You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/09/26 17:13:47 UTC
svn commit: r1526559 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-dom/src/tes...
Author: coheigea
Date: Thu Sep 26 15:13:47 2013
New Revision: 1526559
URL: http://svn.apache.org/r1526559
Log:
Added some tests for Signing using SecurityActionTokens
Added:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SecurityActionToken.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SecurityActionToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SecurityActionToken.java?rev=1526559&r1=1526558&r2=1526559&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SecurityActionToken.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SecurityActionToken.java Thu Sep 26 15:13:47 2013
@@ -18,7 +18,6 @@
*/
package org.apache.wss4j.common;
-import java.security.Key;
import java.security.cert.X509Certificate;
import org.apache.wss4j.common.crypto.Crypto;
@@ -33,7 +32,7 @@ public interface SecurityActionToken {
String getUser();
- Key getKey();
+ byte[] getKey();
X509Certificate getCertificate();
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java?rev=1526559&r1=1526558&r2=1526559&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java Thu Sep 26 15:13:47 2013
@@ -18,7 +18,6 @@
*/
package org.apache.wss4j.common;
-import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
@@ -39,7 +38,7 @@ public abstract class SignatureEncryptio
org.slf4j.LoggerFactory.getLogger(SignatureEncryptionActionToken.class);
private X509Certificate certificate;
- private Key key;
+ private byte[] key;
private String user;
private Element keyInfoElement;
private Crypto crypto;
@@ -56,10 +55,10 @@ public abstract class SignatureEncryptio
public void setCertificate(X509Certificate certificate) {
this.certificate = certificate;
}
- public Key getKey() {
+ public byte[] getKey() {
return key;
}
- public void setKey(Key key) {
+ public void setKey(byte[] key) {
this.key = key;
}
public Element getKeyInfoElement() {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1526559&r1=1526558&r2=1526559&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Thu Sep 26 15:13:47 2013
@@ -19,6 +19,7 @@
package org.apache.wss4j.dom.action;
+import java.util.ArrayList;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
@@ -74,12 +75,11 @@ public class SignatureAction implements
wsSign.setUserInfo(signatureToken.getUser(), passwordCallback.getPassword());
wsSign.setUseSingleCertificate(signatureToken.isUseSingleCert());
- if (signatureToken.getParts().size() > 0) {
- wsSign.setParts(signatureToken.getParts());
- }
if (passwordCallback.getKey() != null) {
wsSign.setSecretKey(passwordCallback.getKey());
+ } else if (signatureToken.getKey() != null) {
+ wsSign.setSecretKey(signatureToken.getKey());
}
try {
@@ -119,8 +119,18 @@ public class SignatureAction implements
if (signBST) {
wsSign.prependBSTElementToHeader(reqData.getSecHeader());
}
+
+ List<WSEncryptionPart> parts = signatureToken.getParts();
+ if (parts == null || parts.isEmpty()) {
+ WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
+ .getBodyQName().getLocalPart(), reqData.getSoapConstants()
+ .getEnvelopeURI(), "Content");
+ parts = new ArrayList<WSEncryptionPart>();
+ parts.add(encP);
+ }
+
List<javax.xml.crypto.dsig.Reference> referenceList =
- wsSign.addReferencesToSign(signatureToken.getParts(), reqData.getSecHeader());
+ wsSign.addReferencesToSign(parts, reqData.getSecHeader());
if (signBST ||
reqData.isAppendSignatureAfterTimestamp() && siblingElementToPrepend == null) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1526559&r1=1526558&r2=1526559&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Thu Sep 26 15:13:47 2013
@@ -580,6 +580,7 @@ public class WSSecSignature extends WSSe
signatureValue = sig.getSignatureValue().getValue();
} catch (Exception ex) {
+ ex.printStackTrace();
log.error(ex.getMessage(), ex);
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex
Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java?rev=1526559&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java Thu Sep 26 15:13:47 2013
@@ -0,0 +1,249 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.handler;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.xml.crypto.dsig.SignatureMethod;
+
+import org.apache.wss4j.common.SignatureActionToken;
+import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CustomHandler;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Base64;
+import org.w3c.dom.Document;
+
+
+/**
+ * This is a set of tests for using SecurityActionTokens to configure various Actions.
+ */
+public class SecurityActionTokenTest extends org.junit.Assert {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SecurityActionTokenTest.class);
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private Crypto crypto = null;
+ private byte[] keyData;
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ }
+
+ @org.junit.Before
+ public void setUp() throws Exception {
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ keyData = key.getEncoded();
+ }
+
+ public SecurityActionTokenTest() throws WSSecurityException {
+ WSSConfig.init();
+ crypto = CryptoFactory.getInstance("wss40.properties");
+ }
+
+ @org.junit.Test
+ public void testAsymmetricSignature() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ SignatureActionToken actionToken = new SignatureActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
+
+ @org.junit.Test
+ public void testSymmetricSignature() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ SignatureActionToken actionToken = new SignatureActionToken();
+ actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken.setKey(keyData);
+ actionToken.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+ String identifier = Base64.encode(encodedBytes);
+ secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+
+ WSSecurityEngine symmetricSecEngine = new WSSecurityEngine();
+ symmetricSecEngine.processSecurityHeader(doc, null, secretKeyCallbackHandler, null, crypto);
+ }
+
+ @org.junit.Test
+ public void testAsymmetricDoubleSignature() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ SignatureActionToken actionToken = new SignatureActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+ actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
+
+ SignatureActionToken actionToken2 = new SignatureActionToken();
+ actionToken2.setUser("16c73ab6-b892-458f-abf5-2f875f74882e");
+ actionToken2.setCryptoProperties("crypto.properties");
+ actionToken2.setIncludeSignatureToken(false);
+ WSEncryptionPart encP =
+ new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+ actionToken2.setParts(Collections.singletonList(encP));
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+ actions.add(new HandlerAction(WSConstants.TS, null));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ }
+
+ @org.junit.Test
+ public void testMixedDoubleSignature() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ SignatureActionToken actionToken = new SignatureActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+ actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
+
+ SignatureActionToken actionToken2 = new SignatureActionToken();
+ actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken2.setKey(keyData);
+ actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ WSEncryptionPart encP =
+ new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+ actionToken2.setParts(Collections.singletonList(encP));
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+ actions.add(new HandlerAction(WSConstants.TS, null));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ }
+
+
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, null, crypto);
+ }
+
+
+}