Author: coheigea
Date: Sun Mar 6 18:35:00 2011
New Revision: 1078536
URL: http://svn.apache.org/viewvc?rev=1078536&view=rev
Log:
[WSS-256] - Some BSP work for BinarySecurityTokens.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Sun Mar 6 18:35:00 2011
@@ -175,6 +175,7 @@ public class WSSecSignature extends WSSe
if (!useSingleCert) {
bstToken = new PKIPathSecurity(document);
((PKIPathSecurity) bstToken).setX509Certificates(certs,
crypto);
+ secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
} else {
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(certs[0]);
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/PKIPathSecurity.java
Sun Mar 6 18:35:00 2011
@@ -33,7 +33,7 @@ import java.security.cert.X509Certificat
* @author Davanum Srinivas ([email protected]).
*/
public class PKIPathSecurity extends BinarySecurity {
- private static final String PKI_TYPE = WSConstants.X509TOKEN_NS +
"#X509PKIPathv1";
+ public static final String PKI_TYPE = WSConstants.X509TOKEN_NS +
"#X509PKIPathv1";
/**
* Constructor.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
Sun Mar 6 18:35:00 2011
@@ -149,6 +149,16 @@ public class SecurityTokenReference {
tokenType
);
}
+
+ /**
+ * Get the wsse11:TokenType attribute of this SecurityTokenReference
+ * @return the value of the wsse11:TokenType attribute
+ */
+ public String getTokenType() {
+ return element.getAttributeNS(
+ WSConstants.WSSE11_NS, WSConstants.TOKEN_TYPE
+ );
+ }
/**
* set the reference.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
Sun Mar 6 18:35:00 2011
@@ -372,7 +372,7 @@ public class WSSecSignatureSAML extends
// Test the keyIdentiferType - It must be a BST Direct Reference or an
// X.509 Key Identifier
//
- if (keyIdentifierType != WSConstants.X509_KEY_IDENTIFIER ||
+ if (keyIdentifierType != WSConstants.X509_KEY_IDENTIFIER &&
keyIdentifierType != WSConstants.BST_DIRECT_REFERENCE) {
keyIdentifierType = WSConstants.X509_KEY_IDENTIFIER;
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
Sun Mar 6 18:35:00 2011
@@ -28,6 +28,8 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLKeyInfo;
@@ -103,6 +105,9 @@ public class EncryptedKeySTRParser imple
SAMLUtil.getCredentialFromSubject(assertion, crypto, cb,
wsDocInfo, bspCompliant);
certs = samlKi.getCerts();
} else {
+ if (bspCompliant) {
+ checkBinarySecurityBSPCompliance(secRef, null);
+ }
certs = secRef.getKeyIdentifier(crypto);
}
} else if (secRef.containsReference()) {
@@ -113,6 +118,13 @@ public class EncryptedKeySTRParser imple
if (result != null) {
int action =
((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
if (WSConstants.BST == action) {
+ if (bspCompliant) {
+ BinarySecurity token =
+ (BinarySecurity)result.get(
+
WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN
+ );
+ checkBinarySecurityBSPCompliance(secRef, token);
+ }
certs =
(X509Certificate[])result.get(
WSSecurityEngineResult.TAG_X509_CERTIFICATES
@@ -147,6 +159,9 @@ public class EncryptedKeySTRParser imple
new Object[] {"for decryption (BST)"}
);
}
+ if (bspCompliant) {
+ checkBinarySecurityBSPCompliance(secRef, token);
+ }
certs = new
X509Certificate[]{token.getX509Certificate(crypto)};
} else {
throw new WSSecurityException(
@@ -199,5 +214,59 @@ public class EncryptedKeySTRParser imple
return null;
}
+ /**
+ * Check that the BinarySecurityToken referenced by the
SecurityTokenReference argument
+ * is BSP compliant.
+ * @param secRef The SecurityTokenReference to the BinarySecurityToken
+ * @param token The BinarySecurityToken
+ * @throws WSSecurityException
+ */
+ private static void checkBinarySecurityBSPCompliance(
+ SecurityTokenReference secRef,
+ BinarySecurity token
+ ) throws WSSecurityException {
+ if (secRef.containsReference()) {
+ // Check the ValueType attributes
+ String valueType = secRef.getReference().getValueType();
+ if ((token instanceof X509Security) &&
!X509Security.X509_V3_TYPE.equals(valueType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ } else if ((token instanceof PKIPathSecurity)
+ && (!PKIPathSecurity.PKI_TYPE.equals(valueType))) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ }
+ } else if (secRef.containsKeyIdentifier()) {
+ String valueType = secRef.getKeyIdentifierValueType();
+ if (!SecurityTokenReference.SKI_URI.equals(valueType)
+ && !SecurityTokenReference.THUMB_URI.equals(valueType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ }
+ }
+
+
+ // Check TokenType attributes
+ if (token instanceof PKIPathSecurity) {
+ String tokenType = secRef.getTokenType();
+ if (!PKIPathSecurity.PKI_TYPE.equals(tokenType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidTokenType",
+ new Object[]{tokenType}
+ );
+ }
+ }
+ }
+
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
Sun Mar 6 18:35:00 2011
@@ -120,7 +120,7 @@ public class SignatureSTRParser implemen
secRef.getTokenElement(strElement.getOwnerDocument(),
wsDocInfo, cb);
QName el = new QName(token.getNamespaceURI(),
token.getLocalName());
if (el.equals(WSSecurityEngine.BINARY_TOKEN)) {
- certs = getCertificatesTokenReference(token, crypto);
+ certs = getCertificatesTokenReference(secRef, token,
crypto, bspCompliant);
} else if (el.equals(WSSecurityEngine.SAML_TOKEN)
|| el.equals(WSSecurityEngine.SAML2_TOKEN)) {
Processor proc =
config.getProcessor(WSSecurityEngine.SAML_TOKEN);
@@ -188,6 +188,13 @@ public class SignatureSTRParser implemen
}
principal = usernameToken.createPrincipal();
} else if (WSConstants.BST == action) {
+ if (bspCompliant) {
+ BinarySecurity token =
+ (BinarySecurity)result.get(
+
WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN
+ );
+ checkBinarySecurityBSPCompliance(secRef, token);
+ }
certs =
(X509Certificate[])result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
} else if (WSConstants.ENCR == action) {
@@ -253,6 +260,9 @@ public class SignatureSTRParser implemen
publicKey = samlKi.getPublicKey();
principal = createPrincipalFromSAML(assertion);
} else {
+ if (bspCompliant) {
+ checkBinarySecurityBSPCompliance(secRef, null);
+ }
X509Certificate[] foundCerts = secRef.getKeyIdentifier(crypto);
if (foundCerts != null) {
certs = new X509Certificate[]{foundCerts[0]};
@@ -312,12 +322,19 @@ public class SignatureSTRParser implemen
* @return an array of X509 certificates
* @throws WSSecurityException
*/
- private static X509Certificate[] getCertificatesTokenReference(Element
elem, Crypto crypto)
+ private static X509Certificate[] getCertificatesTokenReference(
+ SecurityTokenReference secRef,
+ Element elem,
+ Crypto crypto,
+ boolean bspCompliant)
throws WSSecurityException {
if (crypto == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noSigCryptoFile");
}
BinarySecurity token = createSecurityToken(elem);
+ if (bspCompliant) {
+ checkBinarySecurityBSPCompliance(secRef, token);
+ }
if (token instanceof PKIPathSecurity) {
return ((PKIPathSecurity) token).getX509Certificates(crypto);
} else {
@@ -325,7 +342,60 @@ public class SignatureSTRParser implemen
return new X509Certificate[]{cert};
}
}
-
+
+ /**
+ * Check that the BinarySecurityToken referenced by the
SecurityTokenReference argument
+ * is BSP compliant.
+ * @param secRef The SecurityTokenReference to the BinarySecurityToken
+ * @param token The BinarySecurityToken
+ * @throws WSSecurityException
+ */
+ private static void checkBinarySecurityBSPCompliance(
+ SecurityTokenReference secRef,
+ BinarySecurity token
+ ) throws WSSecurityException {
+ if (secRef.containsReference()) {
+ // Check the ValueType attributes
+ String valueType = secRef.getReference().getValueType();
+ if ((token instanceof X509Security) &&
!X509Security.X509_V3_TYPE.equals(valueType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ } else if ((token instanceof PKIPathSecurity)
+ && (!PKIPathSecurity.PKI_TYPE.equals(valueType))) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ }
+ } else if (secRef.containsKeyIdentifier()) {
+ String valueType = secRef.getKeyIdentifierValueType();
+ if (!SecurityTokenReference.SKI_URI.equals(valueType)
+ && !SecurityTokenReference.THUMB_URI.equals(valueType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{valueType}
+ );
+ }
+ }
+
+
+ // Check TokenType attributes
+ if (token instanceof PKIPathSecurity) {
+ String tokenType = secRef.getTokenType();
+ if (!PKIPathSecurity.PKI_TYPE.equals(tokenType)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidTokenType",
+ new Object[]{tokenType}
+ );
+ }
+ }
+ }
/**
* Checks the <code>element</code> and creates appropriate binary security
object.
Modified:
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
(original)
+++
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
Sun Mar 6 18:35:00 2011
@@ -24,6 +24,7 @@ unhandledToken = Security token supporte
unsupportedBinaryTokenType = Token type \"{0}\"
invalidConstructor = Token impl. class \"{0}\" does not provide appropriate
constructor
invalidValueType = Bad ValueType \"{0}\"
+invalidTokenType = Bad TokenType \"{0}\"
unsupportedKeyInfo = Unsupported KeyInfo type
invalidX509Data = Unexpected number of X509Data: {0}
unknownSignatureAlgorithm = An unknown signature algorithm was specified: {0}
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java
Sun Mar 6 18:35:00 2011
@@ -21,6 +21,7 @@ package org.apache.ws.security.component
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -112,7 +113,13 @@ public class CertificateStoreTest extend
//
// Verify the signature
//
- List<WSSecurityEngineResult> results = verify(signedDoc,
receiverCrypto);
+ // Turn off BSP spec compliance
+ WSSecurityEngine newEngine = new WSSecurityEngine();
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(false);
+ newEngine.setWssConfig(config);
+ List<WSSecurityEngineResult> results =
+ newEngine.processSecurityHeader(signedDoc, null,
keystoreCallbackHandler, receiverCrypto);
WSSecurityEngineResult result =
WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
X509Certificate cert =
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CryptoTest.java
Sun Mar 6 18:35:00 2011
@@ -82,7 +82,7 @@ public class CryptoTest extends org.juni
public void testDynamicCrypto() throws Exception {
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo("wss40", "security");
- builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
Sun Mar 6 18:35:00 2011
@@ -181,7 +181,23 @@ public class EncryptionTest extends org.
LOG.debug(outputString);
}
assertTrue(outputString.indexOf("counter_port_type") == -1 ? true :
false);
- verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+
+ // Turn off BSP spec compliance
+ WSSecurityEngine newEngine = new WSSecurityEngine();
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(false);
+ newEngine.setWssConfig(config);
+ newEngine.processSecurityHeader(encryptedDoc, null,
keystoreCallbackHandler, crypto);
+
+ // Now turn on BSP spec compliance
+ config.setWsiBSPCompliant(true);
+ newEngine.setWssConfig(config);
+ try {
+ newEngine.processSecurityHeader(encryptedDoc, null,
keystoreCallbackHandler, crypto);
+ fail("Failure expected on a bad ValueType attribute");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
}
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
Sun Mar 6 18:35:00 2011
@@ -278,7 +278,22 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
- verify(signedDoc);
+ // Turn off BSP spec compliance
+ WSSecurityEngine newEngine = new WSSecurityEngine();
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(false);
+ newEngine.setWssConfig(config);
+ newEngine.processSecurityHeader(doc, null, null, crypto);
+
+ // Now turn on BSP spec compliance
+ config.setWsiBSPCompliant(true);
+ newEngine.setWssConfig(config);
+ try {
+ newEngine.processSecurityHeader(doc, null, null, crypto);
+ fail("Failure expected on a bad ValueType attribute");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
}
/**
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
Sun Mar 6 18:35:00 2011
@@ -104,6 +104,7 @@ public class SamlReferenceTest extends o
secHeader.insertSecurityHeader(doc);
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document signedDoc =
wsSign.build(
doc, null, assertion, crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e",
@@ -165,6 +166,7 @@ public class SamlReferenceTest extends o
secHeader.insertSecurityHeader(doc);
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
wsSign.setUseDirectReferenceToAssertion(true);
Document signedDoc =
wsSign.build(
@@ -353,7 +355,7 @@ public class SamlReferenceTest extends o
AssertionWrapper assertion = saml.newAssertion();
Crypto crypto = CryptoFactory.getInstance("crypto.properties");
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
- wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document samlDoc =
wsSign.build(doc, null, assertion, crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e", "security", secHeader
@@ -565,6 +567,7 @@ public class SamlReferenceTest extends o
secHeader.insertSecurityHeader(doc);
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document signedDoc =
wsSign.build(
doc, null, assertion, crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e",
@@ -626,6 +629,7 @@ public class SamlReferenceTest extends o
secHeader.insertSecurityHeader(doc);
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
wsSign.setUseDirectReferenceToAssertion(true);
Document signedDoc =
wsSign.build(
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java?rev=1078536&r1=1078535&r2=1078536&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java
Sun Mar 6 18:35:00 2011
@@ -104,9 +104,13 @@ public class ValidatorTest extends org.j
// The default behaviour is that trust verification will fail
Crypto cryptoCA = CryptoFactory.getInstance("crypto.properties");
- WSSConfig wssConfig = WSSConfig.getNewInstance();
+ // Turn off BSP spec compliance
+ WSSecurityEngine newEngine = new WSSecurityEngine();
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setWsiBSPCompliant(false);
+ newEngine.setWssConfig(config);
try {
- verify(signedDoc, wssConfig, null, cryptoCA);
+ newEngine.processSecurityHeader(signedDoc, null, null, cryptoCA);
throw new Exception("Failure expected on issuer serial");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() ==
WSSecurityException.FAILED_AUTHENTICATION);
@@ -114,8 +118,9 @@ public class ValidatorTest extends org.j
}
// Now switch out the default signature validator
- wssConfig.setValidator(WSSecurityEngine.SIGNATURE,
NoOpValidator.class);
- verify(signedDoc, wssConfig, null, cryptoCA);
+ config.setValidator(WSSecurityEngine.SIGNATURE, NoOpValidator.class);
+ newEngine.setWssConfig(config);
+ newEngine.processSecurityHeader(signedDoc, null, null, cryptoCA);
}
/**
