Author: coheigea Date: Wed Jun 16 10:02:17 2010 New Revision: 955177 URL: http://svn.apache.org/viewvc?rev=955177&view=rev Log: [WSS-206] - Partial commit of this issue. - This commit saves information in WSDataRef about the encryption or signature algorithm used on the protected element. - It also saves the signature and c14n algorithms in the WSSecurityEngineResult - These can be used for validating what algorithms were used for signature or encryption - I didn't commit the part of the patch relating to SAML assertions as its purpose was unclear, and no tests were supplied.
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java Wed Jun 16 10:02:17 2010 @@ -1,18 +1,20 @@ -/* - * Copyright 2003-2004 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.ws.security; @@ -56,6 +58,11 @@ public class WSDataRef { */ private String xpath; + /** + * Algorithm used to encrypt/sign the element + */ + private String algorithm; + private boolean content; @@ -181,5 +188,19 @@ public class WSDataRef { public void setContent(boolean content) { this.content = content; } + + /** + * @return the algorithm used for encryption/signature + */ + public String getAlgorithm() { + return algorithm; + } + + /** + * @param algo algorithm used for encryption + */ + public void setAlgorithm(String algo) { + algorithm = algo; + } } Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngineResult.java Wed Jun 16 10:02:17 2010 @@ -1,19 +1,20 @@ -/* - * Copyright 2003-2006 The Apache Software Foundation, or their licensors, as - * appropriate. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.ws.security; @@ -167,6 +168,20 @@ public class WSSecurityEngineResult exte * The value under this tag is a byte array */ public static final Object TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes"; + + /** + * Tag denoting the algorithm that was used to sign the message + * + * The value under this tag is of type String. + */ + public static final Object TAG_SIGNATURE_METHOD = "signature-method"; + + /** + * Tag denoting the algorithm that was used to do canonicalization + * + * The value under this tag is of type String. + */ + public static final Object TAG_CANONICALIZATION_METHOD = "canonicalization-method"; public WSSecurityEngineResult( int act, Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java Wed Jun 16 10:02:17 2010 @@ -1,18 +1,20 @@ -/* - * Copyright 2003-2004 The Apache Software Foundation. +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.ws.security.processor; @@ -160,7 +162,7 @@ public class ReferenceListProcessor impl symmetricKey = getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb); } - + return decryptEncryptedData( doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo @@ -225,6 +227,7 @@ public class ReferenceListProcessor impl WSDataRef dataRef = new WSDataRef(dataRefURI); dataRef.setWsuId(dataRefURI); + dataRef.setAlgorithm(symEncAlgo); boolean content = X509Util.isContent(encData); dataRef.setContent(content); Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java Wed Jun 16 10:02:17 2010 @@ -82,6 +82,9 @@ public class SignatureProcessor implemen private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN; + private String signatureMethod; + + private String c14nMethod; public void handleToken( Element elem, @@ -102,6 +105,7 @@ public class SignatureProcessor implemen byte[][] signatureValue = new byte[1][]; Principal lastPrincipalFound = null; secretKeyLength = wsc.getSecretKeyLength(); + signatureMethod = c14nMethod = null; try { lastPrincipalFound = @@ -118,28 +122,24 @@ public class SignatureProcessor implemen } } if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) { + WSSecurityEngineResult result = new WSSecurityEngineResult( + WSConstants.UT_SIGN, lastPrincipalFound, null, + returnElements, protectedElements, signatureValue[0]); + result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod); + result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod); returnResults.add( 0, - new WSSecurityEngineResult( - WSConstants.UT_SIGN, - lastPrincipalFound, - null, - returnElements, - protectedElements, - signatureValue[0] - ) + result ); } else { + WSSecurityEngineResult result = new WSSecurityEngineResult( + WSConstants.SIGN, lastPrincipalFound, returnCert[0], + returnElements, protectedElements, signatureValue[0]); + result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod); + result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod); returnResults.add( 0, - new WSSecurityEngineResult( - WSConstants.SIGN, - lastPrincipalFound, - returnCert[0], - returnElements, - protectedElements, - signatureValue[0] - ) + result ); } signatureId = elem.getAttributeNS(null, "Id"); @@ -543,6 +543,7 @@ public class SignatureProcessor implemen ref.setName(new QName(se.getNamespaceURI(), se.getLocalName())); ref.setProtectedElement(se); ref.setXpath(ReferenceListProcessor.getXPath(se)); + ref.setAlgorithm(si.getSignatureMethodURI()); protectedElements.add(ref); returnElements.add(WSSecurityUtil.getIDFromReference(uri)); } else { @@ -554,6 +555,10 @@ public class SignatureProcessor implemen } } + // Algorithms used for signature and c14n + signatureMethod = si.getSignatureMethodURI(); + c14nMethod = si.getCanonicalizationMethodURI(); + if (certs != null) { returnCert[0] = certs[0]; return certs[0].getSubjectX500Principal(); Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef.java Wed Jun 16 10:02:17 2010 @@ -1,18 +1,20 @@ -/* - * Copyright 2003-2004 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package wssec; @@ -229,6 +231,9 @@ public class TestWSSecurityDataRef exten // Check whether wsu:Id is set assertNotNull(dataRef.getWsuId()); + + // Check the encryption algorithm was set + assertEquals(WSConstants.TRIPLE_DES, dataRef.getAlgorithm()); // flag to indicate the element was found in TAG_DATA_REF_URIS found = true; Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityDataRef1.java Wed Jun 16 10:02:17 2010 @@ -1,18 +1,20 @@ -/* - * Copyright 2003-2004 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package wssec; @@ -233,6 +235,9 @@ public class TestWSSecurityDataRef1 exte // Check whether wsu:Id is set assertNotNull(dataRef.getWsuId()); + + // Check the encryption algorithm was set + assertEquals(WSConstants.TRIPLE_DES, dataRef.getAlgorithm()); // flag to indicate the element was found in TAG_DATA_REF_URIS found = true; Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java Wed Jun 16 10:02:17 2010 @@ -1,18 +1,20 @@ -/* - * Copyright 2003-2004 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package wssec; @@ -158,6 +160,7 @@ public class TestWSSecurityEncryptionPar WSDataRef wsDataRef = (WSDataRef)refs.get(0); String xpath = wsDataRef.getXpath(); assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath); + assertEquals(WSConstants.AES_128, wsDataRef.getAlgorithm()); } Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java?rev=955177&r1=955176&r2=955177&view=diff ============================================================================== --- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java (original) +++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java Wed Jun 16 10:02:17 2010 @@ -45,6 +45,8 @@ import org.apache.ws.security.saml.SAMLI import org.apache.ws.security.saml.SAMLIssuerFactory; import org.apache.ws.security.saml.WSSecSignatureSAML; import org.apache.ws.security.util.WSSecurityUtil; +import org.apache.xml.security.c14n.Canonicalizer; +import org.apache.xml.security.signature.XMLSignature; import org.opensaml.SAMLAssertion; import org.w3c.dom.Document; @@ -165,6 +167,13 @@ public class TestWSSecuritySignaturePart WSDataRef wsDataRef = (WSDataRef)refs.get(0); String xpath = wsDataRef.getXpath(); assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath); + assertEquals(XMLSignature.ALGO_ID_SIGNATURE_RSA, wsDataRef.getAlgorithm()); + + String sigMethod = (String)actionResult.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD); + assertEquals(XMLSignature.ALGO_ID_SIGNATURE_RSA, sigMethod); + String c14nMethod = + (String)actionResult.get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD); + assertEquals(WSConstants.C14N_EXCL_OMIT_COMMENTS, c14nMethod); } /** --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org