You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/10/01 15:52:56 UTC
svn commit: r451746 - in /webservices/axis2/trunk/java/modules:
rahas/src/org/apache/rahas/client/ rahas/src/org/apache/rahas/impl/
security/src/org/apache/rampart/builder/
Author: ruchithf
Date: Sun Oct 1 06:52:56 2006
New Revision: 451746
URL: http://svn.apache.org/viewvc?view=rev&rev=451746
Log:
Updated SCTIssuer to issue service entropy properly
Updated STSClient to use the correct key size
Updated *BindingBuilders to use derivedkeys when using a SecConv token
Modified:
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?view=diff&rev=451746&r1=451745&r2=451746
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java Sun Oct 1 06:52:56 2006
@@ -125,6 +125,7 @@
return processIssueResponse(version, response);
} catch (AxisFault e) {
+ e.printStackTrace();
log.error("errorInObtainingToken", e);
throw new TrustException("errorInObtainingToken", new String[]{issuerAddress});
}
@@ -285,11 +286,11 @@
//Right now we only use PSHA1 as the computed key algo
P_SHA1 p_sha1 = new P_SHA1();
- int length = (this.keySize != -1) ? keySize
+ int length = (this.keySize > 0) ? keySize
: this.algorithmSuite
.getMaximumSymmetricKeyLength();
try {
- secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length);
+ secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
} catch (ConversationException e) {
throw new TrustException("keyDerivationError", e);
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=451746&r1=451745&r2=451746
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Sun Oct 1 06:52:56 2006
@@ -159,6 +159,9 @@
sctToken.setUnattachedReference(reqAttachedRef.getFirstElement());
sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data, config.keyComputation, config.keySize);
+ sctToken.setSecret(secret);
+
//Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(data,
wstVersion,
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java?view=diff&rev=451746&r1=451745&r2=451746
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java Sun Oct 1 06:52:56 2006
@@ -94,10 +94,11 @@
//set the RPT to include a ComputedKey element
OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
- TrustUtil.createBinarySecretElement(wstVersion,
- respEntrElem,
- RahasConstants.BIN_SEC_TYPE_NONCE).
- setText(Base64.encode(data.getResponseEntropy()));
+ String entr = Base64.encode(data.getResponseEntropy());
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ respEntrElem,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ binSecElem.setText(entr);
OMElement compKeyElem =
TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=451746&r1=451745&r2=451746
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java Sun Oct 1 06:52:56 2006
@@ -26,6 +26,7 @@
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
@@ -463,7 +464,7 @@
Document doc = rmd.getDocument();
RampartPolicyData rpd = rmd.getPolicyData();
- if(policyToken.isDerivedKeys()) {
+ if(policyToken.isDerivedKeys() || policyToken instanceof SecureConversationToken) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=451746&r1=451745&r2=451746
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java Sun Oct 1 06:52:56 2006
@@ -382,7 +382,7 @@
}
Element refList = null;
- if(encrToken.isDerivedKeys()) {
+ if(encrToken.isDerivedKeys() || encrToken instanceof SecureConversationToken) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
@@ -429,6 +429,7 @@
encr.setWsConfig(rmd.getConfig());
encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
encr.setDocument(doc);
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org