You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by GitBox <gi...@apache.org> on 2020/01/09 10:41:15 UTC
[GitHub] [ws-wss4j] coheigea commented on a change in pull request #2:
WSS-659 SecurityContextToken validator fixing QName
coheigea commented on a change in pull request #2: WSS-659 SecurityContextToken validator fixing QName
URL: https://github.com/apache/ws-wss4j/pull/2#discussion_r364669211
##########
File path: ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
##########
@@ -1114,4 +1122,66 @@ public void testSCTSign() throws Exception {
);
}
}
+
+ @Test
+ public void testSCTCustomValidator() throws Exception {
+ byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
+ sctBuilder.setWscVersion(version);
+ Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
+ sctBuilder.prepare(crypto);
+
+ // Store the secret
+ SecretKeyCallbackHandler callbackHandler = new SecretKeyCallbackHandler();
+ callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ WSSecSignature builder = new WSSecSignature(secHeader);
+ builder.setSecretKey(tempSecret);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ builder.setCustomTokenValueType(WSConstants.WSC_SCT);
+ builder.setCustomTokenId(tokenId);
+ builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ builder.build(crypto);
+
+ sctBuilder.prependSCTElementToHeader();
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(doc), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
+ securityProperties.setCallbackHandler(callbackHandler);
+
+ final boolean[] validatorCalled = {false};
+ SecurityContextTokenValidator validator = new SecurityContextTokenValidatorImpl() {
+ @Override
+ public InboundSecurityToken validate(AbstractSecurityContextTokenType securityContextTokenType, String identifier, TokenContext tokenContext) throws WSSecurityException {
+ validatorCalled[0] = true;
+ return super.validate(securityContextTokenType, identifier, tokenContext);
+ }
+ };
+ securityProperties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
+ securityProperties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
Review comment:
Replace these two lines with the following, to make sure we are only setting the validator for the correct version:
if (version == ConversationConstants.VERSION_05_02) {
securityProperties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
} else {
securityProperties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org