in ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java [69:181]
public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
try {
String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY);
if (tokenId == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider =
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
if (wrappingSecurityTokenProvider == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
final OutboundSecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
if (wrappingSecurityToken == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider = null;
GenericOutboundSecurityToken encryptedKeySecurityToken = null;
String sigTokenId =
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
// See if a Symmetric Key is already available
String encTokenId =
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
if (encTokenId == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
encryptedKeySecurityTokenProvider =
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
if (encryptedKeySecurityTokenProvider == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
encryptedKeySecurityToken =
(GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
boolean sharedToken = encTokenId.equals(sigTokenId);
FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor =
new FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalEncryptedKeyOutputProcessor.setAction(getAction(), getActionOrder());
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.ENCRYPTION.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor().getClass());
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else if (sharedToken) {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
//hint for the headerReordering processor where to place the EncryptedKey
if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION)
< getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE)) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE, getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
referenceListOutputProcessor.setAction(getAction(), getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor().getClass());
} else {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
}
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor().getClass());
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else if (sharedToken) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class);
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
//hint for the headerReordering processor where to place the EncryptedKey
if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY)
< getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) {
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY, getActionOrder());
}
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class);
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor.getClass());
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
referenceListOutputProcessor.setAction(getAction(), getActionOrder());
referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(
encryptedKeySecurityToken.getId(), encryptedKeySecurityTokenProvider);
encryptedKeySecurityToken.setProcessor(finalEncryptedKeyOutputProcessor);
} finally {
outputProcessorChain.removeProcessor(this);
}
outputProcessorChain.processEvent(xmlSecEvent);
}