You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2022/07/07 09:02:54 UTC
[ws-wss4j] branch master updated: Removing WSSecurityUtil.generateNonce
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 9e7ca85c0 Removing WSSecurityUtil.generateNonce
9e7ca85c0 is described below
commit 9e7ca85c0a2e4e91258966b35ed0cb8ac647f8b1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 7 10:02:38 2022 +0100
Removing WSSecurityUtil.generateNonce
---
.../wss4j/common/util/UsernameTokenUtil.java | 4 ++--
.../wss4j/dom/message/WSSecDerivedKeyBase.java | 3 ++-
.../wss4j/dom/message/token/UsernameToken.java | 2 +-
.../org/apache/wss4j/dom/util/WSSecurityUtil.java | 18 ---------------
.../dom/handler/SignatureConfirmationTest.java | 10 ++++-----
.../dom/message/SecurityContextTokenTest.java | 26 +++++++++++++++++-----
.../wss4j/stax/test/SecurityContextTokenTest.java | 24 ++++++++++----------
7 files changed, 41 insertions(+), 46 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java b/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
index c6d1861db..95e3079b6 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
@@ -131,13 +131,13 @@ public final class UsernameTokenUtil {
}
/**
- * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom
+ * Generate a nonce of the given length using a secure random algorithm. The SecureRandom
* instance that backs this method is cached for efficiency.
*
* @return a nonce of the given length
* @throws WSSecurityException
*/
- private static byte[] generateNonce(int length) throws WSSecurityException {
+ public static byte[] generateNonce(int length) throws WSSecurityException {
try {
return XMLSecurityConstants.generateBytes(length);
} catch (Exception ex) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
index 50462ff41..c59a3e53f 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
@@ -34,6 +34,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.token.DerivedKeyToken;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
@@ -199,7 +200,7 @@ public abstract class WSSecDerivedKeyBase extends WSSecSignatureBase {
byte[] label;
String labelText = clientLabel + serviceLabel;
label = labelText.getBytes(StandardCharsets.UTF_8);
- byte[] nonce = WSSecurityUtil.generateNonce(16);
+ byte[] nonce = UsernameTokenUtil.generateNonce(16);
byte[] seed = new byte[label.length + nonce.length];
System.arraycopy(label, 0, seed, 0, label.length);
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
index 1b791948b..165afefe3 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
@@ -288,7 +288,7 @@ public class UsernameToken {
}
byte[] nonceValue = null;
try {
- nonceValue = WSSecurityUtil.generateNonce(16);
+ nonceValue = UsernameTokenUtil.generateNonce(16);
} catch (WSSecurityException ex) {
LOG.debug(ex.getMessage(), ex);
return;
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
index 8021887f4..fd0e570bd 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
@@ -32,7 +32,6 @@ import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -627,23 +626,6 @@ public final class WSSecurityUtil {
return actions;
}
- /**
- * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom
- * instance that backs this method is cached for efficiency.
- *
- * @return a nonce of the given length
- * @throws WSSecurityException
- */
- public static byte[] generateNonce(int length) throws WSSecurityException {
- try {
- return XMLSecurityConstants.generateBytes(length);
- } catch (Exception ex) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex,
- "empty", new Object[] {"Error in generating nonce of length " + length}
- );
- }
- }
-
public static void inlineAttachments(List<Element> includeElements,
CallbackHandler attachmentCallbackHandler,
boolean removeAttachments) throws WSSecurityException {
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
index 09e90fd07..36704d6c2 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
@@ -19,10 +19,7 @@
package org.apache.wss4j.dom.handler;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
import javax.security.auth.callback.CallbackHandler;
@@ -42,7 +39,6 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.token.SignatureConfirmation;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
@@ -288,7 +284,9 @@ public class SignatureConfirmationTest {
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
- byte[] randomBytes = WSSecurityUtil.generateNonce(20);
+ Random random = new Random();
+ byte[] randomBytes = new byte[20];
+ random.nextBytes(randomBytes);
SignatureConfirmation sigConf = new SignatureConfirmation(doc, randomBytes);
Element sigConfElement = sigConf.getElement();
secHeader.getSecurityHeaderElement().appendChild(sigConfElement);
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
index 6e3e6e23c..46a1d1145 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java
@@ -38,6 +38,8 @@ import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
+import java.util.Random;
+
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
@@ -104,7 +106,9 @@ public class SecurityContextTokenTest {
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
@@ -154,7 +158,9 @@ public class SecurityContextTokenTest {
sctBuilder.setWscVersion(ConversationConstants.VERSION_05_12);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
@@ -203,7 +209,9 @@ public class SecurityContextTokenTest {
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
@@ -241,7 +249,9 @@ public class SecurityContextTokenTest {
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
@@ -284,7 +294,9 @@ public class SecurityContextTokenTest {
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
@@ -332,7 +344,9 @@ public class SecurityContextTokenTest {
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null);
sctBuilder.prepare(crypto);
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ Random random = new Random();
+ byte[] tempSecret = new byte[16];
+ random.nextBytes(tempSecret);
// Store the secret
callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret);
diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
index 23056e091..300452dca 100644
--- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
+++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
@@ -47,7 +47,6 @@ import org.apache.wss4j.dom.message.WSSecDKSign;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSecurityContextToken;
import org.apache.wss4j.dom.message.WSSecSignature;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
@@ -63,6 +62,7 @@ import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.apache.wss4j.stax.validate.SecurityContextTokenValidator;
import org.apache.wss4j.stax.validate.SecurityContextTokenValidatorImpl;
import org.apache.wss4j.stax.validate.TokenContext;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
@@ -131,7 +131,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTDKTEncryptInbound(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -217,7 +217,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTDKTEncryptInboundAction(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -342,7 +342,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTSignInbound(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -436,7 +436,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTSignInboundAction(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -525,7 +525,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTSignAbsoluteInbound(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -573,7 +573,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTSignEncrypt(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -697,7 +697,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTSignEncryptAction(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -797,7 +797,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTEncryptSign(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -921,7 +921,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTKDKTEncryptSignAction(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -1021,7 +1021,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTSign(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -1113,7 +1113,7 @@ public class SecurityContextTokenTest extends AbstractTestBase {
@ParameterizedTest
@ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12})
public void testSCTCustomValidator(int version) throws Exception {
- byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ byte[] tempSecret = XMLSecurityConstants.generateBytes(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);