Author: coheigea
Date: Wed Jun 16 10:02:17 2010
New Revision: 955177
URL: http://svn.apache.org/viewvc?rev=955177&view=rev
Log:
[WSS-206] - Partial commit of this issue.
- This commit saves information in WSDataRef about the encryption or signature
algorithm used on the protected element.
- It also saves the signature and c14n algorithms in the WSSecurityEngineResult
- These can be used for validating what algorithms were used for signature or
encryption
- I didn't commit the part of the patch relating to SAML assertions as its
purpose was unclear, and no tests were supplied.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
Wed Jun 16 10:02:17 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security;
@@ -56,6 +58,11 @@ public class WSDataRef {
*/
private String xpath;
+ /**
+ * Algorithm used to encrypt/sign the element
+ */
+ private String algorithm;
+
private boolean content;
@@ -181,5 +188,19 @@ public class WSDataRef {
public void setContent(boolean content) {
this.content = content;
}
+
+ /**
+ * @return the algorithm used for encryption/signature
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ /**
+ * @param algo algorithm used for encryption
+ */
+ public void setAlgorithm(String algo) {
+ algorithm = algo;
+ }
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java
Wed Jun 16 10:02:17 2010
@@ -1,19 +1,20 @@
-/*
- * Copyright 2003-2006 The Apache Software Foundation, or their licensors, as
- * appropriate.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security;
@@ -167,6 +168,20 @@ public class WSSecurityEngineResult exte
* The value under this tag is a byte array
*/
public static final Object TAG_ENCRYPTED_EPHEMERAL_KEY =
"encrypted-ephemeral-key-bytes";
+
+ /**
+ * Tag denoting the algorithm that was used to sign the message
+ *
+ * The value under this tag is of type String.
+ */
+ public static final Object TAG_SIGNATURE_METHOD = "signature-method";
+
+ /**
+ * Tag denoting the algorithm that was used to do canonicalization
+ *
+ * The value under this tag is of type String.
+ */
+ public static final Object TAG_CANONICALIZATION_METHOD =
"canonicalization-method";
public WSSecurityEngineResult(
int act,
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Wed Jun 16 10:02:17 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.security.processor;
@@ -160,7 +162,7 @@ public class ReferenceListProcessor impl
symmetricKey =
getKeyFromSecurityTokenReference(secRefToken, symEncAlgo,
crypto, cb);
}
-
+
return
decryptEncryptedData(
doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
@@ -225,6 +227,7 @@ public class ReferenceListProcessor impl
WSDataRef dataRef = new WSDataRef(dataRefURI);
dataRef.setWsuId(dataRefURI);
+ dataRef.setAlgorithm(symEncAlgo);
boolean content = X509Util.isContent(encData);
dataRef.setContent(content);
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
Wed Jun 16 10:02:17 2010
@@ -82,6 +82,9 @@ public class SignatureProcessor implemen
private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
+ private String signatureMethod;
+
+ private String c14nMethod;
public void handleToken(
Element elem,
@@ -102,6 +105,7 @@ public class SignatureProcessor implemen
byte[][] signatureValue = new byte[1][];
Principal lastPrincipalFound = null;
secretKeyLength = wsc.getSecretKeyLength();
+ signatureMethod = c14nMethod = null;
try {
lastPrincipalFound =
@@ -118,28 +122,24 @@ public class SignatureProcessor implemen
}
}
if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
+ WSSecurityEngineResult result = new WSSecurityEngineResult(
+ WSConstants.UT_SIGN, lastPrincipalFound, null,
+ returnElements, protectedElements, signatureValue[0]);
+ result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD,
signatureMethod);
+ result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD,
c14nMethod);
returnResults.add(
0,
- new WSSecurityEngineResult(
- WSConstants.UT_SIGN,
- lastPrincipalFound,
- null,
- returnElements,
- protectedElements,
- signatureValue[0]
- )
+ result
);
} else {
+ WSSecurityEngineResult result = new WSSecurityEngineResult(
+ WSConstants.SIGN, lastPrincipalFound, returnCert[0],
+ returnElements, protectedElements, signatureValue[0]);
+ result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD,
signatureMethod);
+ result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD,
c14nMethod);
returnResults.add(
0,
- new WSSecurityEngineResult(
- WSConstants.SIGN,
- lastPrincipalFound,
- returnCert[0],
- returnElements,
- protectedElements,
- signatureValue[0]
- )
+ result
);
}
signatureId = elem.getAttributeNS(null, "Id");
@@ -543,6 +543,7 @@ public class SignatureProcessor implemen
ref.setName(new QName(se.getNamespaceURI(),
se.getLocalName()));
ref.setProtectedElement(se);
ref.setXpath(ReferenceListProcessor.getXPath(se));
+ ref.setAlgorithm(si.getSignatureMethodURI());
protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
@@ -554,6 +555,10 @@ public class SignatureProcessor implemen
}
}
+ // Algorithms used for signature and c14n
+ signatureMethod = si.getSignatureMethodURI();
+ c14nMethod = si.getCanonicalizationMethodURI();
+
if (certs != null) {
returnCert[0] = certs[0];
return certs[0].getSubjectX500Principal();
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java
Wed Jun 16 10:02:17 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package wssec;
@@ -229,6 +231,9 @@ public class TestWSSecurityDataRef exten
// Check whether wsu:Id is set
assertNotNull(dataRef.getWsuId());
+
+ // Check the encryption algorithm was set
+ assertEquals(WSConstants.TRIPLE_DES,
dataRef.getAlgorithm());
// flag to indicate the element was found in
TAG_DATA_REF_URIS
found = true;
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java
Wed Jun 16 10:02:17 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package wssec;
@@ -233,6 +235,9 @@ public class TestWSSecurityDataRef1 exte
// Check whether wsu:Id is set
assertNotNull(dataRef.getWsuId());
+
+ // Check the encryption algorithm was set
+ assertEquals(WSConstants.TRIPLE_DES,
dataRef.getAlgorithm());
// flag to indicate the element was found in
TAG_DATA_REF_URIS
found = true;
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
Wed Jun 16 10:02:17 2010
@@ -1,18 +1,20 @@
-/*
- * Copyright 2003-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package wssec;
@@ -158,6 +160,7 @@ public class TestWSSecurityEncryptionPar
WSDataRef wsDataRef = (WSDataRef)refs.get(0);
String xpath = wsDataRef.getXpath();
assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath);
+ assertEquals(WSConstants.AES_128, wsDataRef.getAlgorithm());
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java?rev=955177&r1=955176&r2=955177&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java
Wed Jun 16 10:02:17 2010
@@ -45,6 +45,8 @@ import org.apache.ws.security.saml.SAMLI
import org.apache.ws.security.saml.SAMLIssuerFactory;
import org.apache.ws.security.saml.WSSecSignatureSAML;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
@@ -165,6 +167,13 @@ public class TestWSSecuritySignaturePart
WSDataRef wsDataRef = (WSDataRef)refs.get(0);
String xpath = wsDataRef.getXpath();
assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath);
+ assertEquals(XMLSignature.ALGO_ID_SIGNATURE_RSA,
wsDataRef.getAlgorithm());
+
+ String sigMethod =
(String)actionResult.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD);
+ assertEquals(XMLSignature.ALGO_ID_SIGNATURE_RSA, sigMethod);
+ String c14nMethod =
+
(String)actionResult.get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD);
+ assertEquals(WSConstants.C14N_EXCL_OMIT_COMMENTS, c14nMethod);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
