You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/02/13 13:09:16 UTC
svn commit: r1567900 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/
ws-security-stax/src/test/java/org/apache/wss4j/stax/test/
Author: coheigea
Date: Thu Feb 13 12:09:16 2014
New Revision: 1567900
URL: http://svn.apache.org/r1567900
Log:
Added more derived Signature + Encryption functionality
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java?rev=1567900&r1=1567899&r2=1567900&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java Thu Feb 13 12:09:16 2014
@@ -21,13 +21,13 @@ package org.apache.wss4j.dom.action;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
+import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
public abstract class AbstractDerivedAction {
- protected Node findPlaceToInsertDKT(RequestData reqData) {
+ protected Node findEncryptedKeySibling(RequestData reqData) {
Element secHeader = reqData.getSecHeader().getSecurityHeader();
Node firstChild = secHeader.getFirstChild();
while (firstChild != null) {
@@ -41,5 +41,24 @@ public abstract class AbstractDerivedAct
}
return null;
}
+
+ protected Node findSCTSibling(RequestData reqData) {
+ String namespace = ConversationConstants.WSC_NS_05_12;
+ if (!reqData.isUse200512Namespace()) {
+ namespace = ConversationConstants.WSC_NS_05_02;
+ }
+ Element secHeader = reqData.getSecHeader().getSecurityHeader();
+ Node firstChild = secHeader.getFirstChild();
+ while (firstChild != null) {
+ if (firstChild instanceof Element &&
+ namespace.equals(((Element)firstChild).getNamespaceURI())
+ && "SecurityContextToken".equals(((Element)firstChild).getLocalName())
+ && firstChild.getNextSibling() != null) {
+ return firstChild.getNextSibling();
+ }
+ firstChild = firstChild.getNextSibling();
+ }
+ return null;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java?rev=1567900&r1=1567899&r2=1567900&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java Thu Feb 13 12:09:16 2014
@@ -73,9 +73,6 @@ public class EncryptionDerivedAction ext
}
wsEncrypt.setUserInfo(encryptionToken.getUser(), passwordCallback.getPassword());
- WSSecEncryptedKey encrKeyBuilder = null;
- String sctId = null;
-
if (reqData.isUse200512Namespace()) {
wsEncrypt.setWscVersion(ConversationConstants.VERSION_05_12);
} else {
@@ -86,58 +83,8 @@ public class EncryptionDerivedAction ext
wsEncrypt.setDerivedKeyLength(encryptionToken.getDerivedKeyLength());
}
- String derivedKeyTokenReference = encryptionToken.getDerivedKeyTokenReference();
- boolean usingExistingEncryptedKey = false;
- if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- sctId = IDGenerator.generateID("uuid:");
- if (reqData.isUse200512Namespace()) {
- wsEncrypt.setCustomValueType(WSConstants.WSC_SCT_05_12);
- } else {
- wsEncrypt.setCustomValueType(WSConstants.WSC_SCT);
- }
-
- wsEncrypt.setExternalKey(passwordCallback.getKey(), sctId);
-
- } else {
- byte[] ek = null;
- String tokenIdentifier = null;
- // See if a SignatureDerivedAction has already set up an EncryptedKey
- if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey() != null
- && reqData.getSignatureToken().getKeyIdentifier() != null) {
- ek = reqData.getSignatureToken().getKey();
- tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
- usingExistingEncryptedKey = true;
- } else {
- encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo(encryptionToken.getUser());
- if (encryptionToken.getDerivedKeyIdentifier() != 0) {
- encrKeyBuilder.setKeyIdentifierType(encryptionToken.getDerivedKeyIdentifier());
- } else {
- encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- }
-
- if (encryptionToken.getKeyTransportAlgorithm() != null) {
- encrKeyBuilder.setKeyEncAlgo(encryptionToken.getKeyTransportAlgorithm());
- }
- if (encryptionToken.getDigestAlgorithm() != null) {
- encrKeyBuilder.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
- }
- if (encryptionToken.getMgfAlgorithm() != null) {
- encrKeyBuilder.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
- }
-
- encrKeyBuilder.prepare(doc, encryptionToken.getCrypto());
-
- ek = encrKeyBuilder.getEphemeralKey();
- tokenIdentifier = encrKeyBuilder.getId();
-
- reqData.getSignatureToken().setKey(ek);
- reqData.getSignatureToken().setKeyIdentifier(tokenIdentifier);
- }
-
- wsEncrypt.setExternalKey(ek, tokenIdentifier);
- wsEncrypt.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
- }
+ Element tokenElement =
+ setupTokenReference(reqData, encryptionToken, wsEncrypt, passwordCallback, doc);
wsEncrypt.setAttachmentCallbackHandler(reqData.getAttachmentCallbackHandler());
try {
@@ -157,8 +104,12 @@ public class EncryptionDerivedAction ext
// Put the DerivedKeyToken Element in the right place in the security header
Node nextSibling = null;
- if (usingExistingEncryptedKey) {
- nextSibling = findPlaceToInsertDKT(reqData);
+ if (tokenElement == null
+ && "EncryptedKey".equals(encryptionToken.getDerivedKeyTokenReference())) {
+ nextSibling = findEncryptedKeySibling(reqData);
+ } else if (tokenElement == null
+ && "SecurityContextToken".equals(encryptionToken.getDerivedKeyTokenReference())) {
+ nextSibling = findSCTSibling(reqData);
}
if (nextSibling == null) {
wsEncrypt.prependDKElementToHeader(reqData.getSecHeader());
@@ -170,11 +121,8 @@ public class EncryptionDerivedAction ext
// Add the ReferenceList to the security header
wsEncrypt.addExternalRefElement(externRefList, reqData.getSecHeader());
- if (encrKeyBuilder != null) {
- encrKeyBuilder.prependToHeader(reqData.getSecHeader());
- } else if (sctId != null) {
- SecurityContextToken sct = new SecurityContextToken(doc, sctId);
- WSSecurityUtil.prependChildElement(reqData.getSecHeader().getSecurityHeader(), sct.getElement());
+ if (tokenElement != null) {
+ WSSecurityUtil.prependChildElement(reqData.getSecHeader().getSecurityHeader(), tokenElement);
}
} catch (WSSecurityException e) {
@@ -183,4 +131,82 @@ public class EncryptionDerivedAction ext
}
}
+ private Element setupTokenReference(
+ RequestData reqData, EncryptionActionToken encryptionToken,
+ WSSecDKEncrypt wsEncrypt, WSPasswordCallback passwordCallback,
+ Document doc
+ ) throws WSSecurityException {
+ String derivedKeyTokenReference = encryptionToken.getDerivedKeyTokenReference();
+
+ if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
+ if (reqData.isUse200512Namespace()) {
+ wsEncrypt.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ wsEncrypt.setCustomValueType(WSConstants.WSC_SCT);
+ }
+
+ // See if a SignatureDerivedAction has already set up a SecurityContextToken
+ if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey() != null
+ && reqData.getSignatureToken().getKeyIdentifier() != null) {
+ byte[] secret = reqData.getSignatureToken().getKey();
+ String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
+ wsEncrypt.setExternalKey(secret, tokenIdentifier);
+ return null;
+ } else {
+ String tokenIdentifier = IDGenerator.generateID("uuid:");
+ wsEncrypt.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
+
+ encryptionToken.setKey(passwordCallback.getKey());
+ encryptionToken.setKeyIdentifier(tokenIdentifier);
+
+ int version = ConversationConstants.VERSION_05_12;
+ if (!reqData.isUse200512Namespace()) {
+ version = ConversationConstants.VERSION_05_02;
+ }
+
+ SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
+ return sct.getElement();
+ }
+ } else {
+ wsEncrypt.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ // See if a SignatureDerivedAction has already set up an EncryptedKey
+ if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey() != null
+ && reqData.getSignatureToken().getKeyIdentifier() != null) {
+ byte[] ek = reqData.getSignatureToken().getKey();
+ String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
+ wsEncrypt.setExternalKey(ek, tokenIdentifier);
+ return null;
+ } else {
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ encrKeyBuilder.setUserInfo(encryptionToken.getUser());
+ if (encryptionToken.getDerivedKeyIdentifier() != 0) {
+ encrKeyBuilder.setKeyIdentifierType(encryptionToken.getDerivedKeyIdentifier());
+ } else {
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+
+ if (encryptionToken.getKeyTransportAlgorithm() != null) {
+ encrKeyBuilder.setKeyEncAlgo(encryptionToken.getKeyTransportAlgorithm());
+ }
+ if (encryptionToken.getDigestAlgorithm() != null) {
+ encrKeyBuilder.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
+ }
+ if (encryptionToken.getMgfAlgorithm() != null) {
+ encrKeyBuilder.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
+ }
+
+ encrKeyBuilder.prepare(doc, encryptionToken.getCrypto());
+
+ byte[] ek = encrKeyBuilder.getEphemeralKey();
+ String tokenIdentifier = encrKeyBuilder.getId();
+ wsEncrypt.setExternalKey(ek, tokenIdentifier);
+
+ encryptionToken.setKey(ek);
+ encryptionToken.setKeyIdentifier(tokenIdentifier);
+
+ return encrKeyBuilder.getEncryptedKeyElement();
+ }
+
+ }
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1567900&r1=1567899&r2=1567900&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Thu Feb 13 12:09:16 2014
@@ -40,6 +40,7 @@ import org.apache.wss4j.dom.message.toke
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import org.w3c.dom.Node;
public class SignatureDerivedAction extends AbstractDerivedAction implements Action {
@@ -75,9 +76,6 @@ public class SignatureDerivedAction exte
}
wsSign.setUserInfo(signatureToken.getUser(), passwordCallback.getPassword());
- WSSecEncryptedKey encrKeyBuilder = null;
- String sctId = null;
-
if (reqData.isUse200512Namespace()) {
wsSign.setWscVersion(ConversationConstants.VERSION_05_12);
} else {
@@ -88,19 +86,77 @@ public class SignatureDerivedAction exte
wsSign.setDerivedKeyLength(signatureToken.getDerivedKeyLength());
}
+ Element tokenElement =
+ setupTokenReference(reqData, signatureToken, wsSign, passwordCallback, doc);
+ wsSign.setAttachmentCallbackHandler(reqData.getAttachmentCallbackHandler());
+
+ try {
+ List<WSEncryptionPart> parts = signatureToken.getParts();
+ if (parts == null || parts.isEmpty()) {
+ WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
+ .getBodyQName().getLocalPart(), reqData.getSoapConstants()
+ .getEnvelopeURI(), "Content");
+ parts = new ArrayList<WSEncryptionPart>();
+ parts.add(encP);
+ }
+
+ wsSign.setParts(parts);
+ wsSign.prepare(doc, reqData.getSecHeader());
+
+ List<javax.xml.crypto.dsig.Reference> referenceList =
+ wsSign.addReferencesToSign(parts, reqData.getSecHeader());
+
+ // Put the DerivedKeyToken Element in the right place in the security header
+ Node nextSibling = null;
+ if (tokenElement == null
+ && "EncryptedKey".equals(signatureToken.getDerivedKeyTokenReference())) {
+ nextSibling = findEncryptedKeySibling(reqData);
+ } else if (tokenElement == null
+ && "SecurityContextToken".equals(signatureToken.getDerivedKeyTokenReference())) {
+ nextSibling = findSCTSibling(reqData);
+ }
+
+ if (nextSibling == null) {
+ wsSign.computeSignature(referenceList);
+ } else {
+ wsSign.computeSignature(referenceList, true, (Element)nextSibling);
+ }
+
+ if (nextSibling == null) {
+ wsSign.prependDKElementToHeader(reqData.getSecHeader());
+ } else {
+ reqData.getSecHeader().getSecurityHeader().insertBefore(
+ wsSign.getdktElement(), wsSign.getSignatureElement());
+ }
+
+ if (tokenElement != null) {
+ WSSecurityUtil.prependChildElement(reqData.getSecHeader().getSecurityHeader(), tokenElement);
+ }
+
+ reqData.getSignatureValues().add(wsSign.getSignatureValue());
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error during Signature: ");
+ }
+ }
+
+ private Element setupTokenReference(
+ RequestData reqData, SignatureActionToken signatureToken,
+ WSSecDKSign wsSign, WSPasswordCallback passwordCallback,
+ Document doc
+ ) throws WSSecurityException {
String derivedKeyTokenReference = signatureToken.getDerivedKeyTokenReference();
- boolean usingExistingEncryptedKey = false;
+
if ("EncryptedKey".equals(derivedKeyTokenReference)) {
- byte[] ek = null;
- String tokenIdentifier = null;
+ wsSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
// See if an EncryptionAction has already set up an EncryptedKey
if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey() != null
&& reqData.getEncryptionToken().getKeyIdentifier() != null) {
- ek = reqData.getEncryptionToken().getKey();
- tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
- usingExistingEncryptedKey = true;
+ byte[] ek = reqData.getEncryptionToken().getKey();
+ String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
+ wsSign.setExternalKey(ek, tokenIdentifier);
+ return null;
} else {
- encrKeyBuilder = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo(signatureToken.getUser());
if (signatureToken.getDerivedKeyIdentifier() != 0) {
encrKeyBuilder.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
@@ -108,34 +164,54 @@ public class SignatureDerivedAction exte
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
encrKeyBuilder.prepare(doc, signatureToken.getCrypto());
-
- ek = encrKeyBuilder.getEphemeralKey();
- tokenIdentifier = encrKeyBuilder.getId();
-
+
+ byte[] ek = encrKeyBuilder.getEphemeralKey();
+ String tokenIdentifier = encrKeyBuilder.getId();
+
signatureToken.setKey(ek);
signatureToken.setKeyIdentifier(tokenIdentifier);
+
+ wsSign.setExternalKey(ek, tokenIdentifier);
+ return encrKeyBuilder.getEncryptedKeyElement();
}
- wsSign.setExternalKey(ek, tokenIdentifier);
- wsSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
} else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- sctId = IDGenerator.generateID("uuid:");
if (reqData.isUse200512Namespace()) {
wsSign.setCustomValueType(WSConstants.WSC_SCT_05_12);
} else {
wsSign.setCustomValueType(WSConstants.WSC_SCT);
}
- wsSign.setExternalKey(passwordCallback.getKey(), sctId);
-
+ // See if a EncryptionDerivedAction has already set up a SecurityContextToken
+ if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey() != null
+ && reqData.getEncryptionToken().getKeyIdentifier() != null) {
+ byte[] secret = reqData.getEncryptionToken().getKey();
+ String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
+ wsSign.setExternalKey(secret, tokenIdentifier);
+ return null;
+ } else {
+ String tokenIdentifier = IDGenerator.generateID("uuid:");
+ wsSign.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
+
+ signatureToken.setKey(passwordCallback.getKey());
+ signatureToken.setKeyIdentifier(tokenIdentifier);
+
+ int version = ConversationConstants.VERSION_05_12;
+ if (!reqData.isUse200512Namespace()) {
+ version = ConversationConstants.VERSION_05_02;
+ }
+
+ SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
+ return sct.getElement();
+ }
} else {
// DirectReference
-
+
if (signatureToken.getDerivedKeyIdentifier() != 0) {
wsSign.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
} else {
wsSign.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
-
+
byte[] key = null;
if (passwordCallback.getKey() != null) {
key = passwordCallback.getKey();
@@ -147,50 +223,8 @@ public class SignatureDerivedAction exte
}
wsSign.setCrypto(signatureToken.getCrypto());
wsSign.setExternalKey(key, (String)null);
- }
-
- wsSign.setAttachmentCallbackHandler(reqData.getAttachmentCallbackHandler());
-
- try {
- List<WSEncryptionPart> parts = signatureToken.getParts();
- if (parts == null || parts.isEmpty()) {
- WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
- .getBodyQName().getLocalPart(), reqData.getSoapConstants()
- .getEnvelopeURI(), "Content");
- parts = new ArrayList<WSEncryptionPart>();
- parts.add(encP);
- }
-
- wsSign.setParts(parts);
- wsSign.prepare(doc, reqData.getSecHeader());
-
- List<javax.xml.crypto.dsig.Reference> referenceList =
- wsSign.addReferencesToSign(parts, reqData.getSecHeader());
- wsSign.computeSignature(referenceList);
- // Put the DerivedKeyToken Element in the right place in the security header
- Node nextSibling = null;
- if (usingExistingEncryptedKey) {
- nextSibling = findPlaceToInsertDKT(reqData);
- }
- if (nextSibling == null) {
- wsSign.prependDKElementToHeader(reqData.getSecHeader());
- } else {
- reqData.getSecHeader().getSecurityHeader().insertBefore(
- wsSign.getdktElement(), nextSibling);
- }
-
- if (encrKeyBuilder != null) {
- encrKeyBuilder.prependToHeader(reqData.getSecHeader());
- } else if (sctId != null) {
- SecurityContextToken sct = new SecurityContextToken(doc, sctId);
- WSSecurityUtil.prependChildElement(reqData.getSecHeader().getSecurityHeader(), sct.getElement());
- }
-
- reqData.getSignatureValues().add(wsSign.getSignatureValue());
- } catch (WSSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error during Signature: ");
+ return null;
}
}
-
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java?rev=1567900&r1=1567899&r2=1567900&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyActionTest.java Thu Feb 13 12:09:16 2014
@@ -471,6 +471,90 @@ public class DerivedKeyActionTest extend
verify(doc);
}
+
+ @org.junit.Test
+ public void testSignatureEncryptionSecurityContextToken() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("wss40");
+
+ // Generate a Key
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ byte[] keyData = key.getEncoded();
+ secretKeyCallbackHandler.setOutboundSecret(keyData);
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, secretKeyCallbackHandler);
+ config.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "SecurityContextToken");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
+ reqData.setMsgContext(config);
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.DKT_SIGN));
+ actions.add(new HandlerAction(WSConstants.DKT_ENCR));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ Assert.assertTrue(outputString.contains(ConversationConstants.WSC_NS_05_12));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc, secretKeyCallbackHandler);
+ }
+
+ @org.junit.Test
+ public void testEncryptionSignatureSecurityContextToken() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("wss40");
+
+ // Generate a Key
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ byte[] keyData = key.getEncoded();
+ secretKeyCallbackHandler.setOutboundSecret(keyData);
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, secretKeyCallbackHandler);
+ config.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "SecurityContextToken");
+ config.put(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, "Thumbprint");
+ reqData.setMsgContext(config);
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.DKT_ENCR));
+ actions.add(new HandlerAction(WSConstants.DKT_SIGN));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ Assert.assertTrue(outputString.contains(ConversationConstants.WSC_NS_05_12));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc, secretKeyCallbackHandler);
+ }
private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
return verify(doc, callbackHandler);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java?rev=1567900&r1=1567899&r2=1567900&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java Thu Feb 13 12:09:16 2014
@@ -31,14 +31,12 @@ import org.apache.wss4j.stax.securityEve
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.InboundWSSec;
import org.apache.wss4j.stax.ext.OutboundWSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
-import org.apache.wss4j.stax.test.AbstractTestBase.TestSecurityEventListener;
import org.apache.wss4j.stax.test.utils.SOAPUtil;
import org.apache.wss4j.stax.test.utils.SecretKeyCallbackHandler;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
@@ -597,6 +595,11 @@ public class SecurityContextTokenTest ex
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
sigBuilder.setWscVersion(version);
+ if (version == ConversationConstants.VERSION_05_12) {
+ sigBuilder.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ sigBuilder.setCustomValueType(WSConstants.WSC_SCT);
+ }
sigBuilder.setExternalKey(tempSecret, tokenId);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
@@ -604,12 +607,17 @@ public class SecurityContextTokenTest ex
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setWscVersion(version);
+ if (version == ConversationConstants.VERSION_05_12) {
+ encrBuilder.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ encrBuilder.setCustomValueType(WSConstants.WSC_SCT);
+ }
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, secHeader);
sctBuilder.prependSCTElementToHeader(doc, secHeader);
-
+
javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
transformer.transform(new DOMSource(doc), new StreamResult(baos));
}
@@ -686,6 +694,105 @@ public class SecurityContextTokenTest ex
);
}
}
+
+ @Test()
+ public void testSCTKDKTSignEncryptAction() throws Exception {
+
+ byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action =
+ WSHandlerConstants.SIGNATURE_DERIVED + " " + WSHandlerConstants.ENCRYPT_DERIVED;
+
+ Properties properties = new Properties();
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
+ properties.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "SecurityContextToken");
+ if (version == ConversationConstants.VERSION_05_02) {
+ properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
+ }
+ properties.put(WSHandlerConstants.USER, "transmitter");
+ properties.put(WSHandlerConstants.ENC_SYM_ALGO,
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
+ securityProperties.setCallbackHandler(callbackHandler);
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.SecurityContextToken,
+ WSSecurityEventConstants.SignatureValue,
+ WSSecurityEventConstants.SignedPart,
+ WSSecurityEventConstants.EncryptedPart,
+ WSSecurityEventConstants.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
+
+ SignedPartSecurityEvent signedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignedPart);
+ SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedPart);
+ OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.Operation);
+ String signedElementCorrelationID = signedPartSecurityEvent.getCorrelationID();
+ String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID();
+ String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
+ String operationCorrelationID = operationSecurityEvent.getCorrelationID();
+
+ List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> signedElementSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>();
+
+ List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
+ for (int i = 0; i < securityEvents.size(); i++) {
+ SecurityEvent securityEvent = securityEvents.get(i);
+ if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
+ signedElementSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) {
+ signatureValueSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
+ encryptedPartSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
+ operationSecurityEvents.add(securityEvent);
+ }
+ }
+
+ org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
+ operationSecurityEvents.size() +
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
+ );
+ }
+ }
@Test
public void testSCTKDKTEncryptSign() throws Exception {
@@ -711,6 +818,11 @@ public class SecurityContextTokenTest ex
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setWscVersion(version);
+ if (version == ConversationConstants.VERSION_05_12) {
+ encrBuilder.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ encrBuilder.setCustomValueType(WSConstants.WSC_SCT);
+ }
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, secHeader);
@@ -718,6 +830,11 @@ public class SecurityContextTokenTest ex
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
sigBuilder.setWscVersion(version);
+ if (version == ConversationConstants.VERSION_05_12) {
+ sigBuilder.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ sigBuilder.setCustomValueType(WSConstants.WSC_SCT);
+ }
sigBuilder.setExternalKey(tempSecret, tokenId);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
@@ -800,6 +917,106 @@ public class SecurityContextTokenTest ex
);
}
}
+
+ @Test
+ public void testSCTKDKTEncryptSignAction() throws Exception {
+
+ byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action =
+ WSHandlerConstants.ENCRYPT_DERIVED + " " + WSHandlerConstants.SIGNATURE_DERIVED;
+
+ Properties properties = new Properties();
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
+ properties.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
+ properties.put(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, "SecurityContextToken");
+ if (version == ConversationConstants.VERSION_05_02) {
+ properties.put(WSHandlerConstants.USE_2005_12_NAMESPACE, "false");
+ }
+ properties.put(WSHandlerConstants.USER, "transmitter");
+ properties.put(WSHandlerConstants.ENC_SYM_ALGO,
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
+ securityProperties.setCallbackHandler(callbackHandler);
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ WSSecurityEventConstants.Event[] expectedSecurityEvents = new WSSecurityEventConstants.Event[]{
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.SecurityContextToken,
+ WSSecurityEventConstants.SignatureValue,
+ WSSecurityEventConstants.SignedPart,
+ WSSecurityEventConstants.EncryptedPart,
+ WSSecurityEventConstants.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
+
+ SignedPartSecurityEvent signedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignedPart);
+ SignatureValueSecurityEvent signatureValueSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.SignatureValue);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.EncryptedPart);
+ OperationSecurityEvent operationSecurityEvent = securityEventListener.getSecurityEvent(WSSecurityEventConstants.Operation);
+ String signedElementCorrelationID = signedPartSecurityEvent.getCorrelationID();
+ String signatureValueCorrelationID = signatureValueSecurityEvent.getCorrelationID();
+ String encryptedPartCorrelationID = encryptedPartSecurityEvent.getCorrelationID();
+ String operationCorrelationID = operationSecurityEvent.getCorrelationID();
+
+ List<SecurityEvent> operationSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> signedElementSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> signatureValueSecurityEvents = new ArrayList<SecurityEvent>();
+ List<SecurityEvent> encryptedPartSecurityEvents = new ArrayList<SecurityEvent>();
+
+ List<SecurityEvent> securityEvents = securityEventListener.getReceivedSecurityEvents();
+ for (int i = 0; i < securityEvents.size(); i++) {
+ SecurityEvent securityEvent = securityEvents.get(i);
+ if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
+ signedElementSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(signatureValueCorrelationID)) {
+ signatureValueSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(encryptedPartCorrelationID)) {
+ encryptedPartSecurityEvents.add(securityEvent);
+ } else if (securityEvent.getCorrelationID().equals(operationCorrelationID)) {
+ operationSecurityEvents.add(securityEvent);
+ }
+ }
+
+ org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
+ org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
+ org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
+ operationSecurityEvents.size() +
+ signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
+ );
+ }
+ }
+
@Test
public void testSCTSign() throws Exception {