Author: coheigea
Date: Mon Feb 28 12:46:48 2011
New Revision: 1075316
URL: http://svn.apache.org/viewvc?rev=1075316&view=rev
Log:
[WSS-256] - BSP work for BinarySecurityTokens
Added:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java?rev=1075316&r1=1075315&r2=1075316&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/BinarySecurity.java
Mon Feb 28 12:46:48 2011
@@ -49,44 +49,47 @@ public class BinarySecurity {
/**
* Constructor.
*
- * @param elem
+ * @param elem The BinarySecurityToken element to process
* @throws WSSecurityException
*/
public BinarySecurity(Element elem) throws WSSecurityException {
+ this(elem, true);
+ }
+
+ /**
+ * Constructor.
+ * @param elem The BinarySecurityToken element to process
+ * @param bspCompliant whether the processing conforms to the BSP spec
+ * @throws WSSecurityException
+ */
+ public BinarySecurity(Element elem, boolean bspCompliant) throws
WSSecurityException {
element = elem;
QName el = new QName(element.getNamespaceURI(),
element.getLocalName());
if (!(el.equals(TOKEN_BST) || el.equals(TOKEN_KI))) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
- "badTokenType",
+ "unhandledToken",
new Object[] {el}
);
}
String encoding = getEncodingType();
- //
- // if the Element is a BinarySecurityToken then
- // encoding may be null -> default is Base64
- // if encoding is not null and not empty it must be Base64
- // else
- // this is a keyidentifier element
- // must contain an encoding attribute which must be Base64
- // in this case
- //
- if (el.equals(TOKEN_BST)) {
- if (encoding != null && encoding.length() > 0 &&
!encoding.equals(BASE64_ENCODING)) {
- throw new WSSecurityException(
- WSSecurityException.INVALID_SECURITY_TOKEN,
- "badEncoding",
- new Object[] {encoding}
- );
- }
- } else if (el.equals(TOKEN_KI) && !BASE64_ENCODING.equals(encoding)) {
+ if (bspCompliant && !BASE64_ENCODING.equals(encoding)) {
+ // The EncodingType attribute must be specified, and must be equal
to Base64Binary
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
"badEncoding",
new Object[] {encoding}
);
}
+
+ String valueType = getValueType();
+ if (bspCompliant && (valueType == null || "".equals(valueType))) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ }
}
/**
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java?rev=1075316&r1=1075315&r2=1075316&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
Mon Feb 28 12:46:48 2011
@@ -33,20 +33,32 @@ import java.security.cert.X509Certificat
* @author Davanum Srinivas ([email protected]).
*/
public class PKIPathSecurity extends BinarySecurity {
- private static final String type = WSConstants.X509TOKEN_NS +
"#X509PKIPathv1";
+ private static final String PKI_TYPE = WSConstants.X509TOKEN_NS +
"#X509PKIPathv1";
/**
* Constructor.
*
+ * @param elem The PKIPath element to process
* @throws WSSecurityException
*/
public PKIPathSecurity(Element elem) throws WSSecurityException {
- super(elem);
- if (!getValueType().equals(type)) {
+ this(elem, true);
+ }
+
+ /**
+ * Constructor.
+ *
+ * @param elem The PKIPath element to process
+ * @param bspCompliant Whether the token is processed according to the BSP
spec
+ * @throws WSSecurityException
+ */
+ public PKIPathSecurity(Element elem, boolean bspCompliant) throws
WSSecurityException {
+ super(elem, bspCompliant);
+ if (bspCompliant && !PKI_TYPE.equals(getValueType())) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidValueType",
- new Object[]{type, getValueType()}
+ new Object[]{PKI_TYPE, getValueType()}
);
}
}
@@ -56,7 +68,7 @@ public class PKIPathSecurity extends Bin
*/
public PKIPathSecurity(Document doc) {
super(doc);
- setValueType(type);
+ setValueType(PKI_TYPE);
}
/**
@@ -94,6 +106,6 @@ public class PKIPathSecurity extends Bin
}
public static String getType() {
- return type;
+ return PKI_TYPE;
}
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java?rev=1075316&r1=1075315&r2=1075316&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/X509Security.java
Mon Feb 28 12:46:48 2011
@@ -53,9 +53,21 @@ public class X509Security extends Binary
* @throws WSSecurityException
*/
public X509Security(Element elem) throws WSSecurityException {
- super(elem);
+ this(elem, true);
+ }
+
+ /**
+ * This constructor creates a new X509 certificate object and initializes
+ * it from the data contained in the element.
+ *
+ * @param elem the element containing the X509 certificate data
+ * @param bspCompliant Whether the token is processed according to the BSP
spec
+ * @throws WSSecurityException
+ */
+ public X509Security(Element elem, boolean bspCompliant) throws
WSSecurityException {
+ super(elem, bspCompliant);
String valueType = getValueType();
- if (!valueType.equals(X509_V3_TYPE)) {
+ if (bspCompliant && !X509_V3_TYPE.equals(valueType)) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidValueType",
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=1075316&r1=1075315&r2=1075316&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
Mon Feb 28 12:46:48 2011
@@ -64,7 +64,7 @@ public class BinarySecurityTokenProcesso
WSSConfig config
) throws WSSecurityException {
- BinarySecurity token = createSecurityToken(elem);
+ BinarySecurity token = createSecurityToken(elem, config);
X509Certificate[] certs = null;
if (crypto == null) {
certs = getCertificatesTokenReference(token, decCrypto);
@@ -110,18 +110,22 @@ public class BinarySecurityTokenProcesso
*
* @param element The XML element that contains either a
<code>BinarySecurityToken
* </code> or a <code>PKIPath</code> element.
+ * @param config A WSSConfig instance
* @return a BinarySecurity token element
* @throws WSSecurityException
*/
- private BinarySecurity createSecurityToken(Element element) throws
WSSecurityException {
+ private BinarySecurity createSecurityToken(
+ Element element,
+ WSSConfig config
+ ) throws WSSecurityException {
String type = element.getAttribute("ValueType");
BinarySecurity token = null;
if (X509Security.X509_V3_TYPE.equals(type)) {
- token = new X509Security(element);
+ token = new X509Security(element, config.isWsiBSPCompliant());
} else if (PKIPathSecurity.getType().equals(type)) {
- token = new PKIPathSecurity(element);
+ token = new PKIPathSecurity(element, config.isWsiBSPCompliant());
} else {
- token = new BinarySecurity(element);
+ token = new BinarySecurity(element, config.isWsiBSPCompliant());
}
return token;
}
Added:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java?rev=1075316&view=auto
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java
(added)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java
Mon Feb 28 12:46:48 2011
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message.token;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+/**
+ * This is a test for constructing and processing BinarySecurityTokens.
+ */
+public class BinarySecurityTokenTest extends org.junit.Assert {
+ private static final Log LOG =
LogFactory.getLog(BinarySecurityTokenTest.class);
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
+
+ /**
+ * A unit test for an X.509 BinarySecurityToken
+ */
+ @org.junit.Test
+ public void testX509() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ X509Security bst = new X509Security(doc);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("wss40");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ bst.setX509Certificate(certs[0]);
+
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("BST output");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(true);
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.setWssConfig(config);
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, null, crypto);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.BST);
+ BinarySecurity token =
+
(BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ assert token != null;
+ }
+
+ /**
+ * A unit test for an PKIPath BinarySecurityToken
+ */
+ @org.junit.Test
+ public void testPKIPath() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ PKIPathSecurity bst = new PKIPathSecurity(doc);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("wss40");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ bst.setX509Certificates(certs, crypto);
+
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PKIPath output");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(true);
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.setWssConfig(config);
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, null, crypto);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.BST);
+ PKIPathSecurity token =
+
(PKIPathSecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ assert token != null;
+ }
+
+ /**
+ * A unit test for a custom BinarySecurityToken
+ */
+ @org.junit.Test
+ public void testCustomToken() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ BinarySecurity bst = new BinarySecurity(doc);
+ bst.setToken("12435677".getBytes());
+
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Custom Token output");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(true);
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.setWssConfig(config);
+ // Processing should fail as we have no ValueType attribute
+ try {
+ secEngine.processSecurityHeader(doc, null, null, crypto);
+ fail("Expected failure on no ValueType");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+
+ doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ bst = new BinarySecurity(doc);
+ bst.setToken("12435677".getBytes());
+ bst.setValueType("http://custom_value_Type";);
+ secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
bst.getElement());
+
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, null, crypto);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.BST);
+ BinarySecurity token =
+
(BinarySecurity)actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ assert token != null;
+ }
+
+}
