You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/01/29 16:28:17 UTC
svn commit: r1852463 [1/2] - in /webservices/wss4j/trunk:
integration/src/test/java/org/apache/wss4j/integration/test/kerberos/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-se...
Author: coheigea
Date: Tue Jan 29 16:28:17 2019
New Revision: 1852463
URL: http://svn.apache.org/viewvc?rev=1852463&view=rev
Log:
Removed secret key from WSSecEncryptedKey
Modified:
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SymmetricSignatureTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/EncryptedKeyDataRefTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/processor/ReferenceListDataRefTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlReferenceTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AttachmentTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/XOPAttachmentTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java
Modified: webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java (original)
+++ webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/kerberos/KerberosTest.java Tue Jan 29 16:28:17 2019
@@ -483,13 +483,12 @@ public class KerberosTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
SecretKey secretKey = bst.getSecretKey();
- builder.setSymmetricKey(secretKey);
builder.setEncryptSymmKey(false);
builder.setCustomReferenceValue(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
builder.setEncKeyId(bst.getID());
try {
- Document encryptedDoc = builder.build(null);
+ Document encryptedDoc = builder.build(null, secretKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -558,12 +557,11 @@ public class KerberosTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
SecretKey secretKey = bst.getSecretKey();
- builder.setSymmetricKey(secretKey);
builder.setEncryptSymmKey(false);
builder.setCustomReferenceValue(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
builder.setEncKeyId(bst.getID());
- Document encryptedDoc = builder.build(null);
+ Document encryptedDoc = builder.build(null, secretKey);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
@@ -631,14 +629,13 @@ public class KerberosTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
SecretKey secretKey = bst.getSecretKey();
- builder.setSymmetricKey(secretKey);
builder.setEncryptSymmKey(false);
builder.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
byte[] digestBytes = KeyUtils.generateDigest(bst.getToken());
builder.setEncKeyId(org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes));
- Document encryptedDoc = builder.build(null);
+ Document encryptedDoc = builder.build(null, secretKey);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
@@ -1051,11 +1048,10 @@ public class KerberosTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setSymmetricEncAlgorithm(WSConstants.AES_256);
SecretKey secretKey = bst.getSecretKey();
- builder.setSymmetricKey(secretKey);
builder.setEncryptSymmKey(false);
builder.setCustomReferenceValue(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
builder.setEncKeyId(bst.getID());
- builder.build(null);
+ builder.build(null, secretKey);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
@@ -1142,14 +1138,13 @@ public class KerberosTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
SecretKey secretKey = bst.getSecretKey();
- builder.setSymmetricKey(secretKey);
builder.setEncryptSymmKey(false);
builder.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
byte[] digestBytes = KeyUtils.generateDigest(bst.getToken());
builder.setEncKeyId(org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes));
- builder.build(null);
+ builder.build(null, secretKey);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bst.getElement());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java Tue Jan 29 16:28:17 2019
@@ -22,10 +22,15 @@ package org.apache.wss4j.dom.action;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
import org.apache.wss4j.common.SignatureEncryptionActionToken;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.WSSecDerivedKeyBase;
@@ -111,6 +116,7 @@ public abstract class AbstractDerivedAct
boolean use200512Namespace,
Document doc,
String keyTransportAlgorithm,
+ String symmetricKeyAlgorithm,
String mgfAlgorithm) throws WSSecurityException {
derivedKeyBase.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
@@ -140,9 +146,15 @@ public abstract class AbstractDerivedAct
encrKeyBuilder.setMGFAlgorithm(mgfAlgorithm);
}
- encrKeyBuilder.prepare(actionToken.getCrypto());
+ if (symmetricKeyAlgorithm == null) {
+ symmetricKeyAlgorithm = WSConstants.AES_128;
+ }
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symmetricKeyAlgorithm);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKeyBuilder.prepare(actionToken.getCrypto(), symmetricKey);
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
actionToken.setKey(ek);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java Tue Jan 29 16:28:17 2019
@@ -21,6 +21,8 @@ package org.apache.wss4j.dom.action;
import java.security.cert.X509Certificate;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -30,6 +32,7 @@ import org.apache.wss4j.common.crypto.Cr
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -108,7 +111,14 @@ public class EncryptionAction implements
ephemeralKey = pwcb.getKey();
wsEncrypt.setCustomEKKeyInfoElement(pwcb.getKeyInfoReference());
}
- wsEncrypt.setEphemeralKey(ephemeralKey);
+
+ SecretKey symmetricKey = null;
+ if (ephemeralKey != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(wsEncrypt.getSymmetricEncAlgorithm(), ephemeralKey);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(wsEncrypt.getSymmetricEncAlgorithm());
+ symmetricKey = keyGen.generateKey();
+ }
if (encryptionToken.getTokenId() != null) {
wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
@@ -121,7 +131,7 @@ public class EncryptionAction implements
wsEncrypt.setStoreBytesInAttachment(reqData.isStoreBytesInAttachment());
try {
- wsEncrypt.build(encryptionToken.getCrypto());
+ wsEncrypt.build(encryptionToken.getCrypto(), symmetricKey);
} catch (WSSecurityException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty",
new Object[] {"Error during encryption: "});
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java Tue Jan 29 16:28:17 2019
@@ -141,7 +141,7 @@ public class EncryptionDerivedAction ext
} else {
return setupEKReference(wsEncrypt, reqData.getSecHeader(), passwordCallback, encryptionToken, reqData.getSignatureToken(),
reqData.isUse200512Namespace(), doc, encryptionToken.getKeyTransportAlgorithm(),
- encryptionToken.getMgfAlgorithm());
+ encryptionToken.getSymmetricAlgorithm(), encryptionToken.getMgfAlgorithm());
}
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Tue Jan 29 16:28:17 2019
@@ -146,7 +146,7 @@ public class SignatureDerivedAction exte
if ("EncryptedKey".equals(derivedKeyTokenReference)) {
return setupEKReference(wsSign, reqData.getSecHeader(), passwordCallback, signatureToken, reqData.getEncryptionToken(),
- reqData.isUse200512Namespace(), doc, null, null);
+ reqData.isUse200512Namespace(), doc, null, null, null);
} else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
return setupSCTReference(wsSign, passwordCallback, signatureToken, reqData.getEncryptionToken(),
reqData.isUse200512Namespace(), doc);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Tue Jan 29 16:28:17 2019
@@ -19,21 +19,18 @@
package org.apache.wss4j.dom.message;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
-import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
@@ -79,6 +76,11 @@ public class WSSecEncrypt extends WSSecE
private Serializer encryptionSerializer;
+ /**
+ * Algorithm to be used with the ephemeral key
+ */
+ private String symEncAlgo = WSConstants.AES_128;
+
public WSSecEncrypt(WSSecHeader securityHeader) {
super(securityHeader);
}
@@ -98,56 +100,14 @@ public class WSSecEncrypt extends WSSecE
* done explicitly.
*
* @param crypto An instance of the Crypto API to handle keystore and certificates
+ * @param symmetricKey The symmetric key to use for encryption
* @throws WSSecurityException
*/
- public void prepare(Crypto crypto) throws WSSecurityException {
+ public void prepare(Crypto crypto, SecretKey symmetricKey) throws WSSecurityException {
attachmentEncryptedDataElements = new ArrayList<>();
- //
- // Set up the symmetric key
- //
- if (symmetricKey == null) {
- KeyGenerator keyGen = KeyUtils.getKeyGenerator(getSymmetricEncAlgorithm());
- symmetricKey = keyGen.generateKey();
- }
-
- //
- // Get the certificate that contains the public key for the public key
- // algorithm that will encrypt the generated symmetric (session) key.
- //
if (encryptSymmKey) {
- if (getUseThisPublicKey() != null) {
- createEncryptedKeyElement(getUseThisPublicKey());
- byte[] encryptedEphemeralKey = encryptSymmetricKey(getUseThisPublicKey(), symmetricKey);
- addCipherValueElement(encryptedEphemeralKey);
- } else {
- X509Certificate remoteCert = getUseThisCert();
- if (remoteCert == null) {
- if (crypto == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "encryptionCryptoFailure");
- }
- CryptoType cryptoType = null;
- if (keyIdentifierType == WSConstants.ENDPOINT_KEY_IDENTIFIER) {
- cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
- cryptoType.setEndpoint(user);
- } else {
- cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(user);
- }
- X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- if (certs == null || certs.length <= 0) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE,
- "noUserCertsFound",
- new Object[] {user, "encryption"});
- }
- remoteCert = certs[0];
- }
-
- createEncryptedKeyElement(remoteCert, crypto);
- byte[] encryptedEphemeralKey = encryptSymmetricKey(remoteCert.getPublicKey(), symmetricKey);
- addCipherValueElement(encryptedEphemeralKey);
- }
+ super.prepare(crypto, symmetricKey);
} else {
setEncryptedKeySHA1(symmetricKey.getEncoded());
}
@@ -162,17 +122,18 @@ public class WSSecEncrypt extends WSSecE
* encryption</i>.
*
* @param crypto an instance of the Crypto API to handle keystore and Certificates
+ * @param symmetricKey The symmetric key to use for encryption
* @return the SOAP envelope with encrypted Body as <code>Document</code>
* @throws WSSecurityException
*/
- public Document build(Crypto crypto)
+ public Document build(Crypto crypto, SecretKey symmetricKey)
throws WSSecurityException {
- prepare(crypto);
+ prepare(crypto, symmetricKey);
LOG.debug("Beginning Encryption...");
- Element refs = encrypt();
+ Element refs = encrypt(symmetricKey);
addAttachmentEncryptedDataElements();
if (getEncryptedKeyElement() != null) {
@@ -184,23 +145,28 @@ public class WSSecEncrypt extends WSSecE
prependBSTElementToHeader();
- clean();
LOG.debug("Encryption complete.");
return getDocument();
}
- public Element encrypt() throws WSSecurityException {
+ /**
+ * Perform encryption using the given symmetric key
+ * @param symmetricKey The symmetric key to use for encryption
+ * @return the EncryptedData element
+ * @throws WSSecurityException
+ */
+ public Element encrypt(SecretKey symmetricKey) throws WSSecurityException {
if (getParts().isEmpty()) {
getParts().add(WSSecurityUtil.getDefaultEncryptionPart(getDocument()));
}
- return encryptForRef(null, getParts());
+ return encryptForRef(null, getParts(), symmetricKey);
}
/**
* Encrypt one or more parts or elements of the message.
*
- * This method takes a vector of <code>WSEncryptionPart</code> object that
+ * This method takes a list of <code>WSEncryptionPart</code> object that
* contain information about the elements to encrypt. The method call the
* encryption method, takes the reference information generated during
* encryption and add this to the <code>xenc:Reference</code> element.
@@ -215,12 +181,14 @@ public class WSSecEncrypt extends WSSecE
*
* @param dataRef A <code>xenc:Reference</code> element or <code>null</code>
* @param references A list containing WSEncryptionPart objects
+ * @param symmetricKey The symmetric key to use for encryption
* @return Returns the updated <code>xenc:Reference</code> element
* @throws WSSecurityException
*/
public Element encryptForRef(
Element dataRef,
- List<WSEncryptionPart> references
+ List<WSEncryptionPart> references,
+ SecretKey symmetricKey
) throws WSSecurityException {
KeyInfo keyInfo = createKeyInfo();
//the sun/oracle jce provider doesn't like a foreign SecretKey impl.
@@ -468,4 +436,38 @@ public class WSSecEncrypt extends WSSecE
this.encryptionSerializer = encryptionSerializer;
}
+ /**
+ * Set the name of the symmetric encryption algorithm to use.
+ *
+ * This encryption algorithm is used to encrypt the data. If the algorithm
+ * is not set then AES128 is used. Refer to WSConstants which algorithms are
+ * supported.
+ *
+ * @param algo Is the name of the encryption algorithm
+ * @see WSConstants#TRIPLE_DES
+ * @see WSConstants#AES_128
+ * @see WSConstants#AES_192
+ * @see WSConstants#AES_256
+ */
+ public void setSymmetricEncAlgorithm(String algo) {
+ symEncAlgo = algo;
+ }
+
+
+ /**
+ * Get the name of symmetric encryption algorithm to use.
+ *
+ * The name of the encryption algorithm to encrypt the data, i.e. the SOAP
+ * Body. Refer to WSConstants which algorithms are supported.
+ *
+ * @return the name of the currently selected symmetric encryption algorithm
+ * @see WSConstants#TRIPLE_DES
+ * @see WSConstants#AES_128
+ * @see WSConstants#AES_192
+ * @see WSConstants#AES_256
+ */
+ public String getSymmetricEncAlgorithm() {
+ return symEncAlgo;
+ }
+
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Tue Jan 29 16:28:17 2019
@@ -30,7 +30,6 @@ import java.security.spec.MGF1ParameterS
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
@@ -76,21 +75,11 @@ public class WSSecEncryptedKey extends W
org.slf4j.LoggerFactory.getLogger(WSSecEncryptedKey.class);
/**
- * Symmetric key used in the EncryptedKey.
- */
- protected SecretKey symmetricKey;
-
- /**
* Algorithm used to encrypt the ephemeral key
*/
private String keyEncAlgo = WSConstants.KEYTRANSPORT_RSAOAEP;
/**
- * Algorithm to be used with the ephemeral key
- */
- private String symEncAlgo = WSConstants.AES_128;
-
- /**
* Digest Algorithm to be used with RSA-OAEP. The default is SHA-1 (which is not
* written out unless it is explicitly configured).
*/
@@ -177,27 +166,18 @@ public class WSSecEncryptedKey extends W
return encKeyId;
}
- public void clean() {
- symmetricKey = null;
- }
-
-
/**
- * Prepare the ephemeralKey and the tokens required to be added to the
- * security header
+ * Create the EncryptedKey Element for inclusion in the security header, by encrypting the
+ * symmetricKey parameter using either a public key or certificate that is set on the class,
+ * and adding the encrypted bytes as the CipherValue of the EncryptedKey element. The KeyInfo
+ * is constructed according to the keyIdentifierType and also the type of the encrypting
+ * key
*
* @param crypto An instance of the Crypto API to handle keystore and certificates
+ * @param symmetricKey The symmetric key to encrypt and insert into the EncryptedKey
* @throws WSSecurityException
*/
- public void prepare(Crypto crypto) throws WSSecurityException {
-
- //
- // Set up the symmetric key
- //
- if (symmetricKey == null) {
- KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
- symmetricKey = keyGen.generateKey();
- }
+ public void prepare(Crypto crypto, SecretKey symmetricKey) throws WSSecurityException {
if (useThisPublicKey != null) {
createEncryptedKeyElement(useThisPublicKey);
@@ -674,15 +654,6 @@ public class WSSecEncryptedKey extends W
}
/**
- * @param ephemeralKey The ephemeralKey to set.
- */
- public void setEphemeralKey(byte[] ephemeralKey) {
- if (ephemeralKey != null && symmetricKey == null) {
- symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, ephemeralKey);
- }
- }
-
- /**
* Set the X509 Certificate to use for encryption.
*
* If this is set <b>and</b> the key identifier is set to
@@ -781,40 +752,6 @@ public class WSSecEncryptedKey extends W
}
/**
- * Set the name of the symmetric encryption algorithm to use.
- *
- * This encryption algorithm is used to encrypt the data. If the algorithm
- * is not set then AES128 is used. Refer to WSConstants which algorithms are
- * supported.
- *
- * @param algo Is the name of the encryption algorithm
- * @see WSConstants#TRIPLE_DES
- * @see WSConstants#AES_128
- * @see WSConstants#AES_192
- * @see WSConstants#AES_256
- */
- public void setSymmetricEncAlgorithm(String algo) {
- symEncAlgo = algo;
- }
-
-
- /**
- * Get the name of symmetric encryption algorithm to use.
- *
- * The name of the encryption algorithm to encrypt the data, i.e. the SOAP
- * Body. Refer to WSConstants which algorithms are supported.
- *
- * @return the name of the currently selected symmetric encryption algorithm
- * @see WSConstants#TRIPLE_DES
- * @see WSConstants#AES_128
- * @see WSConstants#AES_192
- * @see WSConstants#AES_256
- */
- public String getSymmetricEncAlgorithm() {
- return symEncAlgo;
- }
-
- /**
* Set the digest algorithm to use with the RSA-OAEP key transport algorithm. The
* default is SHA-1.
*
@@ -850,22 +787,6 @@ public class WSSecEncryptedKey extends W
return mgfAlgo;
}
- /**
- * @return The symmetric key
- */
- public SecretKey getSymmetricKey() {
- return symmetricKey;
- }
-
- /**
- * Set the symmetric key to be used for encryption
- *
- * @param key
- */
- public void setSymmetricKey(SecretKey key) {
- this.symmetricKey = key;
- }
-
public boolean isIncludeEncryptionToken() {
return includeEncryptionToken;
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Tue Jan 29 16:28:17 2019
@@ -30,6 +30,7 @@ import org.apache.wss4j.common.saml.bean
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.saml.bean.NameIDBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
@@ -39,6 +40,8 @@ import org.joda.time.DateTime;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -232,8 +235,11 @@ public abstract class AbstractSAMLCallba
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
- ephemeralKey = encrKey.getSymmetricKey().getEncoded();
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKey.prepare(null, symmetricKey);
+ ephemeralKey = symmetricKey.getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java Tue Jan 29 16:28:17 2019
@@ -27,6 +27,7 @@ import org.apache.wss4j.dom.engine.WSSec
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
@@ -35,6 +36,8 @@ import org.bouncycastle.jce.provider.Bou
import org.junit.Test;
import org.w3c.dom.Document;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -203,7 +206,10 @@ public class CryptoProviderTest {
WSSecEncrypt encrypt = new WSSecEncrypt(secHeader);
encrypt.setUseThisCert(cert);
- Document encryptedDoc = encrypt.build(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -259,7 +265,10 @@ public class CryptoProviderTest {
WSSecEncrypt encrypt = new WSSecEncrypt(secHeader);
encrypt.setUseThisCert(cert);
- Document encryptedDoc = encrypt.build(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/AttachmentTest.java Tue Jan 29 16:28:17 2019
@@ -32,6 +32,8 @@ import java.util.List;
import java.util.Map;
import java.util.UUID;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -44,6 +46,7 @@ import org.apache.wss4j.common.ext.Attac
import org.apache.wss4j.common.ext.AttachmentResultCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.AttachmentUtils;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
@@ -385,7 +388,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -445,7 +450,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -504,7 +511,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -559,8 +568,10 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- encrypt.prepare(crypto);
- Element refs = encrypt.encrypt();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrypt.prepare(crypto, symmetricKey);
+ Element refs = encrypt.encrypt(symmetricKey);
encrypt.addAttachmentEncryptedDataElements();
encrypt.addExternalRefElement(refs);
encrypt.prependToHeader();
@@ -624,8 +635,10 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- encrypt.prepare(crypto);
- encrypt.encrypt();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrypt.prepare(crypto, symmetricKey);
+ encrypt.encrypt(symmetricKey);
encrypt.addAttachmentEncryptedDataElements();
//encrypt.addExternalRefElement(refs);
encrypt.prependToHeader();
@@ -688,7 +701,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
assertEquals(1, encryptedAttachments.get(0).getHeaders().size());
@@ -736,7 +751,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -796,7 +813,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -860,7 +879,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -949,7 +970,9 @@ public class AttachmentTest {
}
});
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -1014,7 +1037,9 @@ public class AttachmentTest {
encrypt.setAttachmentCallbackHandler(attachmentCallbackHandler);
List<Attachment> encryptedAttachments = attachmentCallbackHandler.getResponseAttachments();
- doc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ doc = encrypt.build(crypto, symmetricKey);
WSSecSignature signature = new WSSecSignature(secHeader);
signature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
@@ -1091,7 +1116,9 @@ public class AttachmentTest {
}
});
- doc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ doc = encrypt.build(crypto, symmetricKey);
WSSecSignature signature = new WSSecSignature(secHeader);
signature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/CertErrorTest.java Tue Jan 29 16:28:17 2019
@@ -19,17 +19,22 @@
package org.apache.wss4j.dom.message;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.junit.Test;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.w3c.dom.Document;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
/**
* This class tests for error messages that apply to certificates, e.g. when a bad
@@ -78,7 +83,10 @@ public class CertErrorTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setUserInfo("alice");
try {
- builder.build(CryptoFactory.getInstance());
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.build(CryptoFactory.getInstance(), symmetricKey);
fail("Expected failure on a bad username");
} catch (WSSecurityException ex) {
String expectedError = "No certificates for user \"alice\" were found for encryption";
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/DerivedKeyTest.java Tue Jan 29 16:28:17 2019
@@ -32,11 +32,14 @@ import org.apache.wss4j.common.crypto.Cr
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.token.SecurityTokenReference;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.w3c.dom.Document;
import java.security.cert.X509Certificate;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import static org.junit.Assert.assertFalse;
@@ -78,10 +81,13 @@ public class DerivedKeyTest {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKeyBuilder.prepare(crypto, symmetricKey);
//Key information from the EncryptedKey
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
//Derived key encryption
@@ -116,10 +122,13 @@ public class DerivedKeyTest {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKeyBuilder.prepare(crypto, symmetricKey);
//Key information from the EncryptedKey
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
//Derived key encryption
@@ -150,10 +159,13 @@ public class DerivedKeyTest {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKeyBuilder.prepare(crypto, symmetricKey);
//Key information from the EncryptedKey
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
//Derived key encryption
@@ -273,10 +285,13 @@ public class DerivedKeyTest {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKeyBuilder.prepare(crypto, symmetricKey);
//Key information from the EncryptedKey
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
//Derived key encryption
@@ -314,10 +329,13 @@ public class DerivedKeyTest {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(secHeader);
encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- encrKeyBuilder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKeyBuilder.prepare(crypto, symmetricKey);
//Key information from the EncryptedKey
- byte[] ek = encrKeyBuilder.getSymmetricKey().getEncoded();
+ byte[] ek = symmetricKey.getEncoded();
String tokenIdentifier = encrKeyBuilder.getId();
//Derived key encryption
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptedDataInHeaderTest.java Tue Jan 29 16:28:17 2019
@@ -19,6 +19,8 @@
package org.apache.wss4j.dom.message;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.dom.WSConstants;
@@ -32,6 +34,7 @@ import org.apache.wss4j.dom.handler.WSHa
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.Test;
@@ -91,11 +94,13 @@ public class EncryptedDataInHeaderTest {
);
encrypt.getParts().add(encP);
- encrypt.prepare(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrypt.prepare(crypto, symmetricKey);
encrypt.prependToHeader();
// Append Reference List to security header
- Element refs = encrypt.encrypt();
+ Element refs = encrypt.encrypt(symmetricKey);
secHeader.getSecurityHeaderElement().appendChild(refs);
if (LOG.isDebugEnabled()) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionAlgorithmSuiteTest.java Tue Jan 29 16:28:17 2019
@@ -76,7 +76,9 @@ public class EncryptionAlgorithmSuiteTes
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -114,7 +116,9 @@ public class EncryptionAlgorithmSuiteTes
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSA15);
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -151,7 +155,9 @@ public class EncryptionAlgorithmSuiteTes
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSA15);
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -193,7 +199,9 @@ public class EncryptionAlgorithmSuiteTes
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -229,10 +237,9 @@ public class EncryptionAlgorithmSuiteTes
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- builder.setSymmetricKey(key);
builder.setEncryptSymmKey(false);
- Document encryptedDoc = builder.build(crypto);
+ Document encryptedDoc = builder.build(crypto, key);
if (LOG.isDebugEnabled()) {
String outputString =
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionGCMTest.java Tue Jan 29 16:28:17 2019
@@ -19,6 +19,8 @@
package org.apache.wss4j.dom.message;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.bsp.BSPRule;
@@ -33,6 +35,7 @@ import org.apache.wss4j.dom.engine.WSSec
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -94,7 +97,10 @@ public class EncryptionGCMTest {
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128_GCM);
- Document encryptedDoc = builder.build(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128_GCM);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -116,7 +122,10 @@ public class EncryptionGCMTest {
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.AES_256_GCM);
- Document encryptedDoc = builder.build(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_256_GCM);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -141,7 +150,10 @@ public class EncryptionGCMTest {
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP_XENC11);
builder.setDigestAlgorithm(WSConstants.SHA256);
builder.setMGFAlgorithm(WSConstants.MGF_SHA256);
- Document encryptedDoc = builder.build(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_192_GCM);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionPartsTest.java Tue Jan 29 16:28:17 2019
@@ -33,12 +33,15 @@ import org.apache.wss4j.common.WSEncrypt
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
@@ -115,7 +118,9 @@ public class EncryptionPartsTest {
"");
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -173,7 +178,9 @@ public class EncryptionPartsTest {
);
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -210,7 +217,9 @@ public class EncryptionPartsTest {
);
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -246,8 +255,10 @@ public class EncryptionPartsTest {
);
encrypt.getParts().add(encP);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
try {
- encrypt.build(crypto);
+ encrypt.build(crypto, symmetricKey);
fail("Failure expected on not encrypting a required element");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
@@ -276,7 +287,9 @@ public class EncryptionPartsTest {
"Header");
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -324,7 +337,9 @@ public class EncryptionPartsTest {
"Header");
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -371,8 +386,10 @@ public class EncryptionPartsTest {
"");
encrypt.getParts().add(encP);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
try {
- encrypt.build(crypto);
+ encrypt.build(crypto, symmetricKey);
fail("Failure expected on a bad localname");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
@@ -400,8 +417,10 @@ public class EncryptionPartsTest {
"");
encrypt.getParts().add(encP);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
try {
- encrypt.build(crypto);
+ encrypt.build(crypto, symmetricKey);
fail("Failure expected on a bad namespace");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
@@ -438,7 +457,9 @@ public class EncryptionPartsTest {
"");
encrypt.getParts().add(encP2);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
String outputString =
@@ -505,7 +526,9 @@ public class EncryptionPartsTest {
encP.setElement(bodyElement);
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -548,7 +571,9 @@ public class EncryptionPartsTest {
"");
encrypt.getParts().add(encP);
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java Tue Jan 29 16:28:17 2019
@@ -124,8 +124,11 @@ public class EncryptionTest {
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
+
LOG.info("Before Encryption Triple DES....");
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
LOG.info("After Encryption Triple DES....");
String outputString =
@@ -152,7 +155,6 @@ public class EncryptionTest {
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
- builder.setSymmetricKey(null);
WSEncryptionPart encP =
new WSEncryptionPart(
@@ -161,7 +163,9 @@ public class EncryptionTest {
builder.getParts().add(encP);
LOG.info("Before Encryption AES 128/RSA-15....");
- encryptedDoc = builder.build(crypto);
+ keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ symmetricKey = keyGen.generateKey();
+ encryptedDoc = builder.build(crypto, symmetricKey);
LOG.info("After Encryption AES 128/RSA-15....");
outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -208,7 +212,9 @@ public class EncryptionTest {
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP);
LOG.info("Before Encryption Triple DES/RSA-OAEP....");
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
LOG.info("After Encryption Triple DES/RSA-OAEP....");
String outputString =
@@ -248,7 +254,9 @@ public class EncryptionTest {
assertNotNull(certs);
builder.setUseThisPublicKey(certs[0].getPublicKey());
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -285,7 +293,9 @@ public class EncryptionTest {
encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
LOG.info("Before Encryption....");
- Document encryptedDoc = encrypt.build(encCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(encCrypto, symmetricKey);
if (LOG.isDebugEnabled()) {
LOG.debug("After the first encryption:");
@@ -294,7 +304,7 @@ public class EncryptionTest {
LOG.debug(outputString);
}
- Document encryptedEncryptedDoc = encrypt.build(encCrypto);
+ Document encryptedEncryptedDoc = encrypt.build(encCrypto, symmetricKey);
if (LOG.isDebugEnabled()) {
LOG.debug("After the second encryption:");
@@ -326,7 +336,9 @@ public class EncryptionTest {
builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
LOG.info("Before Encrypting ThumbprintSHA1....");
- Document encryptedDoc = builder.build(encCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(encCrypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -367,7 +379,9 @@ public class EncryptionTest {
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
LOG.info("Before Encrypting EncryptedKeySHA1....");
- Document encryptedDoc = builder.build(encCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(encCrypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
@@ -395,11 +409,10 @@ public class EncryptionTest {
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- builder.setSymmetricKey(key);
builder.setEncryptSymmKey(false);
LOG.info("Before Encrypting EncryptedKeySHA1....");
- Document encryptedDoc = builder.build(crypto);
+ Document encryptedDoc = builder.build(crypto, key);
byte[] encodedBytes = KeyUtils.generateDigest(keyData);
String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
@@ -418,43 +431,6 @@ public class EncryptionTest {
}
/**
- * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key (bytes),
- * rather than a generated session key which is then encrypted using a public key.
- *
- * @throws java.lang.Exception Thrown when there is any problem in encryption or decryption
- */
- @Test
- public void testEncryptionSHA1SymmetricBytes() throws Exception {
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
-
- WSSecEncrypt builder = new WSSecEncrypt(secHeader);
- builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- builder.setEphemeralKey(keyData);
- builder.setEncryptSymmKey(false);
-
- LOG.info("Before Encrypting EncryptedKeySHA1....");
- Document encryptedDoc = builder.build(crypto);
-
- byte[] encodedBytes = KeyUtils.generateDigest(keyData);
- String identifier = org.apache.xml.security.utils.XMLUtils.encodeToString(encodedBytes);
- secretKeyCallbackHandler.addSecretKey(identifier, keyData);
-
- String outputString =
- XMLUtils.prettyDocumentToString(encryptedDoc);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
- LOG.debug(outputString);
- }
- assertTrue(outputString.contains("#EncryptedKeySHA1"));
-
- LOG.info("After Encrypting EncryptedKeySHA1....");
- verify(encryptedDoc, crypto, secretKeyCallbackHandler);
- }
-
-
- /**
* Test that encrypts using EncryptedKeySHA1, where it uses a symmetric key, rather than a
* generated session key which is then encrypted using a public key. The request is generated
* using WSHandler, instead of coding it.
@@ -519,7 +495,9 @@ public class EncryptionTest {
/*
* Prepare the Encrypt object with the token, setup data structure
*/
- builder.prepare(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ builder.prepare(crypto, symmetricKey);
/*
* Set up the parts structure to encrypt the body
@@ -537,7 +515,7 @@ public class EncryptionTest {
* Security header. Be sure that the ReferenceList is after the
* EncryptedKey element in the Security header (strict layout)
*/
- Element refs = builder.encrypt();
+ Element refs = builder.encrypt(symmetricKey);
builder.addExternalRefElement(refs);
/*
@@ -588,7 +566,9 @@ public class EncryptionTest {
/*
* Prepare the Encrypt object with the token, setup data structure
*/
- builder.prepare(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ builder.prepare(crypto, symmetricKey);
/*
* Set up the parts structure to encrypt the body
@@ -607,7 +587,7 @@ public class EncryptionTest {
* Security header. Be sure that the ReferenceList is after the
* EncryptedKey element in the Security header (strict layout)
*/
- Element refs = builder.encrypt();
+ Element refs = builder.encrypt(symmetricKey);
builder.addExternalRefElement(refs);
/*
@@ -657,7 +637,10 @@ public class EncryptionTest {
builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
- builder.prepare(crypto);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ builder.prepare(crypto, symmetricKey);
builder.setEmbedEncryptedKey(true);
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
@@ -668,7 +651,7 @@ public class EncryptionTest {
"Content");
parts.add(encP);
- builder.encrypt();
+ builder.encrypt(symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(doc);
@@ -699,7 +682,9 @@ public class EncryptionTest {
builder.setDigestAlgorithm(WSConstants.SHA256);
LOG.info("Before Encryption Triple DES/RSA-OAEP....");
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
LOG.info("After Encryption Triple DES/RSA-OAEP....");
String outputString =
@@ -733,7 +718,9 @@ public class EncryptionTest {
LOG.info("Before Encryption Triple DES/RSA-OAEP....");
Crypto regexpCrypto = CryptoFactory.getInstance("regexp.properties");
- Document encryptedDoc = builder.build(regexpCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(regexpCrypto, symmetricKey);
LOG.info("After Encryption Triple DES/RSA-OAEP....");
String outputString =
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java Tue Jan 29 16:28:17 2019
@@ -23,6 +23,8 @@ import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.List;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.WSEncryptionPart;
@@ -34,6 +36,7 @@ import org.apache.wss4j.common.saml.SAML
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
@@ -330,7 +333,9 @@ public class ModifiedRequestTest {
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Crypto wssCrypto = CryptoFactory.getInstance("wss40.properties");
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(wssCrypto, symmetricKey);
Element body = WSSecurityUtil.findBodyElement(doc);
Element encryptionMethod =
@@ -367,7 +372,9 @@ public class ModifiedRequestTest {
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Crypto wssCrypto = CryptoFactory.getInstance("wss40.properties");
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(wssCrypto, symmetricKey);
Element body = WSSecurityUtil.findBodyElement(doc);
Element cipherValue =
@@ -428,7 +435,9 @@ public class ModifiedRequestTest {
"");
builder.getParts().add(encP);
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(wssCrypto, symmetricKey);
Element securityHeader =
WSSecurityUtil.getSecurityHeader(encryptedDoc, "");
@@ -479,7 +488,9 @@ public class ModifiedRequestTest {
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Crypto wssCrypto = CryptoFactory.getInstance("wss40.properties");
- Document encryptedDoc = builder.build(wssCrypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.TRIPLE_DES);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(wssCrypto, symmetricKey);
Element encryptedKey =
XMLUtils.findElement(doc.getDocumentElement(), "EncryptedKey", WSConstants.ENC_NS);
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java Tue Jan 29 16:28:17 2019
@@ -22,12 +22,15 @@ package org.apache.wss4j.dom.message;
import java.util.Collections;
import java.util.Properties;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -145,7 +148,9 @@ public class PasswordEncryptorTest {
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP);
- Document encryptedDoc = builder.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = builder.build(crypto, symmetricKey);
String outputString =
XMLUtils.prettyDocumentToString(encryptedDoc);
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java?rev=1852463&r1=1852462&r2=1852463&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.java Tue Jan 29 16:28:17 2019
@@ -24,8 +24,11 @@ import java.util.Map;
import java.util.ResourceBundle;
import java.util.TreeMap;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
@@ -35,6 +38,7 @@ import org.apache.wss4j.dom.engine.WSSec
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -301,7 +305,9 @@ public class RequireSignedEncryptedDataE
sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
LOG.info("Before Encryption....");
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
LOG.debug("After Encryption....");
@@ -341,7 +347,9 @@ public class RequireSignedEncryptedDataE
LOG.debug(outputString);
}
- Document encryptedDoc = encrypt.build(crypto);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ Document encryptedDoc = encrypt.build(crypto, symmetricKey);
if (LOG.isDebugEnabled()) {
LOG.debug("After Encryption....");