/** * This static method generates a derived key as defined in WSS Username * Token Profile. * * @param password The password to include in the key generation * @param salt The Salt value * @param iteration The Iteration value. If zero (0) is given the method uses the * default value * @return Returns the derived key a byte array * @throws WSSecurityException */ public static byte[] generateDerivedKey( String password, byte[] salt, int iteration ) throws WSSecurityException { return generateDerivedKey(password.getBytes(StandardCharsets.UTF_8), salt, iteration); }
/** * Adds and optionally creates a Salt element to this UsernameToken. * * If the <code>saltValue</code> is <code>null</code> the the method * generates a new salt. Otherwise it uses the the given value. * * @param doc The Document for the UsernameToken * @param saltValue The salt to add, if null generate a new salt value * @param mac If <code>true</code> then an optionally generated value is * usable for a MAC * @return Returns the added salt */ public byte[] addSalt(Document doc, byte[] saltValue, boolean mac) { if (saltValue == null) { saltValue = UsernameTokenUtil.generateSalt(mac); } elementSalt = doc.createElementNS( WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX + ":" + WSConstants.SALT_LN ); XMLUtils.setNamespace(element, WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX); elementSalt.appendChild(doc.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(saltValue))); element.appendChild(elementSalt); return saltValue; }
/** * This static method generates a 128 bit salt value as defined in WSS * Username Token Profile. * * @param useForMac If <code>true</code> define the Salt for use in a MAC * @return Returns the 128 bit salt value as byte array */ public static byte[] generateSalt(boolean useForMac) { byte[] saltValue = null; try { saltValue = generateNonce(16); } catch (WSSecurityException ex) { LOG.debug(ex.getMessage(), ex); return null; } if (useForMac) { saltValue[0] = 0x01; } else { saltValue[0] = 0x02; } return saltValue; }
/** * Get the derived key. * * After the <code>prepare()</code> method was called use this method * to compute a derived key. The generation of this secret key is according * to the UsernameTokenProfile 1.1 specification (section 4 - Key Derivation). * * @return Return the derived key of this token or null if <code>prepare()</code> * was not called before. */ public byte[] getDerivedKey() throws WSSecurityException { if (ut == null || !useDerivedKey) { return null; } if (passwordsAreEncoded) { return UsernameTokenUtil.generateDerivedKey(org.apache.xml.security.utils.XMLUtils.decode(password), saltValue, iteration); } else { return UsernameTokenUtil.generateDerivedKey(password, saltValue, iteration); } }
byte[] salt = null; if (WSSConstants.USERNAMETOKEN_SIGNED.equals(getAction())) { salt = UsernameTokenUtil.generateSalt(useDerivedKeyForMAC);
/** * This method generates a derived key as defined in WSS Username * Token Profile. * * @return Returns the derived key a byte array * @throws org.apache.wss4j.common.ext.WSSecurityException * */ protected byte[] generateDerivedKey(WSInboundSecurityContext wsInboundSecurityContext) throws WSSecurityException { if (wsInboundSecurityContext != null) { if (salt == null || salt.length == 0) { wsInboundSecurityContext.handleBSPRule(BSPRule.R4217); } if (iteration == null || iteration < DEFAULT_ITERATION) { wsInboundSecurityContext.handleBSPRule(BSPRule.R4218); } } return UsernameTokenUtil.generateDerivedKey(password, salt, iteration.intValue()); }
@Override public Key getSecretKey(String algorithmURI) throws XMLSecurityException { Key key = super.getSecretKey(algorithmURI); if (key != null) { return key; } byte[] secretToken = UsernameTokenUtil.generateDerivedKey(getPassword(), salt, iterations); String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI); key = new SecretKeySpec(secretToken, algoFamily); setSecretKey(algorithmURI, key); return key; }
byte[] salt = getSalt(); if (passwordsAreEncoded) { return UsernameTokenUtil.generateDerivedKey(org.apache.xml.security.utils.XMLUtils.decode(rawPassword), salt, iteration); } else { return UsernameTokenUtil.generateDerivedKey(rawPassword, salt, iteration);