You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/06/08 13:20:00 UTC
svn commit: r952612 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/ src/org/apache/ws/security/action/
src/org/apache/ws/security/handler/ src/org/apache/ws/security/message/
src/org/apache/ws/security/message/token/ src/org/apache/ws/securi...
Author: coheigea
Date: Tue Jun 8 11:19:59 2010
New Revision: 952612
URL: http://svn.apache.org/viewvc?rev=952612&view=rev
Log:
[WSS-226] - Forward merged to trunk.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Tue Jun 8 11:19:59 2010
@@ -17,6 +17,7 @@
* under the License.
*/
+
package org.apache.ws.security;
import java.util.HashMap;
@@ -212,6 +213,10 @@ public class WSSConfig {
*/
protected boolean allowNamespaceQualifiedPasswordTypes = false;
+ /**
+ * The secret key length to be used for UT_SIGN.
+ */
+ protected int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
/**
* The default wsu:Id allocator is a simple "start at 1 and increment up"
@@ -454,6 +459,20 @@ public class WSSConfig {
}
/**
+ * Set the secret key length to be used for UT_SIGN.
+ */
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ /**
+ * Get the secret key length to be used for UT_SIGN.
+ */
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
+
+ /**
* @return Returns the WsuIdAllocator used to generate wsu:Id attributes
*/
public WsuIdAllocator getIdAllocator() {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Tue Jun 8 11:19:59 2010
@@ -54,6 +54,7 @@ public class UsernameTokenSignedAction i
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setWsConfig(reqData.getWssConfig());
builder.setPasswordType(reqData.getPwType()); // enhancement by Alberto Coletti
+ builder.setSecretKeyLength(reqData.getSecretKeyLength());
builder.setUserInfo(reqData.getUsername(), password);
builder.addCreated();
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java Tue Jun 8 11:19:59 2010
@@ -61,6 +61,7 @@ public class RequestData {
private List signatureValues = new Vector();
private WSSecHeader secHeader = null;
private boolean encSymmetricEncryptionKey = true;
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
public void clear() {
soapConstants = null;
@@ -74,6 +75,7 @@ public class RequestData {
signatureValues.clear();
signatureDigestAlgorithm = null;
encSymmetricEncryptionKey = true;
+ secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
signatureUser = null;
}
@@ -108,6 +110,14 @@ public class RequestData {
public void setActor(String actor) {
this.actor = actor;
}
+
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
public String getUsername() {
return username;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Tue Jun 8 11:19:59 2010
@@ -260,6 +260,7 @@ public abstract class WSHandler {
wssConfig.setAllowNamespaceQualifiedPasswordTypes(
decodeNamespaceQualifiedPasswordTypes(reqData)
);
+ wssConfig.setSecretKeyLength(reqData.getSecretKeyLength());
reqData.setWssConfig(wssConfig);
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -570,6 +571,12 @@ public abstract class WSHandler {
if (parts != null) {
splitEncParts(parts, reqData.getSignatureParts(), reqData);
}
+
+ String secretKeyLength = getString(WSHandlerConstants.WSE_SECRET_KEY_LENGTH, mc);
+ if (secretKeyLength != null) {
+ int iSecretKeyLength = Integer.parseInt(secretKeyLength);
+ reqData.setSecretKeyLength(iSecretKeyLength);
+ }
}
protected void decodeEncryptionParameter(RequestData reqData)
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Tue Jun 8 11:19:59 2010
@@ -594,9 +594,17 @@ public class WSHandlerConstants {
* (<code>{}</code>).
*/
public static final String SIGNATURE_PARTS = "signatureParts";
+
+ /**
+ * This parameter sets the length of the secret (derived) key to use for the
+ * WSE UT_SIGN functionality.
+ *
+ * The default value is 16 bytes.
+ */
+ public static final String WSE_SECRET_KEY_LENGTH = "wseSecretKeyLength";
/**
- * The name of the crypto propterty file to use for SOAP Encryption.
+ * The name of the crypto property file to use for SOAP Encryption.
* <p/>
* Refer to documentation of {@link #SIG_PROP_FILE}.
* <p/>
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java Tue Jun 8 11:19:59 2010
@@ -46,6 +46,7 @@ public class WSSecUsernameToken extends
private boolean useMac = false;
private byte[] saltValue;
private int iteration = UsernameToken.DEFAULT_ITERATION;
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
/**
@@ -77,6 +78,20 @@ public class WSSecUsernameToken extends
}
/**
+ * Set the secret key length
+ */
+ public void setSecretKeyLength(int length) {
+ secretKeyLength = length;
+ }
+
+ /**
+ * Get the secret key length
+ */
+ public int getSecretKeyLength() {
+ return secretKeyLength;
+ }
+
+ /**
* Add a derived key to the UsernameToken
* @param useMac whether the derived key is to be used for a MAC or not
* @param saltValue The salt value to use
@@ -111,7 +126,7 @@ public class WSSecUsernameToken extends
if (useDerivedKey) {
return UsernameToken.generateDerivedKey(password, saltValue, iteration);
}
- return ut.getSecretKey();
+ return ut.getSecretKey(secretKeyLength);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java Tue Jun 8 11:19:59 2010
@@ -598,6 +598,18 @@ public class UsernameToken {
public byte[] getSecretKey() {
return getSecretKey(WSConstants.WSE_DERIVED_KEY_LEN, WSConstants.LABEL_FOR_DERIVED_KEY);
}
+
+ /**
+ * Gets the secret key as per WS-Trust spec. This method uses default setting
+ * to generate the secret key. These default values are suitable for .NET
+ * WSE.
+ *
+ * @return a secret key constructed from information contained in this
+ * username token
+ */
+ public byte[] getSecretKey(int keylen) {
+ return getSecretKey(keylen, WSConstants.LABEL_FOR_DERIVED_KEY);
+ }
/**
* Gets the secret key as per WS-Trust spec.
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Tue Jun 8 11:19:59 2010
@@ -90,6 +90,8 @@ public class SignatureProcessor implemen
private byte[] signatureValue;
+ private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
+
private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
@@ -110,6 +112,7 @@ public class SignatureProcessor implemen
Principal lastPrincipalFound = null;
certs = null;
signatureValue = null;
+ secretKeyLength = wsc.getSecretKeyLength();
try {
lastPrincipalFound =
@@ -284,7 +287,7 @@ public class SignatureProcessor implemen
if (ut.isDerivedKey()) {
secretKey = ut.getDerivedKey();
} else {
- secretKey = ut.getSecretKey();
+ secretKey = ut.getSecretKey(secretKeyLength);
}
principal = ut.createPrincipal();
} else if (processor instanceof BinarySecurityTokenProcessor) {
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java?rev=952612&r1=952611&r2=952612&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java Tue Jun 8 11:19:59 2010
@@ -25,8 +25,11 @@ import junit.framework.TestSuite;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
@@ -84,7 +87,6 @@ public class TestWSSecurityNew13 extends
return new TestSuite(TestWSSecurityNew13.class);
}
-
/**
* Test the specific signing method that use UsernameToken values
* <p/>
@@ -128,6 +130,106 @@ public class TestWSSecurityNew13 extends
/**
* Test the specific signing method that use UsernameToken values
+ * Test that uses a 32 byte key length for the secret key, instead of the default 16 bytes.
+ */
+ public void testWSS226() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecUsernameToken builder = new WSSecUsernameToken();
+ builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+ builder.setUserInfo("wernerd", "verySecret");
+ builder.addCreated();
+ builder.setSecretKeyLength(32);
+ builder.addNonce();
+ builder.prepare(doc);
+
+ WSSecSignature sign = new WSSecSignature();
+ sign.setCustomTokenValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
+ sign.setCustomTokenId(builder.getId());
+ sign.setSecretKey(builder.getSecretKey());
+ sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ LOG.info("Before signing with UT text....");
+ sign.build(doc, null, secHeader);
+ LOG.info("Before adding UsernameToken PW Text....");
+ builder.prependToHeader(secHeader);
+ Document signedDoc = doc;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Message using a 32 byte key length:");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // It should fail on the default key length of 16...
+ //
+ try {
+ secEngine.processSecurityHeader(doc, null, this, null);
+ fail ("An error was expected on verifying the signature");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ WSSecurityEngine wss226SecurityEngine = new WSSecurityEngine();
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setSecretKeyLength(32);
+ wss226SecurityEngine.setWssConfig(wssConfig);
+ wss226SecurityEngine.processSecurityHeader(doc, null, this, null);
+ }
+
+ /**
+ * Test that uses a 32 byte key length for the secret key, instead of the default 16 bytes.
+ * This test configures the key length via WSHandler.
+ */
+ public void testWSS226Handler() throws Exception {
+ MyHandler handler = new MyHandler();
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+ RequestData reqData = new RequestData();
+ reqData.setWssConfig(WSSConfig.getNewInstance());
+ java.util.Map config = new java.util.TreeMap();
+ config.put("password", "verySecret");
+ config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ config.put(WSHandlerConstants.WSE_SECRET_KEY_LENGTH, "32");
+ reqData.setUsername("wernerd");
+ reqData.setMsgContext(config);
+
+ java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.UT_SIGN));
+
+ handler.send(WSConstants.UT_SIGN, doc, reqData, actions, true);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Username Token Signature via WSHandler");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // It should fail on the default key length of 16...
+ //
+ try {
+ secEngine.processSecurityHeader(doc, null, this, null);
+ fail ("An error was expected on verifying the signature");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ handler.receive(WSConstants.UT_SIGN, reqData);
+
+ WSSecurityEngine wss226SecurityEngine = new WSSecurityEngine();
+ wss226SecurityEngine.setWssConfig(reqData.getWssConfig());
+ wss226SecurityEngine.processSecurityHeader(doc, null, this, null);
+ }
+
+ /**
+ * Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org