You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/06/09 15:40:49 UTC
svn commit: r1491219 - in /webservices/wss4j/trunk:
integration/src/test/java/org/apache/wss4j/integration/test/stax/
ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/ ws...
Author: giger
Date: Sun Jun 9 13:40:49 2013
New Revision: 1491219
URL: http://svn.apache.org/r1491219
Log:
WSS-449 - Receiving code can't handle the case of a Thumbprint reference to a BST in the token
- The same applies to X509 Issuer serial references and therefore fixed too
- some cleanups
Modified:
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java
Modified: webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java (original)
+++ webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java Sun Jun 9 13:40:49 2013
@@ -263,7 +263,7 @@ public class KerberosTest extends Abstra
Assert.assertEquals(nodeList.getLength(), 1);
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
- Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+ Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
final KerberosTokenSecurityEvent kerberosTokenSecurityEvent = kerberosTokenSecurityEvents.get(0);
Assert.assertNotNull(kerberosTokenSecurityEvent.getSecurityToken().getSubject());
Assert.assertTrue(kerberosTokenSecurityEvent.getSecurityToken().getPrincipal() instanceof KerberosPrincipal);
@@ -360,7 +360,7 @@ public class KerberosTest extends Abstra
Assert.assertEquals(nodeList.getLength(), 1);
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
- Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+ Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
}
}
@@ -529,7 +529,7 @@ public class KerberosTest extends Abstra
nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
- Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+ Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
}
}
@@ -625,7 +625,7 @@ public class KerberosTest extends Abstra
nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
- Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+ Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
}
}
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java Sun Jun 9 13:40:49 2013
@@ -145,17 +145,17 @@ public class AbstractPolicyTestBase exte
}
public RsaKeyValueSecurityTokenImpl getRsaKeyValueSecurityToken() throws Exception {
- return new RsaKeyValueSecurityTokenImpl(null, null);
+ return new RsaKeyValueSecurityTokenImpl(null, null, null);
}
public DsaKeyValueSecurityTokenImpl getDsaKeyValueSecurityToken() throws Exception {
- return new DsaKeyValueSecurityTokenImpl(null, null);
+ return new DsaKeyValueSecurityTokenImpl(null, null, null);
}
public ECKeyValueSecurityTokenImpl getECKeyValueSecurityToken() throws Exception {
ECKeyValueType ecKeyValueType = new ECKeyValueType();
ecKeyValueType.setNamedCurve(new NamedCurveType());
- return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null);
+ return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null, null);
}
protected String loadResourceAsString(String resource, String encoding) throws IOException {
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java Sun Jun 9 13:40:49 2013
@@ -39,10 +39,10 @@ public class WSP13SpecTest extends Abstr
public Object[][] ignoreEventsTransportBindingC11a() {
return new Object[][]{
{null, null, null},
- {WSSecurityEventConstants.HttpsToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied"},
- {WSSecurityEventConstants.RequiredElement, 2, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {WSSecurityEventConstants.UsernameToken, 3, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+ {WSSecurityEventConstants.HttpsToken, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied"},
+ {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+ {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+ {SecurityEventConstants.X509Token, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
};
}
@@ -60,9 +60,9 @@ public class WSP13SpecTest extends Abstr
public Object[][] ignoreEventsAsymmetricBindingC31a() {
return new Object[][]{
{null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
- {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 7, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+ {WSSecurityEventConstants.RequiredElement, 8, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+ {SecurityEventConstants.X509Token, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+ {WSSecurityEventConstants.UsernameToken, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
};
}
@@ -80,10 +80,10 @@ public class WSP13SpecTest extends Abstr
public Object[][] ignoreEventsSymmetricBindingC21a() {
return new Object[][]{
{null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+ {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
{WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+ {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+ {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
};
}
@@ -101,10 +101,10 @@ public class WSP13SpecTest extends Abstr
public Object[][] ignoreEventsSymmetricBindingC21b() {
return new Object[][]{
{null, null, null},
- {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+ {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
{WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
- {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
- {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+ {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+ {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
};
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Sun Jun 9 13:40:49 2013
@@ -182,31 +182,21 @@ public class InboundWSSecurityContextImp
}
}
- //search for the root tokens...
- for (int i = 0; i < tokenSecurityEvents.size(); i++) {
- TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
- SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
- if (securityToken.getKeyWrappingToken() == null && !containsSecurityToken(supportingTokens, securityToken)) {
- supportingTokens = addTokenSecurityEvent(tokenSecurityEvent, supportingTokens);
- }
- }
- //...and then for the intermediare tokens and create new TokenSecurityEvents if not already there
+ //search the root tokens and create new TokenSecurityEvents if not already there...
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
InboundSecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
- if (securityToken.getKeyWrappingToken() != null) {
- while (securityToken.getKeyWrappingToken() != null) {
- securityToken = securityToken.getKeyWrappingToken();
- }
- if (!containsSecurityToken(supportingTokens, securityToken)) {
- TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
- WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
- supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
- securityEventDeque.offer(newTokenSecurityEvent);
- }
- //remove old TokenSecurityEvent so that only root tokens are in the queue
- securityEventDeque.remove(tokenSecurityEvent);
+ while (securityToken.getKeyWrappingToken() != null) {
+ securityToken = securityToken.getKeyWrappingToken();
+ }
+ if (!containsSecurityToken(supportingTokens, securityToken)) {
+ TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
+ WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
+ supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
+ securityEventDeque.offer(newTokenSecurityEvent);
}
+ //remove old TokenSecurityEvent so that only root tokens are in the queue
+ securityEventDeque.remove(tokenSecurityEvent);
}
Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokensIterator = supportingTokens.iterator();
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -18,6 +18,7 @@
*/
package org.apache.wss4j.stax.impl.securityToken;
+import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,11 +33,18 @@ public class DsaKeyValueSecurityTokenImp
extends org.apache.xml.security.stax.impl.securityToken.DsaKeyValueSecurityToken
implements DsaKeyValueSecurityToken {
+ private Crypto crypto;
private Principal principal;
public DsaKeyValueSecurityTokenImpl(
- DSAKeyValueType dsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext) {
+ DSAKeyValueType dsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto) {
super(dsaKeyValueType, wsInboundSecurityContext);
+ this.crypto = crypto;
+ }
+
+ @Override
+ public void verify() throws XMLSecurityException {
+ crypto.verifyTrust(getPublicKey());
}
@Override
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -18,6 +18,7 @@
*/
package org.apache.wss4j.stax.impl.securityToken;
+import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,12 +33,19 @@ public class ECKeyValueSecurityTokenImpl
extends org.apache.xml.security.stax.impl.securityToken.ECKeyValueSecurityToken
implements ECKeyValueSecurityToken {
+ private Crypto crypto;
private Principal principal;
public ECKeyValueSecurityTokenImpl(
- ECKeyValueType ecKeyValueType, WSInboundSecurityContext wsInboundSecurityContext)
+ ECKeyValueType ecKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto)
throws XMLSecurityException {
super(ecKeyValueType, wsInboundSecurityContext);
+ this.crypto = crypto;
+ }
+
+ @Override
+ public void verify() throws XMLSecurityException {
+ crypto.verifyTrust(getPublicKey());
}
@Override
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -18,6 +18,7 @@
*/
package org.apache.wss4j.stax.impl.securityToken;
+import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,11 +33,18 @@ public class RsaKeyValueSecurityTokenImp
extends org.apache.xml.security.stax.impl.securityToken.RsaKeyValueSecurityToken
implements RsaKeyValueSecurityToken {
+ private Crypto crypto;
private Principal principal;
public RsaKeyValueSecurityTokenImpl(
- RSAKeyValueType rsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext) {
+ RSAKeyValueType rsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto) {
super(rsaKeyValueType, wsInboundSecurityContext);
+ this.crypto = crypto;
+ }
+
+ @Override
+ public void verify() throws XMLSecurityException {
+ crypto.verifyTrust(getPublicKey());
}
@Override
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java Sun Jun 9 13:40:49 2013
@@ -39,12 +39,16 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.x500.X500Principal;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -116,11 +120,27 @@ public class SecurityTokenFactoryImpl ex
final X509DataType x509DataType
= XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_dsig_X509Data);
if (x509DataType != null) {
-
//Issuer Serial
X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
if (x509IssuerSerialType != null) {
+ //first look if the token is included in the message (necessary for TokenInclusion policy)...
+ List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+ inboundSecurityContext.getRegisteredSecurityTokenProviders();
+ for (int i = 0; i < securityTokenProviders.size(); i++) {
+ SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+ InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+ if (inboundSecurityToken instanceof X509SecurityToken) {
+ X509SecurityToken x509SecurityToken = (X509SecurityToken) inboundSecurityToken;
+
+ final X509Certificate x509Certificate = x509SecurityToken.getX509Certificates()[0];
+ if (x509Certificate.getSerialNumber().compareTo(x509IssuerSerialType.getX509SerialNumber()) == 0 &&
+ x509Certificate.getIssuerX500Principal().equals(new X500Principal(x509IssuerSerialType.getX509IssuerName())))
+ return createSecurityTokenProxy(inboundSecurityToken,
+ WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
+ }
+ }
+ //...then if none is found create a new SecurityToken instance
return new X509IssuerSerialTokenImpl(
(WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, x509IssuerSerialType,
securityTokenReferenceType.getId(), securityProperties);
@@ -185,6 +205,31 @@ public class SecurityTokenFactoryImpl ex
(WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
securityTokenReferenceType.getId(), securityProperties);
} else if (WSSConstants.NS_THUMBPRINT.equals(valueType)) {
+ try {
+ MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
+ //first look if the token is included in the message (necessary for TokenInclusion policy)...
+ List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+ inboundSecurityContext.getRegisteredSecurityTokenProviders();
+ for (int i = 0; i < securityTokenProviders.size(); i++) {
+ SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+ InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+ if (inboundSecurityToken instanceof X509SecurityToken) {
+ X509SecurityToken x509SecurityToken = (X509SecurityToken)inboundSecurityToken;
+ byte[] tokenDigest = messageDigest.digest(x509SecurityToken.getX509Certificates()[0].getEncoded());
+
+ if (Arrays.equals(tokenDigest, binaryContent)) {
+ return createSecurityTokenProxy(inboundSecurityToken,
+ WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
+ }
+ }
+ }
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ } catch (CertificateEncodingException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
+ }
+
+ //...then if none is found create a new SecurityToken instance
return new X509ThumbprintSHA1SecurityTokenImpl(
(WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
securityTokenReferenceType.getId(), securityProperties);
@@ -214,27 +259,27 @@ public class SecurityTokenFactoryImpl ex
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
}
- MessageDigest messageDigest = null;
try {
- messageDigest = MessageDigest.getInstance("SHA-1");
+ //ok we have to find the token via digesting...
+ MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
+ List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+ inboundSecurityContext.getRegisteredSecurityTokenProviders();
+ for (int i = 0; i < securityTokenProviders.size(); i++) {
+ SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+ InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+ if (inboundSecurityToken instanceof KerberosServiceSecurityToken) {
+ KerberosServiceSecurityToken kerberosSecurityToken = (KerberosServiceSecurityToken)inboundSecurityToken;
+ byte[] tokenDigest = messageDigest.digest(kerberosSecurityToken.getBinaryContent());
+ if (Arrays.equals(tokenDigest, binaryContent)) {
+ return createSecurityTokenProxy(inboundSecurityToken,
+ WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
+ }
+ }
+ }
} catch (NoSuchAlgorithmException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
- //ok we have to find the token via digesting...
- List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders = inboundSecurityContext.getRegisteredSecurityTokenProviders();
- for (int i = 0; i < securityTokenProviders.size(); i++) {
- SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
- InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
- if (inboundSecurityToken instanceof KerberosServiceSecurityToken) {
- KerberosServiceSecurityToken kerberosSecurityToken = (KerberosServiceSecurityToken)inboundSecurityToken;
- byte[] tokenDigest = messageDigest.digest(kerberosSecurityToken.getBinaryContent());
- if (Arrays.equals(tokenDigest, binaryContent)) {
- return createSecurityTokenProxy(inboundSecurityToken,
- WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
- }
- }
- }
throw new WSSecurityException(
WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", keyIdentifierType.getValue());
} else {
@@ -273,7 +318,8 @@ public class SecurityTokenFactoryImpl ex
}
inboundSecurityContext.put("" + Thread.currentThread().hashCode(), invokeCount);
- SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider = inboundSecurityContext.getSecurityTokenProvider(uri);
+ SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
+ inboundSecurityContext.getSecurityTokenProvider(uri);
if (securityTokenProvider == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
}
@@ -326,37 +372,22 @@ public class SecurityTokenFactoryImpl ex
final CallbackHandler callbackHandler, SecurityContext securityContext)
throws XMLSecurityException {
- //todo *KeyValueSecurityToken verify() inline in classes
- //todo either handover crypto to verify() or to constructor
final RSAKeyValueType rsaKeyValueType
= XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_RSAKeyValue);
if (rsaKeyValueType != null) {
- return new RsaKeyValueSecurityTokenImpl(rsaKeyValueType, (WSInboundSecurityContext) securityContext) {
- @Override
- public void verify() throws XMLSecurityException {
- crypto.verifyTrust(getPubKey("", null, null));
- }
- };
+ return new RsaKeyValueSecurityTokenImpl(rsaKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
}
+
final DSAKeyValueType dsaKeyValueType
= XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_DSAKeyValue);
if (dsaKeyValueType != null) {
- return new DsaKeyValueSecurityTokenImpl(dsaKeyValueType, (WSInboundSecurityContext) securityContext) {
- @Override
- public void verify() throws XMLSecurityException {
- crypto.verifyTrust(getPubKey("", null, null));
- }
- };
+ return new DsaKeyValueSecurityTokenImpl(dsaKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
}
+
final ECKeyValueType ecKeyValueType
= XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig11_ECKeyValue);
if (ecKeyValueType != null) {
- return new ECKeyValueSecurityTokenImpl(ecKeyValueType, (WSInboundSecurityContext) securityContext) {
- @Override
- public void verify() throws XMLSecurityException {
- crypto.verifyTrust(getPubKey("", null, null));
- }
- };
+ return new ECKeyValueSecurityTokenImpl(ecKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
}
@@ -365,9 +396,10 @@ public class SecurityTokenFactoryImpl ex
final InboundSecurityToken inboundSecurityToken,
final WSSecurityTokenConstants.KeyIdentifier keyIdentifier) {
- Class<?>[] interfaces = new Class<?>[inboundSecurityToken.getClass().getInterfaces().length + 1];
- System.arraycopy(inboundSecurityToken.getClass().getInterfaces(), 0, interfaces, 0, inboundSecurityToken.getClass().getInterfaces().length);
- interfaces[interfaces.length - 1] = InboundSecurityToken.class;
+ List<Class<?>> implementedInterfaces = new ArrayList<Class<?>>();
+ getImplementedInterfaces(inboundSecurityToken.getClass(), implementedInterfaces);
+ Class<?>[] interfaces = implementedInterfaces.toArray(new Class<?>[implementedInterfaces.size()]);
+
return (InboundSecurityToken) Proxy.newProxyInstance(
inboundSecurityToken.getClass().getClassLoader(),
interfaces,
@@ -375,7 +407,6 @@ public class SecurityTokenFactoryImpl ex
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
- //todo static final initializer for getKeyIdentifier?
if (method.getName().equals("getKeyIdentifier")) {
return keyIdentifier;
}
@@ -385,6 +416,23 @@ public class SecurityTokenFactoryImpl ex
throw e.getTargetException();
}
}
- });
+ }
+ );
+ }
+
+ private static void getImplementedInterfaces(Class<?> clazz, List<Class<?>> interfaceList) {
+ if (clazz == null) {
+ return;
+ }
+ Class<?>[] interfaces = clazz.getInterfaces();
+ for (int i = 0; i < interfaces.length; i++) {
+ Class<?> anInterface = interfaces[i];
+
+ if (!interfaceList.contains(anInterface)) {
+ interfaceList.add(anInterface);
+ }
+ getImplementedInterfaces(anInterface, interfaceList);
+ }
+ getImplementedInterfaces(clazz.getSuperclass(), interfaceList);
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -60,7 +60,7 @@ public class X509IssuerSerialTokenImpl e
X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
setX509Certificates(certs);
if (certs == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
}
return this.alias = getCrypto().getX509Identifier(certs[0]);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -20,6 +20,7 @@ package org.apache.wss4j.stax.impl.secur
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -48,6 +49,9 @@ public class X509SKISecurityTokenImpl ex
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SKI_BYTES);
cryptoType.setBytes(binaryContent);
X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+ if (certs == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
+ }
this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java Sun Jun 9 13:40:49 2013
@@ -20,6 +20,7 @@ package org.apache.wss4j.stax.impl.secur
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -48,7 +49,9 @@ public class X509ThumbprintSHA1SecurityT
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
cryptoType.setBytes(binaryContent);
X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
-
+ if (certs == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
+ }
this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java Sun Jun 9 13:40:49 2013
@@ -183,7 +183,7 @@ public class InboundWSSecurityContextImp
boolean encryptedSupportingTokensOccured = false;
boolean mainEncryptionTokenOccured = false;
boolean usernameTokenOccured = false;
- Assert.assertEquals(securityEventList.size(), 34);
+ Assert.assertEquals(securityEventList.size(), 31);
int x509TokenIndex = 0;
for (int i = 0; i < securityEventList.size(); i++) {
SecurityEvent securityEvent = securityEventList.get(i);
@@ -197,31 +197,31 @@ public class InboundWSSecurityContextImp
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
- Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens));
+ Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens));
signedEndorsingSupportingTokenOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 2) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
- Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens));
+ Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SupportingTokens));
encryptedSupportingTokensOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 3) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
- Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SupportingTokens));
+ Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature));
supportingTokensOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 4) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
- Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens));
+ Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens));
signedEndorsingEncryptedSupportingTokenOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 5) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
- Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature));
+ Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens));
mainSignatureTokenOccured = true;
} else if (securityEvent instanceof UsernameTokenSecurityEvent) {
UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
@@ -471,7 +471,7 @@ public class InboundWSSecurityContextImp
final List<SecurityEvent> securityEventList = generateSymmetricBindingSecurityEvents();
- Assert.assertEquals(securityEventList.size(), 22);
+ Assert.assertEquals(securityEventList.size(), 21);
for (int i = 0; i < securityEventList.size(); i++) {
SecurityEvent securityEvent = securityEventList.get(i);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java Sun Jun 9 13:40:49 2013
@@ -76,8 +76,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
@@ -176,8 +176,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
@@ -233,9 +233,9 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.X509Token,
WSSecurityEventConstants.EncryptedElement,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.X509Token,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
@@ -376,9 +376,9 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.X509Token,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.X509Token,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.EncryptedPart,
WSSecurityEventConstants.Operation,
@@ -538,8 +538,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.EncryptedElement,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
@@ -801,8 +801,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.EncryptedPart,
WSSecurityEventConstants.Operation,
WSSecurityEventConstants.AlgorithmSuite,
@@ -927,8 +927,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
@@ -1024,8 +1024,8 @@ public class InteroperabilityTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.Timestamp,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java Sun Jun 9 13:40:49 2013
@@ -197,11 +197,10 @@ public class SecurityContextTokenTest ex
}
}
- org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
operationSecurityEvents.size() +
- encryptedPartSecurityEvents.size() + 1 //plus one because of the
- // SecurityContextToken which can't be correlated that easy for this use case
+ encryptedPartSecurityEvents.size()
);
}
}
@@ -335,11 +334,10 @@ public class SecurityContextTokenTest ex
}
org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
- org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
+ org.junit.Assert.assertEquals(6, signatureValueSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
operationSecurityEvents.size() +
- signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + 1 //plus one because of the
- // SecurityContextToken which can't be correlated that easy for this use case
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size()
);
}
}
@@ -497,11 +495,10 @@ public class SecurityContextTokenTest ex
org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
- org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
operationSecurityEvents.size() +
- signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size() + 1 //plus one because of the
- // SecurityContextToken which can't be correlated that easy for this use case
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
);
}
}
@@ -612,11 +609,10 @@ public class SecurityContextTokenTest ex
org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
- org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
operationSecurityEvents.size() +
- signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size() + 1 //plus one because of the
- // SecurityContextToken which can't be correlated that easy for this use case
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
);
}
}
@@ -670,7 +666,6 @@ public class SecurityContextTokenTest ex
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SecurityContextToken,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.SecurityContextToken,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
};
@@ -709,8 +704,7 @@ public class SecurityContextTokenTest ex
org.junit.Assert.assertEquals(4, signatureValueSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
operationSecurityEvents.size() +
- signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + 1 //plus one because of the
- // SecurityContextToken which can't be correlated that easy for this use case
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size()
);
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Sun Jun 9 13:40:49 2013
@@ -1316,8 +1316,8 @@ public class SignatureTest extends Abstr
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.KeyValueToken,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
};
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java Sun Jun 9 13:40:49 2013
@@ -158,8 +158,8 @@ public class SAMLTokenReferenceTest exte
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SamlToken,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
@@ -271,7 +271,6 @@ public class SAMLTokenReferenceTest exte
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
};
@@ -602,8 +601,8 @@ public class SAMLTokenReferenceTest exte
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SamlToken,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
@@ -716,7 +715,6 @@ public class SAMLTokenReferenceTest exte
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
};
@@ -842,7 +840,6 @@ public class SAMLTokenReferenceTest exte
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignatureValue,
- WSSecurityEventConstants.SamlToken,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,
};
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java Sun Jun 9 13:40:49 2013
@@ -123,8 +123,8 @@ public class SamlTokenDerivedTest extend
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.X509Token,
- WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.SamlToken,
+ WSSecurityEventConstants.SignatureValue,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.SignedElement,
WSSecurityEventConstants.Operation,