You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/02/14 12:05:28 UTC
[ws-wss4j] branch master updated (03b5ff5 -> 22a2756)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git.
from 03b5ff5 Extend automatic signature algorithm detection with support for EC keys (WSS-663) (#4)
new 0168ffa Disabling some tests to work with the IBM JDK - namely issues with GCM
new 50713a1 Remove code to set IVParameterSpec for old BouncyCastle versions
new 22a2756 Picking up latest Santuario changes
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../wss4j/common/crypto/WSProviderConfig.java | 29 +---------------------
.../apache/wss4j/common/util/AttachmentUtils.java | 2 +-
.../wss4j/common/crypto/NameConstraintsTest.java | 27 ++++++++++++++++++++
.../org/apache/wss4j/dom/message/Encryptor.java | 2 +-
.../apache/wss4j/dom/message/AttachmentTest.java | 5 ++++
.../wss4j/dom/message/EncryptionGCMTest.java | 9 +++++++
.../processor/output/EncryptOutputProcessor.java | 2 +-
.../org/apache/wss4j/stax/test/AttachmentTest.java | 4 +++
.../apache/wss4j/stax/test/EncDecryptionTest.java | 14 +++++++++--
9 files changed, 61 insertions(+), 33 deletions(-)
[ws-wss4j] 01/03: Disabling some tests to work with the IBM JDK -
namely issues with GCM
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 0168ffa699d9497bd8f1d0c61942a0881be2eb71
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 14 12:04:30 2020 +0000
Disabling some tests to work with the IBM JDK - namely issues with GCM
---
.../wss4j/common/crypto/NameConstraintsTest.java | 27 ++++++++++++++++++++++
.../apache/wss4j/dom/message/AttachmentTest.java | 5 ++++
.../wss4j/dom/message/EncryptionGCMTest.java | 9 ++++++++
.../org/apache/wss4j/stax/test/AttachmentTest.java | 4 ++++
.../apache/wss4j/stax/test/EncDecryptionTest.java | 14 +++++++++--
5 files changed, 57 insertions(+), 2 deletions(-)
diff --git a/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/NameConstraintsTest.java b/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/NameConstraintsTest.java
index 6f0b7ad..6727359 100644
--- a/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/NameConstraintsTest.java
+++ b/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/NameConstraintsTest.java
@@ -45,6 +45,7 @@ import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
/**
* Tests the handling of {@code NameConstraint}s with {@code TrustAnchor}s in the
@@ -75,6 +76,8 @@ public class NameConstraintsTest {
private static final Pattern SUBJ_PATTERN = Pattern.compile(".*OU=wss4j,O=apache");
+ private boolean isIBMJdK = System.getProperty("java.vendor").contains("IBM");
+
@BeforeEach
public void setup() throws Exception {
WSProviderConfig.init();
@@ -121,6 +124,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraints() throws Exception {
+ assumeFalse(isIBMJdK);
+
Merlin merlin = new Merlin();
X509Certificate[] certificates = getTestCertificateChain(INTERMEDIATE_SIGNED);
@@ -139,6 +144,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlin() throws Exception {
+ assumeFalse(isIBMJdK);
+
withKeyStoreUsingMerlin(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
new Merlin());
@@ -152,6 +159,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithTrustStoreUsingMerlin() throws Exception {
+ assumeFalse(isIBMJdK);
+
withTrustStoreUsingMerlin(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
new Merlin());
@@ -165,6 +174,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlinAki() throws Exception {
+ assumeFalse(isIBMJdK);
+
withKeyStoreUsingMerlinAKI(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
new MerlinAKI());
@@ -178,6 +189,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithTrustStoreUsingMerlinAki() throws Exception {
+ assumeFalse(isIBMJdK);
+
withTrustStoreUsingMerlinAKI(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
new MerlinAKI());
@@ -191,6 +204,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlinBc() throws Exception {
+ assumeFalse(isIBMJdK);
+
withKeyStoreUsingMerlin(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
getMerlinBc());
@@ -204,6 +219,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithTrustStoreUsingMerlinBc() throws Exception {
+ assumeFalse(isIBMJdK);
+
withTrustStoreUsingMerlin(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
getMerlinBc());
@@ -217,6 +234,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlinAkiBc() throws Exception {
+ assumeFalse(isIBMJdK);
+
withKeyStoreUsingMerlinAKI(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
getMerlinAkiBc());
@@ -230,6 +249,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithTrustStoreUsingMerlinAkiBc() throws Exception {
+ assumeFalse(isIBMJdK);
+
withTrustStoreUsingMerlinAKI(getSelfKeyStore(),
getTestCertificateChain(SELF_SIGNED),
getMerlinAkiBc());
@@ -243,6 +264,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlinBreaking() throws Exception {
+ assumeFalse(isIBMJdK);
+
Properties properties = new Properties();
properties.setProperty("org.apache.wss4j.crypto.merlin.cert.provider.nameconstraints",
"true");
@@ -259,6 +282,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsWithKeyStoreUsingMerlinAkiBreaking() throws Exception {
+ assumeFalse(isIBMJdK);
+
Properties properties = new Properties();
properties.setProperty("org.apache.wss4j.crypto.merlin.cert.provider.nameconstraints",
"true");
@@ -275,6 +300,8 @@ public class NameConstraintsTest {
@Test
public void testNameConstraintsUsingCertificateStore() throws Exception {
+ assumeFalse(isIBMJdK);
+
usingCertificateStore(getSelfKeyStore(), getTestCertificateChain(SELF_SIGNED));
usingCertificateStore(getRootKeyStore(), getTestCertificateChain(ROOT_SIGNED));
usingCertificateStore(getRootKeyStore(), getTestCertificateChain(INTERMEDIATE_SIGNED));
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
index 6e0fe1a..9077853 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
@@ -64,6 +64,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
public class AttachmentTest {
@@ -73,6 +74,8 @@ public class AttachmentTest {
private WSSecurityEngine secEngine = new WSSecurityEngine();
private Crypto crypto;
+ private boolean isIBMJdK = System.getProperty("java.vendor").contains("IBM");
+
public AttachmentTest() throws Exception {
WSSConfig.init();
crypto = CryptoFactory.getInstance();
@@ -426,6 +429,8 @@ public class AttachmentTest {
@Test
public void testXMLAttachmentContentEncryptionGCM() throws Exception {
+ assumeFalse(isIBMJdK);
+
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
index ff0ca26..c26ceb8 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
@@ -51,6 +51,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
/**
* A set of test-cases for encrypting and decrypting SOAP requests using GCM. See:
@@ -69,6 +70,8 @@ public class EncryptionGCMTest {
private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
private Crypto crypto;
+ private boolean isIBMJdK = System.getProperty("java.vendor").contains("IBM");
+
@AfterAll
public static void cleanup() throws Exception {
SecurityTestUtil.cleanup();
@@ -90,6 +93,8 @@ public class EncryptionGCMTest {
@Test
public void testAES128GCM() throws Exception {
+ assumeFalse(isIBMJdK);
+
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
@@ -115,6 +120,8 @@ public class EncryptionGCMTest {
@Test
public void testAES256GCM() throws Exception {
+ assumeFalse(isIBMJdK);
+
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
@@ -140,6 +147,8 @@ public class EncryptionGCMTest {
@Test
public void testAES192GCM_RSAOAEP_SHA256_MGFSHA256() throws Exception {
+ assumeFalse(isIBMJdK);
+
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AttachmentTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AttachmentTest.java
index 0aa94c2..ef64f17 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AttachmentTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AttachmentTest.java
@@ -76,9 +76,12 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
public class AttachmentTest extends AbstractTestBase {
+ private boolean isIBMJdK = System.getProperty("java.vendor").contains("IBM");
+
public AttachmentTest() throws Exception {
}
@@ -490,6 +493,7 @@ public class AttachmentTest extends AbstractTestBase {
@Test
public void testXMLAttachmentContentEncryptionGCM() throws Exception {
+ assumeFalse(isIBMJdK);
final String attachmentId = UUID.randomUUID().toString();
final Attachment attachment = new Attachment();
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
index 2773d96..e00357f 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
@@ -91,9 +91,12 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
public class EncDecryptionTest extends AbstractTestBase {
+ private boolean isIBMJdK = System.getProperty("java.vendor").contains("IBM");
+
@Test
public void testEncDecryptionDefaultConfigurationOutbound() throws Exception {
@@ -1832,6 +1835,7 @@ public class EncDecryptionTest extends AbstractTestBase {
*/
@Test
public void testKeyWrappingRSAOAEPMGF1AESGCM128Outbound() throws Exception {
+ assumeFalse(isIBMJdK);
try {
Security.addProvider(new BouncyCastleProvider());
ByteArrayOutputStream baos;
@@ -1892,7 +1896,7 @@ public class EncDecryptionTest extends AbstractTestBase {
@Test
public void testKeyWrappingRSAOAEPMGF1AESGCM128Inbound() throws Exception {
-
+ assumeFalse(isIBMJdK);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -1938,6 +1942,7 @@ public class EncDecryptionTest extends AbstractTestBase {
*/
@Test
public void testKeyWrappingRSAOAEPAESGCM192SHA256Outbound() throws Exception {
+ assumeFalse(isIBMJdK);
try {
Security.addProvider(new BouncyCastleProvider());
ByteArrayOutputStream baos;
@@ -2001,7 +2006,8 @@ public class EncDecryptionTest extends AbstractTestBase {
}
@Test
- public void testKeyWrappingRSAOAEPAESGMC192SHA256Inbound() throws Exception {
+ public void testKeyWrappingRSAOAEPAESGCM192SHA256Inbound() throws Exception {
+ assumeFalse(isIBMJdK);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -2053,6 +2059,7 @@ public class EncDecryptionTest extends AbstractTestBase {
*/
@Test
public void testKeyWrappingRSAOAEPAES192GCMSHA384MGF1sha384Outbound() throws Exception {
+ assumeFalse(isIBMJdK);
try {
Security.addProvider(new BouncyCastleProvider());
@@ -2124,6 +2131,7 @@ public class EncDecryptionTest extends AbstractTestBase {
@Test
public void testKeyWrappingRSAOAEPAES192GCMSHA384MGF1sha1Inbound() throws Exception {
+ assumeFalse(isIBMJdK);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -2179,6 +2187,7 @@ public class EncDecryptionTest extends AbstractTestBase {
@Test
public void testKeyWrappingRSAOAEPAESGCM192SHA384MGF1SHA384PSourceOutbound() throws Exception {
+ assumeFalse(isIBMJdK);
try {
Security.addProvider(new BouncyCastleProvider());
ByteArrayOutputStream baos;
@@ -2254,6 +2263,7 @@ public class EncDecryptionTest extends AbstractTestBase {
@Test
@org.junit.jupiter.api.Disabled //WSS4J does not support OAEPParams atm
public void testKeyWrappingRSAOAEPAESGCM192SHA384MGF1SHA384PSourceInbound() throws Exception {
+ assumeFalse(isIBMJdK);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
[ws-wss4j] 02/03: Remove code to set IVParameterSpec for old
BouncyCastle versions
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 50713a16dbe7e570246d8c2691757d6de4d2efe5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 14 12:04:52 2020 +0000
Remove code to set IVParameterSpec for old BouncyCastle versions
---
.../wss4j/common/crypto/WSProviderConfig.java | 29 +---------------------
1 file changed, 1 insertion(+), 28 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/WSProviderConfig.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/WSProviderConfig.java
index 8cbf6b7..139006b 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/WSProviderConfig.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/WSProviderConfig.java
@@ -101,16 +101,7 @@ public final class WSProviderConfig {
if (addBCProv) {
AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
public Boolean run() {
- String bcProviderStr =
- addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
- // If we have BouncyCastle v1.49 installed then use IvParameterSpec in
- // Santuario. This can be removed when we pick up BouncyCastle 1.51+
- if (bcProviderStr != null) {
- Provider bcProvider = Security.getProvider(bcProviderStr);
- if (bcProvider.getVersion() < 1.50) {
- useIvParameterSpec();
- }
- }
+ addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
return true;
}
});
@@ -194,24 +185,6 @@ public final class WSProviderConfig {
}
}
- private static void useIvParameterSpec() {
- try {
- // Don't override if it was set explicitly
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- String ivParameterSpec = "org.apache.xml.security.cipher.gcm.useIvParameterSpec";
- if (System.getProperty(ivParameterSpec) == null) {
- System.setProperty(ivParameterSpec, "true");
- return false;
- }
- return true;
- }
- });
- } catch (Throwable t) { //NOPMD
- //ignore
- }
- }
-
private static void addXMLDSigRIInternal() {
Security.removeProvider("ApacheXMLDSig");
addJceProvider("ApacheXMLDSig", SantuarioUtil.getSantuarioProvider());
[ws-wss4j] 03/03: Picking up latest Santuario changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 22a27564acf7a5af35644dc63a85f95d3d8f8507
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 14 12:05:06 2020 +0000
Picking up latest Santuario changes
---
.../src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java | 2 +-
.../src/main/java/org/apache/wss4j/dom/message/Encryptor.java | 2 +-
.../apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java b/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
index 205c3c5..c2affda 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
@@ -497,7 +497,7 @@ public final class AttachmentUtils {
}
AlgorithmParameterSpec paramSpec =
- XMLCipherUtil.constructBlockCipherParameters(encAlgo, ivBytes, AttachmentUtils.class);
+ XMLCipherUtil.constructBlockCipherParameters(encAlgo, ivBytes);
try {
cipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
index 53ff45d..48f2de4 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
@@ -427,7 +427,7 @@ public class Encryptor {
int ivLen = JCEMapper.getIVLengthFromURI(encryptionAlgorithm) / 8;
byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
AlgorithmParameterSpec paramSpec =
- XMLCipherUtil.constructBlockCipherParameters(encryptionAlgorithm, iv, Encryptor.class);
+ XMLCipherUtil.constructBlockCipherParameters(encryptionAlgorithm, iv);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
return cipher;
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
index 32fdb57..50adfd8 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
@@ -269,7 +269,7 @@ public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
AlgorithmParameterSpec paramSpec =
- XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv, this.getClass());
+ XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv);
cipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), paramSpec);
} catch (Exception e) {