Author: giger
Date: Mon Jan 13 08:09:05 2014
New Revision: 1557657
URL: http://svn.apache.org/r1557657
Log:
WSS-468 - Symmetric Binding + EncryptBeforeSigning puts the Signature in front
of the EncryptedKey
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
(with props)
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Mon Jan 13 08:09:05 2014
@@ -195,18 +195,26 @@ public class OutboundWSSec {
} else if (WSSConstants.ENCRYPT.equals(action)) {
encryptionAction = true;
+
+ EncryptedKeyOutputProcessor encryptedKeyOutputProcessor =
null;
if (securityProperties.isEncryptSymmetricEncryptionKey()) {
final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
- final EncryptedKeyOutputProcessor
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
}
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ if (encryptedKeyOutputProcessor == null) {
+ final ReferenceListOutputProcessor
referenceListOutputProcessor = new ReferenceListOutputProcessor();
+
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action);
+ }
+
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
final UsernameTokenOutputProcessor
usernameTokenOutputProcessor = new UsernameTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
usernameTokenOutputProcessor, action);
@@ -252,15 +260,16 @@ public class OutboundWSSec {
encryptionAction = true;
derivedEncryption = true;
+ EncryptedKeyOutputProcessor encryptedKeyOutputProcessor =
null;
+
if (securityProperties.getDerivedKeyTokenReference() ==
WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
- final EncryptedKeyOutputProcessor
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
} else if
(securityProperties.getDerivedKeyTokenReference() ==
WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
final SecurityContextTokenOutputProcessor
securityContextTokenOutputProcessor =
new SecurityContextTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
securityContextTokenOutputProcessor, action);
-
}
final DerivedKeyTokenOutputProcessor
derivedKeyTokenOutputProcessor = new DerivedKeyTokenOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
derivedKeyTokenOutputProcessor, action);
@@ -268,6 +277,11 @@ public class OutboundWSSec {
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
+ if (encryptedKeyOutputProcessor == null) {
+ final ReferenceListOutputProcessor
referenceListOutputProcessor = new ReferenceListOutputProcessor();
+
referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+ initializeOutputProcessor(outputProcessorChain,
referenceListOutputProcessor, action);
+ }
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
signatureAction = true;
signedSAML = true;
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -187,7 +187,7 @@ public class DerivedKeyTokenOutputProces
if (wrappingSecurityToken.getProcessor() != null) {
finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
} else {
-
finalDerivedKeyTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
finalDerivedKeyTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
}
finalDerivedKeyTokenOutputProcessor.init(outputProcessorChain);
derivedKeySecurityToken.setProcessor(finalDerivedKeyTokenOutputProcessor);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -46,10 +46,6 @@ public class EncryptEndingOutputProcesso
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain =
outputProcessorChain.createSubChain(this);
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
- ||
!((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey())
{
- WSSUtils.createReferenceListStructureForEncryption(this,
subOutputProcessorChain);
- }
if (attachmentCount(outputProcessorChain) > 0) {
WSSUtils.createEncryptedDataStructureForAttachments(this,
subOutputProcessorChain);
}
@@ -70,11 +66,6 @@ public class EncryptEndingOutputProcesso
case XMLStreamConstants.START_ELEMENT:
if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
- if
(WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
- ||
!((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey())
{
- WSSUtils.updateSecurityHeaderOrder(
- outputProcessorChain,
WSSConstants.TAG_xenc_ReferenceList, getAction(), true);
- }
int attachmentCount =
attachmentCount(outputProcessorChain);
for (int i = 0; i < attachmentCount; i++) {
WSSUtils.updateSecurityHeaderOrder(
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -72,7 +72,8 @@ public class EncryptedKeyOutputProcessor
if (tokenId == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
- SecurityTokenProvider<OutboundSecurityToken>
wrappingSecurityTokenProvider =
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ SecurityTokenProvider<OutboundSecurityToken>
wrappingSecurityTokenProvider =
+
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
if (wrappingSecurityTokenProvider == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
@@ -81,20 +82,28 @@ public class EncryptedKeyOutputProcessor
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
- // See if a Symmetric Key is already available
- String encTokenId =
-
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
SecurityTokenProvider<OutboundSecurityToken>
encryptedKeySecurityTokenProvider = null;
GenericOutboundSecurityToken encryptedKeySecurityToken = null;
- if (encTokenId != null) {
- encryptedKeySecurityTokenProvider =
-
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
- if (encryptedKeySecurityTokenProvider != null) {
- encryptedKeySecurityToken =
-
(GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
- }
+
+ String sigTokenId =
+
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
+ // See if a Symmetric Key is already available
+ String encTokenId =
+
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+ if (encTokenId == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
+ encryptedKeySecurityTokenProvider =
+
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
+ if (encryptedKeySecurityTokenProvider == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+ }
+ encryptedKeySecurityToken =
+
(GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
+
+ boolean sharedToken = encTokenId.equals(sigTokenId);
+
FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor
= new FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalEncryptedKeyOutputProcessor.setAction(getAction());
@@ -102,8 +111,27 @@ public class EncryptedKeyOutputProcessor
if (WSSConstants.ENCRYPT.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+ } else if (sharedToken) {
+
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+ //hint for the headerReordering processor where to place
the EncryptedKey
+ if
(getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT) <
+
getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE)) {
+
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE);
+ }
+
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+
+ ReferenceListOutputProcessor referenceListOutputProcessor
= new ReferenceListOutputProcessor();
+
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action))
{
if (wrappingSecurityToken.getProcessor() != null) {
@@ -111,15 +139,37 @@ public class EncryptedKeyOutputProcessor
} else {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
}
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
if (wrappingSecurityToken.getProcessor() != null) {
finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+ } else if (sharedToken) {
+
finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+ //hint for the headerReordering processor where to place
the EncryptedKey
+ if
(getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT_WITH_DERIVED_KEY)
<
+
getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY))
{
+
finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
+ }
+
finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
} else {
finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
+ ReferenceListOutputProcessor referenceListOutputProcessor =
new ReferenceListOutputProcessor();
+
referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+
referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+ referenceListOutputProcessor.setAction(getAction());
+ referenceListOutputProcessor.init(outputProcessorChain);
+ } else {
+ finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
}
- finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
-
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(encryptedKeySecurityToken.getId(),
encryptedKeySecurityTokenProvider);
+
+
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(
+ encryptedKeySecurityToken.getId(),
encryptedKeySecurityTokenProvider);
encryptedKeySecurityToken.setProcessor(finalEncryptedKeyOutputProcessor);
} finally {
outputProcessorChain.removeProcessor(this);
@@ -130,6 +180,7 @@ public class EncryptedKeyOutputProcessor
class FinalEncryptedKeyOutputProcessor extends AbstractOutputProcessor {
private final OutboundSecurityToken securityToken;
+ private boolean outputReferenceList = true;
FinalEncryptedKeyOutputProcessor(OutboundSecurityToken securityToken)
throws XMLSecurityException {
super();
@@ -137,6 +188,10 @@ public class EncryptedKeyOutputProcessor
this.securityToken = securityToken;
}
+ protected void setOutputReferenceList(boolean outputReferenceList) {
+ this.outputReferenceList = outputReferenceList;
+ }
+
/*
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EncKeyId-1483925398">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
@@ -295,7 +350,7 @@ public class EncryptedKeyOutputProcessor
createEndElementAndOutputAsEvent(subOutputProcessorChain,
WSSConstants.TAG_xenc_CipherValue);
createEndElementAndOutputAsEvent(subOutputProcessorChain,
WSSConstants.TAG_xenc_CipherData);
- if (WSSConstants.ENCRYPT.equals(getAction())) {
+ if (outputReferenceList &&
WSSConstants.ENCRYPT.equals(getAction())) {
WSSUtils.createReferenceListStructureForEncryption(this,
subOutputProcessorChain);
}
createEndElementAndOutputAsEvent(subOutputProcessorChain,
headerElementName);
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java?rev=1557657&view=auto
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
(added)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.processor.output;
+
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
+import org.apache.xml.security.stax.ext.OutputProcessorChain;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+public class ReferenceListOutputProcessor extends AbstractOutputProcessor {
+
+ public ReferenceListOutputProcessor() throws XMLSecurityException {
+ super();
+ }
+
+ @Override
+ public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain
outputProcessorChain)
+ throws XMLStreamException, XMLSecurityException {
+ outputProcessorChain.processEvent(xmlSecEvent);
+
+ if (WSSUtils.isSecurityHeaderElement(xmlSecEvent,
((WSSSecurityProperties) getSecurityProperties()).getActor())) {
+
+ final QName headerElementName =
WSSConstants.TAG_xenc_ReferenceList;
+ WSSUtils.updateSecurityHeaderOrder(outputProcessorChain,
headerElementName, getAction(), false);
+
+ OutputProcessorChain subOutputProcessorChain =
outputProcessorChain.createSubChain(this);
+ WSSUtils.createReferenceListStructureForEncryption(this,
subOutputProcessorChain);
+
+ outputProcessorChain.removeProcessor(this);
+ }
+ }
+}
Propchange:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -116,6 +116,7 @@ public class SecurityContextTokenOutputP
if (wrappingSecurityToken.getProcessor() != null) {
finalSecurityContextTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
} else {
+
finalSecurityContextTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
finalSecurityContextTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
}
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
Mon Jan 13 08:09:05 2014
@@ -258,7 +258,17 @@ public class SignatureEncryptionTest ext
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+ Document document =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList securityHeaderElement =
document.getElementsByTagNameNS(WSConstants.WSSE_NS, "Security");
+ Assert.assertEquals(1, securityHeaderElement.getLength());
+ NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+ Assert.assertEquals(childs.getLength(), 4);
+ Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+ Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+ Assert.assertEquals(childs.item(2).getLocalName(),
"ReferenceList");
+ Assert.assertEquals(childs.item(3).getLocalName(), "Signature");
}
//done encryption; now test decryption:
@@ -269,6 +279,108 @@ public class SignatureEncryptionTest ext
}
@Test
+ public void testEncryptionSignatureSymmetricOutbound() throws Exception {
+
+ ByteArrayOutputStream baos;
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new
ArrayList<WSSConstants.Action>();
+ actions.add(WSSConstants.ENCRYPT);
+ actions.add(WSSConstants.SIGNATURE);
+ actions.add(WSSConstants.TIMESTAMP);
+ securityProperties.setActions(actions);
+
securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+ securityProperties.setEncryptionUser("receiver");
+
+
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+
securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
+ securityProperties.setSignatureKeyIdentifier(
+ WSSecurityTokenConstants.KeyIdentifier_EncryptedKey
+ );
+
+ securityProperties.addSignaturePart(
+ new SecurePart(new QName(WSSConstants.NS_WSU10,
"Timestamp"), SecurePart.Modifier.Element)
+ );
+ securityProperties.addSignaturePart(
+ new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"),
SecurePart.Modifier.Element)
+ );
+
+ OutboundWSSec wsSecOut =
WSSec.getOutboundWSSec(securityProperties);
+
+ // Symmetric Key
+ String keyAlgorithm =
+
JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(WSSConstants.NS_XENC_AES128);
+ KeyGenerator keyGen;
+ try {
+ keyGen = KeyGenerator.getInstance(keyAlgorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ int keyLength =
JCEAlgorithmMapper.getKeyLengthFromURI(WSSConstants.NS_XENC_AES128);
+ keyGen.init(keyLength);
+
+ final Key symmetricKey = keyGen.generateKey();
+
+ final String ekId = IDGenerator.generateID(null);
+
+ final GenericOutboundSecurityToken encryptedKeySecurityToken =
+ new GenericOutboundSecurityToken(ekId,
WSSecurityTokenConstants.EncryptedKeyToken, symmetricKey);
+
+ final SecurityTokenProvider<OutboundSecurityToken>
encryptedKeySecurityTokenProvider =
+ new SecurityTokenProvider<OutboundSecurityToken>() {
+
+ @Override
+ public OutboundSecurityToken getSecurityToken() throws
XMLSecurityException {
+ return encryptedKeySecurityToken;
+ }
+
+ @Override
+ public String getId() {
+ return ekId;
+ }
+ };
+
+ final OutboundSecurityContextImpl outboundSecurityContext = new
OutboundSecurityContextImpl();
+ outboundSecurityContext.putList(SecurityEvent.class, new
ArrayList<SecurityEvent>());
+
+ // Save Token on the security context
+
outboundSecurityContext.registerSecurityTokenProvider(encryptedKeySecurityTokenProvider.getId(),
encryptedKeySecurityTokenProvider);
+
outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
encryptedKeySecurityTokenProvider.getId());
+
outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
encryptedKeySecurityTokenProvider.getId());
+
+ InputStream sourceDocument =
this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+ baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter =
+ wsSecOut.processOutMessage(baos, "UTF-8",
outboundSecurityContext);
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+
+ NodeList securityHeaderElement =
document.getElementsByTagNameNS(WSConstants.WSSE_NS, "Security");
+ Assert.assertEquals(1, securityHeaderElement.getLength());
+ NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+ Assert.assertEquals(childs.getLength(), 4);
+ Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+ Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+ Assert.assertEquals(childs.item(2).getLocalName(), "Signature");
+ Assert.assertEquals(childs.item(3).getLocalName(),
"ReferenceList");
+ }
+
+ //done encryption; now test decryption:
+ {
+ String action = WSHandlerConstants.ENCRYPT + " " +
WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP;
+
doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+ @Test
public void testEncryptedDataTokenSecurityHeaderWithoutReferenceInbound()
throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
