Author: coheigea
Date: Tue Aug 16 10:41:28 2011
New Revision: 1158190
URL: http://svn.apache.org/viewvc?rev=1158190&view=rev
Log:
[WSS-307] - Added some support for referencing a Kerberos ticket correctly for
signature + encryption
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
Tue Aug 16 10:41:28 2011
@@ -25,6 +25,7 @@ import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.message.token.KerberosSecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
@@ -526,6 +527,11 @@ public class WSSecEncrypt extends WSSecE
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE,
encKeyId);
keyInfo.addUnknownElement(secToken.getElement());
+ } else if
(WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) {
+ SecurityTokenReference secToken = new
SecurityTokenReference(document);
+ secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
+ secToken.setKeyIdentifier(customReferenceValue, encKeyId);
+ keyInfo.addUnknownElement(secToken.getElement());
} else if (securityTokenReference != null) {
Element tmpE = securityTokenReference.getElement();
tmpE.setAttributeNS(
@@ -545,7 +551,11 @@ public class WSSecEncrypt extends WSSecE
ref.setValueType(customReferenceValue);
}
secToken.setReference(ref);
- secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ if (KerberosSecurity.isKerberosToken(customReferenceValue)) {
+ secToken.addTokenType(customReferenceValue);
+ } else {
+ secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ }
keyInfo.addUnknownElement(secToken.getElement());
}
Element keyInfoElement = keyInfo.getElement();
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Tue Aug 16 10:41:28 2011
@@ -276,7 +276,9 @@ public class WSSecSignature extends WSSe
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
} else if
(SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
- }
+ } else if
(WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customTokenValueType)) {
+ secRef.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
+ }
break;
case WSConstants.KEY_VALUE:
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
Tue Aug 16 10:41:28 2011
@@ -30,9 +30,11 @@ import org.apache.ws.security.common.SOA
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
@@ -281,6 +283,127 @@ public class BSTKerberosTest extends org
LOG.debug(outputString);
}
}
+
+ /**
+ * A test for signing using a KeyIdentifier to a Kerberos token
+ */
+ @org.junit.Test
+ public void testKerberosSignatureKICreation() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ BinarySecurity bst = new BinarySecurity(doc);
+ bst.setValueType(AP_REQ);
+ bst.setEncodingType(BASE64_NS);
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ byte[] keyData = key.getEncoded();
+
+ bst.setToken(keyData);
+ bst.setID("Id-" + bst.hashCode());
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ WSSecSignature sign = new WSSecSignature();
+ sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+
+ byte[] digestBytes = WSSecurityUtil.generateDigest(keyData);
+ sign.setCustomTokenId(Base64.encode(digestBytes));
+ sign.setSecretKey(keyData);
+
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ }
+
+ /**
+ * A test for encryption using a direct reference to a Kerberos token
+ */
+ @org.junit.Test
+ public void testKerberosEncryptionDRCreation() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ BinarySecurity bst = new BinarySecurity(doc);
+ bst.setValueType(AP_REQ);
+ bst.setEncodingType(BASE64_NS);
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ byte[] keyData = key.getEncoded();
+
+ bst.setToken(keyData);
+ bst.setID("Id-" + bst.hashCode());
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ builder.setSymmetricKey(key);
+ builder.setEncryptSymmKey(false);
+ builder.setCustomReferenceValue(AP_REQ);
+ builder.setEncKeyId(bst.getID());
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ LOG.debug(outputString);
+ }
+ }
+
+ /**
+ * A test for encryption using a Key Identifier to a Kerberos token
+ */
+ @org.junit.Test
+ public void testKerberosEncryptionKICreation() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ BinarySecurity bst = new BinarySecurity(doc);
+ bst.setValueType(AP_REQ);
+ bst.setEncodingType(BASE64_NS);
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ SecretKey key = keyGen.generateKey();
+ byte[] keyData = key.getEncoded();
+
+ bst.setToken(keyData);
+ bst.setID("Id-" + bst.hashCode());
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ builder.setSymmetricKey(key);
+ builder.setEncryptSymmKey(false);
+ builder.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+
+ byte[] digestBytes = WSSecurityUtil.generateDigest(keyData);
+ builder.setEncKeyId(Base64.encode(digestBytes));
+
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ LOG.debug(outputString);
+ }
+ }
+
/**
