You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/10 13:01:36 UTC
svn commit: r1530915 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java

Author: coheigea
Date: Thu Oct 10 11:01:36 2013
New Revision: 1530915

URL: http://svn.apache.org/r1530915
Log:
Added a working streaming (client) derived symmetric test

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530915&r1=1530914&r2=1530915&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Oct 10 11:01:36 2013
@@ -50,11 +50,13 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.AbstractTokenWrapper;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.SecureConversationToken;
@@ -361,6 +363,17 @@ public class StaxSymmetricBindingHandler
             String actionToPerform = ConfigurationConstants.ENCRYPT;
             if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
+                if (MessageUtils.isRequestor(message)) {
+                    config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
+                } else {
+                    config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+                }
+                AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+                config.put(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
+                           "" + algSuiteType.getEncryptionDerivedKeyLength() / 8);
+                if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
+                    config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+                }
             }
 
             if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -393,6 +406,11 @@ public class StaxSymmetricBindingHandler
                 config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
             } else {
                 config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
+                if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+                    config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "EncryptedKeySHA1");
+                    config.put(ConfigurationConstants.ENC_KEY_ID, "DirectReference");
+                    config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
+                }
             }
 
             config.put(ConfigurationConstants.ENC_KEY_TRANSPORT, 
@@ -420,6 +438,17 @@ public class StaxSymmetricBindingHandler
         String actionToPerform = ConfigurationConstants.SIGNATURE;
         if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
+            if (MessageUtils.isRequestor(message)) {
+                config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
+            } else {
+                config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
+            }
+            AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+            config.put(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH,
+                       "" + algSuiteType.getSignatureDerivedKeyLength() / 8);
+            if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
+                config.put(ConfigurationConstants.USE_2005_12_NAMESPACE, "true");
+            }
         }
         
         if (config.containsKey(ConfigurationConstants.ACTION)) {
@@ -474,6 +503,10 @@ public class StaxSymmetricBindingHandler
                 config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKey");
             } else {
                 config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKeySHA1");
+                if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+                    config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "EncryptedKeySHA1");
+                    config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
+                }
             }
         } else if (policyToken instanceof KerberosToken && !isRequestor()) {
             config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
@@ -545,7 +578,10 @@ public class StaxSymmetricBindingHandler
                         == incomingEvent.getSecurityEventType()) {
                     org.apache.xml.security.stax.securityToken.SecurityToken token = 
                         ((AbstractSecuredElementSecurityEvent)incomingEvent).getSecurityToken();
-                    if (token != null && token.getSecretKey() != null 
+                    if (token.getKeyWrappingToken() != null && token.getKeyWrappingToken().getSecretKey() != null 
+                        && token.getKeyWrappingToken().getSha1Identifier() != null) {
+                        return token.getKeyWrappingToken();
+                    } else if (token != null && token.getSecretKey() != null 
                         && token.getSha1Identifier() != null) {
                         return token;
                     }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1530915&r1=1530914&r2=1530915&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Thu Oct 10 11:01:36 2013
@@ -126,9 +126,9 @@ public class X509TokenTest extends Abstr
         // DOM
         x509Port.doubleIt(25);
         
-        // TODO WSS-469 Streaming
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);