You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ru...@apache.org on 2011/04/01 08:52:27 UTC
svn commit: r1087600 - in /axis/axis2/java/rampart/trunk/modules:
rampart-core/src/main/java/org/apache/rampart/builder/
rampart-integration/src/test/java/org/apache/rampart/
rampart-integration/src/test/resources/rampart/
rampart-integration/src/test/...
Author: ruchithf
Date: Fri Apr 1 06:52:26 2011
New Revision: 1087600
URL: http://svn.apache.org/viewvc?rev=1087600&view=rev
Log:
Adding support for digest methods != SHA1.
Enabled one policy(scenario 3) with Basic256 algo suit (Also set basic256Supported in RampartTest so builds without unlimitted strength key policy won't fail.
When wss4j version is updated we can fix derived key signatures to set the correct digest algo
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java Fri Apr 1 06:52:26 2011
@@ -624,6 +624,7 @@ public class AsymmetricBindingBuilder ex
}
try {
+ supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());
supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
supportingSig.computeSignature();
@@ -728,6 +729,7 @@ public class AsymmetricBindingBuilder ex
}
try {
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java Fri Apr 1 06:52:26 2011
@@ -30,6 +30,7 @@ import org.apache.rampart.policy.Support
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
@@ -331,8 +332,10 @@ public abstract class BindingBuilder {
}
sig.setUserInfo(user, password);
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
try {
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
@@ -542,7 +545,8 @@ public abstract class BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
- if(policyToken.isDerivedKeys()) {
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(policyToken.isDerivedKeys()) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
@@ -588,8 +592,9 @@ public abstract class BindingBuilder {
}
//Set the algo info
- dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
- dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+ dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8);
+// dkSign.setDigestAlgorithm(algorithmSuite.getDigest()); //uncomment when wss4j version is updated
if(tok instanceof EncryptedKeyToken) {
//Set the value type of the reference
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
@@ -702,8 +707,9 @@ public abstract class BindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java Fri Apr 1 06:52:26 2011
@@ -76,7 +76,7 @@ public class RampartTest extends TestCas
ServiceClient serviceClient = getServiceClientInstance();
//TODO : figure this out !!
- boolean basic256Supported = true;
+ boolean basic256Supported = false;
if(basic256Supported) {
System.out.println("\nWARNING: We are using key sizes from JCE " +
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml Fri Apr 1 06:52:26 2011
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+ <sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml Fri Apr 1 06:52:26 2011
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+ <sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java Fri Apr 1 06:52:26 2011
@@ -240,6 +240,12 @@ public class SPConstants {
public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+
+ public final static String RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
+
+ public final static String RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
Modified: axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java Fri Apr 1 06:52:26 2011
@@ -289,6 +289,11 @@ public class AlgorithmSuite extends Abst
* @return Returns the asymmetricSignature.
*/
public String getAsymmetricSignature() {
+ if(this.digest == SPConstants.SHA256) {
+ return SPConstants.RSA_SHA256;
+ } else if(this.digest == SPConstants.SHA512) {
+ return SPConstants.RSA_SHA512;
+ }
return asymmetricSignature;
}