You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ru...@apache.org on 2006/03/25 09:50:19 UTC
svn commit: r388730 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/message/ test/wssec/
Author: ruchithf
Date: Sat Mar 25 00:50:18 2006
New Revision: 388730
URL: http://svn.apache.org/viewcvs?rev=388730&view=rev
Log:
- Added some more tests to TestWSSecurityNewSCT (Sign, Sing and Encrypt, Encrypt and Sign)
- s/commit/prependSCTElementToHeader
- Removed unused build() and commit() methods from WSSecEncryptedKey and updated the test cases to use the prepare() and prepend*() methods
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSecurityContextToken.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Sat Mar 25 00:50:18 2006
@@ -99,13 +99,13 @@
addReferencesToSign(parts, secHeader);
- computeSignature();
+ this.computeSignature();
this.prependSigToHeader(secHeader);
/*
* prepend elements in the right order to the security header
*/
- prependDKElementToHeader(secHeader);
+ this.prependDKElementToHeader(secHeader);
return doc;
}
@@ -390,7 +390,7 @@
* @param securityHeader
* The secHeader that holds the Signature element.
*/
- private void prependSigToHeader(WSSecHeader secHeader) {
+ public void prependSigToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(document, secHeader.getSecurityHeader(), sig
.getElement(), false);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Sat Mar 25 00:50:18 2006
@@ -134,7 +134,7 @@
* certificates
* @throws WSSecurityException
*/
- protected void prepare(Document doc, Crypto crypto)
+ public void prepare(Document doc, Crypto crypto)
throws WSSecurityException {
document = doc;
@@ -189,7 +189,7 @@
* @param secHeader
* The security header that holds the Signature element.
*/
- protected void prependDKElementToHeader(WSSecHeader secHeader) {
+ public void prependDKElementToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(document, secHeader
.getSecurityHeader(), dkt.getElement(), false);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Sat Mar 25 00:50:18 2006
@@ -97,27 +97,6 @@
protected X509Certificate useThisCert = null;
/**
- * This will actually prepend the <code>EncryptedKey</code> to the
- * security header
- *
- * @param doc
- * @param crypto
- * @param secHeader
- * @throws WSSecurityException
- */
- public void commit(Document doc, Crypto crypto, WSSecHeader secHeader)
- throws WSSecurityException {
- prependToHeader(secHeader);
- prependBSTElementToHeader(secHeader);
- }
-
- public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
- throws WSSecurityException {
- prepare(doc, crypto);
- return doc;
- }
-
- /**
* Set the user name to get the encryption certificate.
*
* The public key of this certificate is used, thus no password necessary.
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSecurityContextToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSecurityContextToken.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSecurityContextToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSecurityContextToken.java Sat Mar 25 00:50:18 2006
@@ -52,13 +52,7 @@
*/
protected byte[] secret;
- public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
- throws WSSecurityException {
- this.prepare(doc, crypto);
- return doc;
- }
-
- protected void prepare(Document doc, Crypto crypto)
+ public void prepare(Document doc, Crypto crypto)
throws WSSecurityException {
if (sct == null) {
@@ -78,7 +72,7 @@
}
- public void commit(Document doc, Crypto crypto, WSSecHeader secHeader)
+ public void prependSCTElementToHeader(Document doc, WSSecHeader secHeader)
throws WSSecurityException {
WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
sct.getElement(), false);
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java Sat Mar 25 00:50:18 2006
@@ -18,19 +18,6 @@
package wssec;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PrintWriter;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.client.AxisClient;
@@ -51,6 +38,19 @@
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
public class TestWSSecurityNewDK extends TestCase implements CallbackHandler {
private static Log log = LogFactory.getLog(TestWSSecurityNewDK.class);
static final String soapMsg = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -136,7 +136,7 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo("wss4jcert");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.build(doc, crypto, secHeader);
+ encrKeyBuilder.prepare(doc, crypto);
//Key information from the EncryptedKey
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -148,7 +148,9 @@
encrBuilder.setExternalKey(ek, tokenIdentifier);
Document encryptedDoc = encrBuilder.build(doc, crypto, secHeader);
- encrKeyBuilder.commit(encryptedDoc, crypto, secHeader);
+ encrKeyBuilder.prependToHeader(secHeader);
+ encrKeyBuilder.prependBSTElementToHeader(secHeader);
+
Message encryptedMsg = (Message) SOAPUtil.toSOAPMessage(encryptedDoc);
if (log.isDebugEnabled()) {
@@ -175,7 +177,7 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo("wss4jcert");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.build(doc, crypto, secHeader);
+ encrKeyBuilder.prepare(doc, crypto);
//Key information from the EncryptedKey
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -187,7 +189,8 @@
encrBuilder.setExternalKey(ek, tokenIdentifier);
Document encryptedDoc = encrBuilder.build(doc, crypto, secHeader);
- encrKeyBuilder.commit(encryptedDoc, crypto, secHeader);
+ encrKeyBuilder.prependToHeader(secHeader);
+ encrKeyBuilder.prependBSTElementToHeader(secHeader);
Message encryptedMsg = (Message) SOAPUtil.toSOAPMessage(encryptedDoc);
if (log.isDebugEnabled()) {
@@ -210,7 +213,7 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo("wss4jcert");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.build(doc, crypto, secHeader);
+ encrKeyBuilder.prepare(doc, crypto);
//Key information from the EncryptedKey
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -222,7 +225,8 @@
sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
Document signedDoc = sigBuilder.build(doc, crypto, secHeader);
- encrKeyBuilder.commit(signedDoc, crypto, secHeader);
+ encrKeyBuilder.prependToHeader(secHeader);
+ encrKeyBuilder.prependBSTElementToHeader(secHeader);
Message signedMessage = (Message) SOAPUtil.toSOAPMessage(doc);
if (log.isDebugEnabled()) {
@@ -246,7 +250,7 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo("wss4jcert");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.build(doc, crypto, secHeader);
+ encrKeyBuilder.prepare(doc, crypto);
//Key information from the EncryptedKey
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -266,7 +270,8 @@
Document signedEncryptedDoc = encrBuilder.build(signedDoc, crypto,
secHeader);
- encrKeyBuilder.commit(signedEncryptedDoc, crypto, secHeader);
+ encrKeyBuilder.prependToHeader(secHeader);
+ encrKeyBuilder.prependBSTElementToHeader(secHeader);
Message signedMessage = (Message) SOAPUtil
.toSOAPMessage(signedEncryptedDoc);
@@ -292,7 +297,7 @@
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
encrKeyBuilder.setUserInfo("wss4jcert");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.build(doc, crypto, secHeader);
+ encrKeyBuilder.prepare(doc, crypto);
//Key information from the EncryptedKey
byte[] ek = encrKeyBuilder.getEphemeralKey();
@@ -302,17 +307,18 @@
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(ek, tokenIdentifier);
- Document encryptedDoc = encrBuilder.build(doc, crypto, secHeader);
+ encrBuilder.build(doc, crypto, secHeader);
//Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
sigBuilder.setExternalKey(ek, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
log.info("Before HMAC-SHA1 signature");
- Document encryptedSignedDoc = sigBuilder.build(encryptedDoc, crypto,
+ Document encryptedSignedDoc = sigBuilder.build(doc, crypto,
secHeader);
- encrKeyBuilder.commit(encryptedSignedDoc, crypto, secHeader);
+ encrKeyBuilder.prependToHeader(secHeader);
+ encrKeyBuilder.prependBSTElementToHeader(secHeader);
Message signedMessage = (Message) SOAPUtil
.toSOAPMessage(encryptedSignedDoc);
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=388730&r1=388729&r2=388730&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Sat Mar 25 00:50:18 2006
@@ -40,8 +40,10 @@
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSecurityContextToken;
+import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
/**
@@ -100,8 +102,9 @@
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
- sctBuilder.build(doc, crypto, secHeader);
- sctBuilder.commit(doc, crypto, secHeader);
+ sctBuilder.prepare(doc, crypto);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
String out = org.apache.ws.security.util.XMLUtils
.PrettyDocumentToString(doc);
@@ -125,7 +128,7 @@
* Test encryption using a derived key which is based on a secret associated
* with a security context token
*/
- public void testSCTDKEncryptDecrypt() {
+ public void testSCTDKTEncrypt() {
try {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
@@ -133,7 +136,7 @@
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
- sctBuilder.build(doc, crypto, secHeader);
+ sctBuilder.prepare(doc, crypto);
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] tempSecret = new byte[16];
@@ -150,13 +153,138 @@
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, crypto, secHeader);
- sctBuilder.commit(doc, crypto, secHeader);
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ // String out = org.apache.ws.security.util.XMLUtils
+ // .PrettyDocumentToString(doc);
+ // System.out.println(out);
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSCTKDKTSign() {
+ try {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ // Derived key signature
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setExternalKey(tempSecret, tokenId);
+ sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ sigBuilder.build(doc, crypto, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
// String out = org.apache.ws.security.util.XMLUtils
-// .PrettyDocumentToString(doc);
+// .PrettyDocumentToString(doc);
+// System.out.println(out);
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSCTKDKTSignEncrypt() {
+ try {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ // Derived key signature
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setExternalKey(tempSecret, tokenId);
+ sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ sigBuilder.build(doc, crypto, secHeader);
+
+ // Derived key encryption
+ WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ encrBuilder.setExternalKey(tempSecret, tokenId);
+ encrBuilder.build(doc, crypto, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+ String out = org.apache.ws.security.util.XMLUtils
+ .PrettyDocumentToString(doc);
+ System.out.println(out);
+
+ verify(doc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSCTKDKTEncryptSign() {
+ try {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.prepare(doc, crypto);
+
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
+
+ // Store the secret
+ this.secrets.put(sctBuilder.getIdentifier(), tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+ // Derived key encryption
+ WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ encrBuilder.setExternalKey(tempSecret, tokenId);
+ encrBuilder.build(doc, crypto, secHeader);
+
+ // Derived key signature
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setExternalKey(tempSecret, tokenId);
+ sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ sigBuilder.build(doc, crypto, secHeader);
+
+ sctBuilder.prependSCTElementToHeader(doc, secHeader);
+
+// String out = org.apache.ws.security.util.XMLUtils
+// .PrettyDocumentToString(doc);
// System.out.println(out);
-
+
verify(doc);
} catch (Exception e) {
e.printStackTrace();
@@ -165,17 +293,18 @@
}
/**
- * Verifies the soap envelope
- * <p/>
+ * Verifies the soap envelope <p/>
*
- * @param envelope
- * @throws Exception Thrown when there is a problem in verification
+ * @param envelope
+ * @throws Exception
+ * Thrown when there is a problem in verification
*/
private void verify(Document doc) throws Exception {
secEngine.processSecurityHeader(doc, null, this, crypto);
SOAPUtil.updateSOAPMessage(doc, message);
String decryptedString = message.getSOAPPartAsString();
- assertTrue(decryptedString.indexOf("LogTestService2") > 0 ? true : false);
+ assertTrue(decryptedString.indexOf("LogTestService2") > 0 ? true
+ : false);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org