You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/01/10 13:36:18 UTC
svn commit: r1057173 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/ main/java/org/apache/ws/security/processor/
main/java/org/apache/ws/security/saml/ main/java/org/apache/ws/security/str/
test/java/org/apache/ws/security/message/
Author: coheigea
Date: Mon Jan 10 12:36:18 2011
New Revision: 1057173
URL: http://svn.apache.org/viewvc?rev=1057173&view=rev
Log:
[WSS-263] - Store secret key used to verify signature in WSSecurityEngineResult
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java Mon Jan 10 12:36:18 2011
@@ -124,13 +124,6 @@ public class WSSecurityEngineResult exte
*/
public static final String TAG_SECRET = "secret";
- /**
- * Tag denoting a reference to the decrypted key
- *
- * The value under this tag is of type byte[].
- */
- public static final String TAG_DECRYPTED_KEY = "decrypted-key";
-
//
// General tags
//
@@ -224,7 +217,7 @@ public class WSSecurityEngineResult exte
List<WSDataRef> dataRefUris
) {
put(TAG_ACTION, new Integer(act));
- put(TAG_DECRYPTED_KEY, decryptedKey);
+ put(TAG_SECRET, decryptedKey);
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_DATA_REF_URIS, dataRefUris);
}
@@ -237,7 +230,7 @@ public class WSSecurityEngineResult exte
X509Certificate[] certs
) {
put(TAG_ACTION, new Integer(act));
- put(TAG_DECRYPTED_KEY, decryptedKey);
+ put(TAG_SECRET, decryptedKey);
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_DATA_REF_URIS, dataRefUris);
put(TAG_X509_CERTIFICATES, certs);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java Mon Jan 10 12:36:18 2011
@@ -74,7 +74,7 @@ public class EncryptedDataProcessor impl
encryptedKeyElement, crypto, decCrypto, cb, wsDocInfo, config
);
byte[] symmKey =
- (byte[])encrKeyResults.get(0).get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ (byte[])encrKeyResults.get(0).get(WSSecurityEngineResult.TAG_SECRET);
String encAlgo = X509Util.getEncAlgo(elem);
SecretKey key = WSSecurityUtil.prepareSecretKey(encAlgo, symmKey);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java Mon Jan 10 12:36:18 2011
@@ -163,6 +163,7 @@ public class SignatureProcessor implemen
result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod);
result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod);
result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
+ result.put(WSSecurityEngineResult.TAG_SECRET, secretKey);
wsDocInfo.addResult(result);
return java.util.Collections.singletonList(result);
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java Mon Jan 10 12:36:18 2011
@@ -185,7 +185,7 @@ public class SAMLUtil {
proc.handleToken((Element)node, null, crypto, cb, docInfo, null);
byte[] secret =
(byte[])result.get(0).get(
- WSSecurityEngineResult.TAG_DECRYPTED_KEY
+ WSSecurityEngineResult.TAG_SECRET
);
return new SAMLKeyInfo(assertion, secret);
} else if (el.equals(new QName(WSConstants.WST_NS, "BinarySecret"))) {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java Mon Jan 10 12:36:18 2011
@@ -96,7 +96,7 @@ public class DerivedKeyTokenSTRParser im
(UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
secretKey = usernameToken.getDerivedKey();
} else if (WSConstants.ENCR == action) {
- secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
} else if (WSConstants.SCT == action) {
secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
} else if (WSConstants.ST_UNSIGNED == action) {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java Mon Jan 10 12:36:18 2011
@@ -86,7 +86,7 @@ public class SecurityTokenRefSTRParser i
if (result != null) {
int action = ((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
if (WSConstants.ENCR == action) {
- secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
} else if (WSConstants.DKT == action) {
DerivedKeyToken dkt =
(DerivedKeyToken)result.get(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java Mon Jan 10 12:36:18 2011
@@ -135,7 +135,7 @@ public class SignatureSTRParser implemen
proc.handleToken(token, null, crypto, cb, docInfo, null);
secretKey =
(byte[])encrResult.get(0).get(
- WSSecurityEngineResult.TAG_DECRYPTED_KEY
+ WSSecurityEngineResult.TAG_SECRET
);
principal = new CustomTokenPrincipal(token.getAttribute("Id"));
} else {
@@ -160,7 +160,7 @@ public class SignatureSTRParser implemen
certs =
(X509Certificate[])result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
} else if (WSConstants.ENCR == action) {
- secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
String id = (String)result.get(WSSecurityEngineResult.TAG_ID);
principal = new CustomTokenPrincipal(id);
} else if (WSConstants.SCT == action) {
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java?rev=1057173&r1=1057172&r2=1057173&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/DerivedKeyTest.java Mon Jan 10 12:36:18 2011
@@ -23,16 +23,18 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.common.KeystoreCallbackHandler;
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
-import javax.security.auth.callback.CallbackHandler;
-
import java.security.cert.X509Certificate;
+import java.util.List;
+import javax.security.auth.callback.CallbackHandler;
/**
* A set of tests for using a derived key for encryption/signature.
@@ -151,7 +153,13 @@ public class DerivedKeyTest extends org.
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
- verify(doc);
+ List<WSSecurityEngineResult> results = verify(doc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ assertTrue(actionResult.get(WSSecurityEngineResult.TAG_SECRET) != null);
}
@@ -185,7 +193,13 @@ public class DerivedKeyTest extends org.
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
- verify(doc);
+ List<WSSecurityEngineResult> results = verify(doc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ assertTrue(actionResult.get(WSSecurityEngineResult.TAG_SECRET) != null);
}
@@ -218,7 +232,13 @@ public class DerivedKeyTest extends org.
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
- verify(doc);
+ List<WSSecurityEngineResult> results = verify(doc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ assertTrue(actionResult.get(WSSecurityEngineResult.TAG_SECRET) != null);
}
@org.junit.Test
@@ -311,11 +331,14 @@ public class DerivedKeyTest extends org.
* @param envelope
* @throws Exception Thrown when there is a problem in verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+
+ return results;
}
}