svn commit: r1493489 - in /webservices/wss4j/trunk: integration/src/test/java/org/apache/wss4j/integration/test/stax/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/

giger Sun, 16 Jun 2013 03:10:27 -0700

Author: giger
Date: Sun Jun 16 10:08:51 2013
New Revision: 1493489

URL: http://svn.apache.org/r1493489
Log:
fix kerberos token key length issues


Modified:
    
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
    
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
    
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java

Modified: 
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java?rev=1493489&r1=1493488&r2=1493489&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
 (original)
+++ 
webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
 Sun Jun 16 10:08:51 2013
@@ -376,6 +376,7 @@ public class KerberosTest extends Abstra
             WSSSecurityProperties securityProperties = new 
WSSSecurityProperties();
             WSSConstants.Action[] actions = new 
WSSConstants.Action[]{WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN};
             securityProperties.setOutAction(actions);
+            
securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES128);
             securityProperties.setCallbackHandler(new CallbackHandler() {
                 @Override
                 public void handle(Callback[] callbacks) throws IOException, 
UnsupportedCallbackException {
@@ -472,7 +473,7 @@ public class KerberosTest extends Abstra
             bst.setID("Id-" + bst.hashCode());
 
             WSSecEncrypt builder = new WSSecEncrypt();
-            builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+            builder.setSymmetricEncAlgorithm(WSConstants.AES_256);
             SecretKey secretKey = bst.getSecretKey();
             builder.setSymmetricKey(secretKey);
             builder.setEncryptSymmKey(false);

Modified: 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1493489&r1=1493488&r2=1493489&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
 Sun Jun 16 10:08:51 2013
@@ -156,6 +156,8 @@ public class WSSecEncrypt extends WSSecE
         
         if (symmetricKey == null) {
             symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, 
ephemeralKey);
+        } else {
+            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, 
symmetricKey.getEncoded());
         }
         
         //

Modified: 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java?rev=1493489&r1=1493488&r2=1493489&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosClientSecurityToken.java
 Sun Jun 16 10:08:51 2013
@@ -138,8 +138,21 @@ public class KerberosClientSecurityToken
         if (this.secretKey == null) {
             getTGT();
         }
+
+        byte[] sk = this.secretKey.getEncoded();
+
         String algoFamily = 
JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-        key = new SecretKeySpec(this.secretKey.getEncoded(), algoFamily);
+        int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(algorithmURI) / 
8;
+        if (sk.length < keyLength) {
+            //normally we should throw an exception here because we don't have
+            //enough key material for the requested algorithm
+            //but I haven't found any documentation about how this case should 
be handled
+            //and the second thing is that we would need a kerberos key with 
minimum 160 bits
+            //to be able to sign with a more or less secure algo like hmacsha1
+            keyLength = sk.length;
+        }
+
+        key = new SecretKeySpec(sk, 0, keyLength, algoFamily);
         setSecretKey(algorithmURI, key);
         return key;
     }

Modified: 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java?rev=1493489&r1=1493488&r2=1493489&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
 Sun Jun 16 10:08:51 2013
@@ -139,9 +139,20 @@ public class KerberosServiceSecurityToke
             this.kerberosTokenDecoder = getTGT();
         }
 
-        byte[] secretToken = this.kerberosTokenDecoder.getSessionKey();
+        byte[] sk = this.kerberosTokenDecoder.getSessionKey();
+
         String algoFamily = 
JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-        key = new SecretKeySpec(secretToken, algoFamily);
+        int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(algorithmURI) / 
8;
+        if (sk.length < keyLength) {
+            //normally we should throw an exception here because we don't have
+            //enough key material for the requested algorithm
+            //but I haven't found any documentation about how this case should 
be handled
+            //and the second thing is that we would need a kerberos key with 
minimum 160 bits
+            //to be able to sign with a more or less secure algo like hmacsha1
+            keyLength = sk.length;
+        }
+
+        key = new SecretKeySpec(sk, 0, keyLength, algoFamily);
         setSecretKey(algorithmURI, key);
         return key;
     }

svn commit: r1493489 - in /webservices/wss4j/trunk: integration/src/test/java/org/apache/wss4j/integration/test/stax/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/

Reply via email to