You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/10 13:01:36 UTC
svn commit: r1530915 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Author: coheigea
Date: Thu Oct 10 11:01:36 2013
New Revision: 1530915
URL: http://svn.apache.org/r1530915
Log:
Added a working streaming (client) derived symmetric test
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530915&r1=1530914&r2=1530915&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Oct 10 11:01:36 2013
@@ -50,11 +50,13 @@ import org.apache.wss4j.common.ext.WSSec
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.SecureConversationToken;
@@ -361,6 +363,17 @@ public class StaxSymmetricBindingHandler
String actionToPerform = ConfigurationConstants.ENCRYPT;
if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
+ if (MessageUtils.isRequestor(message)) {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
+ } else {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+ }
+ AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+ config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
+ "" + algSuiteType.getEncryptionDerivedKeyLength() / 8);
+ if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
+ config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+ }
}
if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -393,6 +406,11 @@ public class StaxSymmetricBindingHandler
config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
} else {
config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
+ if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "EncryptedKeySHA1");
+ config.put(ConfigurationConstants.ENC_KEY_ID, "DirectReference");
+ config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
+ }
}
config.put(ConfigurationConstants.ENC_KEY_TRANSPORT,
@@ -420,6 +438,17 @@ public class StaxSymmetricBindingHandler
String actionToPerform = ConfigurationConstants.SIGNATURE;
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
+ if (MessageUtils.isRequestor(message)) {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
+ } else {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+ }
+ AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+ config.put(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH,
+ "" + algSuiteType.getSignatureDerivedKeyLength() / 8);
+ if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
+ config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+ }
}
if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -474,6 +503,10 @@ public class StaxSymmetricBindingHandler
config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKey");
} else {
config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKeySHA1");
+ if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "EncryptedKeySHA1");
+ config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
+ }
}
} else if (policyToken instanceof KerberosToken && !isRequestor()) {
config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
@@ -545,7 +578,10 @@ public class StaxSymmetricBindingHandler
== incomingEvent.getSecurityEventType()) {
org.apache.xml.security.stax.securityToken.SecurityToken token =
((AbstractSecuredElementSecurityEvent)incomingEvent).getSecurityToken();
- if (token != null && token.getSecretKey() != null
+ if (token.getKeyWrappingToken() != null && token.getKeyWrappingToken().getSecretKey() != null
+ && token.getKeyWrappingToken().getSha1Identifier() != null) {
+ return token.getKeyWrappingToken();
+ } else if (token != null && token.getSecretKey() != null
&& token.getSha1Identifier() != null) {
return token;
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1530915&r1=1530914&r2=1530915&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Thu Oct 10 11:01:36 2013
@@ -126,9 +126,9 @@ public class X509TokenTest extends Abstr
// DOM
x509Port.doubleIt(25);
- // TODO WSS-469 Streaming
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);