You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/10/27 17:17:34 UTC
svn commit: r830233 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/processor/SignatureProcessor.java
test/wssec/TestWSSecurityNewSCT.java
Author: coheigea
Date: Tue Oct 27 16:17:34 2009
New Revision: 830233
URL: http://svn.apache.org/viewvc?rev=830233&view=rev
Log:
[WSS-216] - SignatureProcessor does not support directly referencing a SecurityContextToken
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=830233&r1=830232&r2=830233&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java Tue Oct 27 16:17:34 2009
@@ -312,10 +312,15 @@
} else if (processor instanceof BinarySecurityTokenProcessor) {
certs = ((BinarySecurityTokenProcessor)processor).getCertificates();
} else if (processor instanceof EncryptedKeyProcessor) {
- secretKey = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
- // } else if (processor instanceof SecurityContextTokenProcessor) {
- // this.secret = ((SecurityContextTokenProcessor) processor).getSecret();
- } else if (processor instanceof DerivedKeyTokenProcessor) {
+ EncryptedKeyProcessor ekProcessor = (EncryptedKeyProcessor)processor;
+ secretKey = ekProcessor.getDecryptedBytes();
+ customTokenId = ekProcessor.getId();
+ } else if (processor instanceof SecurityContextTokenProcessor) {
+ SecurityContextTokenProcessor sctProcessor =
+ (SecurityContextTokenProcessor)processor;
+ secretKey = sctProcessor.getSecret();
+ customTokenId = sctProcessor.getIdentifier();
+ } else if (processor instanceof DerivedKeyTokenProcessor) {
DerivedKeyTokenProcessor dktProcessor =
(DerivedKeyTokenProcessor) processor;
String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
@@ -324,7 +329,7 @@
WSSecurityUtil.getKeyLength(signatureMethodURI);
secretKey = dktProcessor.getKeyBytes(keyLength);
- } else if (processor instanceof SAMLTokenProcessor) {
+ } else if (processor instanceof SAMLTokenProcessor) {
if (crypto == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noSigCryptoFile"
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java?rev=830233&r1=830232&r2=830233&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewSCT.java Tue Oct 27 16:17:34 2009
@@ -25,6 +25,7 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.crypto.dsig.SignatureMethod;
import junit.framework.TestCase;
@@ -33,6 +34,8 @@
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
import org.apache.axis.message.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
@@ -43,6 +46,7 @@
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSecurityContextToken;
+import org.apache.ws.security.message.WSSecSignature;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
@@ -54,7 +58,7 @@
* @author Ruchith Fernando (ruchith.fernando@gmail.com)
*/
public class TestWSSecurityNewSCT extends TestCase implements CallbackHandler {
-
+ private static final Log LOG = LogFactory.getLog(TestWSSecurityNewSCT.class);
private static final String SOAPMSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<SOAP-ENV:Envelope "
@@ -158,9 +162,11 @@
sctBuilder.prependSCTElementToHeader(doc, secHeader);
- // String out = org.apache.ws.security.util.XMLUtils
- // .PrettyDocumentToString(doc);
- // System.out.println(out);
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
verify(doc);
} catch (Exception e) {
@@ -196,9 +202,11 @@
sctBuilder.prependSCTElementToHeader(doc, secHeader);
-// String out = org.apache.ws.security.util.XMLUtils
-// .PrettyDocumentToString(doc);
-// System.out.println(out);
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
verify(doc);
} catch (Exception e) {
@@ -240,11 +248,12 @@
sctBuilder.prependSCTElementToHeader(doc, secHeader);
-// String out = org.apache.ws.security.util.XMLUtils
-// .PrettyDocumentToString(doc);
-
-// System.out.println(out);
-
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
verify(doc);
} catch (Exception e) {
e.printStackTrace();
@@ -285,9 +294,11 @@
sctBuilder.prependSCTElementToHeader(doc, secHeader);
-// String out = org.apache.ws.security.util.XMLUtils
-// .PrettyDocumentToString(doc);
-// System.out.println(out);
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
verify(doc);
} catch (Exception e) {
@@ -296,6 +307,55 @@
}
}
+
+ /**
+ * Test signature and verification using a SecurityContextToken directly,
+ * rather than using a DerivedKeyToken to point to a SecurityContextToken.
+ * See WSS-216 - https://issues.apache.org/jira/browse/WSS-216
+ */
+ public void testSCTSign() {
+ try {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ WSSecSignature builder = new WSSecSignature();
+ builder.setSecretKey(tempSecret);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+ builder.setCustomTokenId(tokenId);
+ builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ builder.build(doc, crypto, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SCT sign");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
/**
* Verifies the soap envelope <p/>
*
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org