You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/08/20 12:38:10 UTC
svn commit: r1515764 - in /webservices/wss4j/trunk: parent/
ws-security-common/ ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/
ws-security-common/src/main/java/org/apache/wss4j...
Author: coheigea
Date: Tue Aug 20 10:38:10 2013
New Revision: 1515764
URL: http://svn.apache.org/r1515764
Log:
[WSS-383] - Allow encrypted password storage in signaturePropFile
- Details forthcoming...
Added:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/PasswordEncryptor.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java
webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/resources/crypto_enc.properties
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/resources/transmitter-crypto-enc.properties
Modified:
webservices/wss4j/trunk/parent/pom.xml
webservices/wss4j/trunk/ws-security-common/pom.xml
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/CallbackHandlerImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Modified: webservices/wss4j/trunk/parent/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/parent/pom.xml?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/parent/pom.xml (original)
+++ webservices/wss4j/trunk/parent/pom.xml Tue Aug 20 10:38:10 2013
@@ -38,6 +38,7 @@
<properties>
<bcprov.version>1.49</bcprov.version>
<ehcache.version>2.7.2</ehcache.version>
+ <jasypt.version>1.9.0</jasypt.version>
<log4j.version>1.2.17</log4j.version>
<neethi.version>3.0.2</neethi.version>
<slf4j.version>1.7.5</slf4j.version>
@@ -147,6 +148,11 @@
<artifactId>ehcache</artifactId>
<version>${ehcache.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jasypt</groupId>
+ <artifactId>jasypt</artifactId>
+ <version>${jasypt.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
Modified: webservices/wss4j/trunk/ws-security-common/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/pom.xml?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/pom.xml (original)
+++ webservices/wss4j/trunk/ws-security-common/pom.xml Tue Aug 20 10:38:10 2013
@@ -284,6 +284,11 @@
<optional>true</optional>
</dependency>
<dependency>
+ <groupId>org.jasypt</groupId>
+ <artifactId>jasypt</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Tue Aug 20 10:38:10 2013
@@ -824,5 +824,18 @@ public final class ConfigurationConstant
*/
public static final String TIMESTAMP_CACHE_INSTANCE = "timestampCacheInstance";
+ /**
+ * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or
+ * decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
+ *
+ * By default, WSS4J uses the StrongJasyptPasswordEncryptor, which must be instantiated with a
+ * master password to use to decrypt keystore passwords in the Merlin Crypto properties file.
+ * This master password is obtained via the CallbackHandler defined via PW_CALLBACK_CLASS
+ * or PW_CALLBACK_REF.
+ *
+ * The encrypted passwords must be stored in the format "ENC(encoded encrypted password)".
+ */
+ public static final String PASSWORD_ENCRYPTOR_INSTANCE = "passwordEncyptorInstance";
+
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java Tue Aug 20 10:38:10 2013
@@ -77,7 +77,7 @@ public abstract class CryptoFactory {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", null, "Cannot load Crypto instance as properties object is null");
}
- return getInstance(properties, Loader.getClassLoader(CryptoFactory.class));
+ return getInstance(properties, Loader.getClassLoader(CryptoFactory.class), null);
}
/**
@@ -93,12 +93,14 @@ public abstract class CryptoFactory {
* and the Crypto impl class name.
* These properties are dependent on the crypto implementation
* @param classLoader The class loader to use
+ * @param passwordEncryptor The PasswordEncryptor to use to decrypt encrypted passwords
* @return The crypto implementation or null if no cryptoClassName was defined
* @throws WSSecurityException if there is an error in loading the crypto properties
*/
public static Crypto getInstance(
Properties properties,
- ClassLoader classLoader
+ ClassLoader classLoader,
+ PasswordEncryptor passwordEncryptor
) throws WSSecurityException {
if (properties == null) {
if (LOG.isDebugEnabled()) {
@@ -118,7 +120,7 @@ public abstract class CryptoFactory {
|| cryptoClassName.equals("org.apache.wss4j.common.crypto.Merlin")
|| cryptoClassName.equals("org.apache.ws.security.components.crypto.Merlin")) {
try {
- return new Merlin(properties, classLoader);
+ return new Merlin(properties, classLoader, passwordEncryptor);
} catch (java.lang.Exception e) {
if (LOG.isDebugEnabled()) {
LOG.debug("Unable to instantiate Merlin", e);
@@ -190,7 +192,7 @@ public abstract class CryptoFactory {
ClassLoader customClassLoader
) throws WSSecurityException {
Properties properties = getProperties(propFilename, customClassLoader);
- return getInstance(properties, customClassLoader);
+ return getInstance(properties, customClassLoader, null);
}
/**
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Tue Aug 20 10:38:10 2013
@@ -68,6 +68,9 @@ import org.apache.wss4j.common.util.Load
*/
public class Merlin extends CryptoBase {
+ public static final String ENCRYPTED_PASSWORD_PREFIX = "ENC(";
+ public static final String ENCRYPTED_PASSWORD_SUFFIX = ")";
+
public static final String PREFIX = "org.apache.wss4j.crypto.merlin.";
public static final String OLD_PREFIX = "org.apache.ws.security.crypto.merlin.";
@@ -114,6 +117,7 @@ public class Merlin extends CryptoBase {
protected CertStore crlCertStore;
protected boolean loadCACerts;
protected boolean privatePasswordSet;
+ protected PasswordEncryptor passwordEncryptor;
public Merlin() {
// default constructor
@@ -147,27 +151,21 @@ public class Merlin extends CryptoBase {
}
}
- public Merlin(Properties properties)
- throws WSSecurityException, IOException {
- this(properties, Loader.getClassLoader(Merlin.class));
- }
-
- public Merlin(Properties properties, ClassLoader loader)
- throws WSSecurityException, IOException {
- loadProperties(properties, loader);
- }
-
- public void loadProperties(Properties properties)
+ public Merlin(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor)
throws WSSecurityException, IOException {
- loadProperties(properties, Loader.getClassLoader(Merlin.class));
+ loadProperties(properties, loader, passwordEncryptor);
}
- public void loadProperties(Properties properties, ClassLoader loader)
- throws WSSecurityException, IOException {
+ public void loadProperties(
+ Properties properties,
+ ClassLoader loader,
+ PasswordEncryptor passwordEncryptor
+ ) throws WSSecurityException, IOException {
if (properties == null) {
return;
}
this.properties = properties;
+ this.passwordEncryptor = passwordEncryptor;
String prefix = PREFIX;
for (Object key : properties.keySet()) {
@@ -213,6 +211,7 @@ public class Merlin extends CryptoBase {
String passwd = properties.getProperty(prefix + KEYSTORE_PASSWORD, "security");
if (passwd != null) {
passwd = passwd.trim();
+ passwd = decryptPassword(passwd, passwordEncryptor);
}
String type = properties.getProperty(prefix + KEYSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
@@ -252,6 +251,7 @@ public class Merlin extends CryptoBase {
String passwd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (passwd != null) {
passwd = passwd.trim();
+ passwd = decryptPassword(passwd, passwordEncryptor);
}
String type = properties.getProperty(prefix + TRUSTSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
@@ -285,6 +285,7 @@ public class Merlin extends CryptoBase {
String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
cacertsPasswd = cacertsPasswd.trim();
+ cacertsPasswd = decryptPassword(cacertsPasswd, passwordEncryptor);
}
truststore = load(is, cacertsPasswd, null, KeyStore.getDefaultType());
if (DO_DEBUG) {
@@ -689,6 +690,7 @@ public class Merlin extends CryptoBase {
}
if (password != null) {
password = password.trim();
+ password = decryptPassword(password, passwordEncryptor);
}
}
Key keyTmp = keystore.getKey(identifier, password == null
@@ -1480,5 +1482,24 @@ public class Merlin extends CryptoBase {
return pwCb.getPassword();
}
+ protected String decryptPassword(String password, PasswordEncryptor passwordEncryptor) {
+ if (password.startsWith(ENCRYPTED_PASSWORD_PREFIX)
+ && password.endsWith(ENCRYPTED_PASSWORD_SUFFIX)) {
+ if (passwordEncryptor == null) {
+ String error =
+ "The Crypto properties has an encrypted password, but no PasswordEncryptor is configured!";
+ LOG.debug(error);
+ return password;
+ }
+ String substring = password.substring(ENCRYPTED_PASSWORD_PREFIX.length(),
+ password.length() - 1);
+ return passwordEncryptor.decrypt(substring);
+ }
+
+ return password;
+ }
+ public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
+ this.passwordEncryptor = passwordEncryptor;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java Tue Aug 20 10:38:10 2013
@@ -45,7 +45,7 @@ public class MerlinDevice extends Merlin
@Override
- public void loadProperties(Properties properties, ClassLoader loader)
+ public void loadProperties(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor)
throws WSSecurityException, IOException {
if (properties == null) {
return;
@@ -77,6 +77,7 @@ public class MerlinDevice extends Merlin
String keyStorePassword = properties.getProperty(KEYSTORE_PASSWORD, "security");
if (keyStorePassword != null) {
keyStorePassword = keyStorePassword.trim();
+ keyStorePassword = decryptPassword(keyStorePassword, passwordEncryptor);
}
String keyStoreType = properties.getProperty(KEYSTORE_TYPE, KeyStore.getDefaultType());
if (keyStoreType != null) {
@@ -109,6 +110,7 @@ public class MerlinDevice extends Merlin
String trustStorePassword = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
if (trustStorePassword != null) {
trustStorePassword = trustStorePassword.trim();
+ trustStorePassword = decryptPassword(trustStorePassword, passwordEncryptor);
}
String trustStoreType = properties.getProperty(TRUSTSTORE_TYPE, KeyStore.getDefaultType());
if (trustStoreType != null) {
@@ -147,6 +149,7 @@ public class MerlinDevice extends Merlin
String cacertsPasswd = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
cacertsPasswd = cacertsPasswd.trim();
+ cacertsPasswd = decryptPassword(cacertsPasswd, passwordEncryptor);
}
truststore = load(is, cacertsPasswd, null, KeyStore.getDefaultType());
if (DO_DEBUG) {
Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/PasswordEncryptor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/PasswordEncryptor.java?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/PasswordEncryptor.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/PasswordEncryptor.java Tue Aug 20 10:38:10 2013
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.crypto;
+
+
+/**
+ * This interface describes a way to encrypt and decrypt passwords. It allows a way to store
+ * encrypted keystore passwords in Merlin Crypto properties file, that can be decrypted before
+ * loading the keystore, etc.
+ */
+public interface PasswordEncryptor {
+
+ /**
+ * Encrypt the given password
+ * @param password the password to be encrypted
+ * @return the encrypted password
+ */
+ String encrypt(String password);
+
+ /**
+ * Decrypt the given encrypted password
+ * @param encryptedPassword the encrypted password to decrypt
+ * @return the decrypted password
+ */
+ String decrypt(String encryptedPassword);
+
+}
Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java Tue Aug 20 10:38:10 2013
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.crypto;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.jasypt.util.text.StrongTextEncryptor;
+
+
+/**
+ * An implementation of PasswordEncryptor that relies on Jasypt's StrongTextEncryptor to encrypt
+ * and decrypt passwords.
+ */
+public class StrongJasyptPasswordEncryptor implements PasswordEncryptor {
+
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(StrongJasyptPasswordEncryptor.class);
+
+ private final StrongTextEncryptor passwordEncryptor;
+
+ public StrongJasyptPasswordEncryptor(String masterPassword) {
+ passwordEncryptor = new StrongTextEncryptor();
+ passwordEncryptor.setPassword(masterPassword);
+ }
+
+ public StrongJasyptPasswordEncryptor(CallbackHandler callbackHandler) {
+ passwordEncryptor = new StrongTextEncryptor();
+
+ WSPasswordCallback pwCb =
+ new WSPasswordCallback("", WSPasswordCallback.Usage.PASSWORD_ENCRYPTOR_PASSWORD);
+ try {
+ callbackHandler.handle(new Callback[]{pwCb});
+ } catch (IOException e) {
+ LOG.debug("Error in getting master password: ", e);
+ } catch (UnsupportedCallbackException e) {
+ LOG.debug("Error in getting master password: ", e);
+ }
+ if (pwCb.getPassword() != null) {
+ passwordEncryptor.setPassword(pwCb.getPassword());
+ }
+ }
+
+ /**
+ * Encrypt the given password
+ * @param password the password to be encrypted
+ * @return the encrypted password
+ */
+ public String encrypt(String password) {
+ return passwordEncryptor.encrypt(password);
+ }
+
+ /**
+ * Decrypt the given encrypted password
+ * @param encryptedPassword the encrypted password to decrypt
+ * @return the decrypted password
+ */
+ public String decrypt(String encryptedPassword) {
+ return passwordEncryptor.decrypt(encryptedPassword);
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java Tue Aug 20 10:38:10 2013
@@ -45,11 +45,14 @@ import javax.security.auth.callback.Call
* <li><code>USERNAME_TOKEN</code> - need the password to fill in or to
* verify a <code>UsernameToken</code>.</li>
* <li><code>SIGNATURE</code> - need the password to get the private key of
- * this identifier (username) from the keystore. WSS4J uses this private
+ * this identifier (username) from the keystore. WSS4J uses this private
* key to produce a signature. The signature verification uses the public
* key to verify the signature.</li>
* <li><code>SECURITY_CONTEXT_TOKEN</code> - need the key to to be associated
* with a <code>wsc:SecurityContextToken</code>.</li>
+ * <li><code>PASSWORD_ENCRYPTOR_PASSWORD</code> - return the password used with a
+ * PasswordEncryptor implementation to decrypt encrypted passwords stored in
+ * Crypto properties files</li>
* </ul>
*/
@@ -64,6 +67,7 @@ public class WSPasswordCallback implemen
CUSTOM_TOKEN,
ENCRYPTED_KEY_TOKEN,
SECRET_KEY,
+ PASSWORD_ENCRYPTOR_PASSWORD
}
private String identifier;
Added: webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java Tue Aug 20 10:38:10 2013
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.crypto;
+
+
+/**
+ * This is a test for the PasswordEncryptor interface
+ */
+public class PasswordEncryptorTest extends org.junit.Assert {
+
+ @org.junit.Test
+ public void testStrongJasyptPasswordEncryptor() throws Exception {
+
+ PasswordEncryptor passwordEncryptor =
+ new StrongJasyptPasswordEncryptor("master-password");
+ String encryptedPassword = passwordEncryptor.encrypt("password");
+ assertNotEquals(encryptedPassword, "password");
+ String decryptedPassword = passwordEncryptor.decrypt(encryptedPassword);
+ assertEquals(decryptedPassword, "password");
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Tue Aug 20 10:38:10 2013
@@ -37,8 +37,10 @@ import org.w3c.dom.Node;
public class SignatureAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
throws WSSecurityException {
- CallbackHandler callbackHandler =
- handler.getPasswordCallbackHandler(reqData);
+ CallbackHandler callbackHandler = reqData.getCallbackHandler();
+ if (callbackHandler == null) {
+ callbackHandler = handler.getPasswordCallbackHandler(reqData);
+ }
WSPasswordCallback passwordCallback =
handler.getPasswordCB(reqData.getSignatureUser(), actionToDo, callbackHandler, reqData);
WSSecSignature wsSign = new WSSecSignature(reqData.getWssConfig());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java Tue Aug 20 10:38:10 2013
@@ -46,8 +46,10 @@ import org.w3c.dom.Document;
public class UsernameTokenSignedAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
throws WSSecurityException {
- CallbackHandler callbackHandler =
- handler.getPasswordCallbackHandler(reqData);
+ CallbackHandler callbackHandler = reqData.getCallbackHandler();
+ if (callbackHandler == null) {
+ callbackHandler = handler.getPasswordCallbackHandler(reqData);
+ }
WSPasswordCallback passwordCallback =
handler.getPasswordCB(reqData.getUsername(), actionToDo, callbackHandler, reqData);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Tue Aug 20 10:38:10 2013
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.cache.Rep
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.token.UsernameToken;
@@ -104,6 +105,7 @@ public class RequestData {
private boolean includeSignatureToken;
private boolean enableTimestampReplayCache = true;
private boolean enableNonceReplayCache = true;
+ private PasswordEncryptor passwordEncryptor;
public void clear() {
soapConstants = null;
@@ -140,6 +142,7 @@ public class RequestData {
includeSignatureToken = false;
enableTimestampReplayCache = true;
enableNonceReplayCache = true;
+ passwordEncryptor = null;
}
public String getSignatureC14nAlgorithm() {
@@ -662,5 +665,13 @@ public class RequestData {
public void setIncludeSignatureToken(boolean includeSignatureToken) {
this.includeSignatureToken = includeSignatureToken;
}
+
+ public PasswordEncryptor getPasswordEncryptor() {
+ return passwordEncryptor;
+ }
+
+ public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
+ this.passwordEncryptor = passwordEncryptor;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Tue Aug 20 10:38:10 2013
@@ -43,6 +43,8 @@ import org.apache.wss4j.dom.action.Actio
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
@@ -114,6 +116,14 @@ public abstract class WSHandler {
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement())
);
wssConfig.setAddInclusivePrefixes(decodeAddInclusivePrefixes(reqData));
+
+ // Load CallbackHandler
+ if (reqData.getCallbackHandler() == null) {
+ CallbackHandler passwordCallbackHandler =
+ getPasswordCallbackHandler(reqData);
+ reqData.setCallbackHandler(passwordCallbackHandler);
+ }
+
/*
* Here we have action, username, password, and actor, mustUnderstand.
* Now get the action specific parameters.
@@ -303,6 +313,13 @@ public abstract class WSHandler {
reqData.setDisableBSPEnforcement(true);
}
reqData.setWssConfig(wssConfig);
+
+ // Load CallbackHandler
+ if (reqData.getCallbackHandler() == null) {
+ CallbackHandler passwordCallbackHandler =
+ getPasswordCallbackHandler(reqData);
+ reqData.setCallbackHandler(passwordCallbackHandler);
+ }
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN
|| (doAction & WSConstants.ST_SIGNED) == WSConstants.ST_SIGNED
@@ -931,7 +948,9 @@ public abstract class WSHandler {
if (crypto == null) {
Object obj = getProperty(mc, refId);
if (obj instanceof Properties) {
- crypto = CryptoFactory.getInstance((Properties)obj);
+ crypto = CryptoFactory.getInstance((Properties)obj,
+ Loader.getClassLoader(CryptoFactory.class),
+ getPasswordEncryptor(requestData));
cryptos.put(refId, crypto);
} else if (obj instanceof Crypto) {
crypto = (Crypto)obj;
@@ -979,9 +998,11 @@ public abstract class WSHandler {
String propFilename,
RequestData reqData
) throws WSSecurityException {
+ ClassLoader classLoader = this.getClassLoader(reqData.getMsgContext());
+ Properties properties = CryptoFactory.getProperties(propFilename, classLoader);
return
CryptoFactory.getInstance(
- propFilename, this.getClassLoader(reqData.getMsgContext())
+ properties, classLoader, getPasswordEncryptor(reqData)
);
}
@@ -1067,6 +1088,19 @@ public abstract class WSHandler {
return cbHandler;
}
+ protected PasswordEncryptor getPasswordEncryptor(RequestData requestData) {
+ if (requestData.getPasswordEncryptor() != null) {
+ return requestData.getPasswordEncryptor();
+ }
+
+ CallbackHandler callbackHandler = requestData.getCallbackHandler();
+ if (callbackHandler != null) {
+ return new StrongJasyptPasswordEncryptor(callbackHandler);
+ }
+
+ return null;
+ }
+
/**
* Get a password callback (WSPasswordCallback object) from a CallbackHandler instance
* @param username The username to supply to the CallbackHandler
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/KeystoreCallbackHandler.java Tue Aug 20 10:38:10 2013
@@ -49,7 +49,11 @@ public class KeystoreCallbackHandler imp
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- pc.setPassword(users.get(pc.getIdentifier()));
+ if (users.containsKey(pc.getIdentifier())) {
+ pc.setPassword(users.get(pc.getIdentifier()));
+ } else if (WSPasswordCallback.Usage.PASSWORD_ENCRYPTOR_PASSWORD == pc.getUsage()) {
+ pc.setPassword("this-is-a-secret");
+ }
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoTest.java Tue Aug 20 10:38:10 2013
@@ -143,7 +143,7 @@ public class CryptoTest extends org.juni
private static class NullPropertiesCrypto extends Merlin {
public NullPropertiesCrypto()
throws Exception {
- super(null);
+ super(null, null, null);
}
}
}
Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java Tue Aug 20 10:38:10 2013
@@ -0,0 +1,200 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.message;
+
+import java.util.List;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CustomHandler;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.w3c.dom.Document;
+
+
+/**
+ * This is a test for signing and encrypting using a Crypto properties file with an encrypted
+ * password
+ */
+public class PasswordEncryptorTest extends org.junit.Assert {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(PasswordEncryptorTest.class);
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
+ private PasswordEncryptor passwordEncryptor =
+ new StrongJasyptPasswordEncryptor("this-is-a-secret");
+ private Crypto crypto = null;
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ }
+
+ public PasswordEncryptorTest() throws Exception {
+ WSSConfig.init();
+ Properties properties =
+ CryptoFactory.getProperties("crypto_enc.properties",
+ Loader.getClassLoader(CryptoFactory.class));
+ crypto =
+ CryptoFactory.getInstance(properties,
+ Loader.getClassLoader(CryptoFactory.class),
+ passwordEncryptor);
+ }
+
+ @org.junit.Test
+ public void testEncryptedPassword() throws Exception {
+ String encryptedPassword = passwordEncryptor.encrypt("security");
+ //System.out.println(encryptedPassword);
+ assertNotNull(encryptedPassword);
+ }
+
+ @org.junit.Test
+ public void testSignature() throws Exception {
+ WSSecSignature builder = new WSSecSignature();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = builder.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ verify(signedDoc);
+ }
+
+ @org.junit.Test
+ public void testSignatureWSHandler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto_enc.properties");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
+ actions.add(action);
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
+
+ @org.junit.Test
+ public void testDecryption() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ builder.setKeyEnc(WSConstants.KEYTRANSPORT_RSAOEP);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(encryptedDoc);
+ }
+
+ @org.junit.Test
+ public void testDecryptionWSHandler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.ENCR;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto_enc.properties");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
+ actions.add(action);
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
+
+ /**
+ * Verifies the soap envelope.
+ * This method verifies all the signature generated.
+ *
+ * @param env soap envelope
+ * @throws java.lang.Exception Thrown when there is a problem in verification
+ */
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
+ }
+
+}
Added: webservices/wss4j/trunk/ws-security-dom/src/test/resources/crypto_enc.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/resources/crypto_enc.properties?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/resources/crypto_enc.properties (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/resources/crypto_enc.properties Tue Aug 20 10:38:10 2013
@@ -0,0 +1,5 @@
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=pkcs12
+org.apache.wss4j.crypto.merlin.keystore.password=ENC(B3mTwWSB2ycTvLQ7LKydk+38srzsZJS5)
+org.apache.wss4j.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
+org.apache.wss4j.crypto.merlin.keystore.file=keys/x509.PFX.MSFT
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Tue Aug 20 10:38:10 2013
@@ -33,6 +33,8 @@ import org.apache.wss4j.common.Configura
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.StringUtil;
@@ -66,8 +68,8 @@ public final class ConfigurationConverte
parseActions(config, properties);
parseUserProperties(config, properties);
- parseCrypto(config, properties);
parseCallback(config, properties);
+ parseCrypto(config, properties);
parseBooleanProperties(config, properties);
parseNonBooleanProperties(config, properties);
@@ -156,6 +158,19 @@ public final class ConfigurationConverte
Map<String, Object> config,
WSSSecurityProperties properties
) {
+ Object passwordEncryptorObj =
+ config.get(ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE);
+ PasswordEncryptor passwordEncryptor = null;
+ if (passwordEncryptorObj instanceof PasswordEncryptor) {
+ passwordEncryptor = (PasswordEncryptor)passwordEncryptorObj;
+ }
+ if (passwordEncryptor == null) {
+ CallbackHandler callbackHandler = properties.getCallbackHandler();
+ if (callbackHandler != null) {
+ passwordEncryptor = new StrongJasyptPasswordEncryptor(callbackHandler);
+ }
+ }
+
String sigPropRef = getString(ConfigurationConstants.SIG_PROP_REF_ID, config);
boolean foundSigRef = false;
if (sigPropRef != null) {
@@ -165,7 +180,7 @@ public final class ConfigurationConverte
properties.setSignatureCrypto((Crypto)sigRef);
} else if (sigRef instanceof Properties) {
foundSigRef = true;
- properties.setSignatureCryptoProperties((Properties)sigRef);
+ properties.setSignatureCryptoProperties((Properties)sigRef, passwordEncryptor);
}
if (foundSigRef && properties.getSignatureUser() == null) {
properties.setSignatureUser(getDefaultX509Identifier(properties));
@@ -178,7 +193,7 @@ public final class ConfigurationConverte
try {
Properties sigProperties =
CryptoFactory.getProperties(sigPropFile, getClassLoader());
- properties.setSignatureCryptoProperties(sigProperties);
+ properties.setSignatureCryptoProperties(sigProperties, passwordEncryptor);
if (properties.getSignatureUser() == null) {
properties.setSignatureUser(getDefaultX509Identifier(properties));
}
@@ -197,7 +212,7 @@ public final class ConfigurationConverte
properties.setSignatureVerificationCrypto((Crypto)sigVerRef);
} else if (sigVerRef instanceof Properties) {
foundSigVerRef = true;
- properties.setSignatureVerificationCryptoProperties((Properties)sigVerRef);
+ properties.setSignatureVerificationCryptoProperties((Properties)sigVerRef, passwordEncryptor);
}
}
@@ -207,7 +222,7 @@ public final class ConfigurationConverte
try {
Properties sigProperties =
CryptoFactory.getProperties(sigPropFile, getClassLoader());
- properties.setSignatureVerificationCryptoProperties(sigProperties);
+ properties.setSignatureVerificationCryptoProperties(sigProperties, passwordEncryptor);
} catch (WSSecurityException e) {
log.error(e.getMessage(), e);
}
@@ -223,7 +238,7 @@ public final class ConfigurationConverte
properties.setEncryptionCrypto((Crypto)encRef);
} else if (encRef instanceof Properties) {
foundEncRef = true;
- properties.setEncryptionCryptoProperties((Properties)encRef);
+ properties.setEncryptionCryptoProperties((Properties)encRef, passwordEncryptor);
}
}
@@ -233,7 +248,7 @@ public final class ConfigurationConverte
try {
Properties encProperties =
CryptoFactory.getProperties(encPropFile, getClassLoader());
- properties.setEncryptionCryptoProperties(encProperties);
+ properties.setEncryptionCryptoProperties(encProperties, passwordEncryptor);
} catch (WSSecurityException e) {
log.error(e.getMessage(), e);
}
@@ -249,7 +264,7 @@ public final class ConfigurationConverte
properties.setDecryptionCrypto((Crypto)decRef);
} else if (decRef instanceof Properties) {
foundDecRef = true;
- properties.setDecryptionCryptoProperties((Properties)decRef);
+ properties.setDecryptionCryptoProperties((Properties)decRef, passwordEncryptor);
}
}
@@ -259,7 +274,7 @@ public final class ConfigurationConverte
try {
Properties encProperties =
CryptoFactory.getProperties(encPropFile, getClassLoader());
- properties.setDecryptionCryptoProperties(encProperties);
+ properties.setDecryptionCryptoProperties(encProperties, passwordEncryptor);
} catch (WSSecurityException e) {
log.error(e.getMessage(), e);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSCrypto.java Tue Aug 20 10:38:10 2013
@@ -24,7 +24,10 @@ import java.security.cert.CertStore;
import java.util.Properties;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.util.Loader;
import org.apache.xml.security.stax.config.ConfigurationProperties;
@@ -41,6 +44,7 @@ class WSSCrypto {
private KeyStore cachedKeyStore;
private KeyStore keyStore;
private CertStore crlCertStore;
+ private PasswordEncryptor passwordEncryptor;
public Crypto getCrypto() throws WSSConfigurationException {
@@ -51,8 +55,11 @@ class WSSCrypto {
Merlin crypto = null;
if (cryptoProperties != null) {
try {
- Constructor<?> ctor = cryptoClass.getConstructor(Properties.class);
- crypto = (Merlin)ctor.newInstance(cryptoProperties);
+ Constructor<?> ctor =
+ cryptoClass.getConstructor(Properties.class, ClassLoader.class, PasswordEncryptor.class);
+ crypto = (Merlin)ctor.newInstance(cryptoProperties,
+ Loader.getClassLoader(CryptoFactory.class),
+ passwordEncryptor);
keyStore = crypto.getKeyStore();
} catch (Exception e) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "signatureCryptoFailure", e);
@@ -64,6 +71,7 @@ class WSSCrypto {
crypto.setCryptoProvider(ConfigurationProperties.getProperty("CertProvider"));
crypto.setKeyStore(this.getKeyStore());
crypto.setCRLCertStore(this.getCrlCertStore());
+ crypto.setPasswordEncryptor(passwordEncryptor);
} catch (Exception e) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "signatureCryptoFailure", e);
}
@@ -113,4 +121,12 @@ class WSSCrypto {
public void setCrlCertStore(CertStore crlCertStore) {
this.crlCertStore = crlCertStore;
}
+
+ public PasswordEncryptor getPasswordEncryptor() {
+ return passwordEncryptor;
+ }
+
+ public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
+ this.passwordEncryptor = passwordEncryptor;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Tue Aug 20 10:38:10 2013
@@ -42,6 +42,7 @@ import org.apache.wss4j.common.cache.Rep
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.validate.Validator;
@@ -338,10 +339,16 @@ public class WSSSecurityProperties exten
}
public void setSignatureCryptoProperties(Properties cryptoProperties) {
+ this.setSignatureCryptoProperties(cryptoProperties, null);
+ }
+
+ public void setSignatureCryptoProperties(Properties cryptoProperties,
+ PasswordEncryptor passwordEncryptor) {
if (signatureWSSCrypto == null) {
signatureWSSCrypto = new WSSCrypto();
}
signatureWSSCrypto.setCryptoProperties(cryptoProperties);
+ signatureWSSCrypto.setPasswordEncryptor(passwordEncryptor);
}
public Class<? extends Merlin> getSignatureCryptoClass() {
@@ -407,10 +414,16 @@ public class WSSSecurityProperties exten
}
public void setSignatureVerificationCryptoProperties(Properties cryptoProperties) {
+ this.setSignatureVerificationCryptoProperties(cryptoProperties, null);
+ }
+
+ public void setSignatureVerificationCryptoProperties(Properties cryptoProperties,
+ PasswordEncryptor passwordEncryptor) {
if (signatureVerificationWSSCrypto == null) {
signatureVerificationWSSCrypto = new WSSCrypto();
}
signatureVerificationWSSCrypto.setCryptoProperties(cryptoProperties);
+ signatureVerificationWSSCrypto.setPasswordEncryptor(passwordEncryptor);
}
public Class<? extends Merlin> getSignatureVerificationCryptoClass() {
@@ -480,10 +493,16 @@ public class WSSSecurityProperties exten
}
public void setDecryptionCryptoProperties(Properties cryptoProperties) {
+ this.setDecryptionCryptoProperties(cryptoProperties, null);
+ }
+
+ public void setDecryptionCryptoProperties(Properties cryptoProperties,
+ PasswordEncryptor passwordEncryptor) {
if (decryptionWSSCrypto == null) {
decryptionWSSCrypto = new WSSCrypto();
}
decryptionWSSCrypto.setCryptoProperties(cryptoProperties);
+ decryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
}
/**
@@ -568,10 +587,16 @@ public class WSSSecurityProperties exten
}
public void setEncryptionCryptoProperties(Properties cryptoProperties) {
+ this.setEncryptionCryptoProperties(cryptoProperties, null);
+ }
+
+ public void setEncryptionCryptoProperties(Properties cryptoProperties,
+ PasswordEncryptor passwordEncryptor) {
if (encryptionWSSCrypto == null) {
encryptionWSSCrypto = new WSSCrypto();
}
encryptionWSSCrypto.setCryptoProperties(cryptoProperties);
+ encryptionWSSCrypto.setPasswordEncryptor(passwordEncryptor);
}
/**
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/CallbackHandlerImpl.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/CallbackHandlerImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/CallbackHandlerImpl.java Tue Aug 20 10:38:10 2013
@@ -70,6 +70,8 @@ public class CallbackHandlerImpl impleme
} else if (pc.getUsage() == WSPasswordCallback.Usage.SECRET_KEY
|| pc.getUsage() == WSPasswordCallback.Usage.SECURITY_CONTEXT_TOKEN) {
pc.setKey(secret);
+ } else if (pc.getUsage() == WSPasswordCallback.Usage.PASSWORD_ENCRYPTOR_PASSWORD) {
+ pc.setPassword("this-is-a-secret");
} else {
throw new UnsupportedCallbackException(pc, "Unrecognized CallbackHandlerImpl");
}
Added: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java Tue Aug 20 10:38:10 2013
@@ -0,0 +1,159 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Properties;
+
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.stax.WSSec;
+import org.apache.wss4j.stax.ext.OutboundWSSec;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * This is a test for signing and encrypting using a Crypto properties file with an encrypted
+ * password
+ */
+public class PasswordEncryptorTest extends AbstractTestBase {
+
+ @Test
+ public void testSignatureCryptoPropertiesOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+ Properties properties =
+ CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
+ PasswordEncryptor passwordEncryptor =
+ new StrongJasyptPasswordEncryptor(new CallbackHandlerImpl());
+ securityProperties.setSignatureCryptoProperties(properties, passwordEncryptor);
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
+ Assert.assertEquals(nodeList.getLength(), 1);
+ String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart());
+ Assert.assertNotNull(idAttrValue);
+ Assert.assertTrue(idAttrValue.length() > 0);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 2);
+ Assert.assertEquals(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "env");
+ Assert.assertEquals(((Element) nodeList.item(1)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart()), "");
+ }
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @Test
+ public void testEncDecryptionCryptoPropertiesOutbound() throws Exception {
+
+ ByteArrayOutputStream baos;
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+ securityProperties.setOutAction(actions);
+ Properties properties =
+ CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
+ PasswordEncryptor passwordEncryptor =
+ new StrongJasyptPasswordEncryptor(new CallbackHandlerImpl());
+ securityProperties.setEncryptionCryptoProperties(properties, passwordEncryptor);
+ securityProperties.setEncryptionUser("receiver");
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']");
+ Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']");
+ node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+ Assert.assertNotNull(node);
+
+ Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
+ NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
+ for (int i = 0; i < childNodes.getLength(); i++) {
+ Node child = childNodes.item(i);
+ if (child.getNodeType() == Node.TEXT_NODE) {
+ Assert.assertEquals(child.getTextContent().trim(), "");
+ } else if (child.getNodeType() == Node.ELEMENT_NODE) {
+ Assert.assertEquals(child, nodeList.item(0));
+ } else {
+ Assert.fail("Unexpected Node encountered");
+ }
+ }
+ }
+
+ //done encryption; now test decryption:
+ {
+ String action = WSHandlerConstants.ENCRYPT;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java Tue Aug 20 10:38:10 2013
@@ -193,7 +193,6 @@ public class SignatureCertConstaintsTest
RequestData requestData = new RequestData();
requestData.setMsgContext(messageContext);
requestData.setNoSerialization(true);
- requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
wss4JHandler.doSender(messageContext, requestData, true);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1515764&r1=1515763&r2=1515764&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Tue Aug 20 10:38:10 2013
@@ -68,7 +68,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
Added: webservices/wss4j/trunk/ws-security-stax/src/test/resources/transmitter-crypto-enc.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/resources/transmitter-crypto-enc.properties?rev=1515764&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/resources/transmitter-crypto-enc.properties (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/resources/transmitter-crypto-enc.properties Tue Aug 20 10:38:10 2013
@@ -0,0 +1,5 @@
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.file=transmitter.jks
+org.apache.wss4j.crypto.merlin.keystore.alias.password=default
+org.apache.wss4j.crypto.merlin.keystore.password=ENC(YX+AZ5SE26tyvQqqA1/05Q==)
+org.apache.wss4j.crypto.merlin.keystore.alias=transmitter