EncryptionAction xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.action;
21  
22  import java.security.cert.X509Certificate;
23  
24  import javax.security.auth.callback.CallbackHandler;
25  
26  import org.apache.ws.security.WSConstants;
27  import org.apache.ws.security.WSPasswordCallback;
28  import org.apache.ws.security.WSSecurityException;
29  import org.apache.ws.security.components.crypto.Crypto;
30  import org.apache.ws.security.components.crypto.CryptoType;
31  import org.apache.ws.security.handler.RequestData;
32  import org.apache.ws.security.handler.WSHandler;
33  import org.apache.ws.security.handler.WSHandlerConstants;
34  import org.apache.ws.security.message.WSSecEncrypt;
35  import org.w3c.dom.Document;
36  
37  public class EncryptionAction implements Action {
38      public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
39              throws WSSecurityException {
40          WSSecEncrypt wsEncrypt = new WSSecEncrypt(reqData.getWssConfig());
41  
42          if (reqData.getEncKeyId() != 0) {
43              wsEncrypt.setKeyIdentifierType(reqData.getEncKeyId());
44          }
45          if (reqData.getEncKeyId() == WSConstants.EMBEDDED_KEYNAME) {
46              String encKeyName = handler.getString(WSHandlerConstants.ENC_KEY_NAME,
47                      reqData.getMsgContext());
48              wsEncrypt.setEmbeddedKeyName(encKeyName);
49              CallbackHandler callbackHandler = 
50                  handler.getCallbackHandler(
51                      WSHandlerConstants.ENC_CALLBACK_CLASS,
52                      WSHandlerConstants.ENC_CALLBACK_REF, 
53                      reqData
54                  );
55              WSPasswordCallback passwordCallback = 
56                  handler.getPasswordCB(reqData.getEncUser(), actionToDo, callbackHandler, reqData);
57              byte[] embeddedKey = passwordCallback.getKey();
58              wsEncrypt.setKey(embeddedKey);
59              wsEncrypt.setDocument(doc);
60          }
61          if (reqData.getEncSymmAlgo() != null) {
62              wsEncrypt.setSymmetricEncAlgorithm(reqData.getEncSymmAlgo());
63          }
64          if (reqData.getEncKeyTransport() != null) {
65              wsEncrypt.setKeyEnc(reqData.getEncKeyTransport());
66          }
67          if (reqData.getEncDigestAlgorithm() != null) {
68              wsEncrypt.setDigestAlgorithm(reqData.getEncDigestAlgorithm());
69          }
70          
71          wsEncrypt.setUserInfo(reqData.getEncUser());
72          wsEncrypt.setUseThisCert(reqData.getEncCert());
73          Crypto crypto = reqData.getEncCrypto();
74          boolean enableRevocation = Boolean.valueOf(handler.getStringOption(WSHandlerConstants.ENABLE_REVOCATION));
75          if (enableRevocation && crypto != null) {
76              CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
77              cryptoType.setAlias(reqData.getEncUser());
78              X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
79              if (certs != null && certs.length > 0) {
80                  crypto.verifyTrust(certs, enableRevocation);
81              }
82          }
83          if (reqData.getEncryptParts().size() > 0) {
84              wsEncrypt.setParts(reqData.getEncryptParts());
85          }
86          if (!reqData.getEncryptSymmetricEncryptionKey()) {
87              CallbackHandler callbackHandler = 
88                  handler.getPasswordCallbackHandler(reqData);
89              WSPasswordCallback passwordCallback = 
90                  handler.getPasswordCB(reqData.getEncUser(), actionToDo, callbackHandler, reqData);
91              wsEncrypt.setEphemeralKey(passwordCallback.getKey());
92              wsEncrypt.setEncryptSymmKey(reqData.getEncryptSymmetricEncryptionKey());
93          }
94          try {
95              wsEncrypt.build(doc, reqData.getEncCrypto(), reqData.getSecHeader());
96          } catch (WSSecurityException e) {
97              throw new WSSecurityException("Error during encryption: ", e);
98          }
99      }
100 }