You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/04/16 11:25:06 UTC
[ws-wss4j] 02/04: WSS-668 - Rename WSSConstants ENCRYPT actions
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit a12eec565d0b41c8b8210927f352a556e17d73c6
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Apr 16 10:25:11 2020 +0100
WSS-668 - Rename WSSConstants ENCRYPT actions
---
.../integration/test/kerberos/KerberosTest.java | 80 ++++++++++++++++++++++
src/site/asciidoc/config.adoc | 3 +-
.../wss4j/common/ConfigurationConstants.java | 7 ++
.../test/AsymmetricBindingIntegrationTest.java | 4 +-
.../org/apache/wss4j/stax/ext/WSSConstants.java | 8 ++-
.../output/BinarySecurityTokenOutputProcessor.java | 8 +--
.../output/DerivedKeyTokenOutputProcessor.java | 4 +-
.../output/EncryptedKeyOutputProcessor.java | 4 +-
.../SecurityContextTokenOutputProcessor.java | 2 +-
.../wss4j/stax/setup/ConfigurationConverter.java | 7 +-
.../org/apache/wss4j/stax/setup/OutboundWSSec.java | 6 +-
.../java/org/apache/wss4j/stax/setup/WSSec.java | 4 +-
.../wss4j/stax/test/DerivedKeyTokenTest.java | 38 +++++++++-
.../wss4j/stax/test/SecurityContextTokenTest.java | 2 +-
14 files changed, 151 insertions(+), 26 deletions(-)
diff --git a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
index 8bcd973..f91effe 100644
--- a/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
+++ b/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
@@ -947,6 +947,86 @@ public class KerberosTest {
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
+ actions.add(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN);
+ securityProperties.setActions(actions);
+ securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES128);
+ securityProperties.setCallbackHandler(new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ if (callbacks[0] instanceof KerberosContextAndServiceNameCallback) {
+ KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback =
+ (KerberosContextAndServiceNameCallback) callbacks[0];
+ kerberosContextAndServiceNameCallback.setContextName("alice");
+ kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
+ } else if (callbacks[0] instanceof PasswordCallback) {
+ PasswordCallback passwordCallback = (PasswordCallback) callbacks[0];
+ if (passwordCallback.getPrompt().contains("alice")) {
+ passwordCallback.setPassword("alice".toCharArray());
+ }
+ }
+ }
+ });
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ document = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_ReferenceList.getNamespaceURI(), WSSConstants.TAG_xenc_ReferenceList.getLocalPart());
+ assertEquals(1, nodeList.getLength());
+ }
+
+ {
+ // Configure the Validator
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ KerberosTokenValidator validator = new KerberosTokenValidator();
+ validator.setContextName("bob");
+ validator.setServiceName("bob@service.ws.apache.org");
+ wssConfig.setValidator(WSConstants.BINARY_TOKEN, validator);
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.setWssConfig(wssConfig);
+
+ CallbackHandler callbackHandler = new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ if (callbacks[0] instanceof PasswordCallback) {
+ PasswordCallback passwordCallback = (PasswordCallback) callbacks[0];
+ if (passwordCallback.getPrompt().contains("bob")) {
+ passwordCallback.setPassword("bob".toCharArray());
+ }
+ }
+ }
+ };
+
+ WSHandlerResult results =
+ secEngine.processSecurityHeader(document, null, callbackHandler, null);
+ WSSecurityEngineResult actionResult =
+ results.getActionResults().get(WSConstants.BST).get(0);
+ BinarySecurity token =
+ (BinarySecurity) actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ assertNotNull(token);
+
+ Principal principal = (Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ assertTrue(principal instanceof KerberosPrincipal);
+ assertTrue(principal.getName().contains("alice"));
+ }
+ }
+
+ @Test
+ public void testKerberosEncryptionOutboundDeprecatedTag() throws Exception {
+ if (!runTests) {
+ System.out.println("Skipping test because kerberos server could not be started");
+ return;
+ }
+
+ Document document;
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new ArrayList<>();
actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
securityProperties.setActions(actions);
securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES128);
diff --git a/src/site/asciidoc/config.adoc b/src/site/asciidoc/config.adoc
index 8b7b19c..f7ab907 100644
--- a/src/site/asciidoc/config.adoc
+++ b/src/site/asciidoc/config.adoc
@@ -124,7 +124,8 @@ The configuration tags for Actions are as follows:
* *WSS4J 2.0.0* SIGNATURE_DERIVED (SignatureDerived) - Perform a Signature action with derived keys.
* *WSS4J 2.0.0* ENCRYPT_DERIVED (EncryptDerived) - Perform a Encryption action with derived keys.
* *WSS4J 2.0.0* SIGNATURE_WITH_KERBEROS_TOKEN (SignatureWithKerberosToken) - Perform a Signature action with a kerberos token. Only for StAX code.
- * *WSS4J 2.0.0* ENCRYPT_WITH_KERBEROS_TOKEN (EncryptWithKerberosToken) - Perform a Encryption action with a kerberos token. Only for StAX code.
+ * *WSS4J 2.3.0* ENCRYPTION_WITH_KERBEROS_TOKEN (EncryptionWithKerberosToken) - Perform a Encryption action with a kerberos token. Only for StAX code.
+Note that for releases from 2.0.0 -> 2.2.x, this configuration tag was called ENCRYPT_WITH_KERBEROS_TOKEN (EncryptWithKerberosToken).
* *WSS4J 2.0.0* KERBEROS_TOKEN (KerberosToken) - Add a kerberos token. Only for StAX code.
* *WSS4J 2.0.0* CUSTOM_TOKEN (CustomToken) - Add a "Custom" token from a CallbackHandler
* *WSS4J 1.6.x only* SIGN_WITH_UT_KEY (UsernameTokenSignature) - Perform a .NET specific signature using a Username Token action.
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
index b1d5d3f..16b6786 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
@@ -106,9 +106,16 @@ public class ConfigurationConstants {
* Perform a Encryption action with a kerberos token. The signature specific parameters define how
* to encrypt, which keys to use, and so on.
*/
+ @Deprecated
public static final String ENCRYPT_WITH_KERBEROS_TOKEN = "EncryptWithKerberosToken";
/**
+ * Perform a Encryption action with a kerberos token. The signature specific parameters define how
+ * to encrypt, which keys to use, and so on.
+ */
+ public static final String ENCRYPTION_WITH_KERBEROS_TOKEN = "EncryptionWithKerberosToken";
+
+ /**
* Add a kerberos token.
*/
public static final String KERBEROS_TOKEN = "KerberosToken";
diff --git a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
index a0789f6..7a4711a 100644
--- a/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
+++ b/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
@@ -2255,7 +2255,7 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase {
actions.add(WSSConstants.TIMESTAMP);
actions.add(WSSConstants.USERNAMETOKEN);
actions.add(WSSConstants.SAML_TOKEN_SIGNED);
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
outSecurityProperties.setActions(actions);
SAMLCallbackHandlerImpl samlCallbackHandler = new SAMLCallbackHandlerImpl();
samlCallbackHandler.setSamlVersion(Version.SAML_20);
@@ -2385,7 +2385,7 @@ public class AsymmetricBindingIntegrationTest extends AbstractPolicyTestBase {
actions.add(WSSConstants.TIMESTAMP);
actions.add(WSSConstants.USERNAMETOKEN);
actions.add(WSSConstants.SAML_TOKEN_SIGNED);
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
outSecurityProperties.setActions(actions);
SAMLCallbackHandlerImpl samlCallbackHandler = new SAMLCallbackHandlerImpl();
samlCallbackHandler.setSamlVersion(Version.SAML_20);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
index 904e2b9..edfc5df 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
@@ -219,11 +219,15 @@ public class WSSConstants extends XMLSecurityConstants {
public static final Action USERNAMETOKEN_SIGNED = new Action(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE);
public static final Action SIGNATURE_CONFIRMATION = new Action("SignatureConfirmation");
public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SignatureWithDerivedKey");
- public static final Action ENCRYPT_WITH_DERIVED_KEY = new Action("EncryptWithDerivedKey");
+ public static final Action ENCRYPTION_WITH_DERIVED_KEY = new Action("EncryptionWithDerivedKey");
+ @Deprecated
+ public static final Action ENCRYPT_WITH_DERIVED_KEY = ENCRYPTION_WITH_DERIVED_KEY;
public static final Action SAML_TOKEN_SIGNED = new Action(ConfigurationConstants.SAML_TOKEN_SIGNED);
public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
- public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
+ public static final Action ENCRYPTION_WITH_KERBEROS_TOKEN = new Action("EncryptionWithKerberosToken");
+ @Deprecated
+ public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = ENCRYPTION_WITH_KERBEROS_TOKEN;
public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
public static final Action CUSTOM_TOKEN = new Action("CustomToken");
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
index aa1fbf1..f8ab36b 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
@@ -60,7 +60,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
} else if (WSSConstants.ENCRYPTION.equals(action)) {
tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY);
- } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+ } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS);
@@ -119,7 +119,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
finalBinarySecurityTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
securityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
- } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+ } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor =
@@ -158,7 +158,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
final QName headerElementName = WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN;
- if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())
+ if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction())
|| WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
OutputProcessorUtils.updateSecurityHeaderOrder(
@@ -175,7 +175,7 @@ public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor
((KerberosClientSecurityToken)securityToken).getTicket())
);
createEndElementAndOutputAsEvent(subOutputProcessorChain, headerElementName);
- if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())) {
+ if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(getAction())) {
OutputProcessorUtils.updateSecurityHeaderOrder(outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList,
getAction(), false);
WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
index 459794c..08e402b 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
@@ -91,7 +91,7 @@ public class DerivedKeyTokenOutputProcessor extends AbstractOutputProcessor {
length = KeyUtils.getKeyLength(getSecurityProperties().getSignatureAlgorithm()) / 8;
}
}
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
if (((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength() > 0) {
length = ((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength();
} else {
@@ -172,7 +172,7 @@ public class DerivedKeyTokenOutputProcessor extends AbstractOutputProcessor {
if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, wsuIdDKT);
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, wsuIdDKT);
}
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(wsuIdDKT, derivedKeysecurityTokenProvider);
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
index 36dbb3c..e5feb53 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
@@ -143,7 +143,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
}
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
@@ -152,7 +152,7 @@ public class EncryptedKeyOutputProcessor extends AbstractOutputProcessor {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
//hint for the headerReordering processor where to place the EncryptedKey
- if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT_WITH_DERIVED_KEY)
+ if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY)
< getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) {
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
index cb2be23..d6cec3c 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
@@ -117,7 +117,7 @@ public class SecurityContextTokenOutputProcessor extends AbstractOutputProcessor
} else {
finalSecurityContextTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
}
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY, wsuId);
if (wrappingSecurityToken.getProcessor() != null) {
finalSecurityContextTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
index b9e8280..a44fa5a 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
@@ -109,11 +109,12 @@ public final class ConfigurationConverter {
} else if (single[i].equals(ConfigurationConstants.SIGNATURE_DERIVED)) {
actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
} else if (single[i].equals(ConfigurationConstants.ENCRYPT_DERIVED)) {
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
} else if (single[i].equals(ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN)) {
actions.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
- } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN)) {
- actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
+ } else if (single[i].equals(ConfigurationConstants.ENCRYPT_WITH_KERBEROS_TOKEN)
+ || single[i].equals(ConfigurationConstants.ENCRYPTION_WITH_KERBEROS_TOKEN)) {
+ actions.add(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN);
} else if (single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
actions.add(WSSConstants.KERBEROS_TOKEN);
} else if (single[i].equals(ConfigurationConstants.CUSTOM_TOKEN)) {
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
index a64f561..27d84ec 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/OutboundWSSec.java
@@ -580,7 +580,7 @@ public class OutboundWSSec {
for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
derivedSignatureButNotDerivedEncryption = true;
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
derivedSignatureButNotDerivedEncryption = false;
break;
}
@@ -665,7 +665,7 @@ public class OutboundWSSec {
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
configuredAction.encryptionAction = true;
configuredAction.derivedEncryption = true;
@@ -733,7 +733,7 @@ public class OutboundWSSec {
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
- } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
configuredAction.kerberos = true;
configuredAction.encryptionKerberos = true;
final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
index cb07d87..abb1c31 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/WSSec.java
@@ -224,7 +224,7 @@ public class WSSec {
checkDefaultSecureParts(true, securityProperties);
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
checkOutboundSignatureDerivedProperties(securityProperties);
- } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_DERIVED_KEY.equals(action)) {
checkOutboundEncryptionDerivedProperties(securityProperties);
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
if (securityProperties.getCallbackHandler() == null) {
@@ -266,7 +266,7 @@ public class WSSec {
securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
}
checkDefaultSecureParts(true, securityProperties);
- } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
+ } else if (WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN.equals(action)) {
if (securityProperties.getCallbackHandler() == null) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noCallback");
}
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
index 0341277..a3bab34 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
@@ -87,7 +87,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
byte[] secret = WSSConstants.generateBytes(192 / 8);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
@@ -115,6 +115,38 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
@ParameterizedTest
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
+ public void testEncryptionDecryptionOutboundDeprecatedTag(int version) throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new ArrayList<>();
+ actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ securityProperties.setActions(actions);
+ byte[] secret = WSSConstants.generateBytes(192 / 8);
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
+ securityProperties.setCallbackHandler(callbackHandler);
+ securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setEncryptionUser("receiver");
+ securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER);
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_SOAP11_BODY.getLocalPart());
+ }
+ {
+ String action = WSHandlerConstants.ENCRYPT;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @ParameterizedTest
+ @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testEncryptionDecryptionTRIPLEDESInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -293,7 +325,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
byte[] secret = WSSConstants.generateBytes(128 / 8);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
@@ -824,7 +856,7 @@ public class DerivedKeyTokenTest extends AbstractTestBase {
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
actions.add(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
securityProperties.setCallbackHandler(callbackHandler);
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
index 450073d..52a00c4 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
@@ -91,7 +91,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
- actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
+ actions.add(WSSConstants.ENCRYPTION_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(secret);
securityProperties.setCallbackHandler(callbackHandler);