You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by ru...@apache.org on 2006/02/13 08:09:18 UTC
svn commit: r377316 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/ src/org/apache/ws/security/message/
src/org/apache/ws/security/processor/ src/org/apache/ws/security/util/
test/wssec/
Author: ruchithf
Date: Sun Feb 12 23:09:17 2006
New Revision: 377316
URL: http://svn.apache.org/viewcvs?rev=377316&view=rev
Log:
DerivedKeyToken signature verification is functional and integrated
Added:
webservices/wss4j/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
Added: webservices/wss4j/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java?rev=377316&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java Sun Feb 12 23:09:17 2006
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ws.security;
+
+import java.security.Principal;
+
+/**
+ * This class implements the <code>Principal</code> interface and
+ * represents a <code>DerivedKeyToken</code>.
+ * The principal's name will be the <code>wsu:Id</code> valud of the
+ * <code>DerivedKeyToken</code>
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class WSDerivedKeyTokenPrincipal implements Principal {
+
+ private String id;
+ private String nonce;
+ private String label;
+ private int length;
+ private int offset;
+
+ public String getLabel() {
+ return label;
+ }
+
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ public int getLength() {
+ return length;
+ }
+
+ public void setLength(int length) {
+ this.length = length;
+ }
+
+ public int getOffset() {
+ return offset;
+ }
+
+ public void setOffset(int offset) {
+ this.offset = offset;
+ }
+
+ public String getNonce() {
+ return nonce;
+ }
+
+ public WSDerivedKeyTokenPrincipal(String id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return id;
+ }
+
+ public void setNonce(String nonce) {
+ this.nonce = nonce;
+ }
+
+}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=377316&r1=377315&r2=377316&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Sun Feb 12 23:09:17 2006
@@ -84,12 +84,7 @@
this.prepareSig(doc, crypto, secHeader);
- /*
- * prepend elements in the right order to the security header
- */
- prependDKElementToHeader(secHeader);
- prependToHeader(secHeader);
- prependBSTElementToHeader(secHeader);
+
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
.getDocumentElement());
@@ -104,10 +99,15 @@
addReferencesToSign(parts, secHeader);
- prependToHeader(secHeader);
-
computeSignature();
+ this.prependSigToHeader(secHeader);
+ /*
+ * prepend elements in the right order to the security header
+ */
+ prependDKElementToHeader(secHeader);
+ prependToHeader(secHeader);
+ prependBSTElementToHeader(secHeader);
return doc;
}
@@ -391,7 +391,7 @@
* @param securityHeader
* The secHeader that holds the Signature element.
*/
- public void prependToHeader(WSSecHeader secHeader) {
+ private void prependSigToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(document, secHeader.getSecurityHeader(), sig
.getElement(), false);
}
@@ -427,19 +427,7 @@
* @see org.apache.ws.security.message.WSSecDerivedKeyBase#getDerivedKeyLength()
*/
protected int getDerivedKeyLength() throws WSSecurityException {
- if(XMLSignature.ALGO_ID_MAC_HMAC_SHA1.equals(sigAlgo)) {
- return 20;
- } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA256.equals(sigAlgo)) {
- return 32;
- } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA384.equals(sigAlgo)) {
- return 48;
- } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA512.equals(sigAlgo)) {
- return 64;
- } else if(XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(sigAlgo)) {
- return 16;
- } else {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, null);
- }
+ return WSSecurityUtil.getKeyLength(this.sigAlgo);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=377316&r1=377315&r2=377316&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Sun Feb 12 23:09:17 2006
@@ -20,6 +20,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSSConfig;
@@ -30,6 +31,7 @@
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.UsernameToken;
@@ -157,6 +159,7 @@
KeyInfo info = sig.getKeyInfo();
byte[] secretKey = null;
UsernameToken ut = null;
+ DerivedKeyToken dkt = null;
if (info != null) {
Node node = WSSecurityUtil.getDirectChild(info.getElement(),
@@ -189,6 +192,14 @@
if (el.equals(WSSecurityEngine.usernameToken)) {
ut = new UsernameToken(token);
secretKey = ut.getSecretKey();
+ } else if(el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN)) {
+ dkt = new DerivedKeyToken(token);
+ String id = dkt.getID();
+ DerivedKeyTokenProcessor dktProcessor = (DerivedKeyTokenProcessor) wsDocInfo
+ .getProcessor(id);
+ String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
+ int keyLength = WSSecurityUtil.getKeyLength(signatureMethodURI);
+ secretKey = dktProcessor.getKeyBytes(keyLength);
} else {
if (crypto == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
@@ -295,13 +306,22 @@
if (certs != null) {
returnCert[0] = certs[0];
return certs[0].getSubjectDN();
- } else {
+ } else if(ut != null){
WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(
ut.getName(), ut.isHashed());
principal.setNonce(ut.getNonce());
principal.setPassword(ut.getPassword());
principal.setCreatedTime(ut.getCreated());
return principal;
+ } else if (dkt != null) {
+ WSDerivedKeyTokenPrincipal principal = new WSDerivedKeyTokenPrincipal(dkt.getID());
+ principal.setNonce(dkt.getNonce());
+ principal.setLabel(dkt.getLabel());
+ principal.setLength(dkt.getLength());
+ principal.setOffset(dkt.getOffset());
+ return principal;
+ } else {
+ throw new WSSecurityException("Cannot determine principal");
}
} else {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=377316&r1=377315&r2=377316&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Sun Feb 12 23:09:17 2006
@@ -30,6 +30,7 @@
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.X509Security;
import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.signature.XMLSignature;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -783,10 +784,22 @@
return 24;
} else if (algorithm.equals(WSConstants.AES_256)){
return 32;
+ } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA1.equals(algorithm)) {
+ return 20;
+ } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA256.equals(algorithm)) {
+ return 32;
+ } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA384.equals(algorithm)) {
+ return 48;
+ } else if(XMLSignature.ALGO_ID_MAC_HMAC_SHA512.equals(algorithm)) {
+ return 64;
+ } else if(XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(algorithm)) {
+ return 16;
} else {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM);
+ throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, null);
}
}
+
+
/**
* Generate a nonce of the given length
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java?rev=377316&r1=377315&r2=377316&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java Sun Feb 12 23:09:17 2006
@@ -185,7 +185,7 @@
}
// String out = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
// System.out.println(out);
-
+ verify(doc);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org