You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/09/27 13:39:32 UTC
svn commit: r1526857 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/o...
Author: coheigea
Date: Fri Sep 27 11:39:31 2013
New Revision: 1526857
URL: http://svn.apache.org/r1526857
Log:
Added more tests for SecurityActionTokens
Added:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java Fri Sep 27 11:39:31 2013
@@ -48,6 +48,9 @@ public abstract class SignatureEncryptio
private List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
private String optionalParts;
private String cryptoProperties;
+ private String tokenType;
+ private String tokenId;
+ private String sha1Value;
public X509Certificate getCertificate() {
return certificate;
@@ -132,5 +135,23 @@ public abstract class SignatureEncryptio
public void setCryptoProperties(String cryptoProperties) {
this.cryptoProperties = cryptoProperties;
}
+ public String getTokenType() {
+ return tokenType;
+ }
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
+ }
+ public String getTokenId() {
+ return tokenId;
+ }
+ public void setTokenId(String tokenId) {
+ this.tokenId = tokenId;
+ }
+ public String getSha1Value() {
+ return sha1Value;
+ }
+ public void setSha1Value(String sha1Value) {
+ this.sha1Value = sha1Value;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java Fri Sep 27 11:39:31 2013
@@ -384,11 +384,13 @@ public final class WSConstants {
* Embeds a keyinfo/key name into the EncryptedData element.
* <p/>
*/
+ @Deprecated
public static final int EMBEDDED_KEYNAME = 5;
/**
* Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
*/
+ @Deprecated
public static final int EMBED_SECURITY_TOKEN_REF = 6;
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java Fri Sep 27 11:39:31 2013
@@ -53,22 +53,7 @@ public class EncryptionAction implements
if (encryptionToken.getKeyIdentifierId() != 0) {
wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());
}
- if (encryptionToken.getKeyIdentifierId() == WSConstants.EMBEDDED_KEYNAME) {
- String encKeyName = handler.getString(WSHandlerConstants.ENC_KEY_NAME,
- reqData.getMsgContext());
- wsEncrypt.setEmbeddedKeyName(encKeyName);
- CallbackHandler callbackHandler =
- handler.getCallbackHandler(
- WSHandlerConstants.ENC_CALLBACK_CLASS,
- WSHandlerConstants.ENC_CALLBACK_REF,
- reqData
- );
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
- byte[] embeddedKey = passwordCallback.getKey();
- wsEncrypt.setKey(embeddedKey);
- wsEncrypt.setDocument(doc);
- }
+
if (encryptionToken.getSymmetricAlgorithm() != null) {
wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
}
@@ -98,14 +83,27 @@ public class EncryptionAction implements
if (encryptionToken.getParts().size() > 0) {
wsEncrypt.setParts(encryptionToken.getParts());
}
- if (!encryptionToken.isEncSymmetricEncryptionKey()) {
+
+ wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
+ byte[] ephemeralKey = encryptionToken.getKey();
+ if (!encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey == null) {
CallbackHandler callbackHandler =
handler.getPasswordCallbackHandler(reqData);
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
- wsEncrypt.setEphemeralKey(passwordCallback.getKey());
- wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
+ if (ephemeralKey == null) {
+ WSPasswordCallback passwordCallback =
+ handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler, reqData);
+ ephemeralKey = passwordCallback.getKey();
+ }
}
+ wsEncrypt.setEphemeralKey(ephemeralKey);
+
+ if (encryptionToken.getTokenId() != null) {
+ wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
+ }
+ if (encryptionToken.getTokenType() != null) {
+ wsEncrypt.setCustomReferenceValue(encryptionToken.getTokenType());
+ }
+
try {
wsEncrypt.build(doc, encryptionToken.getCrypto(), reqData.getSecHeader());
} catch (WSSecurityException e) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Fri Sep 27 11:39:31 2013
@@ -81,6 +81,16 @@ public class SignatureAction implements
} else if (signatureToken.getKey() != null) {
wsSign.setSecretKey(signatureToken.getKey());
}
+
+ if (signatureToken.getTokenId() != null) {
+ wsSign.setCustomTokenId(signatureToken.getTokenId());
+ }
+ if (signatureToken.getTokenType() != null) {
+ wsSign.setCustomTokenValueType(signatureToken.getTokenType());
+ }
+ if (signatureToken.getSha1Value() != null) {
+ wsSign.setEncrKeySha1value(signatureToken.getSha1Value());
+ }
try {
wsSign.prepare(doc, signatureToken.getCrypto(), reqData.getSecHeader());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Fri Sep 27 11:39:31 2013
@@ -644,7 +644,6 @@ public abstract class WSHandler {
|| tmp == WSConstants.X509_KEY_IDENTIFIER
|| tmp == WSConstants.SKI_KEY_IDENTIFIER
|| tmp == WSConstants.BST_DIRECT_REFERENCE
- || tmp == WSConstants.EMBEDDED_KEYNAME
|| tmp == WSConstants.THUMBPRINT_IDENTIFIER
|| tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Fri Sep 27 11:39:31 2013
@@ -841,8 +841,6 @@ public final class WSHandlerConstants {
* </li>
* <li><code>SKIKeyIdentifier</code> for {@link WSConstants#SKI_KEY_IDENTIFIER}
* </li>
- * <li><code>EmbeddedKeyName</code> for {@link WSConstants#EMBEDDED_KEYNAME}
- * </li>
* <li><code>Thumbprint</code> for {@link WSConstants#THUMBPRINT}
* </li>
* <li><code>EncryptedKeySHA1</code> for {@link WSConstants#ENCRYPTED_KEY_SHA1_IDENTIFIER}
@@ -857,7 +855,6 @@ public final class WSHandlerConstants {
keyIdentifier.put("IssuerSerial", WSConstants.ISSUER_SERIAL);
keyIdentifier.put("X509KeyIdentifier", WSConstants.X509_KEY_IDENTIFIER);
keyIdentifier.put("SKIKeyIdentifier", WSConstants.SKI_KEY_IDENTIFIER);
- keyIdentifier.put("EmbeddedKeyName", WSConstants.EMBEDDED_KEYNAME);
keyIdentifier.put("Thumbprint", WSConstants.THUMBPRINT_IDENTIFIER);
keyIdentifier.put("EncryptedKeySHA1", WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
keyIdentifier.put("KeyValue", WSConstants.KEY_VALUE);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Fri Sep 27 11:39:31 2013
@@ -56,10 +56,6 @@ public class WSSecEncrypt extends WSSecE
private static org.slf4j.Logger log =
org.slf4j.LoggerFactory.getLogger(WSSecEncrypt.class);
- private byte[] embeddedKey;
-
- private String embeddedKeyName;
-
/**
* SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
*/
@@ -92,16 +88,6 @@ public class WSSecEncrypt extends WSSecE
}
/**
- * Sets the key to use during embedded encryption.
- *
- * @param key to use during encryption. The key must fit the selected
- * symmetrical encryption algorithm
- */
- public void setKey(byte[] key) {
- embeddedKey = key;
- }
-
- /**
* Sets the algorithm to encode the symmetric key.
*
* Default is the <code>WSConstants.KEYTRANSPORT_RSAOEP</code> algorithm.
@@ -115,16 +101,6 @@ public class WSSecEncrypt extends WSSecE
}
/**
- * Set the key name for EMBEDDED_KEYNAME
- *
- * @param embeddedKeyName
- */
- public void setEmbeddedKeyName(String embeddedKeyName) {
- this.embeddedKeyName = embeddedKeyName;
- }
-
-
- /**
* Initialize a WSSec Encrypt.
*
* The method prepares and initializes a WSSec Encrypt structure after the
@@ -154,11 +130,7 @@ public class WSSecEncrypt extends WSSecE
ephemeralKey = symmetricKey.getEncoded();
}
- if (symmetricKey == null) {
- symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
- } else {
- symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, symmetricKey.getEncoded());
- }
+ symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
//
// Get the certificate that contains the public key for the public key
@@ -204,23 +176,7 @@ public class WSSecEncrypt extends WSSecE
throws WSSecurityException {
doDebug = log.isDebugEnabled();
- if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME
- || keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
- encryptSymmKey = false;
- document = doc;
- //
- // Generate a symmetric key from the specified key (password) for this
- // algorithm, and set the cipher into encryption mode.
- //
- if (symmetricKey == null) {
- if (embeddedKey == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeySupplied");
- }
- symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, embeddedKey);
- }
- } else {
- prepare(doc, crypto);
- }
+ prepare(doc, crypto);
if (envelope == null) {
envelope = document.getDocumentElement();
@@ -504,8 +460,6 @@ public class WSSecEncrypt extends WSSecE
}
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
keyInfo.addUnknownElement(secToken.getElement());
- } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
- keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName);
} else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(document);
secToken.addWSSENamespace();
Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java?rev=1526857&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java Fri Sep 27 11:39:31 2013
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.common;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+/**
+ * A combined Callback Handler implementation which wraps the SecretKeyCallbackHandler and the
+ * KeystoreCallbackHandler.
+ */
+public class CombinedCallbackHandler implements CallbackHandler {
+
+ private final CallbackHandler secretCallbackHandler;
+ private final CallbackHandler keystoreCallbackHandler;
+
+ public CombinedCallbackHandler(
+ CallbackHandler secretCallbackHandler, CallbackHandler keystoreCallbackHandler
+ ) {
+ this.secretCallbackHandler = secretCallbackHandler;
+ this.keystoreCallbackHandler = keystoreCallbackHandler;
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ((pc.getUsage() == WSPasswordCallback.Usage.SECRET_KEY)
+ || (pc.getUsage() == WSPasswordCallback.Usage.SECURITY_CONTEXT_TOKEN)) {
+ secretCallbackHandler.handle(callbacks);
+ } else {
+ keystoreCallbackHandler.handle(callbacks);
+ }
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java Fri Sep 27 11:39:31 2013
@@ -25,8 +25,10 @@ import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.dsig.SignatureMethod;
+import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SignatureActionToken;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
@@ -37,12 +39,14 @@ import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CombinedCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Document;
@@ -107,7 +111,7 @@ public class SecurityActionTokenTest ext
LOG.debug(outputString);
}
- verify(doc);
+ verify(doc, null);
}
@org.junit.Test
@@ -148,8 +152,7 @@ public class SecurityActionTokenTest ext
String identifier = Base64.encode(encodedBytes);
secretKeyCallbackHandler.addSecretKey(identifier, keyData);
- WSSecurityEngine symmetricSecEngine = new WSSecurityEngine();
- symmetricSecEngine.processSecurityHeader(doc, null, secretKeyCallbackHandler, null, crypto);
+ verify(doc, secretKeyCallbackHandler);
}
@org.junit.Test
@@ -194,6 +197,8 @@ public class SecurityActionTokenTest ext
XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+
+ // Not verifying due to two separate Crypto instances...
}
@org.junit.Test
@@ -238,11 +243,331 @@ public class SecurityActionTokenTest ext
XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+ String identifier = Base64.encode(encodedBytes);
+ secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+
+ verify(doc, secretKeyCallbackHandler);
+ }
+
+ @org.junit.Test
+ public void testAsymmetricEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc, new KeystoreCallbackHandler());
+ }
+
+ @org.junit.Test
+ public void testSymmetricEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken.setKey(keyData);
+ actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+ actionToken.setEncSymmetricEncryptionKey(false);
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+ String identifier = Base64.encode(encodedBytes);
+ secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+
+ verify(doc, secretKeyCallbackHandler);
+ }
+
+ @org.junit.Test
+ public void testAsymmetricDoubleEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+
+ EncryptionActionToken actionToken2 = new EncryptionActionToken();
+ actionToken2.setUser("16c73ab6-b892-458f-abf5-2f875f74882e");
+ actionToken2.setCryptoProperties("crypto.properties");
+ WSEncryptionPart encP =
+ new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+ actionToken2.setParts(Collections.singletonList(encP));
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ actions.add(new HandlerAction(WSConstants.TS, null));
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ // Not verifying due to two separate Crypto instances...
+ }
+
+ @org.junit.Test
+ public void testMixedDoubleEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+
+ EncryptionActionToken actionToken2 = new EncryptionActionToken();
+ actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken2.setKey(keyData);
+ actionToken2.setSymmetricAlgorithm(WSConstants.AES_128);
+ actionToken2.setEncSymmetricEncryptionKey(false);
+ WSEncryptionPart encP =
+ new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+ actionToken2.setParts(Collections.singletonList(encP));
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ actions.add(new HandlerAction(WSConstants.TS, null));
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+ String identifier = Base64.encode(encodedBytes);
+ secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+
+ CombinedCallbackHandler combinedCallbackHandler =
+ new CombinedCallbackHandler(secretKeyCallbackHandler, new KeystoreCallbackHandler());
+
+ verify(doc, combinedCallbackHandler);
+ }
+
+ // Using the same key for signature + encryption here for convenience...
+ @org.junit.Test
+ public void testAsymmetricSignatureEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ SignatureActionToken actionToken = new SignatureActionToken();
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+ actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
+
+ EncryptionActionToken actionToken2 = new EncryptionActionToken();
+ actionToken2.setUser("wss40");
+ actionToken2.setCryptoProperties("wss40.properties");
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc, new KeystoreCallbackHandler());
+ }
+
+ @org.junit.Test
+ public void testSymmetricSignatureEncryption() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setKey(keyData);
+ actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+ actionToken.setKeyIdentifierId(WSConstants.SKI_KEY_IDENTIFIER);
+ actionToken.setUser("wss40");
+ actionToken.setCryptoProperties("wss40.properties");
+ actionToken.setTokenId(IDGenerator.generateID("EK-"));
+
+ SignatureActionToken actionToken2 = new SignatureActionToken();
+ actionToken2.setKeyIdentifierId(WSConstants.CUSTOM_SYMM_SIGNING);
+ actionToken2.setKey(keyData);
+ actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ actionToken2.setTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ actionToken2.setTokenId(actionToken.getTokenId());
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ verify(doc, new KeystoreCallbackHandler());
}
+ @org.junit.Test
+ public void testSymmetricSignatureEncryptionResponse() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+ messageContext.put(
+ WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+ );
+ reqData.setMsgContext(messageContext);
+
+ EncryptionActionToken actionToken = new EncryptionActionToken();
+ actionToken.setKey(keyData);
+ actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+ actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken.setEncSymmetricEncryptionKey(false);
+
+ SignatureActionToken actionToken2 = new SignatureActionToken();
+ actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ actionToken2.setKey(keyData);
+ actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ List<HandlerAction> actions = new ArrayList<HandlerAction>();
+ actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+ actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+ handler.send(
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+ byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+ String identifier = Base64.encode(encodedBytes);
+ secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+
+ verify(doc, secretKeyCallbackHandler);
+ }
- private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
- return secEngine.processSecurityHeader(doc, null, null, crypto);
+ private List<WSSecurityEngineResult> verify(
+ Document doc, CallbackHandler callbackHandler
+ ) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java Fri Sep 27 11:39:31 2013
@@ -26,11 +26,8 @@ import org.apache.wss4j.dom.WSSecurityEn
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
-import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.dom.common.SecurityTestUtil;
-import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.common.WSEncryptionPart;
-import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.XMLUtils;
@@ -40,7 +37,6 @@ import org.w3c.dom.Document;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.dsig.SignatureMethod;
-import java.util.Collections;
import java.util.List;
import java.util.ArrayList;
@@ -66,20 +62,6 @@ public class SignatureEncryptionTest ext
private WSSecurityEngine secEngine = new WSSecurityEngine();
private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
- private static final byte[] key = {
- (byte)0x31, (byte)0xfd,
- (byte)0xcb, (byte)0xda,
- (byte)0xfb, (byte)0xcd,
- (byte)0x6b, (byte)0xa8,
- (byte)0xe6, (byte)0x19,
- (byte)0xa7, (byte)0xbf,
- (byte)0x51, (byte)0xf7,
- (byte)0xc7, (byte)0x3e,
- (byte)0x80, (byte)0xae,
- (byte)0x98, (byte)0x51,
- (byte)0xc8, (byte)0x51,
- (byte)0x34, (byte)0x04,
- };
private Crypto crypto = null;
@org.junit.AfterClass
@@ -326,58 +308,6 @@ public class SignatureEncryptionTest ext
}
/**
- * Test that encrypts and signs a WS-Security envelope, then performs
- * verification and decryption.
- * <p/>
- *
- * @throws Exception Thrown when there is any problem in signing, encryption,
- * decryption, or verification
- */
- @org.junit.Test
- public void testSigningEncryptionEmbedded() throws Exception {
- WSSecEncrypt encrypt = new WSSecEncrypt();
- WSSecSignature sign = new WSSecSignature();
-
- encrypt.setUserInfo("wss40");
- encrypt.setKeyIdentifierType(WSConstants.EMBEDDED_KEYNAME);
- encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
- encrypt.setKey(key);
-
- sign.setUserInfo("wss40", "security");
- LOG.info("Before Encryption....");
- Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
- encrypt.setDocument(doc);
- WSSecHeader secHeader = new WSSecHeader();
- secHeader.insertSecurityHeader(doc);
- Document signedDoc = sign.build(doc, crypto, secHeader);
- Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Encrypted message, RSA-OAEP keytransport, 3DES:");
- String outputString =
- XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
- LOG.debug(outputString);
- }
- LOG.info("After Encryption....");
-
- SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
- secretKeyCallbackHandler.setOutboundSecret(key);
- WSSecurityEngine engine = new WSSecurityEngine();
- RequestData data = new RequestData();
- data.setCallbackHandler(secretKeyCallbackHandler);
- data.setSigVerCrypto(crypto);
- data.setDecCrypto(crypto);
- data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R5426));
-
- engine.processSecurityHeader(doc, "", data);
- if (LOG.isDebugEnabled()) {
- String outputString =
- XMLUtils.PrettyDocumentToString(doc);
- LOG.debug(outputString);
- }
- }
-
- /**
* Test signature created using an encrypted key
* SOAP Body is signed and encrypted. In the encryption, The ReferenceList element is
* put into the Encrypted Key, as a child of the EncryptedKey. Signature is created