You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/04/27 13:40:09 UTC
svn commit: r768934 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/message/WSSecEncrypt.java
test/wssec/TestWSSecurityNew14.java
Author: coheigea
Date: Mon Apr 27 11:40:09 2009
New Revision: 768934
URL: http://svn.apache.org/viewvc?rev=768934&view=rev
Log:
[WSS-177] - Backported the specific fix only to the 1_5_x-fixes branch.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java Mon Apr 27 11:40:09 2009
@@ -254,6 +254,8 @@
remoteCert = certs[0];
}
prepareInternal(this.ephemeralKey, remoteCert, crypto);
+ } else {
+ encryptedEphemeralKey = ephemeralKey;
}
}
@@ -291,9 +293,9 @@
envelope = document.getDocumentElement();
}
- SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
if (parts == null) {
parts = new Vector();
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
@@ -304,9 +306,12 @@
}
Element refs = encryptForInternalRef(null, parts);
- addInternalRefElement(refs);
-
- prependToHeader(secHeader);
+ if (encryptedKeyElement != null) {
+ addInternalRefElement(refs);
+ prependToHeader(secHeader);
+ } else {
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), refs);
+ }
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java Mon Apr 27 11:40:09 2009
@@ -41,6 +41,8 @@
import java.io.IOException;
import java.io.InputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -72,6 +74,8 @@
private Crypto crypto = CryptoFactory.getInstance();
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
+ private byte[] keyData;
+ private SecretKey key;
/**
* TestWSSecurity constructor
@@ -103,6 +107,11 @@
AxisClient tmpEngine = new AxisClient(new NullProvider());
msgContext = new MessageContext(tmpEngine);
unsignedEnvelope = getSOAPEnvelope();
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ key = keyGen.generateKey();
+ keyData = key.getEncoded();
}
/**
@@ -231,6 +240,69 @@
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
+ * generated session key which is then encrypted using a public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
+ */
+ public void testEncryptionSHA1Symmetric() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setSymmetricKey(key);
+ builder.setEncryptSymmKey(false);
+ builder.setUseKeyIdentifier(true);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes),
+ * rather than a generated session key which is then encrypted using a public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
+ */
+ public void testEncryptionSHA1SymmetricBytes() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setEphemeralKey(keyData);
+ builder.setEncryptSymmKey(false);
+ builder.setUseKeyIdentifier(true);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
/**
* Verifies the soap envelope.
@@ -255,6 +327,7 @@
* for Testing we supply a fixed name here.
*/
pc.setPassword("security");
+ pc.setKey(keyData);
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org