You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/11/18 12:45:54 UTC
svn commit: r1203612 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/WSConstants.java
main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Author: coheigea
Date: Fri Nov 18 11:45:54 2011
New Revision: 1203612
URL: http://svn.apache.org/viewvc?rev=1203612&view=rev
Log:
[WSS-325] - Add support for GCM algorithms via BouncyCastle
Added:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1203612&r1=1203611&r2=1203612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Fri Nov 18 11:45:54 2011
@@ -99,6 +99,10 @@ public class WSConstants {
"http://www.w3.org/2001/04/xmlenc#aes256-cbc";
public static final String AES_192 =
"http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+ public static final String AES_128_GCM =
+ "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+ public static final String AES_256_GCM =
+ "http://www.w3.org/2009/xmlenc11#aes256-gcm";
public static final String DSA =
"http://www.w3.org/2000/09/xmldsig#dsa-sha1";
public static final String RSA =
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1203612&r1=1203611&r2=1203612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java Fri Nov 18 11:45:54 2011
@@ -393,11 +393,13 @@ public class WSSecEncryptedKey extends W
keyAlgorithm = JCEMapper.translateURItoJCEID(symEncAlgo);
}
KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
+ || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
keyGen.init(128);
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
+ || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
keyGen.init(256);
}
return keyGen;
Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java?rev=1203612&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java (added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java Fri Nov 18 11:45:54 2011
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.common.KeystoreCallbackHandler;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.w3c.dom.Document;
+
+/**
+ * A set of test-cases for encrypting and decrypting SOAP requests using GCM. See:
+ * https://issues.apache.org/jira/browse/WSS-325
+ */
+public class EncryptionGCMTest extends org.junit.Assert {
+ private static final org.apache.commons.logging.Log LOG =
+ org.apache.commons.logging.LogFactory.getLog(EncryptionGCMTest.class);
+ private static final javax.xml.namespace.QName SOAP_BODY =
+ new javax.xml.namespace.QName(
+ WSConstants.URI_SOAP11_ENV,
+ "Body"
+ );
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
+ private Crypto crypto = null;
+
+ public EncryptionGCMTest() throws Exception {
+ crypto = CryptoFactory.getInstance("wss40.properties");
+ }
+
+ /**
+ * Setup method
+ *
+ * @throws java.lang.Exception Thrown when there is a problem in setup
+ */
+ @org.junit.Before
+ public void setUp() throws Exception {
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ secEngine.setWssConfig(wssConfig);
+ }
+
+ @org.junit.Test
+ public void testAES128GCM() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("wss40");
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ builder.setSymmetricEncAlgorithm(WSConstants.AES_128_GCM);
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+ verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+ }
+
+ @org.junit.Test
+ public void testAES256GCM() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("wss40");
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ builder.setSymmetricEncAlgorithm(WSConstants.AES_256_GCM);
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+ verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+ }
+
+ /**
+ * Verifies the soap envelope
+ * <p/>
+ *
+ * @param envelope
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ @SuppressWarnings("unchecked")
+ private void verify(
+ Document doc,
+ CallbackHandler handler,
+ javax.xml.namespace.QName expectedEncryptedElement
+ ) throws Exception {
+ final java.util.List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, handler, null, crypto);
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+ //
+ // walk through the results, and make sure there is an encryption
+ // action, together with a reference to the decrypted element
+ // (as a QName)
+ //
+ boolean encrypted = false;
+ for (java.util.Iterator<WSSecurityEngineResult> ipos = results.iterator();
+ ipos.hasNext();) {
+ final WSSecurityEngineResult result = ipos.next();
+ final Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ assertNotNull(action);
+ if ((action.intValue() & WSConstants.ENCR) != 0) {
+ final java.util.List<WSDataRef> refs =
+ (java.util.List<WSDataRef>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ assertNotNull(refs);
+ encrypted = true;
+ for (java.util.Iterator<WSDataRef> jpos = refs.iterator(); jpos.hasNext();) {
+ final WSDataRef ref = jpos.next();
+ assertNotNull(ref);
+ assertNotNull(ref.getName());
+ assertEquals(
+ expectedEncryptedElement,
+ ref.getName()
+ );
+ assertNotNull(ref.getProtectedElement());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("WSDataRef element: ");
+ LOG.debug(
+ org.apache.ws.security.util.DOM2Writer.nodeToString(
+ ref.getProtectedElement()
+ )
+ );
+ }
+ }
+ }
+ }
+ assertTrue(encrypted);
+ }
+
+}