svn commit: r1071225 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/processor/ main/resources/org/apache/ws/security/ test/java/org/apache/ws/security/message/

Wed, 16 Feb 2011 04:33:40 -0800 

Author: coheigea
Date: Wed Feb 16 12:33:13 2011
New Revision: 1071225

URL: http://svn.apache.org/viewvc?rev=1071225&view=rev
Log:
[WSS-256] - BSP spec compliance stuff for EncryptedKeys.

Modified:
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/X509Util.java
    
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
    
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java

Modified: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1071225&r1=1071224&r2=1071225&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
 Wed Feb 16 12:33:13 2011
@@ -82,11 +82,19 @@ public class EncryptedKeyProcessor imple
         if (cb == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, 
"noCallback");
         }
+        if (config.isWsiBSPCompliant()) {
+            checkBSPCompliance(elem);
+        }
         //
         // lookup xenc:EncryptionMethod, get the Algorithm attribute to 
determine
         // how the key was encrypted. Then check if we support the algorithm
         //
         String encryptedKeyTransportMethod = X509Util.getEncAlgo(elem);
+        if (encryptedKeyTransportMethod == null) {
+            throw new WSSecurityException(
+                WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
+            );
+        }
         Cipher cipher = 
WSSecurityUtil.getCipherInstance(encryptedKeyTransportMethod);
         //
         // Now lookup CipherValue.
@@ -341,5 +349,36 @@ public class EncryptedKeyProcessor imple
             doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
         );
     }
+    
+    /**
+     * A method to check that the EncryptedKey is compliant with the BSP spec.
+     * @throws WSSecurityException
+     */
+    private void checkBSPCompliance(Element elem) throws WSSecurityException {
+        String attribute = elem.getAttribute("Type");
+        if (attribute != null && !"".equals(attribute)) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_CHECK, "badAttribute", new 
Object[]{attribute}
+            );
+        }
+        attribute = elem.getAttribute("MimeType");
+        if (attribute != null && !"".equals(attribute)) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_CHECK, "badAttribute", new 
Object[]{attribute}
+            );
+        }
+        attribute = elem.getAttribute("Encoding");
+        if (attribute != null && !"".equals(attribute)) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_CHECK, "badAttribute", new 
Object[]{attribute}
+            );
+        }
+        attribute = elem.getAttribute("Recipient");
+        if (attribute != null && !"".equals(attribute)) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_CHECK, "badAttribute", new 
Object[]{attribute}
+            );
+        }
+    }
   
 }

Modified: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/X509Util.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/X509Util.java?rev=1071225&r1=1071224&r2=1071225&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/X509Util.java
 (original)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/X509Util.java
 Wed Feb 16 12:33:13 2011
@@ -56,7 +56,7 @@ public class X509Util {
         String symEncAlgo = null;
         if (tmpE != null) {
             symEncAlgo = tmpE.getAttribute("Algorithm");
-            if (symEncAlgo == null) {
+            if (symEncAlgo == null || "".equals(symEncAlgo)) {
                 throw new WSSecurityException(
                     WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
                 );

Modified: 
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties?rev=1071225&r1=1071224&r2=1071225&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
 (original)
+++ 
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
 Wed Feb 16 12:33:13 2011
@@ -19,6 +19,7 @@ noSecurityTokenReference = The SecurityT
 badSecurityTokenReference = A bad SecurityTokenReference was specified 
 noEncodingType = No EncodingType attribute was specified
 badEncodingType = A bad EncodingType attribute was specified \"{0}\"
+badAttribute = A bad attribute was specified \"{0}\"
 unhandledToken = Security token supported but currently not handled \"{0}\"
 unsupportedBinaryTokenType = Token type \"{0}\"
 invalidConstructor = Token impl. class \"{0}\" does not provide appropriate 
constructor

Modified: 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java?rev=1071225&r1=1071224&r2=1071225&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
 (original)
+++ 
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
 Wed Feb 16 12:33:13 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.common.CustomHandler;
 import org.apache.ws.security.common.KeystoreCallbackHandler;
 import org.apache.ws.security.common.SecretKeyCallbackHandler;
@@ -470,6 +471,75 @@ public class EncryptionTest extends org.
         assertTrue(outputString.indexOf("counter_port_type") > 0 ? true
                 : false);
     }
+    
+    
+    @org.junit.Test
+    public void testBadAttribute() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setUserInfo("wss40");
+        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+
+        /*
+         * Prepare the Encrypt object with the token, setup data structure
+         */
+        builder.prepare(doc, crypto);
+
+        /*
+         * Set up the parts structure to encrypt the body
+         */
+        SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+                .getDocumentElement());
+        java.util.List<WSEncryptionPart> parts = new 
ArrayList<WSEncryptionPart>();
+        WSEncryptionPart encP = new WSEncryptionPart(soapConstants
+                .getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(),
+                "Content");
+        parts.add(encP);
+
+        /*
+         * Encrypt the parts (Body), create EncryptedData elements that 
reference
+         * the EncryptedKey, and get a ReferenceList that can be put into the
+         * Security header. Be sure that the ReferenceList is after the
+         * EncryptedKey element in the Security header (strict layout)
+         */
+        Element refs = builder.encryptForRef(null, parts);
+        builder.addExternalRefElement(refs, secHeader);
+
+        /*
+         * now add (prepend) the EncryptedKey element, then a
+         * BinarySecurityToken if one was setup during prepare
+         */
+        Element encryptedKeyElement = builder.getEncryptedKeyElement();
+        encryptedKeyElement.setAttributeNS(null, "Type", "SomeType");
+        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), 
encryptedKeyElement);
+
+        builder.prependBSTElementToHeader(secHeader);
+
+        Document encryptedDoc = doc;
+
+        String outputString = 
+            
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(outputString);
+        }
+        
+        WSSecurityEngine newEngine = new WSSecurityEngine();
+        newEngine.processSecurityHeader(encryptedDoc, null, 
keystoreCallbackHandler, crypto);
+        
+        // Now turn on BSP compliance
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        wssConfig.setWsiBSPCompliant(true);
+        newEngine.setWssConfig(wssConfig);
+        try {
+            newEngine.processSecurityHeader(encryptedDoc, null, 
keystoreCallbackHandler, crypto);
+            fail("Failure expected on a bad attribute type");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("bad attribute");
+        }
+    }
 
     
     /**

Reply via email to