You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/11/06 12:55:24 UTC
svn commit: r833365 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
test/wssec/TestWSSecurityNewSCT.java
Author: coheigea
Date: Fri Nov 6 11:55:23 2009
New Revision: 833365
URL: http://svn.apache.org/viewvc?rev=833365&view=rev
Log:
[WSS-217] - Forward merging to trunk
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=833365&r1=833364&r2=833365&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Fri Nov 6 11:55:23 2009
@@ -64,7 +64,7 @@
* wsu:Id of the wsc:DerivedKeyToken
*/
protected String dktId = null;
-
+
/**
* Client's label value
*/
@@ -85,6 +85,12 @@
* is (or to be) derived from.
*/
protected String tokenIdentifier = null;
+
+ /**
+ * True if the tokenIdentifier is a direct reference to a key identifier
+ * instead of a URI to a key
+ */
+ protected boolean tokenIdDirectId;
/**
* The derived key will change depending on the sig/encr algorithm.
@@ -208,7 +214,12 @@
//Create the SecurityTokenRef to the Encrypted Key
SecurityTokenReference strEncKey = new SecurityTokenReference(document);
Reference ref = new Reference(document);
- ref.setURI("#" + tokenIdentifier);
+
+ if (tokenIdDirectId) {
+ ref.setURI(tokenIdentifier);
+ } else {
+ ref.setURI("#" + tokenIdentifier);
+ }
if (customValueType != null && customValueType.trim().length() > 0) {
ref.setValueType(customValueType);
}
@@ -259,4 +270,8 @@
public void setCustomValueType(String customValueType) {
this.customValueType = customValueType;
}
+
+ public void setTokenIdDirectId(boolean b) {
+ tokenIdDirectId = b;
+ }
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=833365&r1=833364&r2=833365&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Fri Nov 6 11:55:23 2009
@@ -196,6 +196,50 @@
}
}
+ /**
+ * Test for WSS-217:
+ * "Add ability to specify a reference to an absolute URI in the derived key functionality".
+ */
+ public void testSCTKDKTSignAbsolute() {
+ try {
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ // Derived key signature
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setExternalKey(tempSecret, sctBuilder.getIdentifier());
+ sigBuilder.setTokenIdDirectId(true);
+ sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ sigBuilder.build(doc, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("DKT Absolute");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
public void testSCTKDKTSignEncrypt() {
try {
Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
@@ -309,7 +353,8 @@
WSSecSignature builder = new WSSecSignature();
builder.setSecretKey(tempSecret);
- builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ builder.setCustomTokenValueType(WSConstants.WSC_SCT);
builder.setCustomTokenId(tokenId);
builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
builder.build(doc, crypto, secHeader);
@@ -330,7 +375,6 @@
}
}
-
/**
* Verifies the soap envelope <p/>
*
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org