You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/11/06 12:45:39 UTC
svn commit: r833359 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
test/wssec/TestWSSecurityNewSCT.java
Author: coheigea
Date: Fri Nov 6 11:45:38 2009
New Revision: 833359
URL: http://svn.apache.org/viewvc?rev=833359&view=rev
Log:
[WSS-217] - Add ability to specify a reference to an absolute URI in the derived key functionality
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=833359&r1=833358&r2=833359&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Fri Nov 6 11:45:38 2009
@@ -62,7 +62,7 @@
* wsu:Id of the wsc:DerivedKeyToken
*/
protected String dktId = null;
-
+
/**
* Client's label value
*/
@@ -83,6 +83,12 @@
* is (or to be) derived from.
*/
protected String tokenIdentifier = null;
+
+ /**
+ * True if the tokenIdentifier is a direct reference to a key identifier
+ * instead of a URI to a key
+ */
+ protected boolean tokenIdDirectId;
/**
* The derived key will change depending on the sig/encr algorithm.
@@ -206,7 +212,11 @@
//Create the SecurityTokenRef to the Encrypted Key
SecurityTokenReference strEncKey = new SecurityTokenReference(document);
Reference ref = new Reference(document);
- ref.setURI("#" + this.tokenIdentifier);
+ if (tokenIdDirectId) {
+ ref.setURI(this.tokenIdentifier);
+ } else {
+ ref.setURI("#" + this.tokenIdentifier);
+ }
if (this.customValueType != null && this.customValueType.trim().length() > 0) {
ref.setValueType(this.customValueType);
}
@@ -257,4 +267,8 @@
public void setCustomValueType(String customValueType) {
this.customValueType = customValueType;
}
+
+ public void setTokenIdDirectId(boolean b) {
+ tokenIdDirectId = b;
+ }
}
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java?rev=833359&r1=833358&r2=833359&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java Fri Nov 6 11:45:38 2009
@@ -215,6 +215,51 @@
}
}
+ /**
+ * Test for WSS-217:
+ * "Add ability to specify a reference to an absolute URI in the derived key functionality".
+ */
+ public void testSCTKDKTSignAbsolute() {
+ try {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ // Derived key signature
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setExternalKey(tempSecret, sctBuilder.getIdentifier());
+ sigBuilder.setTokenIdDirectId(true);
+ sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ sigBuilder.build(doc, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("DKT Absolute");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
public void testSCTKDKTSignEncrypt() {
try {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
@@ -334,7 +379,8 @@
WSSecSignature builder = new WSSecSignature();
builder.setSecretKey(tempSecret);
- builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ builder.setCustomTokenValueType(WSConstants.WSC_SCT);
builder.setCustomTokenId(tokenId);
builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
builder.build(doc, crypto, secHeader);
@@ -355,7 +401,6 @@
}
}
-
/**
* Verifies the soap envelope <p/>
*
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org