You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/04/30 12:19:34 UTC
svn commit: r770144 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/action/ src/org/apache/ws/security/handler/
test/ test/wssec/
Author: coheigea
Date: Thu Apr 30 10:19:34 2009
New Revision: 770144
URL: http://svn.apache.org/viewvc?rev=770144&view=rev
Log:
[WSS-180] - Support symmetric signature/encryption via configuration
- Added support for encrypting/signing using a symmetric key in EncryptionAction and SignatureAction
- Added a new variable WSHandlerConstants.ENC_SYM_ENC_KEY (defaults to true) to support symmetric encryption via WSHandler
- Added support for EncryptedKeySHA1 to WSHandler
- Added some tests.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/test/log4j.properties
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew17.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java Thu Apr 30 10:19:34 2009
@@ -20,6 +20,7 @@
package org.apache.ws.security.action;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
@@ -60,6 +61,16 @@
if (reqData.getEncryptParts().size() > 0) {
wsEncrypt.setParts(reqData.getEncryptParts());
}
+ if (!reqData.getEncryptSymmetricEncryptionKey()) {
+ WSPasswordCallback pwcb =
+ handler.getPassword(reqData.getEncUser(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData
+ );
+ wsEncrypt.setEphemeralKey(pwcb.getKey());
+ wsEncrypt.setEncryptSymmKey(reqData.getEncryptSymmetricEncryptionKey());
+ }
try {
wsEncrypt.build(doc, reqData.getEncCrypto(), reqData.getSecHeader());
} catch (WSSecurityException e) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java Thu Apr 30 10:19:34 2009
@@ -19,6 +19,7 @@
package org.apache.ws.security.action;
+import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
@@ -29,14 +30,13 @@
public class SignatureAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
throws WSSecurityException {
- String password =
+ WSPasswordCallback pwcb =
handler.getPassword(
reqData.getUsername(),
actionToDo,
WSHandlerConstants.PW_CALLBACK_CLASS,
WSHandlerConstants.PW_CALLBACK_REF, reqData
- ).getPassword();
-
+ );
WSSecSignature wsSign = new WSSecSignature();
wsSign.setWsConfig(reqData.getWssConfig());
@@ -50,10 +50,14 @@
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
- wsSign.setUserInfo(reqData.getUsername(), password);
+ wsSign.setUserInfo(reqData.getUsername(), pwcb.getPassword());
if (reqData.getSignatureParts().size() > 0) {
wsSign.setParts(reqData.getSignatureParts());
}
+
+ if (pwcb.getKey() != null) {
+ wsSign.setSecretKey(pwcb.getKey());
+ }
try {
wsSign.build(doc, reqData.getSigCrypto(), reqData.getSecHeader());
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java Thu Apr 30 10:19:34 2009
@@ -59,6 +59,7 @@
private WSSConfig wssConfig = null;
private Vector signatureValues = new Vector();
private WSSecHeader secHeader = null;
+ private boolean encSymmetricEncryptionKey = true;
public void clear() {
soapConstants = null;
@@ -71,6 +72,7 @@
wssConfig = null;
signatureValues.clear();
signatureDigestAlgorithm = null;
+ encSymmetricEncryptionKey = true;
}
public Object getMsgContext() {
@@ -112,6 +114,14 @@
public void setUsername(String username) {
this.username = username;
}
+
+ public void setEncryptSymmetricEncryptionKey(boolean encrypt) {
+ encSymmetricEncryptionKey = encrypt;
+ }
+
+ public boolean getEncryptSymmetricEncryptionKey() {
+ return encSymmetricEncryptionKey;
+ }
public String getPwType() {
return pwType;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Thu Apr 30 10:19:34 2009
@@ -541,7 +541,8 @@
|| tmp == WSConstants.BST_DIRECT_REFERENCE
|| tmp == WSConstants.X509_KEY_IDENTIFIER
|| tmp == WSConstants.SKI_KEY_IDENTIFIER
- || tmp == WSConstants.THUMBPRINT_IDENTIFIER)) {
+ || tmp == WSConstants.THUMBPRINT_IDENTIFIER
+ || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
throw new WSSecurityException(
"WSHandler: Signature: illegal key identification"
);
@@ -599,7 +600,8 @@
|| tmp == WSConstants.SKI_KEY_IDENTIFIER
|| tmp == WSConstants.BST_DIRECT_REFERENCE
|| tmp == WSConstants.EMBEDDED_KEYNAME
- || tmp == WSConstants.THUMBPRINT_IDENTIFIER)) {
+ || tmp == WSConstants.THUMBPRINT_IDENTIFIER
+ || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
throw new WSSecurityException(
"WSHandler: Encryption: illegal key identification"
);
@@ -611,6 +613,12 @@
String encKeyTransport =
getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
reqData.setEncKeyTransport(encKeyTransport);
+
+ String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
+ if (encSymEncKey != null) {
+ boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
+ reqData.setEncryptSymmetricEncryptionKey(encSymEndKeyBoolean);
+ }
String encParts = getString(WSHandlerConstants.ENCRYPTION_PARTS, mc);
if (encParts != null) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Thu Apr 30 10:19:34 2009
@@ -646,6 +646,22 @@
*/
public static final String ENC_KEY_TRANSPORT =
"encryptionKeyTransportAlgorithm";
+
+ /**
+ * Defines whether to encrypt the symmetric encryption key or not. If true
+ * (the default), the symmetric key used for encryption is encrypted in turn,
+ * and inserted into the security header in an "EncryptedKey" structure. If
+ * set to false, no EncryptedKey structure is constructed.
+ * <p/>
+ * The application may set this parameter using the following method:
+ * <pre>
+ * call.setProperty(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
+ * </pre>
+ * However, the parameter in the WSDD deployment file overwrites the
+ * property setting (deployment setting overwrites application setting).
+ */
+ public static final String ENC_SYM_ENC_KEY = "encryptSymmetricEncryptionKey";
+
/**
* Parameter to define which parts of the request shall be encrypted.
@@ -745,7 +761,9 @@
* </li>
* <li><code>Thumbprint</code> for {@link WSConstants#THUMBPRINT}
* </li>
- * </ul
+ * <li><code>EncryptedKeySHA1</code> for {@link WSConstants#ENCRYPTED_KEY_SHA1_IDENTIFIER}
+ * </li>
+ * </ul>
* See {@link #SIG_KEY_ID} {@link #ENC_KEY_ID}.
*/
public static Map keyIdentifier = new Hashtable();
@@ -763,6 +781,8 @@
new Integer(WSConstants.EMBEDDED_KEYNAME));
keyIdentifier.put("Thumbprint",
new Integer(WSConstants.THUMBPRINT_IDENTIFIER));
+ keyIdentifier.put("EncryptedKeySHA1",
+ new Integer(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER));
}
/*
* internally used property names to store values inside the message context
Modified: webservices/wss4j/trunk/test/log4j.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/log4j.properties?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/log4j.properties (original)
+++ webservices/wss4j/trunk/test/log4j.properties Thu Apr 30 10:19:34 2009
@@ -1,6 +1,6 @@
# Set root category priority to INFO and its only appender to CONSOLE.
-log4j.rootCategory=FATAL, CONSOLE
-# log4j.rootCategory=DEBUG, LOGFILE
+# log4j.rootCategory=FATAL, CONSOLE
+ log4j.rootCategory=DEBUG, LOGFILE
# Set the enterprise logger category to FATAL and its only appender to CONSOLE.
# log4j.logger.org.apache.axis.enterprise=FATAL, CONSOLE
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java Thu Apr 30 10:19:34 2009
@@ -29,11 +29,15 @@
import org.apache.axis.message.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
@@ -303,6 +307,46 @@
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
+ * generated session key which is then encrypted using a public key. The request is generated
+ * using WSHandler, instead of coding it.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
+ *
+ */
+ public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map messageContext = new java.util.TreeMap();
+ messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
+ messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+ reqData.setMsgContext(messageContext);
+ reqData.setUsername("");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.ENCR));
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.ENCR,
+ doc,
+ reqData,
+ actions
+ );
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
/**
* Verifies the soap envelope.
@@ -333,4 +377,52 @@
}
}
}
+
+ /**
+ * a trivial extension of the WSHandler type
+ */
+ private static class MyHandler extends WSHandler {
+
+ public Object
+ getOption(String key) {
+ return null;
+ }
+
+ public void
+ setProperty(
+ Object msgContext,
+ String key,
+ Object value
+ ) {
+ }
+
+ public Object
+ getProperty(Object ctx, String key) {
+ return ((java.util.Map)ctx).get(key);
+ }
+
+ public void
+ setPassword(Object msgContext, String password) {
+ }
+
+ public String
+ getPassword(Object msgContext) {
+ return null;
+ }
+
+ void doit(
+ int action,
+ Document doc,
+ RequestData reqData,
+ java.util.Vector actions
+ ) throws org.apache.ws.security.WSSecurityException {
+ doSenderAction(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ }
+ }
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew17.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew17.java?rev=770144&r1=770143&r2=770144&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew17.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew17.java Thu Apr 30 10:19:34 2009
@@ -43,9 +43,13 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
@@ -244,6 +248,43 @@
}
/**
+ * Test signing a message body using a symmetric key with EncryptedKeySHA1.
+ * The request is generated using WSHandler, instead of coding it.
+ */
+ public void testSymmetricSignatureSHA1Handler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map messageContext = new java.util.TreeMap();
+ messageContext.put(WSHandlerConstants.SIG_KEY_ID, "EncryptedKeySHA1");
+ messageContext.put(WSHandlerConstants.SIG_ALGO, SignatureMethod.HMAC_SHA1);
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+ reqData.setMsgContext(messageContext);
+ reqData.setUsername("");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ WSConstants.SIGN,
+ doc,
+ reqData,
+ actions
+ );
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
+
+
+ /**
* Verifies the soap envelope
* <p/>
*
@@ -278,4 +319,52 @@
}
}
}
+
+ /**
+ * a trivial extension of the WSHandler type
+ */
+ private static class MyHandler extends WSHandler {
+
+ public Object
+ getOption(String key) {
+ return null;
+ }
+
+ public void
+ setProperty(
+ Object msgContext,
+ String key,
+ Object value
+ ) {
+ }
+
+ public Object
+ getProperty(Object ctx, String key) {
+ return ((java.util.Map)ctx).get(key);
+ }
+
+ public void
+ setPassword(Object msgContext, String password) {
+ }
+
+ public String
+ getPassword(Object msgContext) {
+ return null;
+ }
+
+ void doit(
+ int action,
+ Document doc,
+ RequestData reqData,
+ java.util.Vector actions
+ ) throws org.apache.ws.security.WSSecurityException {
+ doSenderAction(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org