[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-dev
Subject: svn commit: r1037694 - in /webservices/wss4j/trunk: ./
From: coheigea () apache ! org
Date: 2010-11-22 12:40:48
Message-ID: 20101122124048.8F5732388A32 () eris ! apache ! org
[Download RAW message or body]
Author: coheigea
Date: Mon Nov 22 12:40:47 2010
New Revision: 1037694
URL: http://svn.apache.org/viewvc?rev=1037694&view=rev
Log:
[WSS-238] - Forward-merged to trunk.
Added:
webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
- copied, changed from r1037678, \
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
Modified:
webservices/wss4j/trunk/ (props changed)
webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java (props \
changed) webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/test/log4j.properties (props changed)
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
Propchange: webservices/wss4j/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678
Propchange: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947 \
604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:94 \
7604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java \
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java Mon Nov \
22 12:40:47 2010 @@ -78,7 +78,7 @@ public class WSSecBase {
}
/**
- * Gets the value of the <code>keyIdentifyerType</code>.
+ * Gets the value of the <code>keyIdentifierType</code>.
*
* @return The <code>keyIdentifyerType</code>.
* @see WSConstants#ISSUER_SERIAL
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java \
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Mon \
Nov 22 12:40:47 2010 @@ -85,7 +85,7 @@ public class WSSecEncrypt extends WSSecE
* Custom reference value
*/
private String customReferenceValue;
-
+
/**
* True if the encKeyId is a direct reference to a key identifier instead of a \
URI to a key
*/
@@ -531,6 +531,9 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(secToken.getElement());
} else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName);
+ } else if (SecurityTokenReference.SAML_ID_URI.equals(customReferenceValue)) \
{ + SecurityTokenReference secToken = new \
SecurityTokenReference(document); + \
secToken.setSAMLKeyIdentifier((encKeyIdDirectId ? "":"#") + encKeyId); } else if \
(securityTokenReference != null) { Element tmpE = \
securityTokenReference.getElement(); tmpE.setAttributeNS(
@@ -640,11 +643,11 @@ public class WSSecEncrypt extends WSSecE
public boolean isEncryptSymmKey() {
return encryptSymmKey;
}
-
+
public void setEncryptSymmKey(boolean encryptSymmKey) {
this.encryptSymmKey = encryptSymmKey;
}
-
+
private String getSHA1(byte[] input) throws WSSecurityException {
try {
MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
@@ -659,7 +662,7 @@ public class WSSecEncrypt extends WSSecE
);
}
}
-
+
public void setCustomReferenceValue(String customReferenceValue) {
this.customReferenceValue = customReferenceValue;
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java \
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java \
Mon Nov 22 12:40:47 2010 @@ -97,6 +97,16 @@ public class WSSecEncryptedKey extends W
protected String encKeyId = null;
/**
+ * Custom token value
+ */
+ protected String customEKTokenValueType;
+
+ /**
+ * Custom token id
+ */
+ protected String customEKTokenId;
+
+ /**
* BinarySecurityToken to be included in the case where BST_DIRECT_REFERENCE
* is used to refer to the asymmetric encryption cert
*/
@@ -289,6 +299,10 @@ public class WSSecEncryptedKey extends W
ref.setValueType(bstToken.getValueType());
secToken.setReference(ref);
break;
+
+ case WSConstants.CUSTOM_KEY_IDENTIFIER:
+ secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
+ break;
default:
throw new WSSecurityException(WSSecurityException.FAILURE, \
"unsupportedKeyId"); @@ -519,4 +533,11 @@ public class WSSecEncryptedKey extends W
return encryptedEphemeralKey;
}
+ public void setCustomEKTokenValueType(String customEKTokenValueType) {
+ this.customEKTokenValueType = customEKTokenValueType;
+ }
+
+ public void setCustomEKTokenId(String customEKTokenId) {
+ this.customEKTokenId = customEKTokenId;
+ }
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java \
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java \
Mon Nov 22 12:40:47 2010 @@ -32,6 +32,8 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -369,7 +371,20 @@ public class EncryptedKeyProcessor imple
// This method is _not_ recommended by OASIS WS-S specification, X509 \
profile //
else if (secRef.containsKeyIdentifier()) {
- certs = secRef.getKeyIdentifier(crypto);
+ if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) \
{ + Element token =
+ secRef.getKeyIdentifierTokenElement(doc, docInfo, cb);
+
+ if (crypto == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noSigCryptoFile"
+ );
+ }
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(token, crypto, cb);
+ certs = samlKi.getCerts();
+ } else {
+ certs = secRef.getKeyIdentifier(crypto);
+ }
if (certs == null || certs.length < 1 || certs[0] == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java \
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java \
Mon Nov 22 12:40:47 2010 @@ -349,27 +349,42 @@ public class ReferenceListProcessor \
impl }
}
} else if (secRef.containsKeyIdentifier()){
- String keyIdentifierValue = secRef.getKeyIdentifierValue();
- WSPasswordCallback pwcb =
- new WSPasswordCallback(
- keyIdentifierValue,
- null,
- secRef.getKeyIdentifierValueType(),
- WSPasswordCallback.ENCRYPTED_KEY_TOKEN
- );
-
- try {
- Callback[] callbacks = new Callback[]{pwcb};
- cb.handle(callbacks);
- } catch (Exception e) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "noPassword",
- new Object[] {keyIdentifierValue},
- e
- );
+ if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) \
{ + Element token =
+ \
secRef.getKeyIdentifierTokenElement(secRefToken.getOwnerDocument(), wsDocInfo, cb); + \
+ if (crypto == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noSigCryptoFile"
+ );
+ }
+ SAMLKeyInfo keyInfo = SAMLUtil.getSAMLKeyInfo(token, crypto, cb);
+ // TODO Handle malformed SAML tokens where they don't have the
+ // secret in them
+ decryptedData = keyInfo.getSecret();
+ } else {
+ String keyIdentifierValue = secRef.getKeyIdentifierValue();
+ WSPasswordCallback pwcb =
+ new WSPasswordCallback(
+ keyIdentifierValue,
+ null,
+ secRef.getKeyIdentifierValueType(),
+ WSPasswordCallback.ENCRYPTED_KEY_TOKEN
+ );
+
+ try {
+ Callback[] callbacks = new Callback[]{pwcb};
+ cb.handle(callbacks);
+ } catch (Exception e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noPassword",
+ new Object[] {keyIdentifierValue},
+ e
+ );
+ }
+ decryptedData = pwcb.getKey();
}
- decryptedData = pwcb.getKey();
} else {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK, \
"noReference"); }
Propchange: webservices/wss4j/trunk/test/log4j.properties
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890,1037678
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java Mon Nov 22 12:40:47 \
2010 @@ -318,7 +318,7 @@ public class TestWSSecurityNew3 extends
* e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
* for Testing we supply a fixed name here.
*/
- pc.setPassword("password");
+ pc.setPassword("security");
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized \
Callback"); }
Copied: webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java (from \
r1037678, webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecuritySAM \
LKeyIdentifier.java?p2=webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentif \
ier.java&p1=webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java&r1=1037678&r2=1037694&rev=1037694&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java \
(original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java Mon Nov \
22 12:40:47 2010 @@ -52,6 +52,7 @@ import org.opensaml.SAMLAssertion;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
import java.util.Vector;
import javax.security.auth.callback.Callback;
@@ -152,10 +153,10 @@ public class TestWSSecuritySAMLKeyIdenti
builder.setCustomEKTokenId(assertion.getId());
builder.prepare(doc, hokCrypto);
- Vector parts = new Vector();
+ List<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
WSEncryptionPart encP = new WSEncryptionPart("testMethod", \
"uri:LogTestService2", "Element"); parts.add(encP);
- Element refElement = builder.encryptForInternalRef(null, parts);
+ Element refElement = builder.encryptForRef(null, parts);
builder.addInternalRefElement(refElement);
builder.appendToHeader(secHeader);
@@ -166,7 +167,7 @@ public class TestWSSecuritySAMLKeyIdenti
LOG.debug(outputString);
}
- Vector results = verify(doc, hokCrypto);
+ List<WSSecurityEngineResult> results = verify(doc, hokCrypto);
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
SAMLAssertion receivedAssertion =
@@ -181,8 +182,9 @@ public class TestWSSecuritySAMLKeyIdenti
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
- private Vector verify(Document doc, Crypto verifyCrypto) throws Exception {
- Vector results = secEngine.processSecurityHeader(doc, null, this, \
verifyCrypto); + private List<WSSecurityEngineResult> verify(Document doc, Crypto \
verifyCrypto) throws Exception { + List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, this, verifyCrypto);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
assertTrue(outputString.indexOf("LogTestService2") > 0 ? true : false);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic