svn commit: r1037694 - in /webservices/wss4j/trunk: ./ src/org/apache/ws/security/ src/org/apache/ws/security/message/ src/org/apache/ws/security/processor/ test/ test/wssec/

Mon, 22 Nov 2010 04:42:33 -0800 

Author: coheigea
Date: Mon Nov 22 12:40:47 2010
New Revision: 1037694

URL: http://svn.apache.org/viewvc?rev=1037694&view=rev
Log:
[WSS-238] - Forward-merged to trunk.

Added:
    webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
      - copied, changed from r1037678, 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
Modified:
    webservices/wss4j/trunk/   (props changed)
    webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java   (props 
changed)
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
    webservices/wss4j/trunk/test/log4j.properties   (props changed)
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java

Propchange: webservices/wss4j/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678

Propchange: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java 
Mon Nov 22 12:40:47 2010
@@ -78,7 +78,7 @@ public class WSSecBase {
     }
 
     /**
-     * Gets the value of the <code>keyIdentifyerType</code>.
+     * Gets the value of the <code>keyIdentifierType</code>.
      * 
      * @return The <code>keyIdentifyerType</code>.
      * @see WSConstants#ISSUER_SERIAL

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java 
(original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java 
Mon Nov 22 12:40:47 2010
@@ -85,7 +85,7 @@ public class WSSecEncrypt extends WSSecE
      * Custom reference value
      */
     private String customReferenceValue;
-    
+
     /**
      * True if the encKeyId is a direct reference to a key identifier instead 
of a URI to a key
      */
@@ -531,6 +531,9 @@ public class WSSecEncrypt extends WSSecE
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
             keyInfo.addKeyName(embeddedKeyName == null ? user : 
embeddedKeyName);
+        } else if 
(SecurityTokenReference.SAML_ID_URI.equals(customReferenceValue)) {
+            SecurityTokenReference secToken = new 
SecurityTokenReference(document);
+            secToken.setSAMLKeyIdentifier((encKeyIdDirectId ? "":"#") + 
encKeyId);
         } else if (securityTokenReference != null) {
             Element tmpE = securityTokenReference.getElement();
             tmpE.setAttributeNS(
@@ -640,11 +643,11 @@ public class WSSecEncrypt extends WSSecE
     public boolean isEncryptSymmKey() {
         return encryptSymmKey;
     }
-
+    
     public void setEncryptSymmKey(boolean encryptSymmKey) {
         this.encryptSymmKey = encryptSymmKey;
     }
-
+    
     private String getSHA1(byte[] input) throws WSSecurityException {
         try {
             MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
@@ -659,7 +662,7 @@ public class WSSecEncrypt extends WSSecE
             );
         }
     }
-
+    
     public void setCustomReferenceValue(String customReferenceValue) {
         this.customReferenceValue = customReferenceValue;
     }

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
 Mon Nov 22 12:40:47 2010
@@ -97,6 +97,16 @@ public class WSSecEncryptedKey extends W
     protected String encKeyId = null;
 
     /**
+     * Custom token value
+     */
+    protected String customEKTokenValueType;
+    
+    /**
+     * Custom token id
+     */
+    protected String customEKTokenId;
+    
+    /**
      * BinarySecurityToken to be included in the case where 
BST_DIRECT_REFERENCE
      * is used to refer to the asymmetric encryption cert
      */
@@ -289,6 +299,10 @@ public class WSSecEncryptedKey extends W
             ref.setValueType(bstToken.getValueType());
             secToken.setReference(ref);
             break;
+            
+        case WSConstants.CUSTOM_KEY_IDENTIFIER:
+            secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
+            break;           
 
         default:
             throw new WSSecurityException(WSSecurityException.FAILURE, 
"unsupportedKeyId");
@@ -519,4 +533,11 @@ public class WSSecEncryptedKey extends W
         return encryptedEphemeralKey;
     }
     
+    public void setCustomEKTokenValueType(String customEKTokenValueType) {
+        this.customEKTokenValueType = customEKTokenValueType;
+    }
+
+    public void setCustomEKTokenId(String customEKTokenId) {
+        this.customEKTokenId = customEKTokenId;
+    }
 }

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
 Mon Nov 22 12:40:47 2010
@@ -32,6 +32,8 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
@@ -369,7 +371,20 @@ public class EncryptedKeyProcessor imple
         // This method is _not_ recommended by OASIS WS-S specification, X509 
profile
         //
         else if (secRef.containsKeyIdentifier()) {
-            certs = secRef.getKeyIdentifier(crypto);
+            if 
(WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) 
{ 
+                Element token = 
+                    secRef.getKeyIdentifierTokenElement(doc, docInfo, cb);
+                
+                if (crypto == null) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE, "noSigCryptoFile"
+                    );
+                }
+                SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(token, crypto, 
cb);
+                certs = samlKi.getCerts();
+            } else {
+                certs = secRef.getKeyIdentifier(crypto);
+            }
             if (certs == null || certs.length < 1 || certs[0] == null) {
                 throw new WSSecurityException(
                     WSSecurityException.FAILURE,

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
 Mon Nov 22 12:40:47 2010
@@ -349,27 +349,42 @@ public class ReferenceListProcessor impl
                 }
             }
         } else if (secRef.containsKeyIdentifier()){
-            String keyIdentifierValue = secRef.getKeyIdentifierValue();
-            WSPasswordCallback pwcb = 
-                new WSPasswordCallback(
-                    keyIdentifierValue,
-                    null,
-                    secRef.getKeyIdentifierValueType(),
-                    WSPasswordCallback.ENCRYPTED_KEY_TOKEN
-                );
-            
-            try {
-                Callback[] callbacks = new Callback[]{pwcb};
-                cb.handle(callbacks);
-            } catch (Exception e) {
-                throw new WSSecurityException(
-                    WSSecurityException.FAILURE,
-                    "noPassword", 
-                    new Object[] {keyIdentifierValue}, 
-                    e
-                );
+            if 
(WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) 
{ 
+                Element token = 
+                    
secRef.getKeyIdentifierTokenElement(secRefToken.getOwnerDocument(), wsDocInfo, 
cb);
+                
+                if (crypto == null) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE, "noSigCryptoFile"
+                    );
+                }
+                SAMLKeyInfo keyInfo = SAMLUtil.getSAMLKeyInfo(token, crypto, 
cb);
+                // TODO Handle malformed SAML tokens where they don't have the 
+                // secret in them
+                decryptedData = keyInfo.getSecret();
+            } else {
+                String keyIdentifierValue = secRef.getKeyIdentifierValue();
+                WSPasswordCallback pwcb = 
+                    new WSPasswordCallback(
+                        keyIdentifierValue,
+                        null,
+                        secRef.getKeyIdentifierValueType(),
+                        WSPasswordCallback.ENCRYPTED_KEY_TOKEN
+                    );
+                
+                try {
+                    Callback[] callbacks = new Callback[]{pwcb};
+                    cb.handle(callbacks);
+                } catch (Exception e) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE,
+                        "noPassword", 
+                        new Object[] {keyIdentifierValue}, 
+                        e
+                    );
+                }
+                decryptedData = pwcb.getKey();
             }
-            decryptedData = pwcb.getKey();
         } else {
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, 
"noReference");
         }

Propchange: webservices/wss4j/trunk/test/log4j.properties
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890,1037678

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java Mon Nov 22 
12:40:47 2010
@@ -318,7 +318,7 @@ public class TestWSSecurityNew3 extends 
                  * e.g.: 
pc.setPassword(passStore.getPassword(pc.getIdentfifier))
                  * for Testing we supply a fixed name here.
                  */
-                pc.setPassword("password");
+                pc.setPassword("security");
             } else {
                 throw new UnsupportedCallbackException(callbacks[i], 
"Unrecognized Callback");
             }

Copied: webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java 
(from r1037678, 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java)
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java?p2=webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java&p1=webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java&r1=1037678&r2=1037694&rev=1037694&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
 (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java Mon 
Nov 22 12:40:47 2010
@@ -52,6 +52,7 @@ import org.opensaml.SAMLAssertion;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.List;
 import java.util.Vector;
 
 import javax.security.auth.callback.Callback;
@@ -152,10 +153,10 @@ public class TestWSSecuritySAMLKeyIdenti
         builder.setCustomEKTokenId(assertion.getId());
         
         builder.prepare(doc, hokCrypto);
-        Vector parts = new Vector();
+        List<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
         WSEncryptionPart encP = new WSEncryptionPart("testMethod", 
"uri:LogTestService2", "Element");
         parts.add(encP);
-        Element refElement = builder.encryptForInternalRef(null, parts);
+        Element refElement = builder.encryptForRef(null, parts);
         builder.addInternalRefElement(refElement);
         builder.appendToHeader(secHeader);
 
@@ -166,7 +167,7 @@ public class TestWSSecuritySAMLKeyIdenti
             LOG.debug(outputString);
         }
         
-        Vector results = verify(doc, hokCrypto);
+        List<WSSecurityEngineResult> results = verify(doc, hokCrypto);
         WSSecurityEngineResult actionResult =
             WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
         SAMLAssertion receivedAssertion = 
@@ -181,8 +182,9 @@ public class TestWSSecuritySAMLKeyIdenti
      * @param doc
      * @throws Exception Thrown when there is a problem in verification
      */
-    private Vector verify(Document doc, Crypto verifyCrypto) throws Exception {
-        Vector results = secEngine.processSecurityHeader(doc, null, this, 
verifyCrypto);
+    private List<WSSecurityEngineResult> verify(Document doc, Crypto 
verifyCrypto) throws Exception {
+        List<WSSecurityEngineResult> results = 
+            secEngine.processSecurityHeader(doc, null, this, verifyCrypto);
         String outputString = 
             org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
         assertTrue(outputString.indexOf("LogTestService2") > 0 ? true : false);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org

Reply via email to