAMLUtil;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 
-import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -54,6 +54,8 @@ import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Vector;
 
 public class EncryptedKeyProcessor implements Processor {
@@ -363,65 +365,113 @@ public class EncryptedKeyProcessor imple
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e1);
         }
 
+        List dataRefURIs = getDataRefURIs(xencEncryptedKey);
+        
         try {
             encryptedEphemeralKey = getDecodedBase64EncodedData(xencCipherValue);
             decryptedBytes = cipher.doFinal(encryptedEphemeralKey);
         } catch (IllegalStateException e2) {
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e2);
-        } catch (IllegalBlockSizeException e2) {
-            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e2);
-        } catch (BadPaddingException e2) {
-            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e2);
+        } catch (Exception ex) {
+            decryptedBytes = getRandomKey(dataRefURIs, xencEncryptedKey.getOwnerDocument());
         }
 
         if (tlog.isDebugEnabled()) {
             t1 = System.currentTimeMillis();
         }
 
-        // At this point we have the decrypted session (symmetric) key. According
-        // to W3C XML-Enc this key is used to decrypt _any_ references contained in
-        // the reference list
-        // Now lookup the references that are encrypted with this key
-        //
+        ArrayList dataRefs = 
+            decryptDataRefs(dataRefURIs, xencEncryptedKey.getOwnerDocument(), decryptedBytes);
+
+        if (tlog.isDebugEnabled()) {
+            t2 = System.currentTimeMillis();
+            tlog.debug(
+                "XMLDecrypt: total= " + (t2 - t0) + ", get-sym-key= " + (t1 - t0) 
+                + ", decrypt= " + (t2 - t1)
+            );
+        }
+        
+        return dataRefs;
+    }
+    
+    /**
+     * Generates a random secret key using the algorithm specified in the
+     * first DataReference URI
+     * 
+     * @param dataRefURIs
+     * @param doc
+     * @param wsDocInfo
+     * @return
+     * @throws WSSecurityException
+     */
+    private static byte[] getRandomKey(List dataRefURIs, Document doc) throws WSSecurityException
{
+        try {
+            String alg = "AES";
+            int size = 128;
+            if (!dataRefURIs.isEmpty()) {
+                String uri = (String)dataRefURIs.iterator().next();
+                Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, uri);
+                String algorithmURI = X509Util.getEncAlgo(ee);
+                alg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+                size = JCEMapper.getKeyLengthFromURI(algorithmURI);
+            }
+            KeyGenerator kgen = KeyGenerator.getInstance(alg);
+            kgen.init(size);
+            SecretKey k = kgen.generateKey();
+            return k.getEncoded();
+        } catch (Exception ex) {
+            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
+        }
+    }
+    
+    /**
+     * Find the list of all URIs that this encrypted Key references
+     */
+    private List getDataRefURIs(Element xencEncryptedKey) {
+        // Lookup the references that are encrypted with this key
         Element refList = 
-            (Element) WSSecurityUtil.getDirectChild(
-                (Node) xencEncryptedKey, "ReferenceList", WSConstants.ENC_NS
+            WSSecurityUtil.getDirectChildElement(
+                xencEncryptedKey, "ReferenceList", WSConstants.ENC_NS
             );
-        ArrayList dataRefs = new ArrayList();
+        List dataRefURIs = new LinkedList();
         if (refList != null) {
-            for (tmpE = refList.getFirstChild();
-                 tmpE != null; 
-                 tmpE = tmpE.getNextSibling()
-            ) {
-                if (tmpE.getNodeType() != Node.ELEMENT_NODE) {
-                    continue;
-                }
-                if (!tmpE.getNamespaceURI().equals(WSConstants.ENC_NS)) {
-                    continue;
-                }
-                if (tmpE.getLocalName().equals("DataReference")) {                   
-                    String dataRefURI = ((Element) tmpE).getAttribute("URI");
+            for (Node node = refList.getFirstChild(); node != null; node = node.getNextSibling())
{
+                if (Node.ELEMENT_NODE == node.getNodeType()
+                        && WSConstants.ENC_NS.equals(node.getNamespaceURI())
+                        && "DataReference".equals(node.getLocalName())) {
+                    String dataRefURI = ((Element) node).getAttribute("URI");
                     if (dataRefURI.charAt(0) == '#') {
                         dataRefURI = dataRefURI.substring(1);
                     }
-                    WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
-                    dataRefs.add(dataRef);
+                    dataRefURIs.add(dataRefURI);
                 }
             }
-            return dataRefs;
         }
-
-        if (tlog.isDebugEnabled()) {
-            t2 = System.currentTimeMillis();
-            tlog.debug(
-                "XMLDecrypt: total= " + (t2 - t0) + ", get-sym-key= " + (t1 - t0) 
-                + ", decrypt= " + (t2 - t1)
-            );
+        return dataRefURIs;
+    }
+    
+    /**
+     * Decrypt all data references
+     */
+    private ArrayList decryptDataRefs(
+        List dataRefURIs, Document doc, byte[] decryptedBytes
+    ) throws WSSecurityException {
+        //
+        // At this point we have the decrypted session (symmetric) key. According
+        // to W3C XML-Enc this key is used to decrypt _any_ references contained in
+        // the reference list
+        if (dataRefURIs == null || dataRefURIs.isEmpty()) {
+            return null;
         }
-        
-        return null;
+        ArrayList dataRefs = new ArrayList();
+        for (int i = 0; i < dataRefURIs.size(); i++) {
+            String dataRefURI = (String)dataRefURIs.get(i);
+            WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
+            dataRefs.add(dataRef);
+        }
+        return dataRefs;
     }
-
+    
     /**
      * Method getDecodedBase64EncodedData
      *



Mime
View raw message