Author: coheigea
Date: Wed Apr 1 10:37:19 2009
New Revision: 760850
URL: http://svn.apache.org/viewvc?rev=760850&view=rev
Log:
[WSS-169] - Added an EncodingType attribute for a UsernameToken nonce as per
basic security profile
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java?rev=760850&r1=760849&r2=760850&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
Wed Apr 1 10:37:19 2009
@@ -35,23 +35,15 @@
*/
public class WSSecUsernameToken extends WSSecBase {
- private static Log log = LogFactory.getLog(WSSecUsernameToken.class
- .getName());
+ private static Log log =
LogFactory.getLog(WSSecUsernameToken.class.getName());
private String passwordType = WSConstants.PASSWORD_DIGEST;
-
private UsernameToken ut = null;
-
private boolean nonce = false;
-
private boolean created = false;
-
private boolean useDerivedKey = false;
-
private boolean useMac = false;
-
private byte[] saltValue;
-
private int iteration = UsernameToken.DEFAULT_ITERATION;
/**
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=760850&r1=760849&r2=760850&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Wed Apr 1 10:37:19 2009
@@ -51,45 +51,33 @@
* @author Werner Dittmann ([email protected])
*/
public class UsernameToken {
- private static final Log log =
LogFactory.getLog(UsernameToken.class.getName());
-
- private static final boolean doDebug = log.isDebugEnabled();
-
+ public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS +
"#Base64Binary";
public static final String PASSWORD_TYPE = "passwordType";
+ public static final int DEFAULT_ITERATION = 1000;
+ public static final QName TOKEN =
+ new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN);
- private String raw_password; // enhancement by Alberto Coletti
+ private static final Log LOG =
LogFactory.getLog(UsernameToken.class.getName());
+ private static final boolean DO_DEBUG = LOG.isDebugEnabled();
+ private static SecureRandom random;
protected Element element = null;
-
protected Element elementUsername = null;
-
protected Element elementPassword = null;
-
protected Element elementNonce = null;
-
protected Element elementCreated = null;
-
protected Element elementSalt = null;
-
protected Element elementIteration = null;
-
protected String passwordType = null;
-
protected boolean hashed = true;
-
- private static SecureRandom random = null;
-
- public static final int DEFAULT_ITERATION = 1000;
-
- public static final QName TOKEN = new QName(WSConstants.WSSE_NS,
- WSConstants.USERNAME_TOKEN_LN);
+ private String rawPassword; // enhancement by Alberto Coletti
static {
try {
random = WSSecurityUtil.resolveSecureRandom();
} catch (NoSuchAlgorithmException e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
}
}
@@ -103,8 +91,8 @@
* @throws WSSecurityException
*/
public UsernameToken(Element elem) throws WSSecurityException {
- this.element = elem;
- QName el = new QName(this.element.getNamespaceURI(),
this.element.getLocalName());
+ element = elem;
+ QName el = new QName(element.getNamespaceURI(),
element.getLocalName());
if (!el.equals(TOKEN)) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
@@ -199,19 +187,19 @@
* password required
*/
public UsernameToken(boolean milliseconds, Document doc, String pwType) {
- this.element =
+ element =
doc.createElementNS(WSConstants.WSSE_NS, "wsse:" +
WSConstants.USERNAME_TOKEN_LN);
- WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX);
+ WSSecurityUtil.setNamespace(element, WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX);
- this.elementUsername =
+ elementUsername =
doc.createElementNS(WSConstants.WSSE_NS, "wsse:" +
WSConstants.USERNAME_LN);
- this.elementUsername.appendChild(doc.createTextNode(""));
+ elementUsername.appendChild(doc.createTextNode(""));
element.appendChild(elementUsername);
if (pwType != null) {
- this.elementPassword =
+ elementPassword =
doc.createElementNS(WSConstants.WSSE_NS, "wsse:" +
WSConstants.PASSWORD_LN);
- this.elementPassword.appendChild(doc.createTextNode(""));
+ elementPassword.appendChild(doc.createTextNode(""));
element.appendChild(elementPassword);
hashed = false;
@@ -233,9 +221,9 @@
}
byte[] nonceValue = new byte[16];
random.nextBytes(nonceValue);
- this.elementNonce =
- doc.createElementNS(WSConstants.WSSE_NS, "wsse:" +
WSConstants.NONCE_LN);
-
this.elementNonce.appendChild(doc.createTextNode(Base64.encode(nonceValue)));
+ elementNonce = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" +
WSConstants.NONCE_LN);
+
elementNonce.appendChild(doc.createTextNode(Base64.encode(nonceValue)));
+ elementNonce.setAttributeNS(null, "EncodingType", BASE64_ENCODING);
element.appendChild(elementNonce);
}
@@ -254,12 +242,12 @@
zulu.setTimeZone(TimeZone.getTimeZone("UTC"));
}
Calendar rightNow = Calendar.getInstance();
- this.elementCreated =
+ elementCreated =
doc.createElementNS(
WSConstants.WSU_NS,WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
);
- WSSecurityUtil.setNamespace(this.element, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
-
this.elementCreated.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
+ WSSecurityUtil.setNamespace(element, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
element.appendChild(elementCreated);
}
@@ -279,12 +267,12 @@
if (saltValue == null) {
saltValue = generateSalt(mac);
}
- this.elementSalt =
+ elementSalt =
doc.createElementNS(
WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX + ":" +
WSConstants.SALT_LN
);
WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE11_NS,
WSConstants.WSSE11_PREFIX);
-
this.elementSalt.appendChild(doc.createTextNode(Base64.encode(saltValue)));
+ elementSalt.appendChild(doc.createTextNode(Base64.encode(saltValue)));
element.appendChild(elementSalt);
return saltValue;
}
@@ -294,11 +282,11 @@
*/
public void addIteration(Document doc, int iteration) {
String text = "" + iteration;
- this.elementIteration =
+ elementIteration =
doc.createElementNS(
WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX + ":" +
WSConstants.ITERATION_LN
);
- WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE11_NS,
WSConstants.WSSE11_PREFIX);
+ WSSecurityUtil.setNamespace(element, WSConstants.WSSE11_NS,
WSConstants.WSSE11_PREFIX);
this.elementIteration.appendChild(doc.createTextNode(text));
element.appendChild(elementIteration);
}
@@ -309,7 +297,7 @@
* @return the data from the user name element.
*/
public String getName() {
- return nodeString(this.elementUsername);
+ return nodeString(elementUsername);
}
/**
@@ -319,7 +307,7 @@
* element.
*/
public void setName(String name) {
- Text node = getFirstNode(this.elementUsername);
+ Text node = getFirstNode(elementUsername);
node.setData(name);
}
@@ -329,7 +317,7 @@
* @return the data from the nonce element.
*/
public String getNonce() {
- return nodeString(this.elementNonce);
+ return nodeString(elementNonce);
}
/**
@@ -338,7 +326,7 @@
* @return the data from the created time element.
*/
public String getCreated() {
- return nodeString(this.elementCreated);
+ return nodeString(elementCreated);
}
/**
@@ -349,7 +337,7 @@
* @return the password string or <code>null</code> if no such node exists.
*/
public String getPassword() {
- return nodeString(this.elementPassword);
+ return nodeString(elementPassword);
}
/**
@@ -360,9 +348,9 @@
* @throws WSSecurityException
*/
public byte[] getSalt() throws WSSecurityException {
- String salt = nodeString(this.elementSalt);
+ String salt = nodeString(elementSalt);
if (salt != null) {
- return Base64.decode(nodeString(this.elementSalt));
+ return Base64.decode(nodeString(elementSalt));
}
return null;
}
@@ -375,7 +363,7 @@
* is returned.
*/
public int getIteration() {
- String iter = nodeString(this.elementIteration);
+ String iter = nodeString(elementIteration);
if (iter != null) {
return Integer.parseInt(iter);
}
@@ -409,7 +397,7 @@
*/
public void setPassword(String pwd) {
if (pwd == null) {
- if (this.passwordType != null) {
+ if (passwordType != null) {
throw new IllegalArgumentException("pwd == null but a password
is needed");
} else {
// Ignore setting the password.
@@ -417,19 +405,19 @@
}
}
- raw_password = pwd; // enhancement by Alberto coletti
- Text node = getFirstNode(this.elementPassword);
+ rawPassword = pwd; // enhancement by Alberto coletti
+ Text node = getFirstNode(elementPassword);
try {
if (!hashed) {
node.setData(pwd);
- this.elementPassword.setAttribute("Type",
WSConstants.PASSWORD_TEXT);
+ elementPassword.setAttribute("Type",
WSConstants.PASSWORD_TEXT);
} else {
node.setData(doPasswordDigest(getNonce(), getCreated(), pwd));
- this.elementPassword.setAttribute("Type",
WSConstants.PASSWORD_DIGEST);
+ elementPassword.setAttribute("Type",
WSConstants.PASSWORD_DIGEST);
}
} catch (Exception e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
}
}
@@ -439,15 +427,15 @@
*
* @param raw_password the raw_password to set
*/
- public void setRawPassword(String raw_password) {
- this.raw_password = raw_password;
+ public void setRawPassword(String newRawPassword) {
+ rawPassword = newRawPassword;
}
/**
* Get the raw (plain text) password used to compute secret key.
*/
public String getRawPassword() {
- return this.raw_password;
+ return rawPassword;
}
public static String doPasswordDigest(String nonce, String created, String
password) {
@@ -471,8 +459,8 @@
sha.update(b4);
passwdDigest = Base64.encode(sha.digest());
} catch (Exception e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
}
return passwdDigest;
@@ -514,7 +502,7 @@
* @return the <code>wsse:UsernameToken</code> element
*/
public Element getElement() {
- return this.element;
+ return element;
}
/**
@@ -533,7 +521,7 @@
* token
*/
public String getID() {
- return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
+ return element.getAttributeNS(WSConstants.WSU_NS, "Id");
}
/**
@@ -545,8 +533,8 @@
*/
public void setID(String id) {
String prefix =
- WSSecurityUtil.setNamespace(this.element, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
- this.element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
+ WSSecurityUtil.setNamespace(element, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
+ element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
/**
@@ -573,7 +561,7 @@
byte[] key = null;
try {
Mac mac = Mac.getInstance("HMACSHA1");
- byte[] password = raw_password.getBytes("UTF-8"); // enhancement
by Alberto Coletti
+ byte[] password = rawPassword.getBytes("UTF-8"); // enhancement by
Alberto Coletti
byte[] label = labelString.getBytes("UTF-8");
byte[] nonce = Base64.decode(getNonce());
byte[] created = getCreated().getBytes("UTF-8");
@@ -590,17 +578,17 @@
key = P_hash(password, seed, mac, keylen);
- if (log.isDebugEnabled()) {
- log.debug("password :" + Base64.encode(password));
- log.debug("label :" + Base64.encode(label));
- log.debug("nonce :" + Base64.encode(nonce));
- log.debug("created :" + Base64.encode(created));
- log.debug("seed :" + Base64.encode(seed));
- log.debug("Key :" + Base64.encode(key));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("password :" + Base64.encode(password));
+ LOG.debug("label :" + Base64.encode(label));
+ LOG.debug("nonce :" + Base64.encode(nonce));
+ LOG.debug("created :" + Base64.encode(created));
+ LOG.debug("seed :" + Base64.encode(seed));
+ LOG.debug("Key :" + Base64.encode(key));
}
} catch (Exception e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
return null;
}
@@ -608,7 +596,6 @@
}
-
/**
* This static method generates a derived key as defined in WSS Username
* Token Profile.
@@ -632,8 +619,8 @@
try {
pwBytes = password.getBytes("UTF-8");
} catch (final java.io.UnsupportedEncodingException e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
throw new WSSecurityException("Unable to convert password to
UTF-8", e);
}
@@ -646,8 +633,8 @@
try {
sha = MessageDigest.getInstance("SHA-1");
} catch (NoSuchAlgorithmException e) {
- if (doDebug) {
- log.debug(e.getMessage(), e);
+ if (DO_DEBUG) {
+ LOG.debug(e.getMessage(), e);
}
throw new WSSecurityException(
WSSecurityException.FAILURE, "noSHA1availabe", null, e
@@ -678,7 +665,7 @@
public byte[] getDerivedKey() throws WSSecurityException {
int iteration = getIteration();
byte[] salt = getSalt();
- return generateDerivedKey(raw_password, salt, iteration);
+ return generateDerivedKey(rawPassword, salt, iteration);
}
/**
@@ -696,7 +683,6 @@
}
-
/**
* This static method generates a 128 bit salt value as defined in WSS
* Username Token Profile.
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java?rev=760850&r1=760849&r2=760850&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java Wed Apr 1
10:37:19 2009
@@ -48,7 +48,6 @@
/**
* WS-Security Test Case for UsernameTokens.
- * <p/>
*
* @author Davanum Srinivas ([email protected])
*/
@@ -89,7 +88,6 @@
/**
* TestWSSecurity constructor
- * <p/>
*
* @param name name of the test
*/
@@ -99,7 +97,6 @@
/**
* JUnit suite
- * <p/>
*
* @return a junit test suite
*/
@@ -109,7 +106,6 @@
/**
* Setup method
- * <p/>
*
* @throws java.lang.Exception Thrown when there is a problem in setup
*/
@@ -121,7 +117,6 @@
/**
* Constructs a soap envelope
- * <p/>
*
* @return soap envelope
* @throws java.lang.Exception if there is any problem constructing the
soap envelope
@@ -135,14 +130,12 @@
/**
* Test that adds a UserNameToken with password Digest to a WS-Security
envelope
- * <p/>
*/
public void testUsernameTokenDigest() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("wernerd", "verySecret");
LOG.info("Before adding UsernameToken PW Digest....");
- // Document doc = unsignedEnvelope.getAsDocument();
- Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+ Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
@@ -190,7 +183,6 @@
/**
* Test that adds a UserNameToken with a bad password Digest to a
WS-Security envelope
- * <p/>
*/
public void testUsernameTokenBadDigest() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -219,7 +211,6 @@
/**
* Test that adds a UserNameToken with password text to a WS-Security
envelope
- * <p/>
*/
public void testUsernameTokenText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -243,7 +234,6 @@
/**
* Test that adds a UserNameToken with a digested password but with type of
* password test.
- * <p/>
*/
public void testUsernameTokenDigestText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -270,7 +260,6 @@
/**
* Test that adds a UserNameToken with (bad) password text to a
WS-Security envelope
- * <p/>
*/
public void testUsernameTokenBadText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -348,7 +337,6 @@
/**
* Test with a null token type. This will fail as the default is to reject
custom
* token types.
- * <p/>
*/
public void testUsernameTokenCustomFail() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -378,7 +366,6 @@
/**
* Test with a null password type. This will pass as the WSSConfig is
configured to
* handle custom token types.
- * <p/>
*/
public void testUsernameTokenCustomPass() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
@@ -498,8 +485,23 @@
}
/**
+ * Test that verifies an EncodingType is set for the nonce. See WSS-169.
+ */
+ public void testUsernameTokenNonceEncodingType() throws Exception {
+ WSSecUsernameToken builder = new WSSecUsernameToken();
+ builder.setUserInfo("wernerd", "verySecret");
+ LOG.info("Before adding UsernameToken PW Digest....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = builder.build(doc, secHeader);
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ assertTrue(outputString.indexOf("EncodingType") != -1);
+ }
+
+ /**
* Verifies the soap envelope
- * <p/>
*
* @param env soap envelope
* @throws java.lang.Exception Thrown when there is a problem in
verification
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
