Author: coheigea
Date: Tue Jan 21 16:08:35 2014
New Revision: 1560053
URL: http://svn.apache.org/r1560053
Log:
SecureRandom refactor
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
Tue Jan 21 16:08:35 2014
@@ -138,9 +138,7 @@ public final class UsernameTokenUtil {
*/
private static byte[] generateNonce(int length) throws WSSecurityException
{
try {
- byte[] temp = new byte[length];
- XMLSecurityConstants.secureRandom.nextBytes(temp);
- return temp;
+ return XMLSecurityConstants.generateBytes(length);
} catch (Exception ex) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", ex,
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Tue Jan 21 16:08:35 2014
@@ -52,7 +52,6 @@ import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.*;
@@ -67,7 +66,7 @@ public class WSSecEncrypt extends WSSecE
/**
* SecurityTokenReference to be inserted into EncryptedData/keyInfo
element.
*/
- private SecurityTokenReference securityTokenReference ;
+ private SecurityTokenReference securityTokenReference;
/**
* Indicates whether to encrypt the symmetric key into an EncryptedKey
@@ -498,9 +497,7 @@ public class WSSecEncrypt extends WSSecE
if (XMLCipher.AES_128_GCM.equals(encryptionAlgorithm)
||
XMLCipher.AES_192_GCM.equals(encryptionAlgorithm)
||
XMLCipher.AES_256_GCM.equals(encryptionAlgorithm)) {
- SecureRandom random =
SecureRandom.getInstance("SHA1PRNG");
- byte[] temp = new byte[12];
- random.nextBytes(temp);
+ byte[] temp = WSSecurityUtil.generateNonce(12);
IvParameterSpec paramSpec = new
IvParameterSpec(temp);
cipher.init(Cipher.ENCRYPT_MODE, secretKey,
paramSpec);
} else {
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Tue Jan 21 16:08:35 2014
@@ -1006,9 +1006,7 @@ public final class WSSecurityUtil {
*/
public static byte[] generateNonce(int length) throws WSSecurityException {
try {
- byte[] temp = new byte[length];
- XMLSecurityConstants.secureRandom.nextBytes(temp);
- return temp;
+ return XMLSecurityConstants.generateBytes(length);
} catch (Exception ex) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", ex,
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
Tue Jan 21 16:08:35 2014
@@ -2379,8 +2379,7 @@ public class AsymmetricBindingIntegratio
samlCallbackHandler.setStatement(SAMLCallbackHandlerImpl.Statement.AUTHN);
samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
samlCallbackHandler.setIssuer("www.example.com");
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(128 / 8);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
callbackHandler.setSecret(secret);
KeyStore keyStore = KeyStore.getInstance("jks");
@@ -2510,8 +2509,7 @@ public class AsymmetricBindingIntegratio
samlCallbackHandler.setStatement(SAMLCallbackHandlerImpl.Statement.AUTHN);
samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
samlCallbackHandler.setIssuer("www.example.com");
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(128 / 8);
CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
callbackHandler.setSecret(secret);
KeyStore keyStore = KeyStore.getInstance("jks");
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Tue Jan 21 16:08:35 2014
@@ -46,6 +46,7 @@ import org.apache.wss4j.common.crypto.Pa
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.validate.Validator;
+import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.utils.Base64;
@@ -756,10 +757,14 @@ public class WSSSecurityProperties exten
private synchronized ReplayCache createCache(String key) throws
WSSecurityException {
ReplayCacheFactory replayCacheFactory =
ReplayCacheFactory.newInstance();
- byte[] nonceValue = new byte[10];
- WSSConstants.secureRandom.nextBytes(nonceValue);
- String cacheKey = key + Base64.encode(nonceValue);
- return replayCacheFactory.newReplayCache(cacheKey, null);
+ byte[] nonceValue;
+ try {
+ nonceValue = WSSConstants.generateBytes(10);
+ String cacheKey = key + Base64.encode(nonceValue);
+ return replayCacheFactory.newReplayCache(cacheKey, null);
+ } catch (XMLSecurityException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
}
/**
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Tue Jan 21 16:08:35 2014
@@ -100,8 +100,7 @@ public class DerivedKeyTokenOutputProces
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "UTF-8
encoding is not supported");
}
- byte[] nonce = new byte[16];
- WSSConstants.secureRandom.nextBytes(nonce);
+ byte[] nonce = WSSConstants.generateBytes(16);
byte[] seed = new byte[label.length + nonce.length];
System.arraycopy(label, 0, seed, 0, label.length);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Tue Jan 21 16:08:35 2014
@@ -247,8 +247,7 @@ public class EncryptOutputProcessor exte
// The Spec mandates a 96-bit IV for GCM algorithms
if ("AES/GCM/NoPadding".equals(cipher.getAlgorithm())) {
- byte[] temp = new byte[12];
- XMLSecurityConstants.secureRandom.nextBytes(temp);
+ byte[] temp = XMLSecurityConstants.generateBytes(12);
IvParameterSpec ivParameterSpec = new
IvParameterSpec(temp);
cipher.init(Cipher.ENCRYPT_MODE,
encryptionPartDef.getSymmetricKey(), ivParameterSpec);
} else {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
Tue Jan 21 16:08:35 2014
@@ -90,8 +90,7 @@ public class UsernameTokenOutputProcesso
byte[] nonceValue = null;
if (usernameTokenPasswordType ==
WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST
|| ((WSSSecurityProperties)
getSecurityProperties()).isAddUsernameTokenNonce()) {
- nonceValue = new byte[16];
- WSSConstants.secureRandom.nextBytes(nonceValue);
+ nonceValue = WSSConstants.generateBytes(16);
}
XMLGregorianCalendar created = null;
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
Tue Jan 21 16:08:35 2014
@@ -95,8 +95,7 @@ public class DerivedKeyTokenTest extends
List<WSSConstants.Action> actions = new
ArrayList<WSSConstants.Action>();
actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
- byte[] secret = new byte[192 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(192 / 8);
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(secret);
securityProperties.setCallbackHandler(callbackHandler);
securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
@@ -220,8 +219,7 @@ public class DerivedKeyTokenTest extends
List<WSSConstants.Action> actions = new
ArrayList<WSSConstants.Action>();
actions.add(WSSConstants.ENCRYPT_WITH_DERIVED_KEY);
securityProperties.setActions(actions);
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(128 / 8);
CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(secret);
securityProperties.setCallbackHandler(callbackHandler);
securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java?rev=1560053&r1=1560052&r2=1560053&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
Tue Jan 21 16:08:35 2014
@@ -88,8 +88,7 @@ public class SecurityContextTokenTest ex
@Test
public void testSCTDKTEncryptOutbound() throws Exception {
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(128 / 8);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -219,8 +218,7 @@ public class SecurityContextTokenTest ex
@Test
public void testSCTKDKTSignOutbound() throws Exception {
- byte[] secret = new byte[128 / 8];
- WSSConstants.secureRandom.nextBytes(secret);
+ byte[] secret = WSSConstants.generateBytes(128 / 8);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
