You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2014/01/13 09:09:06 UTC
svn commit: r1557657 - in /webservices/wss4j/trunk/ws-security-stax/src:
main/java/org/apache/wss4j/stax/ext/
main/java/org/apache/wss4j/stax/impl/processor/output/
test/java/org/apache/wss4j/stax/test/
Author: giger
Date: Mon Jan 13 08:09:05 2014
New Revision: 1557657
URL: http://svn.apache.org/r1557657
Log:
WSS-468 - Symmetric Binding + EncryptBeforeSigning puts the Signature in front of the EncryptedKey
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java (with props)
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java Mon Jan 13 08:09:05 2014
@@ -195,18 +195,26 @@ public class OutboundWSSec {
} else if (WSSConstants.ENCRYPT.equals(action)) {
encryptionAction = true;
+
+ EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
if (securityProperties.isEncryptSymmetricEncryptionKey()) {
final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
- final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
}
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ if (encryptedKeyOutputProcessor == null) {
+ final ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+ referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action);
+ }
+
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
final UsernameTokenOutputProcessor usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor, action);
@@ -252,15 +260,16 @@ public class OutboundWSSec {
encryptionAction = true;
derivedEncryption = true;
+ EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+
if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
- final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
} else if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor, action);
-
}
final DerivedKeyTokenOutputProcessor derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor, action);
@@ -268,6 +277,11 @@ public class OutboundWSSec {
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
+ if (encryptedKeyOutputProcessor == null) {
+ final ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+ referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor, action);
+ }
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
signatureAction = true;
signedSAML = true;
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java Mon Jan 13 08:09:05 2014
@@ -187,7 +187,7 @@ public class DerivedKeyTokenOutputProces
if (wrappingSecurityToken.getProcessor() != null) {
finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
} else {
- finalDerivedKeyTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ finalDerivedKeyTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
}
finalDerivedKeyTokenOutputProcessor.init(outputProcessorChain);
derivedKeySecurityToken.setProcessor(finalDerivedKeyTokenOutputProcessor);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java Mon Jan 13 08:09:05 2014
@@ -46,10 +46,6 @@ public class EncryptEndingOutputProcesso
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
- || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey()) {
- WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
- }
if (attachmentCount(outputProcessorChain) > 0) {
WSSUtils.createEncryptedDataStructureForAttachments(this, subOutputProcessorChain);
}
@@ -70,11 +66,6 @@ public class EncryptEndingOutputProcesso
case XMLStreamConstants.START_ELEMENT:
if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
- || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey()) {
- WSSUtils.updateSecurityHeaderOrder(
- outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList, getAction(), true);
- }
int attachmentCount = attachmentCount(outputProcessorChain);
for (int i = 0; i < attachmentCount; i++) {
WSSUtils.updateSecurityHeaderOrder(
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java Mon Jan 13 08:09:05 2014
@@ -72,7 +72,8 @@ public class EncryptedKeyOutputProcessor
if (tokenId == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
- SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider =
+ outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
if (wrappingSecurityTokenProvider == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
@@ -81,20 +82,28 @@ public class EncryptedKeyOutputProcessor
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
- // See if a Symmetric Key is already available
- String encTokenId =
- outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider = null;
GenericOutboundSecurityToken encryptedKeySecurityToken = null;
- if (encTokenId != null) {
- encryptedKeySecurityTokenProvider =
- outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
- if (encryptedKeySecurityTokenProvider != null) {
- encryptedKeySecurityToken =
- (GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
- }
+
+ String sigTokenId =
+ outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
+ // See if a Symmetric Key is already available
+ String encTokenId =
+ outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+ if (encTokenId == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
+ encryptedKeySecurityTokenProvider =
+ outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
+ if (encryptedKeySecurityTokenProvider == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+ }
+ encryptedKeySecurityToken =
+ (GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
+
+ boolean sharedToken = encTokenId.equals(sigTokenId);
+
FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor = new FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalEncryptedKeyOutputProcessor.setAction(getAction());
@@ -102,8 +111,27 @@ public class EncryptedKeyOutputProcessor
if (WSSConstants.ENCRYPT.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+ } else if (sharedToken) {
+ finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+ //hint for the headerReordering processor where to place the EncryptedKey
+ if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT) <
+ getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE)) {
+ finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+ finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE);
+ }
+ finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+
+ ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+ referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+ referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
@@ -111,15 +139,37 @@ public class EncryptedKeyOutputProcessor
} else {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
}
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+ } else if (sharedToken) {
+ finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+ finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+ //hint for the headerReordering processor where to place the EncryptedKey
+ if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT_WITH_DERIVED_KEY) <
+ getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) {
+ finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
+ }
+ finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
+ ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+ referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+ referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.init(outputProcessorChain);
+ } else {
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
- finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
- outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(encryptedKeySecurityToken.getId(), encryptedKeySecurityTokenProvider);
+
+ outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(
+ encryptedKeySecurityToken.getId(), encryptedKeySecurityTokenProvider);
encryptedKeySecurityToken.setProcessor(finalEncryptedKeyOutputProcessor);
} finally {
outputProcessorChain.removeProcessor(this);
@@ -130,6 +180,7 @@ public class EncryptedKeyOutputProcessor
class FinalEncryptedKeyOutputProcessor extends AbstractOutputProcessor {
private final OutboundSecurityToken securityToken;
+ private boolean outputReferenceList = true;
FinalEncryptedKeyOutputProcessor(OutboundSecurityToken securityToken) throws XMLSecurityException {
super();
@@ -137,6 +188,10 @@ public class EncryptedKeyOutputProcessor
this.securityToken = securityToken;
}
+ protected void setOutputReferenceList(boolean outputReferenceList) {
+ this.outputReferenceList = outputReferenceList;
+ }
+
/*
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncKeyId-1483925398">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
@@ -295,7 +350,7 @@ public class EncryptedKeyOutputProcessor
createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_CipherValue);
createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_CipherData);
- if (WSSConstants.ENCRYPT.equals(getAction())) {
+ if (outputReferenceList && WSSConstants.ENCRYPT.equals(getAction())) {
WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
}
createEndElementAndOutputAsEvent(subOutputProcessorChain, headerElementName);
Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java?rev=1557657&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java Mon Jan 13 08:09:05 2014
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.processor.output;
+
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
+import org.apache.xml.security.stax.ext.OutputProcessorChain;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+public class ReferenceListOutputProcessor extends AbstractOutputProcessor {
+
+ public ReferenceListOutputProcessor() throws XMLSecurityException {
+ super();
+ }
+
+ @Override
+ public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
+ throws XMLStreamException, XMLSecurityException {
+ outputProcessorChain.processEvent(xmlSecEvent);
+
+ if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
+
+ final QName headerElementName = WSSConstants.TAG_xenc_ReferenceList;
+ WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, headerElementName, getAction(), false);
+
+ OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
+ WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
+
+ outputProcessorChain.removeProcessor(this);
+ }
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java Mon Jan 13 08:09:05 2014
@@ -116,6 +116,7 @@ public class SecurityContextTokenOutputP
if (wrappingSecurityToken.getProcessor() != null) {
finalSecurityContextTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
} else {
+ finalSecurityContextTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
finalSecurityContextTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java Mon Jan 13 08:09:05 2014
@@ -258,7 +258,17 @@ public class SignatureEncryptionTest ext
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList securityHeaderElement = document.getElementsByTagNameNS(WSConstants.WSSE_NS, "Security");
+ Assert.assertEquals(1, securityHeaderElement.getLength());
+ NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+ Assert.assertEquals(childs.getLength(), 4);
+ Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+ Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+ Assert.assertEquals(childs.item(2).getLocalName(), "ReferenceList");
+ Assert.assertEquals(childs.item(3).getLocalName(), "Signature");
}
//done encryption; now test decryption:
@@ -269,6 +279,108 @@ public class SignatureEncryptionTest ext
}
@Test
+ public void testEncryptionSignatureSymmetricOutbound() throws Exception {
+
+ ByteArrayOutputStream baos;
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
+ actions.add(WSSConstants.ENCRYPT);
+ actions.add(WSSConstants.SIGNATURE);
+ actions.add(WSSConstants.TIMESTAMP);
+ securityProperties.setActions(actions);
+ securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setEncryptionUser("receiver");
+
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
+ securityProperties.setSignatureKeyIdentifier(
+ WSSecurityTokenConstants.KeyIdentifier_EncryptedKey
+ );
+
+ securityProperties.addSignaturePart(
+ new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), SecurePart.Modifier.Element)
+ );
+ securityProperties.addSignaturePart(
+ new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
+ );
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+
+ // Symmetric Key
+ String keyAlgorithm =
+ JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(WSSConstants.NS_XENC_AES128);
+ KeyGenerator keyGen;
+ try {
+ keyGen = KeyGenerator.getInstance(keyAlgorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(WSSConstants.NS_XENC_AES128);
+ keyGen.init(keyLength);
+
+ final Key symmetricKey = keyGen.generateKey();
+
+ final String ekId = IDGenerator.generateID(null);
+
+ final GenericOutboundSecurityToken encryptedKeySecurityToken =
+ new GenericOutboundSecurityToken(ekId, WSSecurityTokenConstants.EncryptedKeyToken, symmetricKey);
+
+ final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider =
+ new SecurityTokenProvider<OutboundSecurityToken>() {
+
+ @Override
+ public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
+ return encryptedKeySecurityToken;
+ }
+
+ @Override
+ public String getId() {
+ return ekId;
+ }
+ };
+
+ final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+ outboundSecurityContext.putList(SecurityEvent.class, new ArrayList<SecurityEvent>());
+
+ // Save Token on the security context
+ outboundSecurityContext.registerSecurityTokenProvider(encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider);
+ outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, encryptedKeySecurityTokenProvider.getId());
+ outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, encryptedKeySecurityTokenProvider.getId());
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+ baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter =
+ wsSecOut.processOutMessage(baos, "UTF-8", outboundSecurityContext);
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList securityHeaderElement = document.getElementsByTagNameNS(WSConstants.WSSE_NS, "Security");
+ Assert.assertEquals(1, securityHeaderElement.getLength());
+ NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+ Assert.assertEquals(childs.getLength(), 4);
+ Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+ Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+ Assert.assertEquals(childs.item(2).getLocalName(), "Signature");
+ Assert.assertEquals(childs.item(3).getLocalName(), "ReferenceList");
+ }
+
+ //done encryption; now test decryption:
+ {
+ String action = WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @Test
public void testEncryptedDataTokenSecurityHeaderWithoutReferenceInbound() throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{