static WSSecEncryptedKey getSymmetricKeyBasedKeyInfoContent(Document doc, byte[] ephemeralKey, X509Certificate serviceCert, Crypto crypto) throws WSSecurityException, TrustException { // Create the encrypted key WSSecEncryptedKey encryptedKeyBuilder = new WSSecEncryptedKey(); // Use thumbprint id encryptedKeyBuilder .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); // SEt the encryption cert encryptedKeyBuilder.setUseThisCert(serviceCert); encryptedKeyBuilder.setEphemeralKey(ephemeralKey); // Set key encryption algo encryptedKeyBuilder .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); // Build encryptedKeyBuilder.prepare(doc, crypto); return encryptedKeyBuilder; }
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd, sigToken); String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); org.apache.rahas.EncryptedKeyToken tempTok = new org.apache.rahas.EncryptedKeyToken( id, (OMElement) encrKey.getEncryptedKeyElement(), created, expires); tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey())); String bstTokenId = encrKey.getBSTTokenId(); encrKey.getBinarySecurityTokenElement());
KeyGenerator keyGen = getKeyGenerator(); symmetricKey = keyGen.generateKey(); prepareInternal(symmetricKey, remoteCert, crypto);
Element bstElem = encrKey.getBinarySecurityTokenElement(); if (bstElem != null) { encrTokenElement = encrKey.getEncryptedKeyElement(); this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, encrTokenElement); encryptedKeyValue = encrKey.getEphemeralKey(); encryptedKeyId = encrKey.getId();
} else { if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) { WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(); Crypto crypto; encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); try { encrKeyBuilder.setUseThisCert(data.getClientCert()); encrKeyBuilder.prepare(doc, crypto); } catch (WSSecurityException e) { throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal", getClientCert().getSubjectDN().getName()}); Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement(); Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement(); if (bstElem != null) { reqProofTokElem.addChild((OMElement) bstElem); token.setSecret(encrKeyBuilder.getEphemeralKey()); } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) { byte[] secret = TokenIssuerUtil.getSharedSecret(data,
Element bstElem = encrKey.getBinarySecurityTokenElement(); if(bstElem != null) { RampartUtil.appendChildToSecHeader(rmd, bstElem); encrKey.appendToHeader(rmd.getSecHeader()); dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId()); sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
/** * @param rmd * @param token * @return * @throws RampartException */ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException { RampartPolicyData rpd = rmd.getPolicyData(); Document doc = rmd.getDocument(); WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); try { RampartUtil.setKeyIdentifierType(rmd, encrKey, token); RampartUtil.setEncryptionUser(rmd, encrKey); //TODO we do not need to pass keysize as it is taken from algorithm it self - verify encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); return encrKey; } catch (WSSecurityException e) { throw new RampartException("errorCreatingEncryptedKey", e); } }
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo); if (encKeyId == null || "".equals(encKeyId)) { encKeyId = "EK-" + UUIDGenerator.getUUID(); encryptedKeyElement.appendChild(keyInfoElement); Element xencCipherValue = createCipherValue(document, encryptedKeyElement); xencCipherValue.appendChild(keyText);
cipherValue.setValue(Base64.encode(wsSecEncryptedKey.getEncryptedEphemeralKey())); encryptedKey.setID(wsSecEncryptedKey.getId()); encryptedKey.setEncryptionMethod(encryptionMethod); encryptedKey.setCipherData(cipherData);
System.arraycopy(encryptedKey.getEphemeralKey(), 0, tempKey, 0, keySize / 8);
sigParts.add(new WSEncryptionPart(encrKey.getId()));
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo); if (encKeyId == null || "".equals(encKeyId)) { encKeyId = "EK-" + UUIDGenerator.getUUID(); encryptedKeyElement.appendChild(keyInfoElement); Element xencCipherValue = createCipherValue(document, encryptedKeyElement); xencCipherValue.appendChild(keyText);
KeyGenerator keyGen = getKeyGenerator(); symmetricKey = keyGen.generateKey(); prepareInternal(symmetricKey, remoteCert, crypto);