You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/04/27 13:40:09 UTC

svn commit: r768934 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/message/WSSecEncrypt.java test/wssec/TestWSSecurityNew14.java

Author: coheigea
Date: Mon Apr 27 11:40:09 2009
New Revision: 768934

URL: http://svn.apache.org/viewvc?rev=768934&view=rev
Log:
[WSS-177] - Backported the specific fix only to the 1_5_x-fixes branch.

Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java Mon Apr 27 11:40:09 2009
@@ -254,6 +254,8 @@
                 remoteCert = certs[0];
             }
             prepareInternal(this.ephemeralKey, remoteCert, crypto);
+        } else {
+            encryptedEphemeralKey = ephemeralKey;
         }
     }
 
@@ -291,9 +293,9 @@
             envelope = document.getDocumentElement();
         }
 
-        SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
         if (parts == null) {
             parts = new Vector();
+            SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
             WSEncryptionPart encP = 
                 new WSEncryptionPart(
                     soapConstants.getBodyQName().getLocalPart(), 
@@ -304,9 +306,12 @@
         }
 
         Element refs = encryptForInternalRef(null, parts);
-        addInternalRefElement(refs);
-
-        prependToHeader(secHeader);
+        if (encryptedKeyElement != null) {
+            addInternalRefElement(refs);
+            prependToHeader(secHeader); 
+        } else {
+            WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), refs);
+        }
 
         if (bstToken != null) {
             prependBSTElementToHeader(secHeader);

Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java Mon Apr 27 11:40:09 2009
@@ -41,6 +41,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -72,6 +74,8 @@
     private Crypto crypto = CryptoFactory.getInstance();
     private MessageContext msgContext;
     private SOAPEnvelope unsignedEnvelope;
+    private byte[] keyData;
+    private SecretKey key;
 
     /**
      * TestWSSecurity constructor
@@ -103,6 +107,11 @@
         AxisClient tmpEngine = new AxisClient(new NullProvider());
         msgContext = new MessageContext(tmpEngine);
         unsignedEnvelope = getSOAPEnvelope();
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        key = keyGen.generateKey();
+        keyData = key.getEncoded();
     }
 
     /**
@@ -231,6 +240,69 @@
         LOG.info("After Encrypting EncryptedKeySHA1....");
         verify(encryptedDoc);
     }
+    
+    /**
+     * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a 
+     * generated session key which is then encrypted using a public key.
+     * 
+     * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
+     */
+    public void testEncryptionSHA1Symmetric() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        builder.setSymmetricKey(key);
+        builder.setEncryptSymmKey(false);
+        builder.setUseKeyIdentifier(true);
+        
+        LOG.info("Before Encrypting EncryptedKeySHA1....");
+        Document doc = unsignedEnvelope.getAsDocument();
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);        
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+     
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+     
+        LOG.info("After Encrypting EncryptedKeySHA1....");
+        verify(encryptedDoc);
+    }
+    
+    
+    /**
+     * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes), 
+     * rather than a generated session key which is then encrypted using a public key.
+     * 
+     * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
+     */
+    public void testEncryptionSHA1SymmetricBytes() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        builder.setEphemeralKey(keyData);
+        builder.setEncryptSymmKey(false);
+        builder.setUseKeyIdentifier(true);
+        
+        LOG.info("Before Encrypting EncryptedKeySHA1....");
+        Document doc = unsignedEnvelope.getAsDocument();
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);        
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+     
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+     
+        LOG.info("After Encrypting EncryptedKeySHA1....");
+        verify(encryptedDoc);
+    }
 
     /**
      * Verifies the soap envelope.
@@ -255,6 +327,7 @@
                  * for Testing we supply a fixed name here.
                  */
                 pc.setPassword("security");
+                pc.setKey(keyData);
             } else {
                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
             }



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org