You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/10/27 17:40:34 UTC
svn commit: r830241 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/processor/SignatureProcessor.java
test/wssec/TestWSSecurityNewSCT.java
Author: coheigea
Date: Tue Oct 27 16:40:34 2009
New Revision: 830241
URL: http://svn.apache.org/viewvc?rev=830241&view=rev
Log:
[WSS-216] - SignatureProcessor does not support directly referencing a SecurityContextToken
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=830241&r1=830240&r2=830241&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Tue Oct 27 16:40:34 2009
@@ -290,8 +290,11 @@
(EncryptedKeyProcessor)processor;
secretKey = encryptedKeyProcessor.getDecryptedBytes();
principal = new CustomTokenPrincipal(encryptedKeyProcessor.getId());
- // } else if (processor instanceof SecurityContextTokenProcessor) {
- // this.secret = ((SecurityContextTokenProcessor) processor).getSecret();
+ } else if (processor instanceof SecurityContextTokenProcessor) {
+ SecurityContextTokenProcessor sctProcessor =
+ (SecurityContextTokenProcessor)processor;
+ secretKey = sctProcessor.getSecret();
+ principal = new CustomTokenPrincipal(sctProcessor.getIdentifier());
} else if (processor instanceof DerivedKeyTokenProcessor) {
DerivedKeyTokenProcessor dktProcessor =
(DerivedKeyTokenProcessor) processor;
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=830241&r1=830240&r2=830241&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Tue Oct 27 16:40:34 2009
@@ -26,6 +26,7 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.crypto.dsig.SignatureMethod;
import junit.framework.TestCase;
@@ -41,6 +42,7 @@
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSecurityContextToken;
+import org.apache.ws.security.message.WSSecSignature;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
@@ -283,6 +285,53 @@
}
/**
+ * Test signature and verification using a SecurityContextToken directly,
+ * rather than using a DerivedKeyToken to point to a SecurityContextToken.
+ * See WSS-216 - https://issues.apache.org/jira/browse/WSS-216
+ */
+ public void testSCTSign() {
+ try {
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ WSSecSignature builder = new WSSecSignature();
+ builder.setSecretKey(tempSecret);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+ builder.setCustomTokenId(tokenId);
+ builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ builder.build(doc, crypto, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SCT sign");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
+ /**
* Verifies the soap envelope <p/>
*
* @param envelope
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org