Author: giger
Date: Fri Mar 23 18:48:48 2012
New Revision: 1304557
URL: http://svn.apache.org/viewvc?rev=1304557&view=rev
Log:
Add missing AlgorithmSecurityEvent to DerivedTokenInputHandler.
Test for expected SecurityEvents in the UnitTests for the SecurityContextToken
and DerivedKeyToken cases.
This solved an known issue and is also part of WSS-378 .
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/AlgoFactory.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/DerivedKeyUtils.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/AlgoFactory.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/AlgoFactory.java?rev=1304557&r1=1304556&r2=1304557&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/AlgoFactory.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/AlgoFactory.java
Fri Mar 23 18:48:48 2012
@@ -35,8 +35,7 @@ public class AlgoFactory {
* @throws ConversationException If the specified algorithm is not
available
* in default implementations
*/
- public static DerivationAlgorithm getInstance(String algorithm) throws
- ConversationException {
+ public static DerivationAlgorithm getInstance(String algorithm) throws
ConversationException {
if ((WSSConstants.P_SHA_1_2005_12).equals(algorithm) ||
(WSSConstants.P_SHA_1).equals(algorithm)) {
return new P_SHA1();
} else {
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/DerivedKeyUtils.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/DerivedKeyUtils.java?rev=1304557&r1=1304556&r2=1304557&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/DerivedKeyUtils.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/derivedKey/DerivedKeyUtils.java
Fri Mar 23 18:48:48 2012
@@ -37,9 +37,6 @@ public class DerivedKeyUtils {
*/
public static byte[] deriveKey(String algorithm, String label, int length,
byte[] secret, byte[] nonce, int offset) throws WSSecurityException {
try {
- if (algorithm == null || algorithm.equals("")) {
- algorithm = WSSConstants.P_SHA_1;
- }
DerivationAlgorithm algo = AlgoFactory.getInstance(algorithm);
byte[] labelBytes;
if (label == null || label.length() == 0) {
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java?rev=1304557&r1=1304556&r2=1304557&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DerivedKeyTokenInputHandler.java
Fri Mar 23 18:48:48 2012
@@ -27,6 +27,7 @@ import org.swssf.wss.impl.securityToken.
import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
import org.swssf.wss.impl.securityToken.SecurityTokenFactoryImpl;
import org.swssf.wss.impl.securityToken.UsernameSecurityToken;
+import org.swssf.wss.securityEvent.AlgorithmSuiteSecurityEvent;
import org.swssf.wss.securityEvent.DerivedKeyTokenSecurityEvent;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
import org.swssf.xmlsec.ext.*;
@@ -125,15 +126,30 @@ public class DerivedKeyTokenInputHandler
if (nonce == null || nonce.length == 0) {
throw new WSSecurityException("Missing wsc:Nonce
value");
}
+ String derivedKeyAlgorithm =
derivedKeyTokenType.getAlgorithm();
+ if (derivedKeyAlgorithm == null) {
+ derivedKeyAlgorithm = WSSConstants.P_SHA_1;
+ }
byte[] keyBytes = DerivedKeyUtils.deriveKey(
- derivedKeyTokenType.getAlgorithm(),
+ derivedKeyAlgorithm,
derivedKeyTokenType.getLabel(),
derivedKeyTokenType.getLength().intValue(),
secret,
nonce,
derivedKeyTokenType.getOffset().intValue()
);
- //todo algo sec event here!
+ XMLSecurityConstants.KeyUsage derivedKeyUsage;
+ if (WSSConstants.Enc.equals(keyUsage)) {
+ derivedKeyUsage = WSSConstants.Enc_KD;
+ } else {
+ derivedKeyUsage = WSSConstants.Sig_KD;
+ }
+ AlgorithmSuiteSecurityEvent
algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
+
algorithmSuiteSecurityEvent.setAlgorithmURI(derivedKeyAlgorithm);
+
algorithmSuiteSecurityEvent.setKeyUsage(derivedKeyUsage);
+
algorithmSuiteSecurityEvent.setKeyLength(keyBytes.length * 8);
+ ((WSSecurityContext)
inputProcessorChain.getSecurityContext()).registerSecurityEvent(algorithmSuiteSecurityEvent);
+
String algo =
JCEAlgorithmMapper.translateURItoJCEID(algorithmURI);
return new SecretKeySpec(keyBytes, algo);
}
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java?rev=1304557&r1=1304556&r2=1304557&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
Fri Mar 23 18:48:48 2012
@@ -157,6 +157,7 @@ public class DerivedKeyTokenTest extends
SecurityEvent.Event.AlgorithmSuite,
SecurityEvent.Event.AlgorithmSuite,
SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
SecurityEvent.Event.Operation,
};
final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
@@ -629,7 +630,28 @@ public class DerivedKeyTokenTest extends
securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
securityProperties.setCallbackHandler(new CallbackHandlerImpl());
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.X509Token,
+ SecurityEvent.Event.SignatureValue,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.SignedElement,
+ SecurityEvent.Event.EncryptedPart,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
@@ -638,6 +660,8 @@ public class DerivedKeyTokenTest extends
nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
}
}
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java?rev=1304557&r1=1304556&r2=1304557&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
Fri Mar 23 18:48:48 2012
@@ -156,12 +156,25 @@ public class SecurityContextTokenTest ex
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
securityProperties.setCallbackHandler(callbackHandler);
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.EncryptedPart,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
}
}
@@ -249,9 +262,26 @@ public class SecurityContextTokenTest ex
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
securityProperties.setCallbackHandler(callbackHandler);
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SignatureValue,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.SignedElement,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
+
+ securityEventListener.compare();
}
}
@@ -349,12 +379,33 @@ public class SecurityContextTokenTest ex
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
securityProperties.setCallbackHandler(callbackHandler);
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SignatureValue,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.SignedElement,
+ SecurityEvent.Event.EncryptedPart,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
}
}
@@ -406,12 +457,33 @@ public class SecurityContextTokenTest ex
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
securityProperties.setCallbackHandler(callbackHandler);
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SignatureValue,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.SignedElement,
+ SecurityEvent.Event.EncryptedPart,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
+
+ securityEventListener.compare();
}
}
@@ -456,9 +528,25 @@ public class SecurityContextTokenTest ex
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
securityProperties.setCallbackHandler(callbackHandler);
InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ SecurityEvent.Event[] expectedSecurityEvents = new
SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SignatureValue,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.AlgorithmSuite,
+ SecurityEvent.Event.SignedElement,
+ SecurityEvent.Event.Operation,
+ };
+ final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
+
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
+
+ securityEventListener.compare();
}
}
}
