You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by we...@apache.org on 2007/08/16 15:39:30 UTC
svn commit: r566708 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
message/token/UsernameToken.java processor/SignatureProcessor.java
processor/UsernameTokenProcessor.java
Author: werner
Date: Thu Aug 16 06:39:29 2007
New Revision: 566708
URL: http://svn.apache.org/viewvc?view=rev&rev=566708
Log:
Enhance to use digest password type for UsernameToken signature, add
functions and enhancements to handle it on the server side as well.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java Thu Aug 16 06:39:29 2007
@@ -329,7 +329,7 @@
/**
* Gets the password string. This is the password as it is in the password
- * element of a username, token. Thus it can be either plain text or the
+ * element of a username token. Thus it can be either plain text or the
* password digest value.
*
* @return the password string or <code>null</code> if no such node
@@ -418,6 +418,15 @@
}
}
+ /**
+ * Set the raw (plain text) password used to compute secret key.
+ *
+ * @param raw_password the raw_password to set
+ */
+ public void setRawPassword(String raw_password) {
+ this.raw_password = raw_password;
+ }
+
public static String doPasswordDigest(String nonce, String created,
String password) {
String passwdDigest = null;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Thu Aug 16 06:39:29 2007
@@ -203,14 +203,17 @@
QName el = new QName(token.getNamespaceURI(), token
.getLocalName());
if (el.equals(WSSecurityEngine.usernameToken)) {
- ut = new UsernameToken(token);
+ String id = token.getAttributeNS(WSConstants.WSU_NS, "Id");
+ UsernameTokenProcessor utProcessor =
+ (UsernameTokenProcessor) wsDocInfo.getProcessor(id);
+ ut = utProcessor.getUt();
secretKey = ut.getSecretKey();
} else if(el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_02) ||
el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_12)) {
dkt = new DerivedKeyToken(token);
String id = dkt.getID();
- DerivedKeyTokenProcessor dktProcessor = (DerivedKeyTokenProcessor) wsDocInfo
- .getProcessor(id);
+ DerivedKeyTokenProcessor dktProcessor =
+ (DerivedKeyTokenProcessor) wsDocInfo.getProcessor(id);
String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
int keyLength = (dkt.getLength() > 0) ? dkt.getLength() :
WSSecurityUtil.getKeyLength(signatureMethodURI);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Thu Aug 16 06:39:29 2007
@@ -41,6 +41,7 @@
private static Log log = LogFactory.getLog(UsernameTokenProcessor.class.getName());
private String utId;
+ private UsernameToken ut;
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
@@ -75,7 +76,7 @@
* @throws WSSecurityException
*/
public WSUsernameTokenPrincipal handleUsernameToken(Element token, CallbackHandler cb) throws WSSecurityException {
- UsernameToken ut = new UsernameToken(token);
+ ut = new UsernameToken(token);
String user = ut.getName();
String password = ut.getPassword();
String nonce = ut.getNonce();
@@ -87,6 +88,8 @@
}
Callback[] callbacks = new Callback[1];
+ String origPassword = null;
+
if (ut.isHashed()) {
if (cb == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
@@ -106,7 +109,7 @@
"noPassword",
new Object[]{user}, e);
}
- String origPassword = pwCb.getPassword();
+ origPassword = pwCb.getPassword();
if (log.isDebugEnabled()) {
log.debug("UsernameToken callback password " + origPassword);
}
@@ -120,6 +123,7 @@
throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
}
}
+ ut.setRawPassword(origPassword);
} else if (cb != null) {
WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
pwType, WSPasswordCallback.USERNAME_TOKEN_UNKNOWN);
@@ -133,8 +137,8 @@
throw new WSSecurityException(WSSecurityException.FAILURE,
"noPassword", new Object[]{user});
}
+ ut.setRawPassword(password);
}
-
WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(user, ut.isHashed());
principal.setNonce(nonce);
principal.setPassword(password);
@@ -149,5 +153,14 @@
*/
public String getId() {
return utId;
+ }
+
+ /**
+ * Get the processed USernameToken.
+ *
+ * @return the ut
+ */
+ public UsernameToken getUt() {
+ return ut;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org