Author: coheigea
Date: Wed Oct 28 12:37:19 2009
New Revision: 830515
URL: http://svn.apache.org/viewvc?rev=830515&view=rev
Log:
[WSS-180] - Backported fix for "Support symmetric signature/encryption via
configuration" to 1_5_x-fixes
- This involved changing how WSHandler gets Crypto instances...it doesn't
throw an exception now if there is no crypto instance
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/EncryptionAction.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/EncryptionAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/EncryptionAction.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/EncryptionAction.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/EncryptionAction.java
Wed Oct 28 12:37:19 2009
@@ -18,6 +18,7 @@
package org.apache.ws.security.action;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
@@ -58,6 +59,16 @@
if (reqData.getEncryptParts().size() > 0) {
wsEncrypt.setParts(reqData.getEncryptParts());
}
+ if (!reqData.getEncryptSymmetricEncryptionKey()) {
+ WSPasswordCallback pwcb =
+ handler.getPassword(reqData.getEncUser(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData
+ );
+ wsEncrypt.setEphemeralKey(pwcb.getKey());
+
wsEncrypt.setEncryptSymmKey(reqData.getEncryptSymmetricEncryptionKey());
+ }
try {
wsEncrypt.build(doc, reqData.getEncCrypto(),
reqData.getSecHeader());
} catch (WSSecurityException e) {
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
Wed Oct 28 12:37:19 2009
@@ -17,6 +17,7 @@
package org.apache.ws.security.action;
+import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
@@ -27,13 +28,13 @@
public class SignatureAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc,
RequestData reqData)
throws WSSecurityException {
- String password =
+ WSPasswordCallback pwcb =
handler.getPassword(
reqData.getSignatureUser(),
actionToDo,
WSHandlerConstants.PW_CALLBACK_CLASS,
WSHandlerConstants.PW_CALLBACK_REF, reqData
- ).getPassword();
+ );
WSSecSignature wsSign = new WSSecSignature();
wsSign.setWsConfig(reqData.getWssConfig());
@@ -48,10 +49,14 @@
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
- wsSign.setUserInfo(reqData.getSignatureUser(), password);
+ wsSign.setUserInfo(reqData.getSignatureUser(), pwcb.getPassword());
if (reqData.getSignatureParts().size() > 0) {
wsSign.setParts(reqData.getSignatureParts());
}
+
+ if (pwcb.getKey() != null) {
+ wsSign.setSecretKey(pwcb.getKey());
+ }
try {
wsSign.build(doc, reqData.getSigCrypto(), reqData.getSecHeader());
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
Wed Oct 28 12:37:19 2009
@@ -57,6 +57,7 @@
private WSSConfig wssConfig = null;
private Vector signatureValues = new Vector();
private WSSecHeader secHeader = null;
+ private boolean encSymmetricEncryptionKey = true;
public void clear() {
soapConstants = null;
@@ -69,6 +70,7 @@
wssConfig = null;
signatureValues.clear();
signatureDigestAlgorithm = null;
+ encSymmetricEncryptionKey = true;
signatureUser = null;
}
@@ -111,6 +113,14 @@
public void setUsername(String username) {
this.username = username;
}
+
+ public void setEncryptSymmetricEncryptionKey(boolean encrypt) {
+ encSymmetricEncryptionKey = encrypt;
+ }
+
+ public boolean getEncryptSymmetricEncryptionKey() {
+ return encSymmetricEncryptionKey;
+ }
public String getPwType() {
return pwType;
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
Wed Oct 28 12:37:19 2009
@@ -423,19 +423,21 @@
* Get crypto property file for signature. If none specified throw
* fault, otherwise get a crypto instance.
*/
- String sigPropFile = getString(WSHandlerConstants.SIG_PROP_FILE,
- reqData.getMsgContext());
+ String sigPropFile =
+ getString(WSHandlerConstants.SIG_PROP_FILE,
reqData.getMsgContext());
if (sigPropFile != null) {
crypto = (Crypto) cryptos.get(sigPropFile);
if (crypto == null) {
- crypto = CryptoFactory.getInstance(
- sigPropFile, this.getClassLoader(reqData.getMsgContext()));
+ crypto =
+ CryptoFactory.getInstance(
+ sigPropFile,
this.getClassLoader(reqData.getMsgContext())
+ );
cryptos.put(sigPropFile, crypto);
}
} else if (getString(WSHandlerConstants.SIG_PROP_REF_ID,
reqData.getMsgContext()) != null) {
- /*
- * If the property file is missing then look for the Properties
object
- */
+ //
+ // If the property file is missing then look for the Properties
object
+ //
String refId =
getString(WSHandlerConstants.SIG_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
@@ -446,18 +448,10 @@
crypto =
CryptoFactory.getInstance((Properties)propObj);
cryptos.put(refId, crypto);
}
- } else {
- throw new WSSecurityException(
- "WSHandler: Signature: signaturePropRefId must hold a
"
- + "java.util.Properties object"
- );
}
}
- } else {
- throw new WSSecurityException(
- "WSHandler: Signature: no crypto properties"
- );
}
+
return crypto;
}
@@ -478,13 +472,15 @@
crypto = (Crypto) cryptos.get(encPropFile);
if (crypto == null) {
crypto =
- CryptoFactory.getInstance(encPropFile,
this.getClassLoader(reqData.getMsgContext()));
+ CryptoFactory.getInstance(
+ encPropFile,
this.getClassLoader(reqData.getMsgContext())
+ );
cryptos.put(encPropFile, crypto);
}
} else if (getString(WSHandlerConstants.ENC_PROP_REF_ID,
reqData.getMsgContext()) != null) {
- /*
- * If the property file is missing then look for the Properties
object
- */
+ //
+ // If the property file is missing then look for the Properties
object
+ //
String refId =
getString(WSHandlerConstants.ENC_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
@@ -495,18 +491,15 @@
crypto =
CryptoFactory.getInstance((Properties)propObj);
cryptos.put(refId, crypto);
}
- } else {
- throw new WSSecurityException(
- "WSHandler: Encryption: encryptionPropRefId must hold
a"
- + " java.util.Properties object"
- );
}
}
- } else if ((crypto = reqData.getSigCrypto()) == null) {
- throw new WSSecurityException(
- "WSHandler: Encryption: no crypto property file"
- );
+ } else if (reqData.getSigCrypto() != null) {
+ //
+ // Default to the signature crypto
+ //
+ crypto = reqData.getSigCrypto();
}
+
return crypto;
}
@@ -558,7 +551,8 @@
|| tmp == WSConstants.BST_DIRECT_REFERENCE
|| tmp == WSConstants.X509_KEY_IDENTIFIER
|| tmp == WSConstants.SKI_KEY_IDENTIFIER
- || tmp == WSConstants.THUMBPRINT_IDENTIFIER)) {
+ || tmp == WSConstants.THUMBPRINT_IDENTIFIER
+ || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
throw new WSSecurityException(
"WSHandler: Signature: illegal key identification"
);
@@ -616,7 +610,8 @@
|| tmp == WSConstants.SKI_KEY_IDENTIFIER
|| tmp == WSConstants.BST_DIRECT_REFERENCE
|| tmp == WSConstants.EMBEDDED_KEYNAME
- || tmp == WSConstants.THUMBPRINT_IDENTIFIER)) {
+ || tmp == WSConstants.THUMBPRINT_IDENTIFIER
+ || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
throw new WSSecurityException(
"WSHandler: Encryption: illegal key identification"
);
@@ -628,6 +623,12 @@
String encKeyTransport =
getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
reqData.setEncKeyTransport(encKeyTransport);
+
+ String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY,
mc);
+ if (encSymEncKey != null) {
+ boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
+ reqData.setEncryptSymmetricEncryptionKey(encSymEndKeyBoolean);
+ }
String encParts = getString(WSHandlerConstants.ENCRYPTION_PARTS, mc);
if (encParts != null) {
@@ -987,13 +988,15 @@
crypto = (Crypto) cryptos.get(decPropFile);
if (crypto == null) {
crypto =
- CryptoFactory.getInstance(decPropFile,
this.getClassLoader(reqData.getMsgContext()));
+ CryptoFactory.getInstance(
+ decPropFile,
this.getClassLoader(reqData.getMsgContext())
+ );
cryptos.put(decPropFile, crypto);
}
} else if (getString(WSHandlerConstants.DEC_PROP_REF_ID,
reqData.getMsgContext()) != null) {
- /*
- * If the property file is missing then look for the Properties
object
- */
+ //
+ // If the property file is missing then look for the Properties
object
+ //
String refId =
getString(WSHandlerConstants.DEC_PROP_REF_ID,
reqData.getMsgContext());
if (refId != null) {
@@ -1004,18 +1007,15 @@
crypto =
CryptoFactory.getInstance((Properties)propObj);
cryptos.put(refId, crypto);
}
- } else {
- throw new WSSecurityException(
- "WSHandler: Decrytion: decryptionPropRefId must hold
a"
- + " java.util.Properties object"
- );
}
}
- } else if ((crypto = reqData.getSigCrypto()) == null) {
- throw new WSSecurityException(
- "WSHandler: Encryption: no crypto property file"
- );
+ } else if (reqData.getSigCrypto() != null) {
+ //
+ // Default to the signature crypto
+ //
+ crypto = reqData.getSigCrypto();
}
+
return crypto;
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
Wed Oct 28 12:37:19 2009
@@ -672,6 +672,21 @@
*/
public static final String ENC_KEY_TRANSPORT =
"encryptionKeyTransportAlgorithm";
+
+ /**
+ * Defines whether to encrypt the symmetric encryption key or not. If true
+ * (the default), the symmetric key used for encryption is encrypted in
turn,
+ * and inserted into the security header in an "EncryptedKey" structure. If
+ * set to false, no EncryptedKey structure is constructed.
+ * <p/>
+ * The application may set this parameter using the following method:
+ * <pre>
+ * call.setProperty(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
+ * </pre>
+ * However, the parameter in the WSDD deployment file overwrites the
+ * property setting (deployment setting overwrites application setting).
+ */
+ public static final String ENC_SYM_ENC_KEY =
"encryptSymmetricEncryptionKey";
/**
* Parameter to define which parts of the request shall be encrypted.
@@ -771,6 +786,8 @@
* </li>
* <li><code>Thumbprint</code> for {...@link WSConstants#THUMBPRINT}
* </li>
+ * <li><code>EncryptedKeySHA1</code> for {...@link
WSConstants#ENCRYPTED_KEY_SHA1_IDENTIFIER}
+ * </li>
* </ul
* See {...@link #SIG_KEY_ID} {...@link #ENC_KEY_ID}.
*/
@@ -789,6 +806,8 @@
new Integer(WSConstants.EMBEDDED_KEYNAME));
keyIdentifier.put("Thumbprint",
new Integer(WSConstants.THUMBPRINT_IDENTIFIER));
+ keyIdentifier.put("EncryptedKeySHA1",
+ new Integer(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER));
}
/*
* internally used property names to store values inside the message
context
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
Wed Oct 28 12:37:19 2009
@@ -27,11 +27,14 @@
import org.apache.axis.message.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
@@ -303,6 +306,49 @@
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric
key, rather than a
+ * generated session key which is then encrypted using a public key. The
request is generated
+ * using WSHandler, instead of coding it.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ *
+ */
+ public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map messageContext = new java.util.TreeMap();
+ messageContext.put(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
+ messageContext.put(WSHandlerConstants.ENC_KEY_ID, "EncryptedKeySHA1");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+ reqData.setMsgContext(messageContext);
+ reqData.setUsername("");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.ENCR));
+
+ Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.send(
+ WSConstants.ENCR,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+ }
+
/**
* Verifies the soap envelope.
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java?rev=830515&r1=830514&r2=830515&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java
Wed Oct 28 12:37:19 2009
@@ -41,9 +41,12 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
@@ -240,6 +243,55 @@
LOG.info("After Sign/Encryption....");
verify(encryptedSignedDoc);
}
+
+
+ /**
+ * Test signing a message body using a symmetric key with
EncryptedKeySHA1.
+ * The request is generated using WSHandler, instead of coding it.
+ */
+ public void testSymmetricSignatureSHA1Handler() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ java.util.Map messageContext = new java.util.TreeMap();
+ messageContext.put(WSHandlerConstants.SIG_KEY_ID, "EncryptedKeySHA1");
+ messageContext.put(WSHandlerConstants.SIG_ALGO,
SignatureMethod.HMAC_SHA1);
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+ reqData.setMsgContext(messageContext);
+ reqData.setUsername("");
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.send(
+ WSConstants.SIGN,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ reqData = new RequestData();
+ reqData.setWssConfig(WSSConfig.getNewInstance());
+ messageContext = new java.util.TreeMap();
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+ reqData.setMsgContext(messageContext);
+ reqData.setUsername("");
+
+ handler.receive(WSConstants.SIGN, reqData);
+
+ verify(doc);
+ }
+
/**
* Verifies the soap envelope
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
