You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by fa...@apache.org on 2008/04/04 23:12:14 UTC
svn commit: r644932 - in /webservices/wss4j/trunk: keys/ src/
src/org/apache/ws/security/ src/org/apache/ws/security/message/token/
src/org/apache/ws/security/processor/ src/org/apache/ws/security/transform/
src/org/apache/ws/security/util/ test/wssec/
Author: fadushin
Date: Fri Apr 4 14:12:12 2008
New Revision: 644932
URL: http://svn.apache.org/viewvc?rev=644932&view=rev
Log:
[WSS-103, WSS-105] WS-Security 1.1 X.509 profile support
* X.509v1 cert support
* Constrained use of X.509v3 certs with subject key identifiers
Thanks, Colm!
Added:
webservices/wss4j/trunk/keys/x509v1.keystore (with props)
webservices/wss4j/trunk/src/x509v1.properties (with props)
webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java (with props)
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/wssec/PackageTests.java
Added: webservices/wss4j/trunk/keys/x509v1.keystore
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/x509v1.keystore?rev=644932&view=auto
==============================================================================
Binary file - no diff available.
Propchange: webservices/wss4j/trunk/keys/x509v1.keystore
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties Fri Apr 4 14:12:12 2008
@@ -38,6 +38,7 @@
noSecProvider = Specified security provider not available
parseError = Cannot parse/decode the certificate data
encodeError = Cannot encode the certificate data
+invalidCertForSKI = An X509 certificate with version 3 must be used for SKI. The presented cert has version: {0}
unsupportedCertType = Certificate type not supported by security provider
invalidCert = The provided certificate is invalid
noXMLSig = Cannot setup signature data structure
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java Fri Apr 4 14:12:12 2008
@@ -246,7 +246,12 @@
"encodeError");
}
Text text = doc.createTextNode(Base64.encode(data));
- createKeyIdentifier(doc, X509Security.getType(), text);
+
+ if (cert.getVersion() == 1) {
+ createKeyIdentifier(doc, X509Security.X509_V1_TYPE, text);
+ } else {
+ createKeyIdentifier(doc, X509Security.X509_V3_TYPE, text);
+ }
}
/**
@@ -260,6 +265,17 @@
*/
public void setKeyIdentifierSKI(X509Certificate cert, Crypto crypto)
throws WSSecurityException {
+ //
+ // As per the 1.1 specification, SKI can only be used for a V3 certificate
+ //
+ if (cert.getVersion() != 3) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
+ "invalidCertForSKI",
+ new Object[]{new Integer(cert.getVersion())}
+ );
+ }
+
Document doc = this.element.getOwnerDocument();
byte data[] = crypto.getSKIBytesFromCert(cert);
@@ -366,7 +382,8 @@
String value = elem.getAttribute("ValueType");
String alias = null;
- if (X509Security.getType().equals(value)) {
+ if (X509Security.X509_V3_TYPE.equals(value)
+ || X509Security.X509_V1_TYPE.equals(value)) {
token = new X509Security(elem);
if (token != null) {
X509Certificate cert = token.getX509Certificate(crypto);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java Fri Apr 4 14:12:12 2008
@@ -34,7 +34,10 @@
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class X509Security extends BinarySecurity {
- private static final String type = WSConstants.X509TOKEN_NS + "#X509v3";
+
+ public static final String X509_V3_TYPE = WSConstants.X509TOKEN_NS + "#X509v3";
+ public static final String X509_V1_TYPE = WSConstants.X509TOKEN_NS + "#X509v1";
+
/*
* Stores the associated X.509 Certificate. This saves numerous
* crypto loadCertificate operations
@@ -50,8 +53,13 @@
*/
public X509Security(Element elem) throws WSSecurityException {
super(elem);
- if (!getValueType().equals(type)) {
- throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{type, getValueType()});
+ String valueType = getValueType();
+ if (!(valueType.equals(X509_V3_TYPE) || valueType.equals(X509_V1_TYPE))) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{getValueType()}
+ );
}
}
@@ -62,7 +70,6 @@
*/
public X509Security(Document doc) {
super(doc);
- setValueType(type);
}
/**
@@ -100,8 +107,12 @@
public void setX509Certificate(X509Certificate cert)
throws WSSecurityException {
if (cert == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noCert");
+ throw new WSSecurityException(WSSecurityException.FAILURE, "noCert");
+ }
+ if (cert.getVersion() == 1) {
+ setValueType(X509_V1_TYPE);
+ } else {
+ setValueType(X509_V3_TYPE);
}
cachedCert = cert;
try {
@@ -110,9 +121,5 @@
throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
"encodeError");
}
- }
-
- public static String getType() {
- return type;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java Fri Apr 4 14:12:12 2008
@@ -80,7 +80,8 @@
* <p/>
*
* @param elem The element containing the binary security token. This is
- * either X509 certificate(s) or a PKIPath.
+ * either X509 certificate(s) or a PKIPath. Any other token type
+ * is ignored.
* @throws WSSecurityException
*/
private void getCertificatesTokenReference(Element elem, Crypto crypto)
@@ -99,22 +100,18 @@
* Checks the <code>element</code> and creates appropriate binary security object.
*
* @param element The XML element that contains either a <code>BinarySecurityToken
- * </code> or a <code>PKIPath</code> element. Other element types a not
- * supported
+ * </code> or a <code>PKIPath</code> element.
* @throws WSSecurityException
*/
private void createSecurityToken(Element element) throws WSSecurityException {
this.token = new BinarySecurity(element);
String type = token.getValueType();
- if (X509Security.getType().equals(type)) {
+ if (X509Security.X509_V3_TYPE.equals(type) || X509Security.X509_V1_TYPE.equals(type)) {
this.token = new X509Security(element);
} else if (PKIPathSecurity.getType().equals(type)) {
this.token = new PKIPathSecurity(element);
- } else {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "unsupportedBinaryTokenType", new Object[]{type});
- }
+ }
}
public String getType() {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java Fri Apr 4 14:12:12 2008
@@ -207,7 +207,8 @@
if (el.equals(WSSecurityEngine.binaryToken)) {
X509Security token = null;
String value = bstElement.getAttribute(WSSecurityEngine.VALUE_TYPE);
- if (!X509Security.getType().equals(value)
+ if (!(X509Security.X509_V3_TYPE.equals(value)
+ || X509Security.X509_V1_TYPE.equals(value))
|| ((token = new X509Security(bstElement)) == null)) {
throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
"unsupportedBinaryTokenType",
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Fri Apr 4 14:12:12 2008
@@ -463,7 +463,10 @@
X509Security x509 = null;
PKIPathSecurity pkiPath = null;
- if (X509Security.getType().equals(type)) {
+ if (X509Security.X509_V3_TYPE.equals(type)) {
+ x509 = new X509Security(element);
+ return (BinarySecurity) x509;
+ } else if (X509Security.X509_V1_TYPE.equals(type)) {
x509 = new X509Security(element);
return (BinarySecurity) x509;
} else if (PKIPathSecurity.getType().equals(type)) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Fri Apr 4 14:12:12 2008
@@ -328,7 +328,11 @@
+ ":BinarySecurityToken");
WSSecurityUtil.setNamespace(elem, WSConstants.WSSE_NS, prefix);
// elem.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "");
- elem.setAttributeNS(null, "ValueType", X509Security.getType());
+ if (cert.getVersion() == 1) {
+ elem.setAttributeNS(null, "ValueType", X509Security.X509_V1_TYPE);
+ } else {
+ elem.setAttributeNS(null, "ValueType", X509Security.X509_V3_TYPE);
+ }
Text certText = doc.createTextNode(Base64.encode(data)); // no lne
// wrap
elem.appendChild(certText);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Fri Apr 4 14:12:12 2008
@@ -477,28 +477,6 @@
}
/**
- * Create a BinarySecurityToken element <p/>
- *
- * @param doc
- * the DOM document (SOAP request)
- * @param wsuIdVal
- * the value for the wsu:Id
- * @return then BST element (DOM element)
- */
- public static Element createBinarySecurityToken(Document doc,
- String wsuIdVal) {
- Element retVal = doc.createElementNS(WSConstants.WSSE_NS,
- "wsse:BinarySecurityToken");
- retVal.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsu",
- WSConstants.WSU_NS);
- retVal.setAttributeNS(WSConstants.WSU_NS, "wsu:Id", wsuIdVal);
- retVal.setAttributeNS(null, "ValueType", X509Security.getType());
- retVal.setAttributeNS(null, "EncodingType",
- BinarySecurity.BASE64_ENCODING);
- return retVal;
- }
-
- /**
* create a new element in the same namespace <p/>
*
* @param parent
Added: webservices/wss4j/trunk/src/x509v1.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/x509v1.properties?rev=644932&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/x509v1.properties (added)
+++ webservices/wss4j/trunk/src/x509v1.properties Fri Apr 4 14:12:12 2008
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=security
+org.apache.ws.security.crypto.merlin.file=keys/x509v1.keystore
Propchange: webservices/wss4j/trunk/src/x509v1.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/src/x509v1.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: webservices/wss4j/trunk/src/x509v1.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: webservices/wss4j/trunk/test/wssec/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/PackageTests.java?rev=644932&r1=644931&r2=644932&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/PackageTests.java (original)
+++ webservices/wss4j/trunk/test/wssec/PackageTests.java Fri Apr 4 14:12:12 2008
@@ -70,6 +70,7 @@
suite.addTestSuite(TestWSSecurityNewST3.class);
suite.addTestSuite(TestWSSecurityNewDK.class);
suite.addTestSuite(TestWSSecurityNewSCT.class);
+ suite.addTestSuite(TestWSSecurityX509v1.class);
suite.addTestSuite(TestWSSecurityUserProcessor.class);
return suite;
}
Added: webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java?rev=644932&view=auto
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java (added)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java Fri Apr 4 14:12:12 2008
@@ -0,0 +1,231 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package wssec;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.axis.client.AxisClient;
+import org.apache.axis.configuration.NullProvider;
+import org.apache.axis.message.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+
+import java.util.Vector;
+
+/**
+ * WS-Security Test Case for X509v1 certificates. The WS-Security 1.1 X.509 specification adds
+ * support for X.509 V1 certificates. This test code verifies that the ValueType attribute gets
+ * set correctly in the BinarySecurityToken and Reference elements.
+ */
+public class TestWSSecurityX509v1 extends TestCase implements CallbackHandler {
+ private static Log log = LogFactory.getLog(TestWSSecurityX509v1.class);
+ static final String soapMsg = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" +
+ " <soapenv:Body>" +
+ " <ns1:testMethod xmlns:ns1=\"uri:LogTestService2\"></ns1:testMethod>" +
+ " </soapenv:Body>" +
+ "</soapenv:Envelope>";
+
+ static final WSSecurityEngine secEngine = new WSSecurityEngine();
+ static final Crypto v1Crypto = CryptoFactory.getInstance("x509v1.properties");
+ MessageContext msgContext;
+ SOAPEnvelope unsignedEnvelope;
+
+ /**
+ * TestWSSecurity constructor
+ * <p/>
+ *
+ * @param name name of the test
+ */
+ public TestWSSecurityX509v1(String name) {
+ super(name);
+ }
+
+ /**
+ * JUnit suite
+ * <p/>
+ *
+ * @return a junit test suite
+ */
+ public static Test suite() {
+ return new TestSuite(TestWSSecurityX509v1.class);
+ }
+
+ /**
+ * Main method
+ * <p/>
+ *
+ * @param args command line args
+ */
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(suite());
+ }
+
+ /**
+ * Setup method
+ * <p/>
+ *
+ * @throws Exception Thrown when there is a problem in setup
+ */
+ protected void setUp() throws Exception {
+ AxisClient tmpEngine = new AxisClient(new NullProvider());
+ msgContext = new MessageContext(tmpEngine);
+ unsignedEnvelope = getSOAPEnvelope();
+ }
+
+ /**
+ * Constructs a soap envelope
+ * <p/>
+ *
+ * @return soap envelope
+ * @throws java.lang.Exception if there is any problem constructing the soap envelope
+ */
+ protected SOAPEnvelope getSOAPEnvelope() throws Exception {
+ InputStream in = new ByteArrayInputStream(soapMsg.getBytes());
+ Message msg = new Message(in);
+ msg.setMessageContext(msgContext);
+ return msg.getSOAPEnvelope();
+ }
+
+ /**
+ * Test for a X509 V1 certificate used for signature/verification.
+ */
+ public void testX509v1Signature() throws Exception {
+ WSSecSignature builder = new WSSecSignature();
+ builder.setUserInfo("x509v1cert", "security");
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = builder.build(doc, v1Crypto, secHeader);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Signed message with BST_DIRECT_REFERENCE:");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ log.debug(outputString);
+ assertTrue(outputString.contains("#X509v1"));
+ assertTrue(!outputString.contains("#X509v3"));
+ }
+
+ verify(signedDoc);
+ }
+
+ /**
+ * Test for a X509 V1 certificate used for encryption/decryption
+ */
+ public void testX509v1Encryption() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("x509v1cert");
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, v1Crypto, secHeader);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Encrypted message with BST_DIRECT_REFERENCE:");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ log.debug(outputString);
+ assertTrue(outputString.contains("#X509v1"));
+ assertTrue(!outputString.contains("#X509v3"));
+ }
+
+ verify(encryptedDoc);
+ }
+
+ /**
+ * Test for a X509 V1 certificate used for encryption/decryption.
+ * This time a KeyIdentifier is used. This test should fail as the
+ * X.509 1.1 specification states that a KeyIdentifer should only
+ * reference a V3 certificate.
+ */
+ public void testX509v1KeyIdentifier() throws Exception {
+ try {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("x509v1cert");
+ builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, v1Crypto, secHeader);
+ fail("Expected failure when using an X509#v1 certificate with SKI");
+ } catch (WSSecurityException ex) {
+ // expected
+ assertTrue(ex.getMessage().contains(
+ "An X509 certificate with version 3 must be used for SKI")
+ );
+ }
+ }
+
+
+ /**
+ * Verifies the soap envelope.
+ *
+ * @param env soap envelope
+ * @throws java.lang.Exception Thrown when there is a problem in verification
+ */
+ private void verify(Document doc) throws Exception {
+ secEngine.processSecurityHeader(doc, null, this, v1Crypto);
+ }
+
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ /*
+ * here call a function/method to lookup the password for
+ * the given identifier (e.g. a user name or keystore alias)
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+ * for Testing we supply a fixed name here.
+ */
+ pc.setPassword("security");
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+}
Propchange: webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/test/wssec/TestWSSecurityX509v1.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org