Author: fadushin
Date: Fri Apr 11 09:16:02 2008
New Revision: 647209
URL: http://svn.apache.org/viewvc?rev=647209&view=rev
Log:
WSS-108 EncryptedKey fixes
* Committed Colm's patch with tests
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=647209&r1=647208&r2=647209&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
Fri Apr 11 09:16:02 2008
@@ -65,8 +65,6 @@
protected byte[] embeddedKey = null;
protected String embeddedKeyName = null;
-
- protected boolean useKeyIdentifier;
/**
* Symmetric key used in the EncrytpedKey.
@@ -132,15 +130,6 @@
}
/**
- * Set this true if a key identifier must be used in the KeyInfo
- *
- * @param useKeyIdentifier
- */
- public void setUseKeyIdentifier(boolean useKeyIdentifier) {
- this.useKeyIdentifier = useKeyIdentifier;
- }
-
- /**
* Set the name of the symmetric encryption algorithm to use.
*
* This encryption algorithm is used to encrypt the data. If the algorithm
@@ -190,14 +179,6 @@
}
/**
- * Returns if Key Identifiers should be used in KeyInfo
- * @return
- */
- public boolean getUseKeyIdentifier() {
- return useKeyIdentifier;
- }
-
- /**
* Initialize a WSSec Encrypt.
*
* The method prepares and initializes a WSSec Encrypt structure after the
@@ -433,13 +414,12 @@
private Vector doEncryption(Document doc, SecretKey secretKey,
Vector references) throws WSSecurityException {
-
- KeyInfo keyInfo = null;
-
- // Prepare KeyInfo if useKeyIdentifier is set
- if ( useKeyIdentifier &&
- keyIdentifierType ==
WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
- keyInfo = new KeyInfo(document);
+
+ KeyInfo keyInfo = null;
+
+ // Prepare KeyInfo if useKeyIdentifier is set
+ if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
+ keyInfo = new KeyInfo(document);
SecurityTokenReference secToken = new
SecurityTokenReference(document);
if(this.customReferenceValue != null) {
secToken.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
@@ -449,8 +429,8 @@
keyInfo.addUnknownElement(secToken.getElement());
- }
-
+ }
+
return doEncryption(doc, secretKey, keyInfo, references);
}
@@ -517,9 +497,9 @@
* xenc:EncryptedData
*/
try {
-
- if (modifier.equals("Header")) {
-
+
+ if (modifier.equals("Header")) {
+
Element elem =
doc.createElementNS(WSConstants.WSSE11_NS,"wsse11:"+WSConstants.ENCRYPTED_HEADER);
WSSecurityUtil.setNamespace(elem, WSConstants.WSSE11_NS,
WSConstants.WSSE11_PREFIX);
String wsuPrefix = WSSecurityUtil.setNamespace(elem,
@@ -530,16 +510,16 @@
NamedNodeMap map = body.getAttributes();
for (int i = 0 ; i < map.getLength() ; i++) {
- Attr attr = (Attr)map.item(i);
- if
(attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
- ||
attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {
+ Attr attr = (Attr)map.item(i);
+ if
(attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
+ ||
attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {
String soapEnvPrefix =
WSSecurityUtil.setNamespace(elem,
attr.getNamespaceURI(), "soapevn");
elem.setAttributeNS(attr.getNamespaceURI(),
soapEnvPrefix +":"+attr.getLocalName(), attr.getValue());
- }
+ }
}
-
- xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
EncryptedData encData = xmlCipher.getEncryptedData();
encData.setId(xencEncryptedDataId);
encData.setKeyInfo(keyInfo);
@@ -552,13 +532,13 @@
encDataElem.getParentNode().appendChild(elem);
encDataElem.getParentNode().removeChild(encDataElem);
- } else {
- xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+ } else {
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
EncryptedData encData = xmlCipher.getEncryptedData();
encData.setId(xencEncryptedDataId);
encData.setKeyInfo(keyInfo);
- xmlCipher.doFinal(doc, body, content);
- }
+ xmlCipher.doFinal(doc, body, content);
+ }
if(cloneKeyInfo) {
keyInfo = new KeyInfo((Element) keyInfo.getElement()
.cloneNode(true), null);
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=647209&r1=647208&r2=647209&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Fri Apr 11 09:16:02 2008
@@ -256,6 +256,14 @@
case WSConstants.THUMBPRINT_IDENTIFIER:
secToken.setKeyIdentifierThumb(remoteCert);
break;
+
+ case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
+ //
+ // This identifier is not applicable for this case, so fall back to
+ // ThumbprintRSA.
+ //
+ secToken.setKeyIdentifierThumb(remoteCert);
+ break;
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data = new XMLX509IssuerSerial(document,
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew.java?rev=647209&r1=647208&r2=647209&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew.java Fri Apr 11
09:16:02 2008
@@ -114,9 +114,7 @@
}
/**
- * Test that signs and verifies a WS-Security envelope.
- * The test uses the ThumbprintSHA1 key identifier type.
- *
+ * The test uses the ThumbprintSHA1 key identifier type.
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing
or verification
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java?rev=647209&r1=647208&r2=647209&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew14.java Fri Apr 11
09:16:02 2008
@@ -30,24 +30,32 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
import org.w3c.dom.Document;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
/**
- * WS-Security Test Case
+ * WS-Security Test Case for using the ThumbprintSHA1 key identifier for
+ * signature and encryption, and the EncryptedKeySHA1 key identifier for
encryption.
* <p/>
*
* @author Davanum Srinivas ([EMAIL PROTECTED])
*/
-public class TestWSSecurityNew14 extends TestCase {
+public class TestWSSecurityNew14 extends TestCase implements CallbackHandler {
private static Log log = LogFactory.getLog(TestWSSecurityNew14.class);
static final String NS = "http://www.w3.org/2000/09/xmldsig#";;
static final String soapMsg = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>" + "<SOAP-ENV:Body>" +
"<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>" + "<value
xmlns=\"\">15</value>" + "</add>" + "</SOAP-ENV:Body>\r\n \r\n" +
"</SOAP-ENV:Envelope>";
@@ -135,7 +143,7 @@
/*
* convert the resulting document into a message first. The
toAxisMessage()
- * mehtod performs the necessary c14n call to properly set up the
signed
+ * method performs the necessary c14n call to properly set up the
signed
* document and convert it into a SOAP message. After that we extract
it
* as a document again for further processing.
*/
@@ -171,6 +179,66 @@
Document signedDoc1 = builder.build(signedDoc, crypto, secHeader);
verify(signedDoc1);
}
+
+ /**
+ * Test that encrypts and decrypts a WS-Security envelope.
+ * The test uses the ThumbprintSHA1 key identifier type.
+ * <p/>
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testX509EncryptionThumb() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+ builder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ log.info("Before Encrypting ThumbprintSHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Encrypted message with THUMBPRINT_IDENTIFIER:");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ log.debug(outputString);
+ assertTrue(outputString.contains("#ThumbprintSHA1"));
+ }
+
+ log.info("After Encrypting ThumbprintSHA1....");
+ verify(encryptedDoc);
+ }
+
+ /**
+ * Test that encrypts and decrypts a WS-Security envelope.
+ * The test uses the EncryptedKeySHA1 key identifier type.
+ * <p/>
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testX509EncryptionSHA1() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+
+ log.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ log.debug(outputString);
+ assertTrue(outputString.contains("#EncryptedKeySHA1"));
+ }
+
+ log.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
/**
* Verifies the soap envelope.
@@ -180,6 +248,24 @@
* @throws java.lang.Exception Thrown when there is a problem in
verification
*/
private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, null, crypto);
+ secEngine.processSecurityHeader(doc, null, this, crypto);
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ /*
+ * here call a function/method to lookup the password for
+ * the given identifier (e.g. a user name or keystore alias)
+ * e.g.:
pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+ * for Testing we supply a fixed name here.
+ */
+ pc.setPassword("security");
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
+ }
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
