You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/06/08 12:29:39 UTC
svn commit: r952598 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/ src/org/apache/ws/security/action/
src/org/apache/ws/security/handler/ src/org/apache/ws/security/message/
src/org/apache/ws/security/message/token/ src/org/a...
Author: coheigea
Date: Tue Jun 8 10:29:38 2010
New Revision: 952598
URL: http://svn.apache.org/viewvc?rev=952598&view=rev
Log:
[WSS-226] - Added a configuration option to specify the secret derived key length for WSE UT_SIGN.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecUsernameToken.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew13.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java Tue Jun 8 10:29:38 2010
@@ -1,20 +1,23 @@
-/*
- * Copyright 2003-2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
+
package org.apache.ws.security;
import java.util.HashMap;
@@ -204,6 +207,11 @@ public class WSSConfig {
*/
protected boolean allowNamespaceQualifiedPasswordTypes = false;
+ /**
+ * The secret key length to be used for UT_SIGN.
+ */
+ protected int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
+
/**
* The default wsu:Id allocator is a simple "start at 1 and increment up"
@@ -424,6 +432,20 @@ public class WSSConfig {
}
/**
+ * Set the secret key length to be used for UT_SIGN.
+ */
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ /**
+ * Get the secret key length to be used for UT_SIGN.
+ */
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
+
+ /**
* @return Returns the WsuIdAllocator used to generate wsu:Id attributes
*/
public WsuIdAllocator getIdAllocator() {
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Tue Jun 8 10:29:38 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2007 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.action;
@@ -52,6 +54,7 @@ public class UsernameTokenSignedAction i
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setWsConfig(reqData.getWssConfig());
builder.setPasswordType(reqData.getPwType()); // enhancement by Alberto Coletti
+ builder.setSecretKeyLength(reqData.getSecretKeyLength());
builder.setUserInfo(reqData.getUsername(), password);
builder.addCreated();
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java Tue Jun 8 10:29:38 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2008 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.handler;
@@ -58,6 +60,7 @@ public class RequestData {
private Vector signatureValues = new Vector();
private WSSecHeader secHeader = null;
private boolean encSymmetricEncryptionKey = true;
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
public void clear() {
soapConstants = null;
@@ -71,6 +74,7 @@ public class RequestData {
signatureValues.clear();
signatureDigestAlgorithm = null;
encSymmetricEncryptionKey = true;
+ secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
signatureUser = null;
}
@@ -105,6 +109,14 @@ public class RequestData {
public void setActor(String actor) {
this.actor = actor;
}
+
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
public String getUsername() {
return username;
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java Tue Jun 8 10:29:38 2010
@@ -1,19 +1,22 @@
-/*
- * Copyright 2003-2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
+
package org.apache.ws.security.handler;
import org.apache.commons.logging.Log;
@@ -263,6 +266,7 @@ public abstract class WSHandler {
wssConfig.setAllowNamespaceQualifiedPasswordTypes(
decodeNamespaceQualifiedPasswordTypes(reqData)
);
+ wssConfig.setSecretKeyLength(reqData.getSecretKeyLength());
reqData.setWssConfig(wssConfig);
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -569,6 +573,12 @@ public abstract class WSHandler {
if (parts != null) {
splitEncParts(parts, reqData.getSignatureParts(), reqData);
}
+
+ String secretKeyLength = getString(WSHandlerConstants.WSE_SECRET_KEY_LENGTH, mc);
+ if (secretKeyLength != null) {
+ int iSecretKeyLength = Integer.parseInt(secretKeyLength);
+ reqData.setSecretKeyLength(iSecretKeyLength);
+ }
}
protected void decodeEncryptionParameter(RequestData reqData)
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java Tue Jun 8 10:29:38 2010
@@ -1,19 +1,20 @@
-/*
-
- * Copyright 2003-2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.handler;
@@ -593,9 +594,17 @@ public class WSHandlerConstants {
* (<code>{}</code>).
*/
public static final String SIGNATURE_PARTS = "signatureParts";
+
+ /**
+ * This parameter sets the length of the secret (derived) key to use for the
+ * WSE UT_SIGN functionality.
+ *
+ * The default value is 16 bytes.
+ */
+ public static final String WSE_SECRET_KEY_LENGTH = "wseSecretKeyLength";
/**
- * The name of the crypto propterty file to use for SOAP Encryption.
+ * The name of the crypto property file to use for SOAP Encryption.
* <p/>
* Refer to documentation of {@link #SIG_PROP_FILE}.
* <p/>
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecUsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecUsernameToken.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecUsernameToken.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecUsernameToken.java Tue Jun 8 10:29:38 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.message;
@@ -45,6 +47,7 @@ public class WSSecUsernameToken extends
private boolean useMac = false;
private byte[] saltValue;
private int iteration = UsernameToken.DEFAULT_ITERATION;
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
/**
* Constructor.
@@ -81,6 +84,20 @@ public class WSSecUsernameToken extends
}
/**
+ * Set the secret key length
+ */
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ /**
+ * Get the secret key length
+ */
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
+
+ /**
* Add a derived key to the UsernameToken
* @param useMac whether the derived key is to be used for a MAC or not
* @param saltValue The salt value to use
@@ -115,7 +132,7 @@ public class WSSecUsernameToken extends
if (useDerivedKey) {
return UsernameToken.generateDerivedKey(password, saltValue, iteration);
}
- return ut.getSecretKey();
+ return ut.getSecretKey(secretKeyLength);
}
/**
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java Tue Jun 8 10:29:38 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2007 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.message.token;
@@ -582,6 +584,18 @@ public class UsernameToken {
public byte[] getSecretKey() {
return getSecretKey(WSConstants.WSE_DERIVED_KEY_LEN, WSConstants.LABEL_FOR_DERIVED_KEY);
}
+
+ /**
+ * Gets the secret key as per WS-Trust spec. This method uses default setting
+ * to generate the secret key. These default values are suitable for .NET
+ * WSE.
+ *
+ * @return a secret key constructed from information contained in this
+ * username token
+ */
+ public byte[] getSecretKey(int keylen) {
+ return getSecretKey(keylen, WSConstants.LABEL_FOR_DERIVED_KEY);
+ }
/**
* Gets the secret key as per WS-Trust spec.
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java Tue Jun 8 10:29:38 2010
@@ -79,6 +79,9 @@ public class SignatureProcessor implemen
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
private String signatureId;
+
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
+
public void handleToken(
Element elem,
@@ -98,6 +101,7 @@ public class SignatureProcessor implemen
List protectedElements = new java.util.ArrayList();
byte[][] signatureValue = new byte[1][];
Principal lastPrincipalFound = null;
+ secretKeyLength = wsc.getSecretKeyLength();
try {
lastPrincipalFound =
@@ -313,7 +317,7 @@ public class SignatureProcessor implemen
if (ut.isDerivedKey()) {
secretKey = ut.getDerivedKey();
} else {
- secretKey = ut.getSecretKey();
+ secretKey = ut.getSecretKey(secretKeyLength);
}
} else if (processor instanceof BinarySecurityTokenProcessor) {
certs = ((BinarySecurityTokenProcessor)processor).getCertificates();
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew13.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew13.java?rev=952598&r1=952597&r2=952598&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew13.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew13.java Tue Jun 8 10:29:38 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package wssec;
@@ -28,8 +30,11 @@ import org.apache.axis.message.SOAPEnvel
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
@@ -117,9 +122,8 @@ public class TestWSSecurityNew13 extends
return msg.getSOAPEnvelope();
}
-
/**
- * Test the specific signing mehtod that use UsernameToken values
+ * Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
@@ -157,7 +161,103 @@ public class TestWSSecurityNew13 extends
}
/**
- * Test the specific signing mehtod that use UsernameToken values
+ * Test that uses a 32 byte key length for the secret key, instead of the default 16 bytes.
+ */
+ public void testWSS226() throws Exception {
+ Document doc = unsignedEnvelope.getAsDocument();
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecUsernameToken builder = new WSSecUsernameToken();
+ builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+ builder.setUserInfo("wernerd", "verySecret");
+ builder.addCreated();
+ builder.setSecretKeyLength(32);
+ builder.addNonce();
+ builder.prepare(doc);
+
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUsernameToken(builder);
+ sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
+ sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ LOG.info("Before signing with UT text....");
+ sign.build(doc, null, secHeader);
+ LOG.info("Before adding UsernameToken PW Text....");
+ builder.prependToHeader(secHeader);
+ Document signedDoc = doc;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Message using a 32 byte key length:");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // It should fail on the default key length of 16...
+ //
+ try {
+ secEngine.processSecurityHeader(doc, null, this, null);
+ fail ("An error was expected on verifying the signature");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ WSSecurityEngine wss226SecurityEngine = new WSSecurityEngine();
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setSecretKeyLength(32);
+ wss226SecurityEngine.setWssConfig(wssConfig);
+ wss226SecurityEngine.processSecurityHeader(doc, null, this, null);
+ }
+
+ /**
+ * Test that uses a 32 byte key length for the secret key, instead of the default 16 bytes.
+ * This test configures the key length via WSHandler.
+ */
+ public void testWSS226Handler() throws Exception {
+ MyHandler handler = new MyHandler();
+ Document doc = unsignedEnvelope.getAsDocument();
+
+ RequestData reqData = new RequestData();
+ reqData.setWssConfig(WSSConfig.getNewInstance());
+ java.util.Map config = new java.util.TreeMap();
+ config.put("password", "verySecret");
+ config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ config.put(WSHandlerConstants.WSE_SECRET_KEY_LENGTH, "32");
+ reqData.setUsername("wernerd");
+ reqData.setMsgContext(config);
+
+ java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.UT_SIGN));
+
+ handler.send(WSConstants.UT_SIGN, doc, reqData, actions, true);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Username Token Signature via WSHandler");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // It should fail on the default key length of 16...
+ //
+ try {
+ secEngine.processSecurityHeader(doc, null, this, null);
+ fail ("An error was expected on verifying the signature");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ handler.receive(WSConstants.UT_SIGN, reqData);
+
+ WSSecurityEngine wss226SecurityEngine = new WSSecurityEngine();
+ wss226SecurityEngine.setWssConfig(reqData.getWssConfig());
+ wss226SecurityEngine.processSecurityHeader(doc, null, this, null);
+ }
+
+ /**
+ * Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org