Author: coheigea
Date: Mon Jun 17 11:37:23 2019
New Revision: 1861500
URL: http://svn.apache.org/viewvc?rev=1861500&view=rev
Log:
Consolidating password digest code
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
(original)
+++
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
Mon Jun 17 11:37:23 2019
@@ -140,4 +140,34 @@ public final class UsernameTokenUtil {
);
}
}
+
+ public static String doPasswordDigest(byte[] nonce, String created, String
password) throws WSSecurityException {
+ return doPasswordDigest(nonce, created,
password.getBytes(StandardCharsets.UTF_8));
+ }
+
+ public static String doPasswordDigest(byte[] nonce, String created, byte[]
password) throws WSSecurityException {
+ String passwdDigest = null;
+ try {
+ byte[] b1 = nonce != null ? nonce : new byte[0];
+ byte[] b2 = created != null ?
created.getBytes(StandardCharsets.UTF_8) : new byte[0];
+ byte[] b3 = password;
+ byte[] b4 = new byte[b1.length + b2.length + b3.length];
+ int offset = 0;
+ System.arraycopy(b1, 0, b4, offset, b1.length);
+ offset += b1.length;
+
+ System.arraycopy(b2, 0, b4, offset, b2.length);
+ offset += b2.length;
+
+ System.arraycopy(b3, 0, b4, offset, b3.length);
+
+ byte[] digestBytes = KeyUtils.generateDigest(b4);
+ passwdDigest =
org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes);
+ } catch (Exception e) {
+ LOG.debug(e.getMessage(), e);
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
"decoding.general");
+ }
+ return passwdDigest;
+ }
+
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
Mon Jun 17 11:37:23 2019
@@ -20,7 +20,6 @@
package org.apache.wss4j.dom.message.token;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.time.Instant;
import java.time.ZoneOffset;
@@ -42,7 +41,6 @@ import org.apache.wss4j.common.ext.WSSec
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.DateUtil;
-import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.WSCurrentTimeSource;
import org.apache.wss4j.common.util.WSTimeSource;
@@ -500,11 +498,12 @@ public class UsernameToken {
Text node = getFirstNode(elementPassword);
try {
if (hashed) {
+ byte[] decodedNonce =
org.apache.xml.security.utils.XMLUtils.decode(getNonce());
if (passwordsAreEncoded) {
- node.setData(doPasswordDigest(getNonce(), getCreated(),
+
node.setData(UsernameTokenUtil.doPasswordDigest(decodedNonce, getCreated(),
org.apache.xml.security.utils.XMLUtils.decode(pwd)));
} else {
- node.setData(doPasswordDigest(getNonce(), getCreated(),
pwd));
+
node.setData(UsernameTokenUtil.doPasswordDigest(decodedNonce, getCreated(),
pwd));
}
} else {
node.setData(pwd);
@@ -556,40 +555,6 @@ public class UsernameToken {
return passwordsAreEncoded;
}
- public static String doPasswordDigest(String nonce, String created, byte[]
password) {
- String passwdDigest = null;
- try {
- byte[] b1 = nonce != null ?
org.apache.xml.security.utils.XMLUtils.decode(nonce) : new byte[0];
- byte[] b2 = created != null ?
created.getBytes(StandardCharsets.UTF_8) : new byte[0];
- byte[] b3 = password;
- byte[] b4 = new byte[b1.length + b2.length + b3.length];
- int offset = 0;
- System.arraycopy(b1, 0, b4, offset, b1.length);
- offset += b1.length;
-
- System.arraycopy(b2, 0, b4, offset, b2.length);
- offset += b2.length;
-
- System.arraycopy(b3, 0, b4, offset, b3.length);
-
- byte[] digestBytes = KeyUtils.generateDigest(b4);
- passwdDigest =
org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes);
- } catch (Exception e) {
- LOG.debug(e.getMessage(), e);
- }
- return passwdDigest;
- }
-
- public static String doPasswordDigest(String nonce, String created, String
password) {
- String passwdDigest = null;
- try {
- passwdDigest = doPasswordDigest(nonce, created,
password.getBytes(StandardCharsets.UTF_8));
- } catch (Exception e) {
- LOG.debug(e.getMessage(), e);
- }
- return passwdDigest;
- }
-
/**
* Returns the first text node of an element.
*
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
Mon Jun 17 11:37:23 2019
@@ -27,6 +27,7 @@ import javax.security.auth.callback.Unsu
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.xml.security.utils.XMLUtils;
@@ -166,11 +167,12 @@ public class UsernameTokenValidator impl
}
if (usernameToken.isHashed()) {
String passDigest;
+ byte[] decodedNonce = XMLUtils.decode(nonce);
if (passwordsAreEncoded) {
- passDigest = UsernameToken.doPasswordDigest(nonce, createdTime,
+ passDigest = UsernameTokenUtil.doPasswordDigest(decodedNonce,
createdTime,
XMLUtils.decode(origPassword));
} else {
- passDigest = UsernameToken.doPasswordDigest(nonce,
createdTime, origPassword);
+ passDigest = UsernameTokenUtil.doPasswordDigest(decodedNonce,
createdTime, origPassword);
}
if (!passDigest.equals(password)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
Modified:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
Mon Jun 17 11:37:23 2019
@@ -36,6 +36,7 @@ import org.apache.wss4j.common.bsp.BSPRu
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.WSTimeSource;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -174,7 +175,8 @@ public class UsernameTokenTest implement
String nonce = "0x7bXAPZVn40AdCD0Xbt0g==";
String created = "2010-06-28T15:16:37Z";
String expectedPasswordDigest = "C0rena/6gKpRZ9ATj+e6ss5sAbQ=";
- String actualPasswordDigest = UsernameToken.doPasswordDigest(nonce,
created, passwordHash);
+ byte[] decodedNonce =
org.apache.xml.security.utils.XMLUtils.decode(nonce);
+ String actualPasswordDigest =
UsernameTokenUtil.doPasswordDigest(decodedNonce, created, passwordHash);
assertEquals("the password digest is not as expected",
expectedPasswordDigest, actualPasswordDigest);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
Mon Jun 17 11:37:23 2019
@@ -204,7 +204,7 @@ public class UsernameTokenOutputProcesso
createCharactersAndOutputAsEvent(subOutputProcessorChain,
((WSSSecurityProperties)
getSecurityProperties()).getUsernameTokenPasswordType()
==
WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST
- ?
WSSUtils.doPasswordDigest(this.nonceValue, created, this.password)
+ ?
UsernameTokenUtil.doPasswordDigest(this.nonceValue, created, this.password)
: this.password);
createEndElementAndOutputAsEvent(subOutputProcessorChain,
WSSConstants.TAG_WSSE_PASSWORD);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
Mon Jun 17 11:37:23 2019
@@ -19,7 +19,6 @@
package org.apache.wss4j.stax.utils;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -113,30 +112,6 @@ public class WSSUtils extends XMLSecurit
}
}
- public static String doPasswordDigest(byte[] nonce, String created, String
password) throws WSSecurityException {
- try {
- byte[] b1 = nonce != null ? nonce : new byte[0];
- byte[] b2 = created != null ?
created.getBytes(StandardCharsets.UTF_8) : new byte[0];
- byte[] b3 = password.getBytes(StandardCharsets.UTF_8);
- byte[] b4 = new byte[b1.length + b2.length + b3.length];
- int offset = 0;
- System.arraycopy(b1, 0, b4, offset, b1.length);
- offset += b1.length;
-
- System.arraycopy(b2, 0, b4, offset, b2.length);
- offset += b2.length;
-
- System.arraycopy(b3, 0, b4, offset, b3.length);
-
- MessageDigest sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(b4);
- return XMLUtils.encodeToString(sha.digest());
- } catch (NoSuchAlgorithmException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
"decoding.general");
- }
- }
-
public static String getSOAPMessageVersionNamespace(XMLSecEvent
xmlSecEvent) {
XMLSecStartElement xmlSecStartElement =
xmlSecEvent.getStartElementAtLevel(1);
if (xmlSecStartElement != null) {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Mon Jun 17 11:37:23 2019
@@ -25,6 +25,7 @@ import org.apache.wss4j.binding.wss10.Us
import org.apache.wss4j.binding.wsu10.AttributedDateTime;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -179,7 +180,7 @@ public class UsernameTokenValidatorImpl
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
- String passDigest = WSSUtils.doPasswordDigest(nonceVal, created,
pwCb.getPassword());
+ String passDigest = UsernameTokenUtil.doPasswordDigest(nonceVal,
created, pwCb.getPassword());
if (!passwordType.getValue().equals(passDigest)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Mon Jun 17 11:37:23 2019
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.cache.Rep
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -249,8 +250,8 @@ public class UsernameTokenTest extends A
ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
String createdString =
DateUtil.getDateTimeFormatter(true).format(created);
String digest =
- org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
- "Ex2YESUvsa1qne1m6TM8XA==", createdString, "default"
+ UsernameTokenUtil.doPasswordDigest(
+ XMLUtils.decode("Ex2YESUvsa1qne1m6TM8XA=="), createdString,
"default"
);
String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -299,8 +300,8 @@ public class UsernameTokenTest extends A
String createdString =
DateUtil.getDateTimeFormatter(true).format(created);
String digest =
- org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
- "Ex2YEKVvsa1qne1m6TM8XA==", createdString, "default"
+ UsernameTokenUtil.doPasswordDigest(
+ XMLUtils.decode("Ex2YEKVvsa1qne1m6TM8XA=="), createdString,
"default"
);
String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -343,8 +344,8 @@ public class UsernameTokenTest extends A
String createdString =
DateUtil.getDateTimeFormatter(true).format(created);
String digest =
- org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
- "Ex2YEKVvSa1qne1m6TM8XA==", createdString, "default"
+ UsernameTokenUtil.doPasswordDigest(
+ XMLUtils.decode("Ex2YEKVvSa1qne1m6TM8XA=="), createdString,
"default"
);
String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -380,8 +381,8 @@ public class UsernameTokenTest extends A
String createdString =
DateUtil.getDateTimeFormatter(true).format(created);
String digest =
- org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
- "Ex2YEKVvsa1Qne1m6TM8XA==", createdString, "default"
+ UsernameTokenUtil.doPasswordDigest(
+ XMLUtils.decode("Ex2YEKVvsa1Qne1m6TM8XA=="), createdString,
"default"
);
String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
