You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/02/10 13:15:35 UTC
svn commit: r1566591 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/tes...
Author: coheigea
Date: Mon Feb 10 12:15:34 2014
New Revision: 1566591
URL: http://svn.apache.org/r1566591
Log:
Added some derived key interop tests
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Mon Feb 10 12:15:34 2014
@@ -868,15 +868,16 @@ public class ConfigurationConstants {
public static final String PASSWORD_ENCRYPTOR_INSTANCE = "passwordEncryptorInstance";
/**
- * This controls how deriving tokens are referenced. The valid values are:
- *
- * <code>DirectReference</code>, <code>EncryptedKey</code>,
- * <code>SecurityContextToken</code>.
+ * This controls the deriving token from which DerivedKeyTokens derive keys from.
+ * Valid values are:
+ * - DirectReference: A reference to a BinarySecurityToken
+ * - EncryptedKey: A reference to an EncryptedKey
+ * - SecurityContextToken: A reference to a SecurityContextToken
*/
public static final String DERIVED_TOKEN_REFERENCE = "derivedTokenReference";
/**
- * This controls the key identifier of Derived Tokens.
+ * This controls the key identifier of Derived Tokens, i.e. how they reference the deriving key.
*/
public static final String DERIVED_TOKEN_KEY_ID = "derivedTokenKeyIdentifier";
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java Mon Feb 10 12:15:34 2014
@@ -53,6 +53,7 @@ public abstract class SignatureEncryptio
private String sha1Value;
private String derivedKeyTokenReference;
private int derivedKeyLength;
+ private int derivedKeyIdentifier;
public X509Certificate getCertificate() {
return certificate;
@@ -167,5 +168,11 @@ public abstract class SignatureEncryptio
public void setDerivedKeyLength(int derivedKeyLength) {
this.derivedKeyLength = derivedKeyLength;
}
+ public int getDerivedKeyIdentifier() {
+ return derivedKeyIdentifier;
+ }
+ public void setDerivedKeyIdentifier(int derivedKeyIdentifier) {
+ this.derivedKeyIdentifier = derivedKeyIdentifier;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Mon Feb 10 12:15:34 2014
@@ -91,7 +91,11 @@ public class SignatureDerivedAction impl
if ("EncryptedKey".equals(derivedKeyTokenReference)) {
encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo(signatureToken.getUser());
- encrKeyBuilder.setKeyIdentifierType(signatureToken.getKeyIdentifierId());
+ if (signatureToken.getDerivedKeyIdentifier() != 0) {
+ encrKeyBuilder.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
+ } else {
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
encrKeyBuilder.prepare(doc, signatureToken.getCrypto());
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -112,8 +116,10 @@ public class SignatureDerivedAction impl
} else {
// DirectReference
- if (signatureToken.getKeyIdentifierId() != 0) {
- wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());
+ if (signatureToken.getDerivedKeyIdentifier() != 0) {
+ wsSign.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
+ } else {
+ wsSign.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
byte[] key = null;
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Mon Feb 10 12:15:34 2014
@@ -568,6 +568,12 @@ public abstract class WSHandler {
String derivedKeyReference = getString(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, mc);
actionToken.setDerivedKeyTokenReference(derivedKeyReference);
+ String derivedKeyIdentifier = getString(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, mc);
+ if (derivedKeyIdentifier != null) {
+ Integer id = WSHandlerConstants.getKeyIdentifier(derivedKeyIdentifier);
+ actionToken.setDerivedKeyIdentifier(id);
+ }
+
String derivedKeyLength = getString(WSHandlerConstants.DERIVED_SIGNATURE_KEY_LENGTH, mc);
if (derivedKeyLength != null) {
try {
@@ -682,6 +688,12 @@ public abstract class WSHandler {
String derivedKeyReference = getString(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, mc);
actionToken.setDerivedKeyTokenReference(derivedKeyReference);
+ String derivedKeyIdentifier = getString(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, mc);
+ if (derivedKeyIdentifier != null) {
+ Integer id = WSHandlerConstants.getKeyIdentifier(derivedKeyIdentifier);
+ actionToken.setDerivedKeyIdentifier(id);
+ }
+
String derivedKeyLength = getString(WSHandlerConstants.DERIVED_ENCRYPTION_KEY_LENGTH, mc);
if (derivedKeyLength != null) {
try {
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java Mon Feb 10 12:15:34 2014
@@ -74,7 +74,7 @@ public class DerivedKeyActionTest extend
java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
- config.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -106,7 +106,7 @@ public class DerivedKeyActionTest extend
java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
- config.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
config.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
reqData.setMsgContext(config);
@@ -140,7 +140,7 @@ public class DerivedKeyActionTest extend
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(WSHandlerConstants.SIG_DIGEST_ALGO, WSConstants.SHA256);
- config.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -171,7 +171,7 @@ public class DerivedKeyActionTest extend
java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
- config.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
config.put(WSHandlerConstants.DERIVED_SIGNATURE_KEY_LENGTH, "16");
reqData.setMsgContext(config);
@@ -204,7 +204,7 @@ public class DerivedKeyActionTest extend
java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
- config.put(WSHandlerConstants.SIG_KEY_ID, "SKIKeyIdentifier");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "SKIKeyIdentifier");
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -236,7 +236,7 @@ public class DerivedKeyActionTest extend
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
- config.put(WSHandlerConstants.SIG_KEY_ID, "X509KeyIdentifier");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "X509KeyIdentifier");
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -268,7 +268,7 @@ public class DerivedKeyActionTest extend
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
- config.put(WSHandlerConstants.SIG_KEY_ID, "Thumbprint");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java?rev=1566591&r1=1566590&r2=1566591&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java Mon Feb 10 12:15:34 2014
@@ -59,11 +59,13 @@ import javax.xml.transform.stream.Stream
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
+import java.util.Properties;
@RunWith(value = org.junit.runners.Parameterized.class)
public class DerivedKeyTokenTest extends AbstractTestBase {
@@ -377,7 +379,46 @@ public class DerivedKeyTokenTest extends
XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+ }
+
+ @Test
+ public void testSignatureInboundAction() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SIGNATURE_DERIVED;
+
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
+ if (version == ConversationConstants.VERSION_05_02) {
+ properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
+ }
+ properties.put(WSHandlerConstants.USER, "receiver");
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 1);
}
@@ -474,6 +515,45 @@ public class DerivedKeyTokenTest extends
Assert.assertEquals(nodeList.getLength(), 1);
}
}
+
+
+ @Test
+ public void testSignatureThumbprintSHA1InboundAction() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SIGNATURE_DERIVED;
+
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+ if (version == ConversationConstants.VERSION_05_02) {
+ properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
+ }
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+ }
@Test
public void testSignatureSKIOutbound() throws Exception {
@@ -566,6 +646,45 @@ public class DerivedKeyTokenTest extends
Assert.assertEquals(nodeList.getLength(), 1);
}
}
+
+ @Test
+ public void testSignatureSKIInboundAction() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SIGNATURE_DERIVED;
+
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "SKIKeyIdentifier");
+ if (version == ConversationConstants.VERSION_05_02) {
+ properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
+ }
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ }
+ }
@Test
public void testSignatureEncryptOutbound() throws Exception {