You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/30 17:44:41 UTC
svn commit: r1780952 [4/4] - in
/axis/axis2/java/rampart/branches/RAMPART-289: ./
modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/builder/
modules/rampart-core/src/main/java/org/apache/rampar...
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java Mon Jan 30 17:44:41 2017
@@ -42,7 +42,7 @@ public class Scenario4Test extends Inter
ofc.setEmbeddedKeyName("SessionKey");
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
-
+
return ofc;
}
@@ -52,6 +52,12 @@ public class Scenario4Test extends Inter
ifc.setActionItems("Signature Encrypt Timestamp");
ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
ifc.setSignaturePropFile("interop.properties");
+
+ /**
+ * This test is not "Basic Security Profile(BSP)" compatible. Cos we use
+ * KeyInfo/KeyName. Therefore setting this test as not BSP compatible.
+ */
+ ifc.setBSPCompliant(false);
return ifc;
}
@@ -92,6 +98,7 @@ public class Scenario4Test extends Inter
ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
ifc.setSignaturePropRefId("key2");
+ ifc.setBSPCompliant(false);
return ifc;
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java Mon Jan 30 17:44:41 2017
@@ -32,7 +32,7 @@ public class Scenario5Test extends Inter
protected OutflowConfiguration getOutflowConfiguration() {
OutflowConfiguration ofc = new OutflowConfiguration(2);
- ofc.setActionItems("Signature NoSerialization");
+ ofc.setActionItems("Signature");
ofc.setUser("alice");
ofc.setSignaturePropFile("interop.properties");
ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
@@ -68,7 +68,7 @@ public class Scenario5Test extends Inter
protected OutflowConfiguration getOutflowConfigurationWithRefs() {
OutflowConfiguration ofc = new OutflowConfiguration(2);
- ofc.setActionItems("Signature NoSerialization");
+ ofc.setActionItems("Signature");
ofc.setUser("alice");
ofc.setSignaturePropRefId("key1");
ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java Mon Jan 30 17:44:41 2017
@@ -95,7 +95,8 @@ public class RampartTest extends TestCas
System.out.println("\nWARNING: We are using key sizes from JCE " +
"Unlimited Strength Jurisdiction Policy !!!");
}
-
+
+ //for (int i = 34; i <= 34; i++) { //<-The number of tests we have
for (int i = 1; i <= 34; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
@@ -165,6 +166,7 @@ public class RampartTest extends TestCas
}
}
else{
+
//Blocking invocation
serviceClient.sendReceive(getEchoElement());
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s2a.service.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s2a.service.xml?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s2a.service.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s2a.service.xml Mon Jan 30 17:44:41 2017
@@ -7,7 +7,7 @@
<parameter name="InflowSecurity">
<action>
- <items>UsernameTokenSignature UsernameToken Encrypt Timestamp</items>
+ <items>UsernameTokenSignature UsernameTokenNoPassword Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<decryptionPropFile>interop.properties</decryptionPropFile>
</action>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml Mon Jan 30 17:44:41 2017
@@ -15,8 +15,8 @@
<encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<signaturePropFile>interop.properties</signaturePropFile>
- <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
- <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ <embeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</embeddedKeyCallbackClass>
+ <embeddedKeyName>SessionKey</embeddedKeyName>
</action>
</parameter>
@@ -25,6 +25,7 @@
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
+ <isBSPCompliant>false</isBSPCompliant>
</action>
</parameter>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.service.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.service.xml?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.service.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s4.service.xml Mon Jan 30 17:44:41 2017
@@ -10,6 +10,7 @@
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
+ <isBSPCompliant>false</isBSPCompliant>
</action>
</parameter>
@@ -22,8 +23,8 @@
<encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<signaturePropFile>interop.properties</signaturePropFile>
- <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
- <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ <embeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</embeddedKeyCallbackClass>
+ <embeddedKeyName>SessionKey</embeddedKeyName>
</action>
</parameter>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml Mon Jan 30 17:44:41 2017
@@ -9,7 +9,7 @@
<parameter name="OutflowSecurity">
<action>
- <items>Signature NoSerialization</items>
+ <items>Signature</items>
<user>alice</user>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
@@ -115,7 +115,7 @@
<phase name="OperationOutFaultPhase"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
- <phase name="MessageOut"/>
+ <phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
</axisconfig>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java Mon Jan 30 17:44:41 2017
@@ -125,7 +125,8 @@ public class MessageBuilderTestBase exte
while (secHeaderChildren.hasNext()) {
OMElement element = (OMElement) secHeaderChildren.next();
if (qnameList.hasNext()) {
- if (!element.getQName().equals(qnameList.next())) {
+ QName elementQName = (QName)qnameList.next();
+ if (!element.getQName().equals(elementQName)) {
fail("Incorrect Element" + element);
}
} else {
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java Mon Jan 30 17:44:41 2017
@@ -17,24 +17,15 @@
package org.apache.rampart;
import java.io.ByteArrayInputStream;
-import java.util.Vector;
-import java.util.ArrayList;
+import java.util.List;
import java.security.cert.X509Certificate;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.engine.AxisEngine;
-import org.apache.axis2.namespace.Constants;
import org.apache.neethi.Policy;
-import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.handler.WSHandlerConstants;
-
-import javax.xml.namespace.QName;
public class RampartEngineTest extends MessageBuilderTestBase {
@@ -77,7 +68,7 @@ public class RampartEngineTest extends M
buildSOAPEnvelope(ctx);
RampartEngine engine = new RampartEngine();
- Vector results = engine.process(ctx);
+ List<WSSecurityEngineResult> results = engine.process(ctx);
/*
The principle purpose of the test case is to verify that the above processes
@@ -87,12 +78,11 @@ public class RampartEngineTest extends M
assertNotNull("RampartEngine returned null result", results);
//verify cert was stored
X509Certificate usedCert = null;
- for (int i = 0; i < results.size(); i++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
- Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (action.intValue() == WSConstants.SIGN) {
+ for (WSSecurityEngineResult result : results) {
+ Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action == WSConstants.SIGN) {
//the result is for the signature, which contains the used certificate
- usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ usedCert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
break;
}
}
@@ -115,7 +105,7 @@ public class RampartEngineTest extends M
buildSOAPEnvelope(ctx);
RampartEngine engine = new RampartEngine();
- Vector results = engine.process(ctx);
+ List<org.apache.ws.security.WSSecurityEngineResult> results = engine.process(ctx);
/*
The principle purpose of the test case is to verify that the above processes
@@ -125,12 +115,11 @@ public class RampartEngineTest extends M
assertNotNull("RampartEngine returned null result", results);
//verify cert was stored
X509Certificate usedCert = null;
- for (int i = 0; i < results.size(); i++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
- Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (action.intValue() == WSConstants.SIGN) {
+ for (WSSecurityEngineResult result : results) {
+ Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action == WSConstants.SIGN) {
//the result is for the signature, which contains the used certificate
- usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ usedCert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
break;
}
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java Mon Jan 30 17:44:41 2017
@@ -74,40 +74,38 @@ public class TestCBHandler implements Ca
throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
- for (int i = 0; i < callbacks.length; i++) {
-
- if (callbacks[i] instanceof WSPasswordCallback) {
-
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if (callback instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callback;
/*
- * This usage type is used only in case we received a
+ * This usage type is used only in case we received a
- * username token with a password of type PasswordText or
+ * username token with a password of type PasswordText or
- * an unknown password type.
+ * an unknown password type.
- *
+ *
- * This case the WSPasswordCallback object contains the
+ * This case the WSPasswordCallback object contains the
- * identifier (aka username), the password we received, and
+ * identifier (aka username), the password we received, and
- * the password type string to identify the type.
+ * the password type string to identify the type.
- *
+ *
- * Here we perform only a very simple check.
+ * Here we perform only a very simple check.
- */
+ */
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if (pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
@@ -117,11 +115,11 @@ public class TestCBHandler implements Ca
return;
- }
+ }
- throw new UnsupportedCallbackException(callbacks[i],
+ throw new UnsupportedCallbackException(callback,
- "check failed");
+ "check failed");
}
@@ -141,15 +139,15 @@ public class TestCBHandler implements Ca
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if (pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if (pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if (pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
@@ -161,7 +159,7 @@ public class TestCBHandler implements Ca
} else {
- throw new UnsupportedCallbackException(callbacks[i],
+ throw new UnsupportedCallbackException(callback,
"Unrecognized Callback");
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/PWCallback.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/PWCallback.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/PWCallback.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/PWCallback.java Mon Jan 30 17:44:41 2017
@@ -116,7 +116,7 @@ public class PWCallback implements Callb
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
@@ -150,15 +150,15 @@ public class PWCallback implements Callb
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if(pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if(pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if(pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java Mon Jan 30 17:44:41 2017
@@ -35,7 +35,7 @@ import javax.xml.namespace.QName;
import java.security.Principal;
import java.security.cert.X509Certificate;
-import java.util.Vector;
+import java.util.List;
/**
* Common data items on WS-Trust request messages
@@ -153,38 +153,35 @@ public class RahasData {
* we will not be encrypting the response
*/
- Vector results;
- if ((results = (Vector) this.inMessageContext
+ List<WSHandlerResult> results;
+ if ((results = (List<WSHandlerResult>) this.inMessageContext
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
throw new TrustException(TrustException.REQUEST_FAILED);
} else {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult = (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
- .get(j);
+ for (WSHandlerResult result : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- int act = ((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
- intValue();
+ int act = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+
if (act == WSConstants.SIGN && principalObject != null) {
this.clientCert = (X509Certificate) wser
.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
- this.principal = (Principal)principalObject;
+ this.principal = (Principal) principalObject;
} else if (act == WSConstants.UT && principalObject != null) {
- this.principal = (Principal)principalObject;
+ this.principal = (Principal) principalObject;
} else if (act == WSConstants.BST) {
- final X509Certificate[] certificates =
- (X509Certificate[]) wser
- .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
+ final X509Certificate[] certificates =
+ (X509Certificate[]) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
this.clientCert = certificates[0];
this.principal = this.clientCert.getSubjectDN();
} else if (act == WSConstants.ST_UNSIGNED) {
this.assertion = (Assertion) wser
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-
+
}
}
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java Mon Jan 30 17:44:41 2017
@@ -42,6 +42,7 @@ import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.Trust10;
@@ -53,7 +54,6 @@ import org.apache.ws.security.components
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
-import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.UUIDGenerator;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -70,7 +70,6 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
-import java.util.Vector;
public class STSClient {
@@ -137,6 +136,10 @@ public class STSClient {
client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
client.getOptions().setSoapVersionURI(this.soapVersion);
+
+ //TODO Remove later
+ client.getOptions().setTimeOutInMilliSeconds(300000);
+
if(this.addressingNs != null) {
client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
}
@@ -474,25 +477,22 @@ public class STSClient {
String b64Secret = child.getText();
secret = Base64.decode(b64Secret);
} else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
- try {
- Element domChild = (Element) new StAXOMBuilder(
- OMAbstractFactory.getMetaFactory(
- OMAbstractFactory.FEATURE_DOM).getOMFactory(),
- child.getXMLStreamReader()).getDocumentElement();
-
- EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
-
- processor.handleToken(domChild, null, this.crypto,
- this.cbHandler, null, new Vector(),
- null);
- secret = processor.getDecryptedBytes();
+ Element domChild = (Element) new StAXOMBuilder(
+ OMAbstractFactory.getMetaFactory(
+ OMAbstractFactory.FEATURE_DOM).getOMFactory(),
+ child.getXMLStreamReader()).getDocumentElement();
+
+ try {
+ secret = CommonUtil.getDecryptedBytes(this.cbHandler, this.crypto, domChild);
} catch (WSSecurityException e) {
+ log.error("Error decrypting encrypted key element", e);
throw new TrustException("errorInProcessingEncryptedKey", e);
}
+
} else if (child.getQName().equals(new QName(ns,
- RahasConstants.IssuanceBindingLocalNames.
- COMPUTED_KEY))) {
+ RahasConstants.IssuanceBindingLocalNames.
+ COMPUTED_KEY))) {
//Handle the computed key
//Get service entropy
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties Mon Jan 30 17:44:41 2017
@@ -97,4 +97,7 @@ issuerPrivateKeyNotFound = Unable to get
errorMarshallingAssertion = Error while marshalling assertion
errorSigningAssertion = Error signing SAML Assertion. An error occurred while signing SAML Assertion with alias : \"{0}\"
sha1NotFound = Unable to find SHA-1 algorithm implementation
-certificateEncodingError = Error encoding certificate
\ No newline at end of file
+certificateEncodingError = Error encoding certificate
+
+errorLoadingCryptoProperties = An error occurred while loading crypto properties
+errorLoadingCryptoPropertiesFile = An error occurred while loading crypto properties from file : \"{0}\"
\ No newline at end of file
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java Mon Jan 30 17:44:41 2017
@@ -25,6 +25,7 @@ import org.apache.axis2.description.Para
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.*;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLAttributeCallback;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.rahas.impl.util.SignKeyHolder;
@@ -85,8 +86,6 @@ import java.util.List;
public class SAML2TokenIssuer implements TokenIssuer {
- private Assertion SAMLAssertion;
-
private String configParamName;
private OMElement configElement;
@@ -355,12 +354,14 @@ public class SAML2TokenIssuer implements
* @return Subject
* @throws Exception
*/
- private Subject createSubjectWithHolderOfKeySC(SAMLTokenIssuerConfig config,
+ Subject createSubjectWithHolderOfKeySC(SAMLTokenIssuerConfig config,
Document doc, Crypto crypto,
DateTime creationTime,
DateTime expirationTime, RahasData data) throws Exception {
+ // TODO modify these to use proper SAML apis
+
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<Subject> subjectBuilder =
(SAMLObjectBuilder<Subject>) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
@@ -392,11 +393,13 @@ public class SAML2TokenIssuer implements
// set keysize
int keysize = data.getKeysize();
keysize = (keysize != -1) ? keysize : config.keySize;
- encrKeyBuilder.setKeySize(keysize);
+
+ // TODO setting keysize is removed with wss4j 1.6 migration - do we actually need this ?
encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
data, config.keyComputation, keysize));
+
// Set key encryption algo
encrKeyBuilder
.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
@@ -448,9 +451,8 @@ public class SAML2TokenIssuer implements
X509Certificate clientCert = data.getClientCert();
if (clientCert == null) {
- X509Certificate[] certs = crypto.getCertificates(
- data.getPrincipal().getName());
- clientCert = certs[0];
+ // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ?
+ clientCert = CommonUtil.getCertificateByAlias(crypto, data.getPrincipal().getName());
}
byte[] clientCertBytes = clientCert.getEncoded();
@@ -642,8 +644,7 @@ public class SAML2TokenIssuer implements
SignKeyHolder signKeyHolder = new SignKeyHolder();
try {
- X509Certificate[] issuerCerts = crypto
- .getCertificates(config.issuerKeyAlias);
+ X509Certificate[] issuerCerts = CommonUtil.getCertificatesByAlias(crypto,config.issuerKeyAlias);
String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java Mon Jan 30 17:44:41 2017
@@ -29,36 +29,23 @@ import org.apache.rahas.Token;
import org.apache.rahas.TokenIssuer;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
-import org.apache.rahas.impl.util.SAMLUtils;
+import org.apache.rahas.impl.util.*;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLException;
import org.opensaml.saml1.core.*;
-import org.opensaml.xml.security.*;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
@@ -118,15 +105,14 @@ public class SAMLTokenIssuer implements
.getEnvelope().getNamespace().getNamespaceURI());
Crypto crypto;
- if (config.cryptoElement != null) { // crypto props
- // defined as
- // elements
- crypto = CryptoFactory.getInstance(TrustUtil
+ if (config.cryptoElement != null) { // crypto props defined as elements
+ crypto = CommonUtil.getCrypto(TrustUtil
.toProperties(config.cryptoElement), inMsgCtx
.getAxisService().getClassLoader());
+
} else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, inMsgCtx
+ .getAxisService().getClassLoader());
}
// Creation and expiration times
@@ -361,9 +347,7 @@ public class SAMLTokenIssuer implements
X509Certificate clientCert = data.getClientCert();
if(clientCert == null) {
- X509Certificate[] certs = crypto.getCertificates(
- data.getPrincipal().getName());
- clientCert = certs[0];
+ clientCert = CommonUtil.getCertificateByAlias(crypto,data.getPrincipal().getName());;
}
KeyInfo keyInfo = SAMLUtils.getCertificateBasedKeyInfo(clientCert);
@@ -380,27 +364,28 @@ public class SAMLTokenIssuer implements
* Uses the <code>wst:AppliesTo</code> to figure out the certificate to
* encrypt the secret in the SAML token
*
- * @param config
- * @param crypto
+ * @param config Token issuer configuration.
+ * @param crypto Crypto properties.
* @param serviceAddress
* The address of the service
- * @return
- * @throws WSSecurityException
+ * @return The X509 certificate.
+ * @throws org.apache.rahas.TrustException If an error occurred while retrieving certificate from crypto.
*/
private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
- Crypto crypto, String serviceAddress) throws WSSecurityException {
-
+ Crypto crypto, String serviceAddress) throws TrustException {
+
+ // TODO a duplicate method !!
if (serviceAddress != null && !"".equals(serviceAddress)) {
String alias = (String) config.trustedServices.get(serviceAddress);
if (alias != null) {
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
} else {
alias = (String) config.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
} else {
String alias = (String) config.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java Mon Jan 30 17:44:41 2017
@@ -25,6 +25,7 @@ import org.apache.axis2.description.Para
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -441,21 +442,21 @@ public class SAMLTokenIssuerConfig exten
* @param serviceAddress
* The address of the service
* @return
- * @throws org.apache.ws.security.WSSecurityException
+ * @throws org.apache.rahas.TrustException If unable to find certificate by given alias.
*/
- public X509Certificate getServiceCert(Crypto crypto, String serviceAddress) throws WSSecurityException {
+ public X509Certificate getServiceCert(Crypto crypto, String serviceAddress) throws TrustException {
if (serviceAddress != null && !"".equals(serviceAddress)) {
String alias = (String) this.trustedServices.get(serviceAddress);
if (alias != null) {
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
} else {
alias = (String) this.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
} else {
String alias = (String) this.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java Mon Jan 30 17:44:41 2017
@@ -15,9 +15,9 @@ import org.apache.rahas.TokenRenewer;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.joda.time.DateTime;
import org.opensaml.saml1.core.Assertion;
@@ -89,15 +89,14 @@ public class SAMLTokenRenewer implements
}
Crypto crypto;
+ ClassLoader classLoader = inMsgCtx.getAxisService().getClassLoader();
if (config.cryptoElement != null) {
// crypto props defined as elements
- crypto = CryptoFactory.getInstance(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
- .getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(TrustUtil
+ .toProperties(config.cryptoElement), classLoader);
} else {
// crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, classLoader);
}
// Create TokenType element
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java Mon Jan 30 17:44:41 2017
@@ -18,6 +18,7 @@ import org.apache.rahas.TokenStorage;
import org.apache.rahas.TokenValidator;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
@@ -183,10 +184,9 @@ public class SAMLTokenValidator implemen
inMsgCtx.getAxisService().getClassLoader());
}
- X509Certificate[] issuerCerts = crypto
- .getCertificates(config.issuerKeyAlias);
+ X509Certificate issuerCert = CommonUtil.getCertificateByAlias(crypto,config.issuerKeyAlias);
- issuerPBKey = issuerCerts[0].getPublicKey();
+ issuerPBKey = issuerCert.getPublicKey();
} catch (Exception e) {
log.error("Could not retrieve issuer public key", e);
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java Mon Jan 30 17:44:41 2017
@@ -24,10 +24,10 @@ import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.WSSecEncryptedKey;
@@ -107,14 +107,13 @@ public class TokenIssuerUtil {
if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
Crypto crypto;
+
+ ClassLoader classLoader = data.getInMessageContext().getAxisService().getClassLoader();
+
if (config.cryptoElement != null) { // crypto props defined as elements
- crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
- data.getInMessageContext().
- getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(TrustUtil.toProperties(config.cryptoElement),classLoader);
} else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- data.getInMessageContext().
- getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, classLoader);
}
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java Mon Jan 30 17:44:41 2017
@@ -18,12 +18,31 @@ package org.apache.rahas.impl.util;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.dom.DOMMetaFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Properties;
+
import static org.apache.axiom.om.OMAbstractFactory.FEATURE_DOM;
/**
@@ -31,6 +50,8 @@ import static org.apache.axiom.om.OMAbst
*/
public class CommonUtil {
+ private static Log log = LogFactory.getLog(CommonUtil.class);
+
/**
* This method creates a DOM compatible Axiom document.
* @return DOM compatible Axiom document
@@ -45,4 +66,123 @@ public class CommonUtil {
throw new TrustException("Error creating Axiom compatible DOM Document", e);
}
}
+
+ /**
+ * Gets the certificates chain by alias. Always returns the first certificate if a certificate chain is found.
+ * @param crypto Crypto to lookup certificate.
+ * @param alias Alias name.
+ * @return X509 certificate object.
+ * @throws org.apache.rahas.TrustException If an error occurred
+ * while retrieving the certificate or if no certificates are found for given alias.
+ */
+ public static X509Certificate getCertificateByAlias(Crypto crypto, String alias) throws TrustException {
+
+ X509Certificate[] certificates = getCertificatesByAlias(crypto, alias);
+
+ if (certificates == null) {
+ log.error("Unable to retrieve certificate for alias " + alias);
+ throw new TrustException("issuerCertificateNotFound");
+ }
+
+ return certificates[0];
+ }
+
+ /**
+ * Gets the certificates chain by alias. If no certificates are found return an empty array.
+ * @param crypto Crypto to lookup certificate.
+ * @param alias Alias name.
+ * @return X509 certificates array.
+ * @throws org.apache.rahas.TrustException If an error occurred
+ * while retrieving the certificate.
+ */
+ public static X509Certificate[] getCertificatesByAlias(Crypto crypto, String alias) throws TrustException {
+
+ // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ?
+ CryptoType type = new CryptoType(CryptoType.TYPE.ALIAS);
+ type.setAlias(alias);
+
+ try {
+ X509Certificate[] certificates = crypto.getX509Certificates(type);
+
+ if (certificates == null) {
+ log.debug("Unable to retrieve certificate for alias " + alias);
+ return new X509Certificate[0];
+ }
+ return certificates;
+ } catch (WSSecurityException e) {
+ log.error("Unable to retrieve certificate for alias " + alias, e);
+ throw new TrustException("issuerCertificateNotFound", e);
+ }
+ }
+
+ /**
+ * Decrypts the EncryptedKey element and returns the secret that was used.
+ * @param callbackHandler Callback handler to pass to WSS4J framework.
+ * @param crypto To get private key information.
+ * @param encryptedKeyElement The encrypted Key element.
+ * @return The secret as a byte stream.
+ * @throws WSSecurityException If an error is occurred while decrypting the element.
+ */
+ public static byte[] getDecryptedBytes(CallbackHandler callbackHandler, Crypto crypto, Node encryptedKeyElement)
+ throws WSSecurityException {
+
+ // TODO make this code more efficient and reader friendly
+
+ EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
+
+ RequestData requestData = new RequestData();
+ requestData.setCallbackHandler(callbackHandler);
+ requestData.setDecCrypto(crypto);
+
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ requestData.setWssConfig(cfg);
+
+ WSDocInfo docInfo = new WSDocInfo(encryptedKeyElement.getOwnerDocument());
+
+ List<WSSecurityEngineResult> resultList
+ = null;
+
+ resultList = encryptedKeyProcessor.handleToken((Element) encryptedKeyElement, requestData, docInfo);
+
+
+ WSSecurityEngineResult wsSecurityEngineResult = resultList.get(0);
+
+ return (byte[]) wsSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECRET);
+ }
+
+ /**
+ * Constructs crypto configuration based on the given properties. Provider is instantiated using
+ * given class loader.
+ * @param properties Crypto configuration properties.
+ * @param classLoader Class loader used to create provider.
+ * @return A crypto object.
+ * @throws TrustException If an error occurred while creating the Crypto object.
+ */
+ public static Crypto getCrypto(Properties properties, ClassLoader classLoader) throws TrustException {
+ try {
+ return CryptoFactory.getInstance(properties, classLoader);
+ } catch (WSSecurityException e) {
+ log.error("An error occurred while loading crypto properties", e);
+ throw new TrustException("errorLoadingCryptoProperties", e);
+
+ }
+ }
+
+ /**
+ * Constructs crypto configuration based on the given properties. Provider is instantiated using
+ * given class loader.
+ * @param propertiesFile Crypto configuration properties file name.
+ * @param classLoader Class loader used to create provider.
+ * @return A crypto object.
+ * @throws TrustException If an error occurred while creating the Crypto object.
+ */
+ public static Crypto getCrypto(String propertiesFile, ClassLoader classLoader) throws TrustException {
+ try {
+ return CryptoFactory.getInstance(propertiesFile, classLoader);
+ } catch (WSSecurityException e) {
+ log.error("An error occurred while loading crypto properties with property file " + propertiesFile, e);
+ throw new TrustException("errorLoadingCryptoProperties", new Object[]{propertiesFile}, e);
+
+ }
+ }
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java Mon Jan 30 17:44:41 2017
@@ -22,11 +22,9 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -119,7 +117,7 @@ public class SAML2Utils {
*
*/
public static SAML2KeyInfo getSAML2KeyInfo(Element elem, Crypto crypto,
- CallbackHandler cb) throws WSSecurityException {
+ CallbackHandler cb) throws WSSecurityException, TrustException {
Assertion assertion;
//build the assertion by unmarhalling the DOM element.
@@ -258,10 +256,9 @@ public class SAML2Utils {
QName el = new QName(child.getNamespaceURI(), child.getLocalName());
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
- EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
- proc.handleEncryptedKey((Element) child, cb, crypto, null);
+ byte[] secret = CommonUtil.getDecryptedBytes(cb, crypto, child);
- return new SAML2KeyInfo(assertion, proc.getDecryptedBytes());
+ return new SAML2KeyInfo(assertion, secret);
} else if (el.equals(new QName(WSConstants.WST_NS, "BinarySecret"))) {
Text txt = (Text) child.getFirstChild();
return new SAML2KeyInfo(assertion, Base64.decode(txt.getData()));
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java Mon Jan 30 17:44:41 2017
@@ -114,23 +114,11 @@ public class SAMLUtils {
String issuerKeyAlias, String issuerKeyPassword)
throws TrustException {
- X509Certificate[] issuerCerts;
- try {
- issuerCerts = crypto
- .getCertificates(issuerKeyAlias);
- } catch (WSSecurityException e) {
- log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias, e);
- throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias}, e);
- }
-
- if (issuerCerts == null || issuerCerts.length == 0) {
- log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias);
- throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias});
- }
+ X509Certificate issuerCerts = CommonUtil.getCertificateByAlias(crypto, issuerKeyAlias);
String signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
- PublicKey issuerPublicKey = issuerCerts[0].getPublicKey();
+ PublicKey issuerPublicKey = issuerCerts.getPublicKey();
String publicKeyAlgorithm = issuerPublicKey.getAlgorithm();
if (publicKeyAlgorithm.equalsIgnoreCase("DSA")) {
@@ -153,7 +141,7 @@ public class SAMLUtils {
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(signatureAlgorithm);
- X509Data x509Data = createX509Data(issuerCerts[0]);
+ X509Data x509Data = createX509Data(issuerCerts);
KeyInfo keyInfo = createKeyInfo(x509Data);
signature.setKeyInfo(keyInfo);
@@ -610,6 +598,7 @@ public class SAMLUtils {
+ // TODO remove keySize parameter
static WSSecEncryptedKey getSymmetricKeyBasedKeyInfoContent(Document doc,
byte[] ephemeralKey,
X509Certificate serviceCert,
@@ -626,8 +615,7 @@ public class SAMLUtils {
// SEt the encryption cert
encryptedKeyBuilder.setUseThisCert(serviceCert);
- // set keysize
- encryptedKeyBuilder.setKeySize(keySize);
+ // TODO setting keysize is removed with wss4j 1.6 migration - do we actually need this ?
encryptedKeyBuilder.setEphemeralKey(ephemeralKey);
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java Mon Jan 30 17:44:41 2017
@@ -27,6 +27,8 @@ import org.apache.rahas.Rahas;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.AbstractIssuerConfig;
+import org.apache.rahas.test.util.TestUtil;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
@@ -131,7 +133,7 @@ public class SAMLUtilsTest extends TestC
Assertion assertion = getAssertion();
- SAMLUtils.signAssertion(assertion,getCrypto(), "apache", "password");
+ SAMLUtils.signAssertion(assertion, TestUtil.getCrypto(), "apache", "password");
//marshallerFactory.getMarshaller(assertion).marshall(assertion);
@@ -272,13 +274,12 @@ public class SAMLUtilsTest extends TestC
Document doc = ((Element) env).getOwnerDocument();
int keySize = 256;
- int keyComputation = AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT;
byte [] ephemeralKey = generateEphemeralKey(256);
WSSecEncryptedKey encryptedKey
= SAMLUtils.getSymmetricKeyBasedKeyInfoContent(doc,
- ephemeralKey, getTestCertificate(), keySize, getCrypto());
+ ephemeralKey, getTestCertificate(), keySize, TestUtil.getCrypto());
Assert.assertNotNull(encryptedKey.getEncryptedKeyElement());
printElement(encryptedKey.getEncryptedKeyElement());
@@ -297,27 +298,7 @@ public class SAMLUtilsTest extends TestC
}
}
- private static Crypto getCrypto() throws IOException {
- File file = new File("src/test/resources/crypto.config");
- Assert.assertTrue(file.exists());
-
- Properties properties = new Properties();
- try {
- properties.load(new FileInputStream(file));
- } catch (IOException e) {
- log.error("Unable to open crypto configuration file");
- throw e;
- }
-
- Crypto crypto = CryptoFactory.getInstance(properties);
-
- X509Certificate[] certificates = crypto.getCertificates("apache");
- Assert.assertEquals(certificates.length, 1);
-
- return crypto;
-
- }
private static void printElement(Element element) throws TransformerException {
@@ -327,15 +308,11 @@ public class SAMLUtilsTest extends TestC
}
}
- private static X509Certificate getTestCertificate() throws IOException {
-
- Crypto crypto = getCrypto();
-
- X509Certificate[] certificates = crypto.getCertificates("apache");
- Assert.assertEquals(certificates.length, 1);
+ private static X509Certificate getTestCertificate() throws IOException, WSSecurityException, TrustException {
- return certificates[0];
+ Crypto crypto = TestUtil.getCrypto();
+ return CommonUtil.getCertificateByAlias(crypto, "apache");
}
private static String getXMLString(Element element) throws TransformerException {
Modified: axis/axis2/java/rampart/branches/RAMPART-289/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/pom.xml?rev=1780952&r1=1780951&r2=1780952&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/pom.xml Mon Jan 30 17:44:41 2017
@@ -222,10 +222,6 @@
<artifactId>xalan</artifactId>
<groupId>xalan</groupId>
</exclusion>
- <!--exclusion>
- <artifactId>org.opensaml</artifactId>
- <groupId>opensaml1</groupId>
- </exclusion-->
</exclusions>
</dependency>
<dependency>
@@ -249,22 +245,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml1</artifactId>
- <version>1.1</version>
- <exclusions>
- <!-- Don't allow OpenSAML to impose a particular logging implementation -->
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
@@ -411,7 +391,7 @@
<axis2.version>1.7.0-SNAPSHOT</axis2.version>
<axiom.version>1.2.13-SNAPSHOT</axiom.version>
- <wss4j.version>1.5.13-SNAPSHOT</wss4j.version>
+ <wss4j.version>1.6.4</wss4j.version>
<opensaml.version>2.5.1-1</opensaml.version>
<bcprov.jdk15.version>140</bcprov.jdk15.version>