You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/16 12:39:43 UTC
svn commit: r1468354 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/
ws-security-stax/src/main/java/org/apache/wss4j/stax/validate...
Author: coheigea
Date: Tue Apr 16 10:39:43 2013
New Revision: 1468354
URL: http://svn.apache.org/r1468354
Log:
Added an inbound UsernameToken Signature test + some more refactoring
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1468354&r1=1468353&r2=1468354&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java Tue Apr 16 10:39:43 2013
@@ -20,7 +20,6 @@
package org.apache.wss4j.dom.message.token;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
@@ -35,10 +34,6 @@ import javax.xml.datatype.XMLGregorianCa
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPRule;
-import org.apache.wss4j.common.derivedKey.AlgoFactory;
-import org.apache.wss4j.common.derivedKey.ConversationConstants;
-import org.apache.wss4j.common.derivedKey.ConversationException;
-import org.apache.wss4j.common.derivedKey.DerivationAlgorithm;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
@@ -705,60 +700,6 @@ public class UsernameToken {
}
/**
- * Gets the secret key as per WS-Trust spec.
- *
- * @param keylen How many bytes to generate for the key
- * @param labelString the label used to generate the seed
- * @return a secret key constructed from information contained in this
- * username token
- */
- public byte[] getSecretKey(int keylen, String labelString) throws WSSecurityException {
- try {
- byte[] password;
- if (passwordsAreEncoded) {
- password = Base64.decode(rawPassword);
- } else {
- password = rawPassword.getBytes("UTF-8"); // enhancement by Alberto Coletti
- }
- byte[] label = labelString.getBytes("UTF-8");
- byte[] nonce = Base64.decode(getNonce());
- byte[] created = getCreated().getBytes("UTF-8");
- byte[] seed = new byte[label.length + nonce.length + created.length];
-
- int offset = 0;
- System.arraycopy(label, 0, seed, offset, label.length);
- offset += label.length;
-
- System.arraycopy(nonce, 0, seed, offset, nonce.length);
- offset += nonce.length;
-
- System.arraycopy(created, 0, seed, offset, created.length);
-
- DerivationAlgorithm algo =
- AlgoFactory.getInstance(ConversationConstants.DerivationAlgorithm.P_SHA_1);
- byte[] key = algo.createKey(password, seed, 0, keylen);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("label :" + Base64.encode(label));
- LOG.debug("nonce :" + Base64.encode(nonce));
- LOG.debug("created :" + Base64.encode(created));
- LOG.debug("seed :" + Base64.encode(seed));
- LOG.debug("Key :" + Base64.encode(key));
- }
- return key;
-
- } catch (Base64DecodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- } catch (ConversationException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- } catch (UnsupportedEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- }
-
-
-
- /**
* This method gets a derived key as defined in WSS Username Token Profile.
*
* @return Returns the derived key as a byte array
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java?rev=1468354&r1=1468353&r2=1468354&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java Tue Apr 16 10:39:43 2013
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.impl.secur
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
@@ -32,10 +33,7 @@ import org.apache.xml.security.stax.impl
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
-import java.io.UnsupportedEncodingException;
import java.security.Key;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.Principal;
public class UsernameSecurityTokenImpl extends AbstractInboundSecurityToken implements UsernameSecurityToken {
@@ -125,37 +123,7 @@ public class UsernameSecurityTokenImpl e
}
}
- Long iters = iteration;
- if (iters == null || iters == 0) {
- iters = DEFAULT_ITERATION;
- }
- byte[] pwBytes;
- try {
- pwBytes = password.getBytes("UTF-8");
- } catch (final UnsupportedEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
- }
-
- byte[] pwSalt = new byte[salt.length + pwBytes.length];
- System.arraycopy(pwBytes, 0, pwSalt, 0, pwBytes.length);
- System.arraycopy(salt, 0, pwSalt, pwBytes.length, salt.length);
-
- MessageDigest sha;
- try {
- sha = MessageDigest.getInstance("SHA-1");
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSHA1availabe", e);
- }
- sha.reset();
-
- // Make the first hash round with start value
- byte[] k = sha.digest(pwSalt);
-
- // Perform the 1st up to iteration-1 hash rounds
- for (int i = 1; i < iters; i++) {
- k = sha.digest(k);
- }
- return k;
+ return UsernameTokenUtil.generateDerivedKey(password, salt, iteration.intValue());
}
@Override
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java?rev=1468354&r1=1468353&r2=1468354&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java Tue Apr 16 10:39:43 2013
@@ -137,6 +137,15 @@ public class UsernameTokenValidatorImpl
final String password;
if (passwordType != null) {
password = passwordType.getValue();
+ } else if (salt != null) {
+ WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
+ WSPasswordCallback.Usage.USERNAME_TOKEN);
+ try {
+ WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
+ }
+ password = pwCb.getPassword();
} else {
password = null;
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1468354&r1=1468353&r2=1468354&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java Tue Apr 16 10:39:43 2013
@@ -560,6 +560,46 @@ public class UsernameTokenTest extends A
doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
}
}
+
+ @Test
+ public void testInboundSign() throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.USERNAME_TOKEN_SIGNATURE;
+ Properties properties = new Properties();
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), WSSConstants.TAG_wsse_UsernameToken.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_wsse_Password.getNamespaceURI(), WSSConstants.TAG_wsse_Password.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done UsernameToken; now verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.setAllowUsernameTokenNoPassword(true);
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ XMLStreamReader xmlStreamReader =
+ wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, null);
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), WSSConstants.TAG_wsse_UsernameToken.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+ }
@Test
public void testInboundOutboundPW_NONE() throws Exception {