Author: coheigea
Date: Wed Mar 7 12:29:42 2012
New Revision: 1297953
URL: http://svn.apache.org/viewvc?rev=1297953&view=rev
Log:
[WSS-358] - Record how a certificate was referenced for signature or encryption
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
Wed Mar 7 12:29:42 2012
@@ -146,6 +146,13 @@ public class WSSecurityEngineResult exte
* The value under this tag is of type
java.security.cert.X509Certificate[].
*/
public static final String TAG_X509_CERTIFICATES = "x509-certificates";
+
+ /**
+ * Tag denoting how the X.509 certificate (chain) was referenced, if
applicable.
+ *
+ * The value under this tag is of type STRParser.REFERENCE_TYPE.
+ */
+ public static final String TAG_X509_REFERENCE_TYPE =
"x509-reference-type";
/**
* Tag denoting the encrypted key bytes
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Wed Mar 7 12:29:42 2012
@@ -99,8 +99,9 @@ public class EncryptedKeyProcessor imple
throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
}
+ STRParser strParser = new EncryptedKeySTRParser();
X509Certificate[] certs =
- getCertificatesFromEncryptedKey(elem, data, data.getDecCrypto(),
wsDocInfo);
+ getCertificatesFromEncryptedKey(elem, data, data.getDecCrypto(),
wsDocInfo, strParser);
try {
PrivateKey privateKey =
data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
@@ -148,6 +149,7 @@ public class EncryptedKeyProcessor imple
encryptedKeyTransportMethod
);
result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null,
"Id"));
+ result.put(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE,
strParser.getCertificatesReferenceType());
wsDocInfo.addResult(result);
wsDocInfo.addTokenElement(elem);
return java.util.Collections.singletonList(result);
@@ -211,7 +213,8 @@ public class EncryptedKeyProcessor imple
Element xencEncryptedKey,
RequestData data,
Crypto crypto,
- WSDocInfo wsDocInfo
+ WSDocInfo wsDocInfo,
+ STRParser strParser
) throws WSSecurityException {
Element keyInfo =
WSSecurityUtil.getDirectChildElement(
@@ -242,12 +245,11 @@ public class EncryptedKeyProcessor imple
WSConstants.WSSE_NS
);
}
- if (strElement == null) {
+ if (strElement == null || strParser == null) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY, "noSecTokRef"
);
}
- STRParser strParser = new EncryptedKeySTRParser();
strParser.parseSecurityTokenReference(strElement, data, wsDocInfo,
null);
X509Certificate[] certs = strParser.getCertificates();
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
Wed Mar 7 12:29:42 2012
@@ -37,6 +37,7 @@ import org.apache.ws.security.message.Ca
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.str.STRParser;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
import org.apache.ws.security.str.SignatureSTRParser;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.transform.STRTransformUtil;
@@ -119,6 +120,7 @@ public class SignatureProcessor implemen
PublicKey publicKey = null;
byte[] secretKey = null;
String signatureMethod = getSignatureMethod(elem);
+ REFERENCE_TYPE referenceType = null;
Validator validator = data.getValidator(WSSecurityEngine.SIGNATURE);
if (keyInfoElement == null) {
@@ -166,6 +168,7 @@ public class SignatureProcessor implemen
certs = strParser.getCertificates();
publicKey = strParser.getPublicKey();
secretKey = strParser.getSecretKey();
+ referenceType = strParser.getCertificatesReferenceType();
boolean trusted = strParser.isTrustedCredential();
if (trusted && LOG.isDebugEnabled()) {
@@ -223,6 +226,7 @@ public class SignatureProcessor implemen
result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
result.put(WSSecurityEngineResult.TAG_SECRET, secretKey);
result.put(WSSecurityEngineResult.TAG_PUBLIC_KEY, publicKey);
+ result.put(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE,
referenceType);
if (validator != null) {
result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN,
Boolean.TRUE);
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
Wed Mar 7 12:29:42 2012
@@ -196,6 +196,14 @@ public class DerivedKeyTokenSTRParser im
public boolean isTrustedCredential() {
return false;
}
+
+ /**
+ * Get how the certificates were referenced
+ * @return how the certificates were referenced
+ */
+ public REFERENCE_TYPE getCertificatesReferenceType() {
+ return null;
+ }
/**
* Get the Secret Key from a CallbackHandler
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
Wed Mar 7 12:29:42 2012
@@ -53,6 +53,8 @@ public class EncryptedKeySTRParser imple
private X509Certificate[] certs;
+ private REFERENCE_TYPE referenceType;
+
/**
* Parse a SecurityTokenReference element and extract credentials.
*
@@ -83,8 +85,14 @@ public class EncryptedKeySTRParser imple
if (uri.charAt(0) == '#') {
uri = uri.substring(1);
}
+ referenceType = REFERENCE_TYPE.DIRECT_REF;
} else if (secRef.containsKeyIdentifier()) {
uri = secRef.getKeyIdentifierValue();
+ if
(SecurityTokenReference.THUMB_URI.equals(secRef.getKeyIdentifierValueType())) {
+ referenceType = REFERENCE_TYPE.THUMBPRINT_SHA1;
+ } else {
+ referenceType = REFERENCE_TYPE.KEY_IDENTIFIER;
+ }
}
WSSecurityEngineResult result = wsDocInfo.getResult(uri);
@@ -111,6 +119,7 @@ public class EncryptedKeySTRParser imple
certs = secRef.getKeyIdentifier(crypto);
}
} else if (secRef.containsX509Data() ||
secRef.containsX509IssuerSerial()) {
+ referenceType = REFERENCE_TYPE.ISSUER_SERIAL;
certs = secRef.getX509IssuerSerial(crypto);
} else if (secRef.containsReference()) {
Element bstElement =
@@ -182,6 +191,14 @@ public class EncryptedKeySTRParser imple
}
/**
+ * Get how the certificates were referenced
+ * @return how the certificates were referenced
+ */
+ public REFERENCE_TYPE getCertificatesReferenceType() {
+ return referenceType;
+ }
+
+ /**
* Process a previous security result
*/
private void processPreviousResult(
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
Wed Mar 7 12:29:42 2012
@@ -37,6 +37,18 @@ import java.util.Map;
public interface STRParser {
/**
+ * ISSUER_SERIAL - A certificate (chain) is located by the issuer name and
serial number of the
+ * (root) cert
+ * THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1
thumbprint of the (root) cert
+ * KEY_IDENTIFIER - A certificate (chain) is located via a Key Identifier
Element
+ * DIRECT_REF - A certificate (chain) is located directly via an Id to
another security token
+ * Note that a Thumbprint reference is also a KeyIdentifier, but takes
precedence over it.
+ */
+ public enum REFERENCE_TYPE {
+ ISSUER_SERIAL, THUMBPRINT_SHA1, KEY_IDENTIFIER, DIRECT_REF
+ };
+
+ /**
* Parse a SecurityTokenReference element and extract credentials.
*
* @param strElement The SecurityTokenReference element
@@ -84,5 +96,11 @@ public interface STRParser {
* @return true if trust has already been verified on the returned
Credential
*/
public boolean isTrustedCredential();
+
+ /**
+ * Get how the certificates were referenced
+ * @return how the certificates were referenced
+ */
+ public REFERENCE_TYPE getCertificatesReferenceType();
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
Wed Mar 7 12:29:42 2012
@@ -214,6 +214,14 @@ public class SecurityTokenRefSTRParser i
}
/**
+ * Get how the certificates were referenced
+ * @return how the certificates were referenced
+ */
+ public REFERENCE_TYPE getCertificatesReferenceType() {
+ return null;
+ }
+
+ /**
* Get whether the returned credential is already trusted or not. This is
currently
* applicable in the case of a credential extracted from a trusted HOK
SAML Assertion,
* and a BinarySecurityToken that has been processed by a Validator. In
these cases,
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
Wed Mar 7 12:29:42 2012
@@ -83,6 +83,8 @@ public class SignatureSTRParser implemen
private boolean trustedCredential;
+ private REFERENCE_TYPE referenceType;
+
/**
* Parse a SecurityTokenReference element and extract credentials.
*
@@ -115,8 +117,14 @@ public class SignatureSTRParser implemen
if (uri.charAt(0) == '#') {
uri = uri.substring(1);
}
+ referenceType = REFERENCE_TYPE.DIRECT_REF;
} else if (secRef.containsKeyIdentifier()) {
uri = secRef.getKeyIdentifierValue();
+ if
(SecurityTokenReference.THUMB_URI.equals(secRef.getKeyIdentifierValueType())) {
+ referenceType = REFERENCE_TYPE.THUMBPRINT_SHA1;
+ } else {
+ referenceType = REFERENCE_TYPE.KEY_IDENTIFIER;
+ }
}
WSSecurityEngineResult result = wsDocInfo.getResult(uri);
@@ -190,6 +198,7 @@ public class SignatureSTRParser implemen
}
}
} else if (secRef.containsX509Data() ||
secRef.containsX509IssuerSerial()) {
+ referenceType = REFERENCE_TYPE.ISSUER_SERIAL;
X509Certificate[] foundCerts = secRef.getX509IssuerSerial(crypto);
if (foundCerts != null && foundCerts.length > 0) {
certs = new X509Certificate[]{foundCerts[0]};
@@ -282,6 +291,14 @@ public class SignatureSTRParser implemen
}
/**
+ * Get how the certificates were referenced
+ * @return how the certificates were referenced
+ */
+ public REFERENCE_TYPE getCertificatesReferenceType() {
+ return referenceType;
+ }
+
+ /**
* A method to create a Principal from a SAML Assertion
* @param assertion An AssertionWrapper object
* @return A principal
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
Wed Mar 7 12:29:42 2012
@@ -35,6 +35,7 @@ import org.apache.ws.security.components
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -45,6 +46,7 @@ import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import java.util.ArrayList;
+import java.util.List;
/**
* A set of test-cases for encrypting and decrypting SOAP requests.
@@ -147,7 +149,7 @@ public class EncryptionTest extends org.
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true :
false);
- verify(
+ List<WSSecurityEngineResult> results = verify(
encryptedDoc,
keystoreCallbackHandler,
new javax.xml.namespace.QName(
@@ -155,6 +157,14 @@ public class EncryptionTest extends org.
"add"
)
);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
}
/**
@@ -191,7 +201,16 @@ public class EncryptionTest extends org.
WSSConfig config = WSSConfig.getNewInstance();
config.setWsiBSPCompliant(false);
newEngine.setWssConfig(config);
- newEngine.processSecurityHeader(encryptedDoc, null,
keystoreCallbackHandler, crypto);
+ List<WSSecurityEngineResult> results =
+ newEngine.processSecurityHeader(encryptedDoc, null,
keystoreCallbackHandler, crypto);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
// Now turn on BSP spec compliance
config.setWsiBSPCompliant(true);
@@ -274,7 +293,15 @@ public class EncryptionTest extends org.
assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1);
LOG.info("After Encrypting ThumbprintSHA1....");
- verify(encryptedDoc, encCrypto, keystoreCallbackHandler);
+ List<WSSecurityEngineResult> results = verify(encryptedDoc, encCrypto,
keystoreCallbackHandler);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
}
/**
@@ -487,12 +514,20 @@ public class EncryptionTest extends org.
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true
: false);
- verify(encryptedDoc, crypto, keystoreCallbackHandler);
+ List<WSSecurityEngineResult> results = verify(encryptedDoc, crypto,
keystoreCallbackHandler);
outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
assertTrue(outputString.indexOf("counter_port_type") > 0 ? true
: false);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF);
}
@@ -609,15 +644,17 @@ public class EncryptionTest extends org.
* @throws Exception
* Thrown when there is a problem in verification
*/
- private void verify(
+ private List<WSSecurityEngineResult> verify(
Document doc, Crypto decCrypto, CallbackHandler handler
) throws Exception {
- secEngine.processSecurityHeader(doc, null, handler, decCrypto);
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, handler, decCrypto);
if (LOG.isDebugEnabled()) {
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+ return results;
}
/**
@@ -628,7 +665,7 @@ public class EncryptionTest extends org.
* @throws Exception Thrown when there is a problem in verification
*/
@SuppressWarnings("unchecked")
- private void verify(
+ private List<WSSecurityEngineResult> verify(
Document doc,
CallbackHandler handler,
javax.xml.namespace.QName expectedEncryptedElement
@@ -678,6 +715,7 @@ public class EncryptionTest extends org.
}
}
assertTrue(encrypted);
+ return results;
}
}
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
Wed Mar 7 12:29:42 2012
@@ -19,12 +19,17 @@
package org.apache.ws.security.message;
+import java.util.List;
+
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
/**
@@ -75,7 +80,16 @@ public class SKISignatureTest extends or
}
LOG.info("After SigningDSA_SKIDirect....");
- verify(signedDoc);
+
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
}
/**
@@ -152,7 +166,7 @@ public class SKISignatureTest extends or
* @param env soap envelope
* @throws java.lang.Exception Thrown when there is a problem in
verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, null, crypto);
+ private List<WSSecurityEngineResult> verify(Document doc) throws
Exception {
+ return secEngine.processSecurityHeader(doc, null, null, crypto);
}
}
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
Wed Mar 7 12:29:42 2012
@@ -28,6 +28,7 @@ import org.apache.ws.security.WSEncrypti
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.common.CustomHandler;
import org.apache.ws.security.common.KeystoreCallbackHandler;
@@ -38,6 +39,8 @@ import org.apache.ws.security.handler.Re
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -86,7 +89,15 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
LOG.info("After Signing IS....");
- verify(signedDoc);
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
}
@@ -229,7 +240,15 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
- verify(signedDoc);
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF);
}
/**
@@ -291,7 +310,15 @@ public class SignatureTest extends org.j
WSSConfig config = WSSConfig.getNewInstance();
config.setWsiBSPCompliant(false);
newEngine.setWssConfig(config);
- newEngine.processSecurityHeader(doc, null, null, crypto);
+ List<WSSecurityEngineResult> results =
newEngine.processSecurityHeader(doc, null, null, crypto);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
// Now turn on BSP spec compliance
config.setWsiBSPCompliant(true);
@@ -331,7 +358,16 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
LOG.info("After Signing ThumbprintSHA1....");
- verify(signedDoc);
+
+ List<WSSecurityEngineResult> results = verify(signedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
}
@@ -654,8 +690,8 @@ public class SignatureTest extends org.j
* @param env soap envelope
* @throws java.lang.Exception Thrown when there is a problem in
verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, null, crypto);
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception
{
+ return secEngine.processSecurityHeader(doc, null, null, crypto);
}
}
