Save This Page
Home » rampart-dist-1.4-src » org.apache » rahas » impl » [javadoc | source]
    1   /*
    2    * Copyright 2004,2005 The Apache Software Foundation.
    3    *
    4    * Licensed under the Apache License, Version 2.0 (the "License");
    5    * you may not use this file except in compliance with the License.
    6    * You may obtain a copy of the License at
    7    *
    8    *       http://www.apache.org/licenses/LICENSE-2.0
    9    *
   10    * Unless required by applicable law or agreed to in writing, software
   11    * distributed under the License is distributed on an "AS IS" BASIS,
   12    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   13    * See the License for the specific language governing permissions and
   14    * limitations under the License.
   15    */
   16   package org.apache.rahas.impl;
   17   
   18   import java.security.SecureRandom;
   19   
   20   import org.apache.axiom.om.OMElement;
   21   import org.apache.axiom.om.util.Base64;
   22   import org.apache.rahas.RahasConstants;
   23   import org.apache.rahas.RahasData;
   24   import org.apache.rahas.Token;
   25   import org.apache.rahas.TrustException;
   26   import org.apache.rahas.TrustUtil;
   27   import org.apache.ws.security.WSConstants;
   28   import org.apache.ws.security.WSSecurityException;
   29   import org.apache.ws.security.components.crypto.Crypto;
   30   import org.apache.ws.security.components.crypto.CryptoFactory;
   31   import org.apache.ws.security.conversation.ConversationException;
   32   import org.apache.ws.security.conversation.dkalgo.P_SHA1;
   33   import org.apache.ws.security.message.WSSecEncryptedKey;
   34   import org.apache.ws.security.util.WSSecurityUtil;
   35   import org.w3c.dom.Document;
   36   import org.w3c.dom.Element;
   37   
   38   /**
   39    * 
   40    */
   41   public class TokenIssuerUtil {
   42   
   43       public final static String ENCRYPTED_KEY = "EncryptedKey";
   44       public final static String BINARY_SECRET = "BinarySecret";
   45   
   46       public static byte[] getSharedSecret(RahasData data,
   47                                            int keyComputation,
   48                                            int keySize) throws TrustException {
   49   
   50           boolean reqEntrPresent = data.getRequestEntropy() != null;
   51   
   52           try {
   53               if (reqEntrPresent &&
   54                   keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_OWN_KEY) {
   55                   //If there is requester entropy and if the issuer is not
   56                   //configured to use its own key
   57   
   58                   if (keyComputation ==
   59                       SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT) {
   60                       data.setResponseEntropy(WSSecurityUtil.generateNonce(keySize / 8));
   61                       P_SHA1 p_sha1 = new P_SHA1();
   62                       return p_sha1.createKey(data.getRequestEntropy(),
   63                                               data.getResponseEntropy(),
   64                                               0,
   65                                               keySize / 8);
   66                   } else {
   67                       //If we reach this its expected to use the requestor's
   68                       //entropy
   69                       return data.getRequestEntropy();
   70                   }
   71               } else { // need to use a generated key
   72                   return generateEphemeralKey(keySize);
   73               }
   74           } catch (WSSecurityException e) {
   75               throw new TrustException("errorCreatingSymmKey", e);
   76           } catch (ConversationException e) {
   77               throw new TrustException("errorCreatingSymmKey", e);
   78           }
   79       }
   80   
   81       public static void handleRequestedProofToken(RahasData data,
   82                                                    int wstVersion,
   83                                                    AbstractIssuerConfig config,
   84                                                    OMElement rstrElem,
   85                                                    Token token,
   86                                                    Document doc) throws TrustException {
   87           OMElement reqProofTokElem =
   88                   TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
   89   
   90           if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
   91               && data.getRequestEntropy() != null) {
   92               //If we there's requester entropy and its configured to provide
   93               //entropy then we have to set the entropy value and
   94               //set the RPT to include a ComputedKey element
   95   
   96               OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
   97               String entr = Base64.encode(data.getResponseEntropy());
   98               OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
   99                                                               respEntrElem,
  100                                                               RahasConstants.BIN_SEC_TYPE_NONCE);
  101               binSecElem.setText(entr);
  102   
  103               OMElement compKeyElem =
  104                       TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
  105               compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
  106           } else {
  107               if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
  108                   WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
  109                   Crypto crypto;
  110                   if (config.cryptoElement != null) { // crypto props defined as elements
  111                       crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
  112                                                          data.getInMessageContext().
  113                                                                  getAxisService().getClassLoader());
  114                   } else { // crypto props defined in a properties file
  115                       crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
  116                                                          data.getInMessageContext().
  117                                                                  getAxisService().getClassLoader());
  118                   }
  119   
  120                   encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
  121                   try {
  122                       encrKeyBuilder.setUseThisCert(data.getClientCert());
  123                       encrKeyBuilder.prepare(doc, crypto);
  124                   } catch (WSSecurityException e) {
  125                       throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
  126                                                new String[]{data.
  127                                                        getClientCert().getSubjectDN().getName()});
  128                   }
  129                   Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
  130                   Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
  131                   if (bstElem != null) {
  132                       reqProofTokElem.addChild((OMElement) bstElem);
  133                   }
  134   
  135                   reqProofTokElem.addChild((OMElement) encryptedKeyElem);
  136   
  137                   token.setSecret(encrKeyBuilder.getEphemeralKey());
  138               } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
  139                   byte[] secret = TokenIssuerUtil.getSharedSecret(data,
  140                                                                   config.keyComputation,
  141                                                                   config.keySize);
  142                   OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
  143                                                                              reqProofTokElem,
  144                                                                              null);
  145                   binSecElem.setText(Base64.encode(secret));
  146                   token.setSecret(secret);
  147               } else {
  148                   throw new IllegalArgumentException(config.proofKeyType);
  149               }
  150           }
  151       }
  152   
  153       private static byte[] generateEphemeralKey(int keySize) throws TrustException {
  154           try {
  155               SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
  156               byte[] temp = new byte[keySize / 8];
  157               random.nextBytes(temp);
  158               return temp;
  159           } catch (Exception e) {
  160               throw new TrustException("errorCreatingSymmKey", e);
  161           }
  162       }
  163   
  164   }

Save This Page
Home » rampart-dist-1.4-src » org.apache » rahas » impl » [javadoc | source]