Author: coheigea
Date: Wed Oct 16 15:58:59 2019
New Revision: 1868512
URL: http://svn.apache.org/viewvc?rev=1868512&view=rev
Log:
WSS-656 - Add the ability to specify a security Provider to use with Signature
Added:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
Wed Oct 16 15:58:59 2019
@@ -85,6 +85,7 @@ public class SAMLTokenSignedAction imple
wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
wsSign.setWsDocInfo(reqData.getWsDocInfo());
wsSign.setExpandXopInclude(reqData.isExpandXopInclude());
+ wsSign.setSignatureProvider(reqData.getSignatureProvider());
CallbackHandler callbackHandler =
handler.getPasswordCallbackHandler(reqData);
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
Wed Oct 16 15:58:59 2019
@@ -62,6 +62,7 @@ public class SignatureAction implements
wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
wsSign.setWsDocInfo(reqData.getWsDocInfo());
wsSign.setExpandXopInclude(reqData.isExpandXopInclude());
+ wsSign.setSignatureProvider(reqData.getSignatureProvider());
if (signatureToken.getKeyIdentifierId() != 0) {
wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
Wed Oct 16 15:58:59 2019
@@ -19,6 +19,7 @@
package org.apache.wss4j.dom.handler;
+import java.security.Provider;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
@@ -95,6 +96,7 @@ public class RequestData {
private boolean storeBytesInAttachment;
private Serializer encryptionSerializer;
private WSDocInfo wsDocInfo;
+ private Provider signatureProvider;
/**
* Whether to add an InclusiveNamespaces PrefixList as a
CanonicalizationMethod
@@ -771,4 +773,15 @@ public class RequestData {
public void setWsDocInfo(WSDocInfo wsDocInfo) {
this.wsDocInfo = wsDocInfo;
}
+
+ public Provider getSignatureProvider() {
+ return signatureProvider;
+ }
+
+ /**
+ * Set a security Provider instance to use for Signature
+ */
+ public void setSignatureProvider(Provider signatureProvider) {
+ this.signatureProvider = signatureProvider;
+ }
}
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
Wed Oct 16 15:58:59 2019
@@ -109,6 +109,7 @@ public class WSSecSignature extends WSSe
private boolean includeSignatureToken;
private boolean addInclusivePrefixes = true;
private Element customKeyInfoElement;
+ private Provider signatureProvider;
public WSSecSignature(WSSecHeader securityHeader) {
super(securityHeader);
@@ -598,6 +599,9 @@ public class WSSecSignature extends WSSe
} else {
signContext = new DOMSignContext(key, securityHeaderElement);
}
+ if (signatureProvider != null) {
+
signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
signatureProvider);
+ }
signContext.putNamespacePrefix(WSConstants.SIG_NS,
WSConstants.SIG_PREFIX);
if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
@@ -925,4 +929,12 @@ public class WSSecSignature extends WSSe
public Element getCustomKeyInfoElement() {
return customKeyInfoElement;
}
+
+ public Provider getSignatureProvider() {
+ return signatureProvider;
+ }
+
+ public void setSignatureProvider(Provider signatureProvider) {
+ this.signatureProvider = signatureProvider;
+ }
}
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
Wed Oct 16 15:58:59 2019
@@ -204,6 +204,9 @@ public class SAMLTokenProcessor implemen
XMLValidateContext context = new DOMValidateContext(key,
sig.getDOM());
context.setProperty("org.apache.jcp.xml.dsig.secureValidation",
Boolean.TRUE);
context.setProperty("org.jcp.xml.dsig.secureValidation",
Boolean.TRUE);
+ if (data.getSignatureProvider() != null) {
+
context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
data.getSignatureProvider());
+ }
XMLSignature xmlSignature;
try {
@@ -264,7 +267,7 @@ public class SAMLTokenProcessor implemen
// Set the Transform algorithms as well
@SuppressWarnings("unchecked")
- List<Transform> transforms =
(List<Transform>)reference.getTransforms();
+ List<Transform> transforms = reference.getTransforms();
List<String> transformAlgorithms = new
ArrayList<>(transforms.size());
for (Transform transform : transforms) {
transformAlgorithms.add(transform.getAlgorithm());
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Wed Oct 16 15:58:59 2019
@@ -349,6 +349,9 @@ public class SignatureProcessor implemen
context.setProperty("org.apache.jcp.xml.dsig.secureValidation",
Boolean.TRUE);
context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
context.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);
+ if (data.getSignatureProvider() != null) {
+
context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
data.getSignatureProvider());
+ }
context.setProperty(AttachmentContentSignatureTransform.ATTACHMENT_CALLBACKHANDLER,
data.getAttachmentCallbackHandler());
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
Wed Oct 16 15:58:59 2019
@@ -512,6 +512,10 @@ public class WSSecSignatureSAML extends
} else {
signContext = new DOMSignContext(key, securityHeaderElement);
}
+ if (getSignatureProvider() != null) {
+
signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
getSignatureProvider());
+ }
+
signContext.putNamespacePrefix(WSConstants.SIG_NS,
WSConstants.SIG_PREFIX);
if
(WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(getSigCanonicalization())) {
signContext.putNamespacePrefix(
Added:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java?rev=1868512&view=auto
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
(added)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
Wed Oct 16 15:58:59 2019
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.message;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+/**
+ * A set of test-cases for signing and verifying SOAP requests using a
specific provider
+ */
+public class SignatureProviderTest {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SignatureProviderTest.class);
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+
+ @AfterAll
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ }
+
+ public SignatureProviderTest() throws Exception {
+ WSSConfig.init();
+ }
+
+ @Test
+ public void testBouncyCastleSignature() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSignature builder = new WSSecSignature(secHeader);
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
+ builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ builder.setSignatureProvider(new BouncyCastleProvider());
+ LOG.info("Before Signing IS....");
+
+ Crypto crypto = CryptoFactory.getInstance();
+ Document signedDoc = builder.build(crypto);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message with IssuerSerial key identifier:");
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ LOG.info("After Signing IS....");
+ WSHandlerResult results = verify(signedDoc, crypto);
+
+ WSSecurityEngineResult actionResult =
+ results.getActionResults().get(WSConstants.SIGN).get(0);
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+ REFERENCE_TYPE referenceType =
+
(REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+ assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
+ }
+
+ private WSHandlerResult verify(Document doc, Crypto crypto) throws
Exception {
+ RequestData data = new RequestData();
+ data.setWssConfig(WSSConfig.getNewInstance());
+ data.setSigVerCrypto(crypto);
+ data.setDecCrypto(crypto);
+ data.setSignatureProvider(new BouncyCastleProvider());
+ data.setCallbackHandler(new KeystoreCallbackHandler());
+ Element securityHeader = WSSecurityUtil.getSecurityHeader(doc, null);
+ return secEngine.processSecurityHeader(securityHeader, data);
+ }
+
+}
\ No newline at end of file
