You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2012/09/11 19:59:52 UTC
svn commit: r1383498 [2/2] - in /webservices/wss4j/trunk:
ws-security-policy-stax/src/main/java/org/apache/ws/security/policy/stax/assertionStates/
ws-security-policy-stax/src/test/java/org/apache/ws/security/policy/stax/test/
ws-security-stax/src/main...
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java Tue Sep 11 17:59:51 2012
@@ -26,7 +26,8 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import javax.xml.stream.XMLStreamConstants;
@@ -58,7 +59,7 @@ public class SecurityContextTokenOutputP
if (wrappingSecurityTokenProvider == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION);
}
- final SecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
+ final OutboundSecurityToken wrappingSecurityToken = wrappingSecurityTokenProvider.getSecurityToken();
if (wrappingSecurityToken == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION);
}
@@ -66,51 +67,30 @@ public class SecurityContextTokenOutputP
final String wsuId = IDGenerator.generateID(null);
final String identifier = IDGenerator.generateID(null);
- final AbstractSecurityToken securityContextSecurityToken = new AbstractSecurityToken(wsuId) {
+ final GenericOutboundSecurityToken securityContextSecurityToken = new GenericOutboundSecurityToken(wsuId, WSSConstants.SecurityContextToken) {
@Override
- public boolean isAsymmetric() {
- return wrappingSecurityToken.isAsymmetric();
+ public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
+ return wrappingSecurityToken.getSecretKey(algorithmURI);
}
@Override
- public Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID);
- }
-
- @Override
- public PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return wrappingSecurityToken.getPublicKey(algorithmURI, keyUsage, correlationID);
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ return wrappingSecurityToken.getPublicKey();
}
@Override
public X509Certificate[] getX509Certificates() throws XMLSecurityException {
return wrappingSecurityToken.getX509Certificates();
}
-
- @Override
- public void verify() throws XMLSecurityException {
- wrappingSecurityToken.verify();
- }
-
- @Override
- public SecurityToken getKeyWrappingToken() {
- return wrappingSecurityToken;
- }
-
- @Override
- public WSSConstants.TokenType getTokenType() {
- return WSSConstants.SecurityContextToken;
- }
};
wrappingSecurityToken.addWrappedToken(securityContextSecurityToken);
SecurityTokenProvider securityContextSecurityTokenProvider = new SecurityTokenProvider() {
+ @SuppressWarnings("unchecked")
@Override
- public SecurityToken getSecurityToken() throws WSSecurityException {
+ public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
return securityContextSecurityToken;
}
@@ -120,7 +100,8 @@ public class SecurityContextTokenOutputP
}
};
- FinalSecurityContextTokenOutputProcessor finalSecurityContextTokenOutputProcessor = new FinalSecurityContextTokenOutputProcessor(securityContextSecurityToken, identifier);
+ FinalSecurityContextTokenOutputProcessor finalSecurityContextTokenOutputProcessor =
+ new FinalSecurityContextTokenOutputProcessor(securityContextSecurityToken, identifier);
finalSecurityContextTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalSecurityContextTokenOutputProcessor.setAction(getAction());
XMLSecurityConstants.Action action = getAction();
@@ -152,10 +133,10 @@ public class SecurityContextTokenOutputP
class FinalSecurityContextTokenOutputProcessor extends AbstractOutputProcessor {
- private final SecurityToken securityToken;
+ private final OutboundSecurityToken securityToken;
private final String identifier;
- FinalSecurityContextTokenOutputProcessor(SecurityToken securityToken, String identifier) throws XMLSecurityException {
+ FinalSecurityContextTokenOutputProcessor(OutboundSecurityToken securityToken, String identifier) throws XMLSecurityException {
super();
this.securityToken = securityToken;
this.identifier = identifier;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/UsernameTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/UsernameTokenOutputProcessor.java Tue Sep 11 17:59:51 2012
@@ -21,12 +21,15 @@ package org.apache.ws.security.stax.impl
import org.apache.commons.codec.binary.Base64;
import org.apache.ws.security.common.ext.WSPasswordCallback;
import org.apache.ws.security.common.ext.WSSecurityException;
-import org.apache.ws.security.stax.ext.*;
-import org.apache.ws.security.stax.impl.securityToken.UsernameSecurityToken;
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.ext.WSSUtils;
+import org.apache.ws.security.stax.impl.securityToken.OutboundUsernameSecurityToken;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import javax.xml.datatype.XMLGregorianCalendar;
@@ -69,22 +72,20 @@ public class UsernameTokenOutputProcesso
final OutputProcessor outputProcessor = this;
- final UsernameSecurityToken usernameSecurityToken =
- new UsernameSecurityToken(
- ((WSSSecurityProperties) getSecurityProperties()).getTokenUser(),
+ final OutboundUsernameSecurityToken usernameSecurityToken =
+ new OutboundUsernameSecurityToken(((WSSSecurityProperties) getSecurityProperties()).getTokenUser(),
password,
- created != null ? created.toXMLFormat() : null,
+ created.toXMLFormat(),
nonceValue,
- null,
- null,
wsuId
);
usernameSecurityToken.setProcessor(outputProcessor);
SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
+ @SuppressWarnings("unchecked")
@Override
- public SecurityToken getSecurityToken() throws WSSecurityException {
+ public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
return usernameSecurityToken;
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java Tue Sep 11 17:59:51 2012
@@ -18,8 +18,10 @@
*/
package org.apache.ws.security.stax.impl.processor.output;
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.ext.WSSUtils;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
@@ -28,11 +30,9 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor;
+import org.apache.xml.security.stax.impl.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
-import org.apache.ws.security.stax.ext.WSSConstants;
-import org.apache.ws.security.stax.ext.WSSSecurityProperties;
-import org.apache.ws.security.stax.ext.WSSUtils;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamConstants;
@@ -90,7 +90,7 @@ public class WSSSignatureEndingOutputPro
@Override
protected void createKeyInfoStructureForSignature(
OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
+ OutboundSecurityToken securityToken,
boolean useSingleCertificate)
throws XMLStreamException, XMLSecurityException {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/HttpsSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/HttpsSecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/HttpsSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/HttpsSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -21,22 +21,17 @@ package org.apache.ws.security.stax.impl
import org.apache.ws.security.common.ext.WSSecurityException;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
-import java.security.Key;
-import java.security.PublicKey;
import java.security.cert.X509Certificate;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class HttpsSecurityToken extends AbstractSecurityToken {
+public class HttpsSecurityToken extends AbstractInboundSecurityToken {
- private X509Certificate x509Certificate;
private String username;
private final AuthenticationType authenticationType;
@@ -48,7 +43,7 @@ public class HttpsSecurityToken extends
public HttpsSecurityToken(X509Certificate x509Certificate, WSSecurityContext wsSecurityContext) throws WSSecurityException {
super(wsSecurityContext, null, IDGenerator.generateID(null), null);
- this.x509Certificate = x509Certificate;
+ setX509Certificates(new X509Certificate[]{x509Certificate});
this.authenticationType = AuthenticationType.httpsClientAuthentication;
}
@@ -62,39 +57,11 @@ public class HttpsSecurityToken extends
this.username = username;
}
- public X509Certificate[] getX509Certificates() throws WSSecurityException {
- return new X509Certificate[]{this.x509Certificate};
- }
-
- public boolean isAsymmetric() {
- return true;
- }
-
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws WSSecurityException {
- return null;
- }
-
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws WSSecurityException {
- if (x509Certificate != null) {
- return x509Certificate.getPublicKey();
- }
- return null;
- }
-
- public SecurityToken getKeyWrappingToken() {
- return null;
- }
-
+ @Override
public WSSConstants.TokenType getTokenType() {
return WSSConstants.HttpsToken;
}
- public X509Certificate getX509Certificate() {
- return x509Certificate;
- }
-
public String getUsername() {
return username;
}
Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/OutboundUsernameSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/OutboundUsernameSecurityToken.java?rev=1383498&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/OutboundUsernameSecurityToken.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/OutboundUsernameSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ws.security.stax.impl.securityToken;
+
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class OutboundUsernameSecurityToken extends GenericOutboundSecurityToken {
+
+ private final UsernameToken usernameToken;
+
+ public OutboundUsernameSecurityToken(String username, String password, String created, byte[] nonce, String id) {
+ super(id, WSSConstants.UsernameToken);
+ this.usernameToken = new UsernameToken(username, password, created, nonce, null, null);
+ }
+
+ public String getUsername() {
+ return usernameToken.getUsername();
+ }
+
+ public String getPassword() {
+ return usernameToken.getPassword();
+ }
+
+ public String getCreated() {
+ return usernameToken.getCreated();
+ }
+
+ public byte[] getNonce() {
+ return usernameToken.getNonce();
+ }
+
+ public byte[] getSalt() {
+ return usernameToken.getSalt();
+ }
+
+ public Long getIteration() {
+ return usernameToken.getIteration();
+ }
+
+ @Override
+ public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
+ Key key = super.getSecretKey(algorithmURI);
+ if (key != null) {
+ return key;
+ }
+
+ byte[] secretToken = usernameToken.getSecretKey(getPassword(), WSSConstants.WSE_DERIVED_KEY_LEN, WSSConstants.LABEL_FOR_DERIVED_KEY);
+ String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
+ key = new SecretKeySpec(secretToken, algoFamily);
+ setSecretKey(algorithmURI, key);
+ return key;
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/OutboundUsernameSecurityToken.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SAMLSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SAMLSecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SAMLSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SAMLSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -18,19 +18,16 @@
*/
package org.apache.ws.security.stax.impl.securityToken;
-import org.opensaml.common.SAMLVersion;
import org.apache.ws.security.common.crypto.Crypto;
import org.apache.ws.security.common.saml.SAMLKeyInfo;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
+import org.opensaml.common.SAMLVersion;
import javax.security.auth.callback.CallbackHandler;
-import java.security.Key;
-import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
@@ -39,12 +36,11 @@ import java.security.cert.X509Certificat
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SAMLSecurityToken extends AbstractSecurityToken {
+public class SAMLSecurityToken extends AbstractInboundSecurityToken {
private final SAMLVersion samlVersion;
private final SAMLKeyInfo samlKeyInfo;
private String issuer;
- private X509Certificate[] x509Certificate;
private Crypto crypto;
public SAMLSecurityToken(SAMLVersion samlVersion, SAMLKeyInfo samlKeyInfo, String issuer,
@@ -55,50 +51,29 @@ public class SAMLSecurityToken extends A
this.samlKeyInfo = samlKeyInfo;
this.issuer = issuer;
this.crypto = crypto;
+ if (samlKeyInfo != null) {
+ setSecretKey("", samlKeyInfo.getPrivateKey());
+ setPublicKey(samlKeyInfo.getPublicKey());
+ setX509Certificates(samlKeyInfo.getCerts());
+ }
}
public SAMLSecurityToken(SAMLVersion samlVersion, SAMLKeyInfo samlKeyInfo, WSSecurityContext wsSecurityContext,
Crypto crypto, CallbackHandler callbackHandler, String id) {
- super(wsSecurityContext, callbackHandler, id, null);
- this.samlVersion = samlVersion;
- this.samlKeyInfo = samlKeyInfo;
- this.crypto = crypto;
+ this(samlVersion, samlKeyInfo, null, wsSecurityContext, crypto, callbackHandler, id, null);
}
-
+
public Crypto getCrypto() {
return crypto;
}
- public boolean isAsymmetric() {
- return true;
- }
-
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return samlKeyInfo.getPrivateKey();
- }
-
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- PublicKey publicKey = samlKeyInfo.getPublicKey();
- if (publicKey == null) {
- publicKey = getX509Certificates()[0].getPublicKey();
- }
- return publicKey;
- }
-
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- if (this.x509Certificate == null) {
- this.x509Certificate = samlKeyInfo.getCerts();
- }
- return this.x509Certificate;
- }
-
+ @Override
public void verify() throws XMLSecurityException {
try {
X509Certificate[] x509Certificates = getX509Certificates();
if (x509Certificates != null && x509Certificates.length > 0) {
x509Certificates[0].checkValidity();
+ //todo deprecated method:
getCrypto().verifyTrust(x509Certificates);
}
} catch (CertificateExpiredException e) {
@@ -108,11 +83,7 @@ public class SAMLSecurityToken extends A
}
}
- //todo move to super class?
- public SecurityToken getKeyWrappingToken() {
- return null;
- }
-
+ @Override
public XMLSecurityConstants.TokenType getTokenType() {
if (samlVersion == SAMLVersion.VERSION_10) {
return WSSConstants.Saml10Token;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecureConversationSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecureConversationSecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecureConversationSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecureConversationSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -18,24 +18,18 @@
*/
package org.apache.ws.security.stax.impl.securityToken;
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import javax.security.auth.callback.CallbackHandler;
-
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
+
+import javax.security.auth.callback.CallbackHandler;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SecureConversationSecurityToken extends AbstractSecurityToken {
+public class SecureConversationSecurityToken extends AbstractInboundSecurityToken {
//todo implement
@@ -45,31 +39,7 @@ public class SecureConversationSecurityT
super(wsSecurityContext, callbackHandler, id, keyIdentifierType);
}
- public boolean isAsymmetric() {
- return false;
- }
-
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return null;
- }
-
- public void verify() throws XMLSecurityException {
- }
-
- public SecurityToken getKeyWrappingToken() {
- return null;
- }
-
+ @Override
public XMLSecurityConstants.TokenType getTokenType() {
return WSSConstants.SecureConversationToken;
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Tue Sep 11 17:59:51 2012
@@ -19,17 +19,18 @@
package org.apache.ws.security.stax.impl.securityToken;
import org.apache.commons.codec.binary.Base64;
-import org.apache.ws.security.binding.wss10.BinarySecurityTokenType;
import org.apache.ws.security.binding.wss10.KeyIdentifierType;
import org.apache.ws.security.binding.wss10.SecurityTokenReferenceType;
import org.apache.ws.security.common.bsp.BSPRule;
import org.apache.ws.security.common.crypto.Crypto;
import org.apache.ws.security.common.ext.WSSecurityException;
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.ext.WSSUtils;
+import org.apache.ws.security.stax.ext.WSSecurityContext;
import org.apache.xml.security.binding.xmldsig.*;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
-import org.apache.ws.security.stax.ext.*;
import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.DsaKeyValueSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.ECKeyValueSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.RsaKeyValueSecurityToken;
@@ -37,7 +38,6 @@ import org.apache.xml.security.stax.impl
import org.opensaml.common.SAMLVersion;
import javax.security.auth.callback.CallbackHandler;
-import java.util.Deque;
/**
* Factory to create SecurityToken Objects from keys in XML
@@ -51,14 +51,16 @@ public class SecurityTokenFactoryImpl ex
}
public SecurityToken getSecurityToken(KeyInfoType keyInfoType, SecurityToken.KeyInfoUsage keyInfoUsage,
- XMLSecurityProperties securityProperties, SecurityContext securityContext) throws XMLSecurityException {
+ XMLSecurityProperties securityProperties, SecurityContext securityContext)
+ throws XMLSecurityException {
+
Crypto crypto = null;
if (keyInfoUsage == SecurityToken.KeyInfoUsage.SIGNATURE_VERIFICATION) {
- crypto = ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto();
+ crypto = ((WSSSecurityProperties) securityProperties).getSignatureVerificationCrypto();
} else if (keyInfoUsage == SecurityToken.KeyInfoUsage.DECRYPTION) {
- crypto = ((WSSSecurityProperties)securityProperties).getDecryptionCrypto();
+ crypto = ((WSSSecurityProperties) securityProperties).getDecryptionCrypto();
}
-
+
if (keyInfoType != null) {
final SecurityTokenReferenceType securityTokenReferenceType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
@@ -251,7 +253,7 @@ public class SecurityTokenFactoryImpl ex
= XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_RSAKeyValue);
if (rsaKeyValueType != null) {
return new RsaKeyValueSecurityToken(rsaKeyValueType, (WSSecurityContext) securityContext,
- callbackHandler, WSSConstants.WSSKeyIdentifierType.KEY_VALUE) {
+ callbackHandler, WSSConstants.WSSKeyIdentifierType.KEY_VALUE) {
@Override
public void verify() throws XMLSecurityException {
crypto.verifyTrust(getPubKey("", null, null));
@@ -277,50 +279,9 @@ public class SecurityTokenFactoryImpl ex
@Override
public void verify() throws XMLSecurityException {
crypto.verifyTrust(getPubKey("", null, null));
- }
+ }
};
}
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
}
-
- public static SecurityToken getSecurityToken(
- BinarySecurityTokenType binarySecurityTokenType, SecurityContext securityContext,
- Crypto crypto, CallbackHandler callbackHandler) throws XMLSecurityException {
-
- //only Base64Encoding is supported
- if (!WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(binarySecurityTokenType.getEncodingType())) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badEncoding", binarySecurityTokenType.getEncodingType());
- }
-
- byte[] securityTokenData = Base64.decodeBase64(binarySecurityTokenType.getValue());
-
- if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) {
- return new X509_V3SecurityToken((WSSecurityContext) securityContext, crypto, callbackHandler,
- securityTokenData, binarySecurityTokenType.getId(), WSSConstants.WSSKeyIdentifierType.SECURITY_TOKEN_DIRECT_REFERENCE);
- } else if (WSSConstants.NS_X509PKIPathv1.equals(binarySecurityTokenType.getValueType())) {
- return new X509PKIPathv1SecurityToken((WSSecurityContext) securityContext, crypto, callbackHandler,
- securityTokenData, binarySecurityTokenType.getId(), WSSConstants.WSSKeyIdentifierType.SECURITY_TOKEN_DIRECT_REFERENCE);
- } else {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "invalidValueType", binarySecurityTokenType.getValueType());
- }
- }
-
- public static SecurityToken getSecurityToken(String username, String password, String created, byte[] nonce,
- byte[] salt, Long iteration, WSSecurityContext wsSecurityContext,
- String id) throws WSSecurityException {
- return new UsernameSecurityToken(username, password, created, nonce, salt, iteration, wsSecurityContext, id, WSSConstants.WSSKeyIdentifierType.SECURITY_TOKEN_DIRECT_REFERENCE);
- }
-
- public static SecurityToken getSecurityToken(String referencedTokenId, Deque<XMLSecEvent> xmlSecEvents,
- CallbackHandler callbackHandler,
- SecurityContext securityContext, String id)
- throws XMLSecurityException {
-
- return new SecurityTokenReference(
- securityContext.getSecurityTokenProvider(referencedTokenId).
- getSecurityToken(), xmlSecEvents,
- (WSSecurityContext) securityContext, callbackHandler, id, WSSConstants.WSSKeyIdentifierType.SECURITY_TOKEN_REFERENCE);
- }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenReference.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenReference.java Tue Sep 11 17:59:51 2012
@@ -24,19 +24,20 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import javax.security.auth.callback.CallbackHandler;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Deque;
+import java.util.Map;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SecurityTokenReference extends AbstractSecurityToken {
+public class SecurityTokenReference extends AbstractInboundSecurityToken {
private final SecurityToken securityToken;
private final Deque<XMLSecEvent> xmlSecEvents;
@@ -52,32 +53,49 @@ public class SecurityTokenReference exte
return xmlSecEvents;
}
- public boolean isAsymmetric() {
+ @Override
+ public boolean isAsymmetric() throws XMLSecurityException {
return securityToken.isAsymmetric();
}
+ @Override
+ public Map<String, Key> getSecretKey() throws XMLSecurityException {
+ return securityToken.getSecretKey();
+ }
+
+ @Override
protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
String correlationID) throws XMLSecurityException {
return securityToken.getSecretKey(algorithmURI, keyUsage, correlationID);
}
+ @Override
+ public PublicKey getPublicKey() throws XMLSecurityException {
+ return securityToken.getPublicKey();
+ }
+
+ @Override
protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
String correlationID) throws XMLSecurityException {
return securityToken.getPublicKey(algorithmURI, keyUsage, correlationID);
}
+ @Override
public X509Certificate[] getX509Certificates() throws XMLSecurityException {
return securityToken.getX509Certificates();
}
+ @Override
public void verify() throws XMLSecurityException {
securityToken.verify();
}
+ @Override
public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
return securityToken.getKeyWrappingToken();
}
+ @Override
public XMLSecurityConstants.TokenType getTokenType() {
return securityToken.getTokenType();
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/ThumbprintSHA1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/ThumbprintSHA1SecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/ThumbprintSHA1SecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/ThumbprintSHA1SecurityToken.java Tue Sep 11 17:59:51 2012
@@ -41,6 +41,7 @@ public class ThumbprintSHA1SecurityToken
this.binaryContent = binaryContent;
}
+ @Override
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameSecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -18,251 +18,90 @@
*/
package org.apache.ws.security.stax.impl.securityToken;
-import org.apache.ws.security.common.bsp.BSPRule;
import org.apache.ws.security.common.ext.WSSecurityException;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
-import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
-import java.io.UnsupportedEncodingException;
-import java.security.*;
-import java.util.Hashtable;
-import java.util.Map;
+import java.security.Key;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class UsernameSecurityToken extends AbstractSecurityToken {
+public class UsernameSecurityToken extends AbstractInboundSecurityToken {
- private static final long DEFAULT_ITERATION = 1000;
-
- private final String username;
- private final String password;
- private final String created;
- private final byte[] nonce;
- private final byte[] salt;
- private final Long iteration;
+ private final UsernameToken usernameToken;
private final WSSecurityContext wsSecurityContext;
public UsernameSecurityToken(String username, String password, String created, byte[] nonce, byte[] salt, Long iteration,
WSSecurityContext wsSecurityContext, String id, WSSConstants.KeyIdentifierType keyIdentifierType) {
super(wsSecurityContext, null, id, keyIdentifierType);
- this.username = username;
- this.password = password;
- this.created = created;
- this.nonce = nonce;
- this.salt = salt;
- this.iteration = iteration;
+ this.usernameToken = new UsernameToken(username, password, created, nonce, salt, iteration);
this.wsSecurityContext = wsSecurityContext;
}
- public UsernameSecurityToken(String username, String password, String created, byte[] nonce, byte[] salt, Long iteration,
- String id) {
- super(null, null, id, null);
- this.username = username;
- this.password = password;
- this.created = created;
- this.nonce = nonce;
- this.salt = salt;
- this.iteration = iteration;
- this.wsSecurityContext = null;
- }
-
public String getUsername() {
- return username;
+ return usernameToken.getUsername();
}
public String getPassword() {
- return password;
+ return usernameToken.getPassword();
}
public String getCreated() {
- return created;
+ return usernameToken.getCreated();
}
public byte[] getNonce() {
- return nonce;
+ return usernameToken.getNonce();
}
public byte[] getSalt() {
- return salt;
+ return usernameToken.getSalt();
}
public Long getIteration() {
- return iteration;
+ return usernameToken.getIteration();
}
/**
* This method generates a derived key as defined in WSS Username
* Token Profile.
*
- * @param rawPassword The password to include in the key generation
- * @param salt The Salt value
- * @param iteration The Iteration value. If zero (0) is given the method uses the
- * default value
* @return Returns the derived key a byte array
- * @throws org.apache.ws.security.stax.ext.WSSecurityException
- *
+ * @throws WSSecurityException
*/
- public byte[] generateDerivedKey(String rawPassword, byte[] salt, long iteration) throws WSSecurityException {
-
- if (wsSecurityContext != null) {
- if (salt == null || salt.length == 0) {
- wsSecurityContext.handleBSPRule(BSPRule.R4217);
- }
- if (iteration < DEFAULT_ITERATION) {
- wsSecurityContext.handleBSPRule(BSPRule.R4218);
- }
- }
- if (iteration == 0) {
- iteration = DEFAULT_ITERATION;
- }
- byte[] pwBytes;
- try {
- pwBytes = rawPassword.getBytes("UTF-8");
- } catch (final java.io.UnsupportedEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
-
- byte[] pwSalt = new byte[salt.length + pwBytes.length];
- System.arraycopy(pwBytes, 0, pwSalt, 0, pwBytes.length);
- System.arraycopy(salt, 0, pwSalt, pwBytes.length, salt.length);
-
- MessageDigest sha;
- try {
- sha = MessageDigest.getInstance("SHA-1");
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSHA1availabe", e);
- }
- sha.reset();
-
- // Make the first hash round with start value
- byte[] k = sha.digest(pwSalt);
-
- // Perform the 1st up to iteration-1 hash rounds
- for (int i = 1; i < iteration; i++) {
- k = sha.digest(k);
- }
- return k;
+ public byte[] generateDerivedKey() throws WSSecurityException {
+ return usernameToken.generateDerivedKey(wsSecurityContext);
}
- /**
- * Gets the secret key as per WS-Trust spec.
- *
- * @param keylen How many bytes to generate for the key
- * @param labelString the label used to generate the seed
- * @return a secret key constructed from information contained in this
- * username token
- */
- private byte[] getSecretKey(String rawPassword, int keylen, String labelString) throws WSSecurityException {
- byte[] key;
- try {
- Mac mac = Mac.getInstance("HmacSHA1");
- byte[] password = rawPassword.getBytes("UTF-8");
- byte[] label = labelString.getBytes("UTF-8");
- byte[] nonce = getNonce();
- byte[] created = getCreated().getBytes("UTF-8");
- byte[] seed = new byte[label.length + nonce.length + created.length];
-
- int offset = 0;
- System.arraycopy(label, 0, seed, offset, label.length);
- offset += label.length;
-
- System.arraycopy(nonce, 0, seed, offset, nonce.length);
- offset += nonce.length;
-
- System.arraycopy(created, 0, seed, offset, created.length);
-
- key = P_hash(password, seed, mac, keylen);
-
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noHMACSHA1available", e);
- } catch (UnsupportedEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- return key;
- }
-
- /**
- * P_hash as defined in RFC 2246 for TLS.
- *
- * @param secret is the key for the HMAC
- * @param seed the seed value to start the generation - A(0)
- * @param mac the HMAC algorithm
- * @param required number of bytes to generate
- * @return a byte array that contains a secret key
- * @throws Exception
- */
- private byte[] P_hash(byte[] secret, byte[] seed, Mac mac, int required) throws WSSecurityException {
- byte[] out = new byte[required];
- int offset = 0;
- int toCopy;
- byte[] a, tmp;
-
- try {
- // a(0) is the seed
- a = seed;
- SecretKeySpec key = new SecretKeySpec(secret, "HmacSHA1");
- mac.init(key);
- while (required > 0) {
- mac.update(a);
- a = mac.doFinal();
- mac.update(a);
- mac.update(seed);
- tmp = mac.doFinal();
- toCopy = Math.min(required, tmp.length);
- System.arraycopy(tmp, 0, out, offset, toCopy);
- offset += toCopy;
- required -= toCopy;
- }
- } catch (InvalidKeyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- return out;
- }
-
- public boolean isAsymmetric() {
+ @Override
+ public boolean isAsymmetric() throws XMLSecurityException {
return false;
}
- private Map<String, Key> keyTable = new Hashtable<String, Key>();
-
+ @Override
protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
String correlationID) throws XMLSecurityException {
- byte[] secretToken;
- if (getSalt() != null && getIteration() != null) {
- byte[] salt = getSalt();
- secretToken = generateDerivedKey(getPassword(), salt, getIteration());
- } else {
- secretToken = getSecretKey(getPassword(), WSSConstants.WSE_DERIVED_KEY_LEN, WSSConstants.LABEL_FOR_DERIVED_KEY);
- }
- if (keyTable.containsKey(algorithmURI)) {
- return keyTable.get(algorithmURI);
- } else {
- String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
- Key key = new SecretKeySpec(secretToken, algoFamily);
- keyTable.put(algorithmURI, key);
+ Key key = getSecretKey().get(algorithmURI);
+ if (key != null) {
return key;
}
- }
-
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
- public SecurityToken getKeyWrappingToken() {
- return null;
+ byte[] secretToken = usernameToken.generateDerivedKey(wsSecurityContext);
+ String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
+ key = new SecretKeySpec(secretToken, algoFamily);
+ setSecretKey(algorithmURI, key);
+ return key;
}
+ @Override
public WSSConstants.TokenType getTokenType() {
return WSSConstants.UsernameToken;
}
Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameToken.java?rev=1383498&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameToken.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameToken.java Tue Sep 11 17:59:51 2012
@@ -0,0 +1,206 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ws.security.stax.impl.securityToken;
+
+import org.apache.ws.security.common.bsp.BSPRule;
+import org.apache.ws.security.common.ext.WSSecurityException;
+import org.apache.ws.security.stax.ext.WSSecurityContext;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class UsernameToken {
+
+ private static final long DEFAULT_ITERATION = 1000;
+
+ private final String username;
+ private final String password;
+ private final String created;
+ private final byte[] nonce;
+ private final byte[] salt;
+ private final Long iteration;
+
+ public UsernameToken(String username, String password, String created, byte[] nonce, byte[] salt, Long iteration) {
+ this.username = username;
+ this.password = password;
+ this.created = created;
+ this.nonce = nonce;
+ this.salt = salt;
+ this.iteration = iteration;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public String getCreated() {
+ return created;
+ }
+
+ public byte[] getNonce() {
+ return nonce;
+ }
+
+ public byte[] getSalt() {
+ return salt;
+ }
+
+ public Long getIteration() {
+ return iteration;
+ }
+
+ /**
+ * This method generates a derived key as defined in WSS Username
+ * Token Profile.
+ *
+ * @return Returns the derived key a byte array
+ * @throws org.apache.ws.security.common.ext.WSSecurityException
+ *
+ */
+ public byte[] generateDerivedKey(WSSecurityContext wsSecurityContext) throws WSSecurityException {
+
+ if (wsSecurityContext != null) {
+ if (salt == null || salt.length == 0) {
+ wsSecurityContext.handleBSPRule(BSPRule.R4217);
+ }
+ if (iteration == null || iteration < DEFAULT_ITERATION) {
+ wsSecurityContext.handleBSPRule(BSPRule.R4218);
+ }
+ }
+
+ Long iters = iteration;
+ if (iters == null || iters == 0) {
+ iters = DEFAULT_ITERATION;
+ }
+ byte[] pwBytes;
+ try {
+ pwBytes = password.getBytes("UTF-8");
+ } catch (final UnsupportedEncodingException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+
+ byte[] pwSalt = new byte[salt.length + pwBytes.length];
+ System.arraycopy(pwBytes, 0, pwSalt, 0, pwBytes.length);
+ System.arraycopy(salt, 0, pwSalt, pwBytes.length, salt.length);
+
+ MessageDigest sha;
+ try {
+ sha = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSHA1availabe", e);
+ }
+ sha.reset();
+
+ // Make the first hash round with start value
+ byte[] k = sha.digest(pwSalt);
+
+ // Perform the 1st up to iteration-1 hash rounds
+ for (int i = 1; i < iters; i++) {
+ k = sha.digest(k);
+ }
+ return k;
+ }
+
+ /**
+ * Gets the secret key as per WS-Trust spec.
+ *
+ * @param keylen How many bytes to generate for the key
+ * @param labelString the label used to generate the seed
+ * @return a secret key constructed from information contained in this
+ * username token
+ */
+ protected byte[] getSecretKey(String rawPassword, int keylen, String labelString) throws WSSecurityException {
+ byte[] key;
+ try {
+ Mac mac = Mac.getInstance("HmacSHA1");
+ byte[] password = rawPassword.getBytes("UTF-8");
+ byte[] label = labelString.getBytes("UTF-8");
+ byte[] nonce = getNonce();
+ byte[] created = getCreated().getBytes("UTF-8");
+ byte[] seed = new byte[label.length + nonce.length + created.length];
+
+ int offset = 0;
+ System.arraycopy(label, 0, seed, offset, label.length);
+ offset += label.length;
+
+ System.arraycopy(nonce, 0, seed, offset, nonce.length);
+ offset += nonce.length;
+
+ System.arraycopy(created, 0, seed, offset, created.length);
+
+ key = P_hash(password, seed, mac, keylen);
+
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noHMACSHA1available", e);
+ } catch (UnsupportedEncodingException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ return key;
+ }
+
+ /**
+ * P_hash as defined in RFC 2246 for TLS.
+ *
+ * @param secret is the key for the HMAC
+ * @param seed the seed value to start the generation - A(0)
+ * @param mac the HMAC algorithm
+ * @param required number of bytes to generate
+ * @return a byte array that contains a secret key
+ * @throws Exception
+ */
+ private byte[] P_hash(byte[] secret, byte[] seed, Mac mac, int required) throws WSSecurityException {
+ byte[] out = new byte[required];
+ int offset = 0;
+ int toCopy;
+ byte[] a, tmp;
+
+ try {
+ // a(0) is the seed
+ a = seed;
+ SecretKeySpec key = new SecretKeySpec(secret, "HmacSHA1");
+ mac.init(key);
+ while (required > 0) {
+ mac.update(a);
+ a = mac.doFinal();
+ mac.update(a);
+ mac.update(seed);
+ tmp = mac.doFinal();
+ toCopy = Math.min(required, tmp.length);
+ System.arraycopy(tmp, 0, out, offset, toCopy);
+ offset += toCopy;
+ required -= toCopy;
+ }
+ } catch (InvalidKeyException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ return out;
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/UsernameToken.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509DataSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509DataSecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509DataSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509DataSecurityToken.java Tue Sep 11 17:59:51 2012
@@ -18,13 +18,13 @@
*/
package org.apache.ws.security.stax.impl.securityToken;
-import org.apache.xml.security.binding.xmldsig.X509DataType;
-import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
import org.apache.ws.security.common.crypto.Crypto;
import org.apache.ws.security.common.crypto.CryptoType;
import org.apache.ws.security.common.ext.WSSecurityException;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
+import org.apache.xml.security.binding.xmldsig.X509DataType;
+import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509PKIPathv1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509PKIPathv1SecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509PKIPathv1SecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509PKIPathv1SecurityToken.java Tue Sep 11 17:59:51 2012
@@ -40,10 +40,9 @@ import java.util.List;
public class X509PKIPathv1SecurityToken extends X509SecurityToken {
private String alias = null;
- private X509Certificate[] x509Certificates;
- X509PKIPathv1SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler,
- byte[] binaryContent, String id, WSSConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ public X509PKIPathv1SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler,
+ byte[] binaryContent, String id, WSSConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
super(WSSConstants.X509PkiPathV1Token, wsSecurityContext, crypto, callbackHandler, id, keyIdentifierType);
InputStream in = new ByteArrayInputStream(binaryContent);
@@ -56,7 +55,7 @@ public class X509PKIPathv1SecurityToken
certs[i] = (X509Certificate) iterator.next();
}
if (certs.length > 0) {
- this.x509Certificates = certs;
+ setX509Certificates(certs);
}
} catch (CertificateException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
@@ -65,13 +64,8 @@ public class X509PKIPathv1SecurityToken
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
+ this.alias = getCrypto().getX509Identifier(getX509Certificates()[0]);
}
return this.alias;
}
-
- @Override
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return this.x509Certificates;
- }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509SecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509SecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509SecurityToken.java Tue Sep 11 17:59:51 2012
@@ -18,30 +18,26 @@
*/
package org.apache.ws.security.stax.impl.securityToken;
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.ws.security.common.crypto.Crypto;
import org.apache.ws.security.common.crypto.CryptoType;
import org.apache.ws.security.common.ext.WSPasswordCallback;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityUtils;
+
+import javax.security.auth.callback.CallbackHandler;
+import java.security.Key;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public abstract class X509SecurityToken
- extends org.apache.xml.security.stax.impl.securityToken.X509SecurityToken {
- private X509Certificate[] x509Certificates = null;
+public abstract class X509SecurityToken extends org.apache.xml.security.stax.impl.securityToken.X509SecurityToken {
private Crypto crypto;
protected X509SecurityToken(XMLSecurityConstants.TokenType tokenType, WSSecurityContext wsSecurityContext,
@@ -50,7 +46,7 @@ public abstract class X509SecurityToken
super(tokenType, wsSecurityContext, callbackHandler, id, keyIdentifierType);
this.crypto = crypto;
}
-
+
protected Crypto getCrypto() {
return crypto;
}
@@ -62,25 +58,15 @@ public abstract class X509SecurityToken
XMLSecurityUtils.doPasswordCallback(getCallbackHandler(), pwCb);
return getCrypto().getPrivateKey(getAlias(), pwCb.getPassword());
}
-
- @Override
- public PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- X509Certificate[] x509Certificates = getX509Certificates();
- if (x509Certificates == null || x509Certificates.length == 0) {
- return null;
- }
- return x509Certificates[0].getPublicKey();
- }
@Override
public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- if (this.x509Certificates == null) {
+ if (super.getX509Certificates() == null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(getAlias());
- this.x509Certificates = getCrypto().getX509Certificates(cryptoType);
+ setX509Certificates(getCrypto().getX509Certificates(cryptoType));
}
- return this.x509Certificates;
+ return super.getX509Certificates();
}
@Override
@@ -89,6 +75,7 @@ public abstract class X509SecurityToken
X509Certificate[] x509Certificates = getX509Certificates();
if (x509Certificates != null && x509Certificates.length > 0) {
x509Certificates[0].checkValidity();
+ //todo deprecated method:
getCrypto().verifyTrust(x509Certificates);
}
} catch (CertificateExpiredException e) {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509_V3SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509_V3SecurityToken.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509_V3SecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/X509_V3SecurityToken.java Tue Sep 11 17:59:51 2012
@@ -33,23 +33,17 @@ import java.security.cert.X509Certificat
*/
public class X509_V3SecurityToken extends X509SecurityToken {
private String alias = null;
- private final X509Certificate[] x509Certificates;
- X509_V3SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler, byte[] binaryContent,
- String id, WSSConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
+ public X509_V3SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler, byte[] binaryContent,
+ String id, WSSConstants.KeyIdentifierType keyIdentifierType) throws XMLSecurityException {
super(WSSConstants.X509V3Token, wsSecurityContext, crypto, callbackHandler, id, keyIdentifierType);
- this.x509Certificates = new X509Certificate[]{getCrypto().loadCertificate(new ByteArrayInputStream(binaryContent))};
+ setX509Certificates(new X509Certificate[]{getCrypto().loadCertificate(new ByteArrayInputStream(binaryContent))});
}
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
+ this.alias = getCrypto().getX509Identifier(getX509Certificates()[0]);
}
return this.alias;
}
-
- @Override
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- return this.x509Certificates;
- }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/securityEvent/HttpsTokenSecurityEvent.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/securityEvent/HttpsTokenSecurityEvent.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/securityEvent/HttpsTokenSecurityEvent.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/securityEvent/HttpsTokenSecurityEvent.java Tue Sep 11 17:59:51 2012
@@ -21,13 +21,9 @@ package org.apache.ws.security.stax.secu
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.xml.security.stax.ext.SecurityToken;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityException;
-import org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import java.security.Key;
-import java.security.PublicKey;
-
/**
* @author $Author$
* @version $Revision$ $Date$
@@ -69,29 +65,7 @@ public class HttpsTokenSecurityEvent ext
public SecurityToken getSecurityToken() {
SecurityToken securityToken = super.getSecurityToken();
if (securityToken == null) {
- securityToken = new AbstractSecurityToken(null, null, null, null) {
- @Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- @Override
- protected PublicKey getPubKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- return null;
- }
-
- @Override
- public boolean isAsymmetric() {
- return false;
- }
-
- @Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
- return null;
- }
-
+ securityToken = new AbstractInboundSecurityToken(null, null, null, null) {
@Override
public XMLSecurityConstants.TokenType getTokenType() {
return WSSConstants.HttpsToken;
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/AbstractTestBase.java Tue Sep 11 17:59:51 2012
@@ -18,35 +18,6 @@
*/
package org.apache.ws.security.stax.test;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.logging.LogManager;
-import java.util.logging.Logger;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.NamespaceContext;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamReader;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.common.bsp.BSPRule;
@@ -77,6 +48,27 @@ import org.testng.Assert;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.NamespaceContext;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.*;
+import java.util.logging.Level;
+import java.util.logging.LogManager;
+import java.util.logging.Logger;
+
/**
* @author $Author$
* @version $Revision$ $Date$
@@ -364,7 +356,8 @@ public abstract class AbstractTestBase {
/**
* Handles incoming web service requests and outgoing responses
- * @throws TransformerException
+ *
+ * @throws TransformerException
*/
public boolean doSender(Map<String, Object> mc, RequestData reqData, boolean isRequest)
throws WSSecurityException, TransformerException {
@@ -609,7 +602,7 @@ public abstract class AbstractTestBase {
public <T> T getSecurityEvent(SecurityEventConstants.Event securityEvent) {
for (SecurityEvent event : receivedSecurityEvents) {
if (event.getSecurityEventType() == securityEvent) {
- return (T)event;
+ return (T) event;
}
}
return null;
@@ -619,7 +612,7 @@ public abstract class AbstractTestBase {
List<T> foundEvents = new ArrayList<T>();
for (SecurityEvent event : receivedSecurityEvents) {
if (event.getSecurityEventType() == securityEvent) {
- foundEvents.add((T)event);
+ foundEvents.add((T) event);
}
}
return foundEvents;
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/DerivedKeyTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/DerivedKeyTokenTest.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/DerivedKeyTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/DerivedKeyTokenTest.java Tue Sep 11 17:59:51 2012
@@ -18,28 +18,28 @@
*/
package org.apache.ws.security.stax.test;
-import org.apache.ws.security.dom.WSConstants;
-import org.apache.ws.security.dom.WSSConfig;
import org.apache.ws.security.common.crypto.Crypto;
import org.apache.ws.security.common.crypto.CryptoFactory;
import org.apache.ws.security.common.crypto.CryptoType;
import org.apache.ws.security.common.derivedKey.ConversationConstants;
+import org.apache.ws.security.dom.WSConstants;
+import org.apache.ws.security.dom.WSSConfig;
import org.apache.ws.security.dom.handler.WSHandlerConstants;
import org.apache.ws.security.dom.message.*;
import org.apache.ws.security.dom.message.token.SecurityTokenReference;
-import org.apache.ws.security.stax.securityEvent.EncryptedPartSecurityEvent;
-import org.apache.ws.security.stax.securityEvent.OperationSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.ws.security.stax.WSSec;
import org.apache.ws.security.stax.ext.InboundWSSec;
import org.apache.ws.security.stax.ext.OutboundWSSec;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.securityEvent.EncryptedPartSecurityEvent;
+import org.apache.ws.security.stax.securityEvent.OperationSecurityEvent;
import org.apache.ws.security.stax.securityEvent.WSSecurityEventConstants;
import org.apache.ws.security.stax.test.utils.SOAPUtil;
import org.apache.ws.security.stax.test.utils.StAX2DOM;
import org.apache.ws.security.stax.test.utils.XmlReaderToWriter;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.testng.Assert;
@@ -675,7 +675,6 @@ public class DerivedKeyTokenTest extends
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.AlgorithmSuite,
- WSSecurityEventConstants.AlgorithmSuite,
WSSecurityEventConstants.Operation,
};
final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
@@ -720,7 +719,7 @@ public class DerivedKeyTokenTest extends
}
}
- org.junit.Assert.assertEquals(6, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
org.junit.Assert.assertEquals(6, signatureValueSecurityEvents.size());
org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/InboundWSSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/InboundWSSecurityContextImplTest.java?rev=1383498&r1=1383497&r2=1383498&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/InboundWSSecurityContextImplTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/InboundWSSecurityContextImplTest.java Tue Sep 11 17:59:51 2012
@@ -18,8 +18,8 @@
*/
package org.apache.ws.security.stax.test;
-import org.opensaml.common.SAMLVersion;
import org.apache.ws.security.common.ext.WSSecurityException;
+import org.apache.ws.security.common.saml.SAMLKeyInfo;
import org.apache.ws.security.stax.ext.WSSConstants;
import org.apache.ws.security.stax.ext.WSSecurityContext;
import org.apache.ws.security.stax.impl.InboundWSSecurityContextImpl;
@@ -32,19 +32,13 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
-import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
-import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.*;
+import org.opensaml.common.SAMLVersion;
import org.testng.Assert;
import org.testng.annotations.Test;
import javax.xml.namespace.QName;
-import java.security.Key;
import java.security.KeyStore;
-import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -514,7 +508,8 @@ public class InboundWSSecurityContextImp
XMLSecEvent samlTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_wsse_UsernameToken, null, null);
- SAMLSecurityToken samlSecurityToken = new SAMLSecurityToken(SAMLVersion.VERSION_20, null, null, null, null, "1");
+ SAMLSecurityToken samlSecurityToken = new SAMLSecurityToken(
+ SAMLVersion.VERSION_20, new SAMLKeyInfo(getX509Token(WSSConstants.X509V3Token).getX509Certificates()), null, null, null, "1");
samlSecurityToken.setElementPath(samlTokenPath);
samlSecurityToken.setXMLSecEvent(samlTokenXmlEvent);
samlSecurityToken.addTokenUsage(SecurityToken.TokenUsage.Encryption);
@@ -653,48 +648,29 @@ public class InboundWSSecurityContextImp
final KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
- return new X509SecurityToken(tokenType, null, null, null, "", WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER) {
+ X509SecurityToken x509SecurityToken = new X509SecurityToken(tokenType, null, null, null, "", WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER) {
+
@Override
protected String getAlias() throws XMLSecurityException {
return "transmitter";
}
+ };
+ x509SecurityToken.setSecretKey("", keyStore.getKey("transmitter", "default".toCharArray()));
+ x509SecurityToken.setPublicKey(keyStore.getCertificate("transmitter").getPublicKey());
- @Override
- public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- try {
- return keyStore.getKey("transmitter", "default".toCharArray());
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
- }
-
- @Override
- public PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
- String correlationID) throws XMLSecurityException {
- try {
- return keyStore.getCertificate("transmitter").getPublicKey();
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
- }
+ Certificate[] certificates;
+ try {
+ certificates = keyStore.getCertificateChain("transmitter");
+ } catch (Exception e) {
+ throw new XMLSecurityException(e.getMessage(), e);
+ }
- @Override
- public X509Certificate[] getX509Certificates() throws XMLSecurityException {
- Certificate[] certificates;
- try {
- certificates = keyStore.getCertificateChain("transmitter");
- } catch (Exception e) {
- throw new XMLSecurityException(e.getMessage(), e);
- }
-
- X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
- for (int i = 0; i < certificates.length; i++) {
- Certificate certificate = certificates[i];
- x509Certificates[i] = (X509Certificate) certificate;
- }
- return x509Certificates;
- }
- };
+ X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
+ for (int i = 0; i < certificates.length; i++) {
+ Certificate certificate = certificates[i];
+ x509Certificates[i] = (X509Certificate) certificate;
+ }
+ x509SecurityToken.setX509Certificates(x509Certificates);
+ return x509SecurityToken;
}
}