svn commit: r566663 - in /webservices/wss4j/trunk/src/org/apache/ws/security: action/UsernameTokenSignedAction.java message/token/UsernameToken.java

Thu, 16 Aug 2007 04:30:23 -0700 

Author: werner
Date: Thu Aug 16 04:29:58 2007
New Revision: 566663

URL: http://svn.apache.org/viewvc?view=rev&rev=566663
Log:
Enhance to use digest password type for UsernameToken signature.

Modified:
    
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?view=diff&rev=566663&r1=566662&r2=566663
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
 Thu Aug 16 04:29:58 2007
@@ -1,5 +1,5 @@
 /*
- * Copyright  2003-2004 The Apache Software Foundation.
+ * Copyright  2003-2007 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -27,6 +27,15 @@
 import org.apache.xml.security.signature.XMLSignature;
 import org.w3c.dom.Document;
 
+/**
+ * Sign a request using a secret key derived from UsernameToken data.
+ * 
+ * Enhanced by Alberto Coletti to support digest password type for 
+ * username token signature
+ * 
+ * @author Werner Dittmann ([EMAIL PROTECTED])
+ */
+
 public class UsernameTokenSignedAction implements Action {
     public void execute(WSHandler handler, int actionToDo, Document doc, 
RequestData reqData)
             throws WSSecurityException {
@@ -37,7 +46,8 @@
 
         WSSecUsernameToken builder = new WSSecUsernameToken();
         builder.setWsConfig(reqData.getWssConfig());
-        builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+        builder.setPasswordType(reqData.getPwType());  // enhancement by 
Alberto Coletti
+        
         builder.setUserInfo(reqData.getUsername(), password);
         builder.addCreated();
         builder.addNonce();
@@ -53,6 +63,7 @@
         sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
         sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
         try {
+               
             sign.build(doc, null, reqData.getSecHeader());
             reqData.getSignatureValues().add(sign.getSignatureValue());
         } catch (WSSecurityException e) {

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?view=diff&rev=566663&r1=566662&r2=566663
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
 Thu Aug 16 04:29:58 2007
@@ -1,5 +1,5 @@
 /*
- * Copyright  2003-2004 The Apache Software Foundation.
+ * Copyright  2003-2007 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -44,13 +44,17 @@
 /**
  * UsernameToken according to WS Security specifications, UsernameToken 
profile.
  * 
+ * Enhanced to support digest password type for username token signature
+ * 
  * @author Davanum Srinivas ([EMAIL PROTECTED])
- * @author Werner Dittmann ([EMAIL PROTECTED])
+ * @author Werner Dittmann ([EMAIL PROTECTED])
  */
 public class UsernameToken {
     private static Log log = LogFactory.getLog(UsernameToken.class.getName());
 
     public static final String PASSWORD_TYPE = "passwordType";
+    
+    private String raw_password;        // enhancment by Alberto Coletti
 
     protected Element element = null;
 
@@ -397,6 +401,7 @@
         if (pwd == null) {
             throw new IllegalArgumentException("pwd == null");
         }
+        raw_password = pwd;             // enhancement by Alberto coletti
         Text node = getFirstNode(this.elementPassword);
         try {
             if (!hashed) {
@@ -541,7 +546,7 @@
         byte[] key = null;
         try {
             Mac mac = Mac.getInstance("HMACSHA1");
-            byte[] password = getPassword().getBytes("UTF-8");
+            byte[] password = raw_password.getBytes("UTF-8"); // enhancement 
by Alberto Coletti
             byte[] label = labelString.getBytes("UTF-8");
             byte[] nonce = Base64.decode(getNonce());
             byte[] created = getCreated().getBytes("UTF-8");
@@ -571,6 +576,8 @@
         }
         return key;
     }
+    
+  
 
     /**
      * This static method generates a derived key as defined in WSS Username



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to