View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.processor;
21  
22  import java.util.List;
23  
24  import org.apache.ws.security.WSConstants;
25  import org.apache.ws.security.WSDocInfo;
26  import org.apache.ws.security.WSSecurityEngineResult;
27  import org.apache.ws.security.WSSecurityException;
28  import org.apache.ws.security.components.crypto.AlgorithmSuite;
29  import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
30  import org.apache.ws.security.handler.RequestData;
31  import org.apache.ws.security.message.token.DerivedKeyToken;
32  import org.apache.ws.security.str.DerivedKeyTokenSTRParser;
33  import org.apache.ws.security.str.STRParser;
34  import org.w3c.dom.Element;
35  
36  /**
37   * The processor to process <code>wsc:DerivedKeyToken</code>.
38   * 
39   * @author Ruchith Fernando (ruchith.fernando@gmail.com)
40   */
41  public class DerivedKeyTokenProcessor implements Processor {
42      
43      public List<WSSecurityEngineResult> handleToken(
44          Element elem, 
45          RequestData data, 
46          WSDocInfo wsDocInfo
47      ) throws WSSecurityException {
48          // Deserialize the DKT
49          DerivedKeyToken dkt = new DerivedKeyToken(elem, data.getWssConfig().isWsiBSPCompliant());
50          
51          // Check for compliance against the defined AlgorithmSuite
52          AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
53          if (algorithmSuite != null) {
54              AlgorithmSuiteValidator algorithmSuiteValidator = new
55                  AlgorithmSuiteValidator(algorithmSuite);
56              algorithmSuiteValidator.checkDerivedKeyAlgorithm(
57                  dkt.getAlgorithm()
58              );
59          }
60          
61          byte[] secret = null;
62          Element secRefElement = dkt.getSecurityTokenReferenceElement();
63          if (secRefElement != null) {
64              STRParser strParser = new DerivedKeyTokenSTRParser();
65              strParser.parseSecurityTokenReference(
66                  secRefElement, data, wsDocInfo, null
67              );
68              secret = strParser.getSecretKey();
69          } else {
70              throw new WSSecurityException(WSSecurityException.FAILED_CHECK, "noReference");
71          }
72          
73          String tempNonce = dkt.getNonce();
74          if (tempNonce == null) {
75              throw new WSSecurityException("Missing wsc:Nonce value");
76          }
77          int length = dkt.getLength();
78          byte[] keyBytes = dkt.deriveKey(length, secret);
79          WSSecurityEngineResult result =
80              new WSSecurityEngineResult(WSConstants.DKT, null, keyBytes, null);
81          wsDocInfo.addTokenElement(elem);
82          result.put(WSSecurityEngineResult.TAG_ID, dkt.getID());
83          result.put(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN, dkt);
84          result.put(WSSecurityEngineResult.TAG_SECRET, secret);
85          result.put(WSSecurityEngineResult.TAG_TOKEN_ELEMENT, dkt.getElement());
86          wsDocInfo.addResult(result);
87          return java.util.Collections.singletonList(result);
88      }
89  
90  
91  }