You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/10/27 17:40:34 UTC

svn commit: r830241 - in /webservices/wss4j/trunk: src/org/apache/ws/security/processor/SignatureProcessor.java test/wssec/TestWSSecurityNewSCT.java

Author: coheigea
Date: Tue Oct 27 16:40:34 2009
New Revision: 830241

URL: http://svn.apache.org/viewvc?rev=830241&view=rev
Log:
[WSS-216] - SignatureProcessor does not support directly referencing a SecurityContextToken

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=830241&r1=830240&r2=830241&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Tue Oct 27 16:40:34 2009
@@ -290,8 +290,11 @@
                             (EncryptedKeyProcessor)processor;
                         secretKey = encryptedKeyProcessor.getDecryptedBytes();
                         principal = new CustomTokenPrincipal(encryptedKeyProcessor.getId());
-                    // } else if (processor instanceof SecurityContextTokenProcessor) {
-                    //    this.secret = ((SecurityContextTokenProcessor) processor).getSecret();
+                    } else if (processor instanceof SecurityContextTokenProcessor) {
+                        SecurityContextTokenProcessor sctProcessor = 
+                            (SecurityContextTokenProcessor)processor;
+                        secretKey = sctProcessor.getSecret();
+                        principal = new CustomTokenPrincipal(sctProcessor.getIdentifier());
                     }  else if (processor instanceof DerivedKeyTokenProcessor) {
                         DerivedKeyTokenProcessor dktProcessor = 
                             (DerivedKeyTokenProcessor) processor;

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=830241&r1=830240&r2=830241&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Tue Oct 27 16:40:34 2009
@@ -26,6 +26,7 @@
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.crypto.dsig.SignatureMethod;
 
 import junit.framework.TestCase;
 
@@ -41,6 +42,7 @@
 import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSecurityContextToken;
+import org.apache.ws.security.message.WSSecSignature;
 import org.apache.xml.security.signature.XMLSignature;
 import org.w3c.dom.Document;
 
@@ -283,6 +285,53 @@
     }
     
     /**
+     * Test signature and verification using a SecurityContextToken directly,
+     * rather than using a DerivedKeyToken to point to a SecurityContextToken.
+     * See WSS-216 - https://issues.apache.org/jira/browse/WSS-216
+     */
+    public void testSCTSign() {
+        try {
+            Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+            WSSecHeader secHeader = new WSSecHeader();
+            secHeader.insertSecurityHeader(doc);
+
+            WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+            sctBuilder.prepare(doc, crypto);
+
+            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+            byte[] tempSecret = new byte[16];
+            random.nextBytes(tempSecret);
+
+            // Store the secret
+            this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+            String tokenId = sctBuilder.getSctId();
+
+            WSSecSignature builder = new WSSecSignature();
+            builder.setSecretKey(tempSecret);
+            builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+            builder.setCustomTokenId(tokenId);
+            builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+            builder.build(doc, crypto, secHeader);
+            
+            sctBuilder.prependSCTElementToHeader(doc, secHeader);
+            
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("SCT sign");
+                String outputString = 
+                    org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+                LOG.debug(outputString);
+            }
+
+            verify(doc);
+        } catch (Exception e) {
+            e.printStackTrace();
+            fail(e.getMessage());
+        }
+    }
+    
+    
+    /**
      * Verifies the soap envelope <p/>
      * 
      * @param envelope



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org