You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/11/06 12:55:24 UTC

svn commit: r833365 - in /webservices/wss4j/trunk: src/org/apache/ws/security/message/WSSecDerivedKeyBase.java test/wssec/TestWSSecurityNewSCT.java

Author: coheigea
Date: Fri Nov  6 11:55:23 2009
New Revision: 833365

URL: http://svn.apache.org/viewvc?rev=833365&view=rev
Log:
[WSS-217] - Forward merging to trunk

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=833365&r1=833364&r2=833365&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Fri Nov  6 11:55:23 2009
@@ -64,7 +64,7 @@
      * wsu:Id of the wsc:DerivedKeyToken
      */
     protected String dktId = null;
-
+    
     /**
      * Client's label value
      */
@@ -85,6 +85,12 @@
      * is (or to be) derived from.
      */
     protected String tokenIdentifier = null;
+    
+    /**
+     * True if the tokenIdentifier is a direct reference to a key identifier
+     * instead of a URI to a key
+     */
+    protected boolean tokenIdDirectId;
 
     /**
      * The derived key will change depending on the sig/encr algorithm.
@@ -208,7 +214,12 @@
             //Create the SecurityTokenRef to the Encrypted Key
             SecurityTokenReference strEncKey = new SecurityTokenReference(document);
             Reference ref = new Reference(document);
-            ref.setURI("#" + tokenIdentifier);
+            
+            if (tokenIdDirectId) {
+                ref.setURI(tokenIdentifier);
+            } else {
+                ref.setURI("#" + tokenIdentifier);
+            }
             if (customValueType != null && customValueType.trim().length() > 0) {
                 ref.setValueType(customValueType);
             }
@@ -259,4 +270,8 @@
     public void setCustomValueType(String customValueType) {
         this.customValueType = customValueType;
     }
+    
+    public void setTokenIdDirectId(boolean b) {
+        tokenIdDirectId = b;
+    }
 }

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=833365&r1=833364&r2=833365&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Fri Nov  6 11:55:23 2009
@@ -196,6 +196,50 @@
         }
     }
     
+    /**
+     * Test for WSS-217:
+     * "Add ability to specify a reference to an absolute URI in the derived key functionality".
+     */
+    public void testSCTKDKTSignAbsolute() {
+        try {
+            Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+            WSSecHeader secHeader = new WSSecHeader();
+            secHeader.insertSecurityHeader(doc);
+
+            WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+            sctBuilder.prepare(doc, crypto);
+
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] tempSecret = new byte[16];
+            random.nextBytes(tempSecret);
+
+            // Store the secret
+            this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+            // Derived key signature
+            WSSecDKSign sigBuilder = new WSSecDKSign();
+            sigBuilder.setExternalKey(tempSecret, sctBuilder.getIdentifier());
+            sigBuilder.setTokenIdDirectId(true);
+            sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+            sigBuilder.build(doc, secHeader);
+            
+            sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("DKT Absolute");
+                String outputString = 
+                    org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+                LOG.debug(outputString);
+            }
+
+            verify(doc);
+        } catch (Exception e) {
+            e.printStackTrace();
+            fail(e.getMessage());
+        }
+    }
+
+    
     public void testSCTKDKTSignEncrypt() {
         try {
             Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
@@ -309,7 +353,8 @@
 
             WSSecSignature builder = new WSSecSignature();
             builder.setSecretKey(tempSecret);
-            builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+            builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+            builder.setCustomTokenValueType(WSConstants.WSC_SCT);
             builder.setCustomTokenId(tokenId);
             builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
             builder.build(doc, crypto, secHeader);
@@ -330,7 +375,6 @@
         }
     }
     
-    
     /**
      * Verifies the soap envelope <p/>
      * 



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org