You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/09/23 13:13:30 UTC
svn commit: r449217 - in /webservices/axis2/trunk/java/modules/security:
src/org/apache/rampart/builder/ src/org/apache/rampart/util/
test-resources/policy/ test/org/apache/rampart/
Author: ruchithf
Date: Sat Sep 23 04:13:29 2006
New Revision: 449217
URL: http://svn.apache.org/viewvc?view=rev&rev=449217
Log:
Adding two more test with different algo suites and updated AsymmBindingBuilder to encrypt only is encrypted parts are available
Added:
webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-5-ebs.xml
webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/AsymmetricBindingBuilderTest.java
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java Sat Sep 23 04:13:29 2006
@@ -99,7 +99,11 @@
Token encryptionToken = rpd.getRecipientToken();
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
- if (encryptionToken != null) {
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if (encryptionToken != null && encrParts.size() > 0) {
if (encryptionToken.isDerivedKeys()) {
try {
// Set up the encrypted key to use
@@ -141,6 +145,7 @@
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
encr.setUserInfo(config.getEncryptionUser());
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config));
Element bstElem = encr.getBinarySecurityTokenElement();
@@ -255,8 +260,6 @@
}
}
}
- } else {
- throw new RampartException("encryptionTokenMissing");
}
}
@@ -336,6 +339,7 @@
}
dkEncr.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
dkEncr.prepare(doc);
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
@@ -365,6 +369,7 @@
encr.setDocument(doc);
encr.setUserInfo(rpd.getRampartConfig().getEncryptionUser());
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig()));
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java Sat Sep 23 04:13:29 2006
@@ -78,7 +78,13 @@
Vector signatureValues = new Vector();
Token encryptionToken = rpd.getEncryptionToken();
- if(encryptionToken != null) {
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if(encryptionToken != null && encrParts.size() > 0) {
//The encryption token can be an IssuedToken or a
//SecureConversationToken
String tokenId = null;
@@ -113,8 +119,6 @@
encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
attached = true;
}
-
- Vector encrParts = RampartUtil.getEncryptedParts(rmd);
Document doc = rmd.getDocument();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Sat Sep 23 04:13:29 2006
@@ -22,6 +22,7 @@
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
@@ -90,6 +91,11 @@
} else {
cbHandler = (CallbackHandler) rmd.getMsgContext().getProperty(
WSHandlerConstants.PW_CALLBACK_REF);
+ if(cbHandler == null) {
+ Parameter param = rmd.getMsgContext().getParameter(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ cbHandler = (CallbackHandler)param.getValue();
+ }
}
return cbHandler;
@@ -487,8 +493,10 @@
public static Vector getEncryptedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
Vector parts = rpd.getEncryptedParts();
- parts.add(new WSEncryptionPart(addWsuIdToElement(rmd
- .getMsgContext().getEnvelope().getBody()), "Content"));
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ if(rpd.isEncryptBody()) {
+ parts.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content"));
+ }
return parts;
}
Modified: webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml (original)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml Sat Sep 23 04:13:29 2006
@@ -52,6 +52,13 @@
</wsp:Policy>
</sp:Trust10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
Modified: webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-5-ebs.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-5-ebs.xml?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-5-ebs.xml (original)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-5-ebs.xml Sat Sep 23 04:13:29 2006
@@ -49,7 +49,12 @@
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
-
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
Added: webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml?view=auto&rev=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml (added)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml Sat Sep 23 04:13:29 2006
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml?view=auto&rev=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml (added)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml Sat Sep 23 04:13:29 2006
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
Modified: webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/AsymmetricBindingBuilderTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/AsymmetricBindingBuilderTest.java?view=diff&rev=449217&r1=449216&r2=449217
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/AsymmetricBindingBuilderTest.java (original)
+++ webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/AsymmetricBindingBuilderTest.java Sat Sep 23 04:13:29 2006
@@ -192,4 +192,57 @@
fail(e.getMessage());
}
}
+
+ public void testAsymmBindingTripleDesRSA15() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingTripleDesRSA15DK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ System.out.println(ctx.getEnvelope());
+
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org