This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2_2_x-fixes
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/2_2_x-fixes by this push:
new eaebf72 WSS-659 SecurityContextToken validator fixing QName (#2)
eaebf72 is described below
commit eaebf72e725ddde08058e2f3c0e9a9c888159938
Author: Igor Konoplyanko <431522+cauchype...@users.noreply.github.com>
AuthorDate: Thu Jan 9 13:24:07 2020 +0100
WSS-659 SecurityContextToken validator fixing QName (#2)
* WSS-659 SecurityContextToken validator fixing QName
* WSS-659 Fixed handlers identifier access, Added tests
* WSS-659 Removed redundant method, sharpen test
---
.../input/SecurityContextTokenInputHandler.java | 20 ++++--
.../wss4j/stax/test/SecurityContextTokenTest.java | 82 ++++++++++++++++++++--
2 files changed, 92 insertions(+), 10 deletions(-)
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityContextTokenInputHandler.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityContextTokenInputHandler.java
index 35ed411..dbcae7c 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityContextTokenInputHandler.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityContextTokenInputHandler.java
@@ -47,18 +47,17 @@ public class SecurityContextTokenInputHandler extends
AbstractInputSecurityHeade
public void handle(InputProcessorChain inputProcessorChain, final
XMLSecurityProperties securityProperties,
Deque<XMLSecEvent> eventQueue, Integer index) throws
XMLSecurityException {
- @SuppressWarnings("unchecked")
JAXBElement<AbstractSecurityContextTokenType>
securityContextTokenTypeJAXBElement =
- (JAXBElement<AbstractSecurityContextTokenType>)
parseStructure(eventQueue, index, securityProperties);
+ parseStructure(eventQueue, index, securityProperties);
final AbstractSecurityContextTokenType securityContextTokenType =
securityContextTokenTypeJAXBElement.getValue();
if (securityContextTokenType.getId() == null) {
securityContextTokenType.setId(IDGenerator.generateID(null));
}
- final QName elementName = new
QName(securityContextTokenTypeJAXBElement.getName().getNamespaceURI(),
+ final QName identifierElementName = new
QName(securityContextTokenTypeJAXBElement.getName().getNamespaceURI(),
WSSConstants.TAG_WSC0502_IDENTIFIER.getLocalPart());
- final String identifier = (String)
XMLSecurityUtils.getQNameType(securityContextTokenType.getAny(),
- elementName);
+ final String identifier =
XMLSecurityUtils.getQNameType(securityContextTokenType.getAny(),
+ identifierElementName);
final WSInboundSecurityContext wsInboundSecurityContext =
(WSInboundSecurityContext)
inputProcessorChain.getSecurityContext();
@@ -69,6 +68,7 @@ public class SecurityContextTokenInputHandler extends
AbstractInputSecurityHeade
final TokenContext tokenContext =
new TokenContext(wssSecurityProperties, wsInboundSecurityContext,
xmlSecEvents, elementPath);
+ final QName elementName =
securityContextTokenTypeJAXBElement.getName();
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null) {
securityContextTokenValidator = new
SecurityContextTokenValidatorImpl();
@@ -108,9 +108,17 @@ public class SecurityContextTokenInputHandler extends
AbstractInputSecurityHeade
wsInboundSecurityContext.registerSecurityTokenProvider(identifier,
securityTokenProviderDirectReference);
//fire a tokenSecurityEvent
+ SecurityContextTokenSecurityEvent securityEvent =
createTokenSecurityEvent(securityContextTokenType, securityTokenProvider);
+ wsInboundSecurityContext.registerSecurityEvent(securityEvent);
+ }
+
+ private SecurityContextTokenSecurityEvent
createTokenSecurityEvent(AbstractSecurityContextTokenType
securityContextTokenType,
+
SecurityTokenProvider<InboundSecurityToken> securityTokenProvider)
+ throws XMLSecurityException {
SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent =
new SecurityContextTokenSecurityEvent();
securityContextTokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
securityContextTokenSecurityEvent.setCorrelationID(securityContextTokenType.getId());
-
wsInboundSecurityContext.registerSecurityEvent(securityContextTokenSecurityEvent);
+ return securityContextTokenSecurityEvent;
}
+
}
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
index d03fceb..c539a69 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
@@ -34,10 +34,12 @@ import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.apache.wss4j.binding.wssc.AbstractSecurityContextTokenType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -60,8 +62,12 @@ import org.apache.wss4j.stax.test.utils.SOAPUtil;
import org.apache.wss4j.stax.test.utils.SecretKeyCallbackHandler;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
+import org.apache.wss4j.stax.validate.SecurityContextTokenValidator;
+import org.apache.wss4j.stax.validate.SecurityContextTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.TokenContext;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -752,9 +758,10 @@ public class SecurityContextTokenTest extends
AbstractTestBase {
};
final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray()));
+ XMLStreamReader secureXmlStreamReader =
wsSecIn.processInMessage(xmlStreamReader, null, securityEventListener);
- Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
secureXmlStreamReader);
NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1077,9 +1084,10 @@ public class SecurityContextTokenTest extends
AbstractTestBase {
};
final TestSecurityEventListener securityEventListener = new
TestSecurityEventListener(expectedSecurityEvents);
- XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())), null, securityEventListener);
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray()));
+ XMLStreamReader secureXmlStreamReader =
wsSecIn.processInMessage(xmlStreamReader, null, securityEventListener);
- StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
+ StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
secureXmlStreamReader);
securityEventListener.compare();
@@ -1114,4 +1122,70 @@ public class SecurityContextTokenTest extends
AbstractTestBase {
);
}
}
+
+ @Test
+ public void testSCTCustomValidator() throws Exception {
+ byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSecurityContextToken sctBuilder = new
WSSecSecurityContextToken(secHeader, null);
+ sctBuilder.setWscVersion(version);
+ Crypto crypto =
CryptoFactory.getInstance("transmitter-crypto.properties");
+ sctBuilder.prepare(crypto);
+
+ // Store the secret
+ SecretKeyCallbackHandler callbackHandler = new
SecretKeyCallbackHandler();
+ callbackHandler.addSecretKey(sctBuilder.getIdentifier(),
tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ WSSecSignature builder = new WSSecSignature(secHeader);
+ builder.setSecretKey(tempSecret);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ builder.setCustomTokenValueType(WSConstants.WSC_SCT);
+ builder.setCustomTokenId(tokenId);
+ builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ builder.build(crypto);
+
+ sctBuilder.prependSCTElementToHeader();
+
+ javax.xml.transform.Transformer transformer =
TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(doc), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+
securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+ CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
+ securityProperties.setCallbackHandler(callbackHandler);
+
+ final boolean[] validatorCalled = {false};
+ SecurityContextTokenValidator validator = new
SecurityContextTokenValidatorImpl() {
+ @Override
+ public InboundSecurityToken
validate(AbstractSecurityContextTokenType securityContextTokenType, String
identifier, TokenContext tokenContext) throws WSSecurityException {
+ validatorCalled[0] = true;
+ return super.validate(securityContextTokenType,
identifier, tokenContext);
+ }
+ };
+
+ if (version == ConversationConstants.VERSION_05_02) {
+ securityProperties.addValidator(WSSConstants.TAG_WSC0502_SCT,
validator);
+ } else {
+ securityProperties.addValidator(WSSConstants.TAG_WSC0512_SCT,
validator);
+ }
+
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray()));
+ XMLStreamReader secureXmlStreamReader =
wsSecIn.processInMessage(xmlStreamReader);
+
+ StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
secureXmlStreamReader);
+
+ Assert.assertTrue("Validator should be called when configured",
validatorCalled[0]);
+ }
+ }
}
