1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.processor;
21
22 import java.util.Collections;
23 import java.util.List;
24
25 import org.w3c.dom.Element;
26 import org.apache.wss4j.dom.WSConstants;
27 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
28 import org.apache.wss4j.common.crypto.AlgorithmSuite;
29 import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
30 import org.apache.wss4j.common.ext.WSSecurityException;
31 import org.apache.wss4j.dom.handler.RequestData;
32 import org.apache.wss4j.dom.message.token.DerivedKeyToken;
33 import org.apache.wss4j.dom.str.DerivedKeyTokenSTRParser;
34 import org.apache.wss4j.dom.str.STRParser;
35 import org.apache.wss4j.dom.str.STRParserParameters;
36 import org.apache.wss4j.dom.str.STRParserResult;
37
38
39
40
41 public class DerivedKeyTokenProcessor implements Processor {
42
43 public List<WSSecurityEngineResult> handleToken(
44 Element elem,
45 RequestData data
46 ) throws WSSecurityException {
47
48 DerivedKeyToken dkt = new DerivedKeyToken(elem, data.getBSPEnforcer());
49
50
51 AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
52 if (algorithmSuite != null) {
53 AlgorithmSuiteValidator algorithmSuiteValidator = new
54 AlgorithmSuiteValidator(algorithmSuite);
55 algorithmSuiteValidator.checkDerivedKeyAlgorithm(
56 dkt.getAlgorithm()
57 );
58 }
59
60 byte[] secret = null;
61 Element secRefElement = dkt.getSecurityTokenReferenceElement();
62 if (secRefElement != null) {
63 STRParserParameters parameters = new STRParserParameters();
64 parameters.setData(data);
65 parameters.setStrElement(secRefElement);
66
67 STRParser strParser = new DerivedKeyTokenSTRParser();
68 STRParserResult parserResult = strParser.parseSecurityTokenReference(parameters);
69 secret = parserResult.getSecretKey();
70 } else {
71 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "noReference");
72 }
73
74 String tempNonce = dkt.getNonce();
75 if (tempNonce == null) {
76 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
77 new Object[] {"Missing wsc:Nonce value"});
78 }
79 int length = dkt.getLength();
80 byte[] keyBytes = dkt.deriveKey(length, secret);
81 WSSecurityEngineResult result =
82 new WSSecurityEngineResult(WSConstants.DKT, null, keyBytes, null);
83 data.getWsDocInfo().addTokenElement(elem);
84 String tokenId = dkt.getID();
85 if (tokenId.length() != 0) {
86 result.put(WSSecurityEngineResult.TAG_ID, tokenId);
87 }
88 result.put(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN, dkt);
89 result.put(WSSecurityEngineResult.TAG_SECRET, secret);
90 result.put(WSSecurityEngineResult.TAG_TOKEN_ELEMENT, dkt.getElement());
91 data.getWsDocInfo().addResult(result);
92 return Collections.singletonList(result);
93 }
94
95
96 }