This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push: new 9e7ca85c0 Removing WSSecurityUtil.generateNonce 9e7ca85c0 is described below commit 9e7ca85c0a2e4e91258966b35ed0cb8ac647f8b1 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Jul 7 10:02:38 2022 +0100 Removing WSSecurityUtil.generateNonce --- .../wss4j/common/util/UsernameTokenUtil.java | 4 ++-- .../wss4j/dom/message/WSSecDerivedKeyBase.java | 3 ++- .../wss4j/dom/message/token/UsernameToken.java | 2 +- .../org/apache/wss4j/dom/util/WSSecurityUtil.java | 18 --------------- .../dom/handler/SignatureConfirmationTest.java | 10 ++++----- .../dom/message/SecurityContextTokenTest.java | 26 +++++++++++++++++----- .../wss4j/stax/test/SecurityContextTokenTest.java | 24 ++++++++++---------- 7 files changed, 41 insertions(+), 46 deletions(-) diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java b/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java index c6d1861db..95e3079b6 100644 --- a/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java +++ b/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java @@ -131,13 +131,13 @@ public final class UsernameTokenUtil { } /** - * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom + * Generate a nonce of the given length using a secure random algorithm. The SecureRandom * instance that backs this method is cached for efficiency. * * @return a nonce of the given length * @throws WSSecurityException */ - private static byte[] generateNonce(int length) throws WSSecurityException { + public static byte[] generateNonce(int length) throws WSSecurityException { try { return XMLSecurityConstants.generateBytes(length); } catch (Exception ex) { diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java index 50462ff41..c59a3e53f 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java @@ -34,6 +34,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.token.Reference; import org.apache.wss4j.common.token.SecurityTokenReference; import org.apache.wss4j.common.util.KeyUtils; +import org.apache.wss4j.common.util.UsernameTokenUtil; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.message.token.DerivedKeyToken; import org.apache.wss4j.dom.message.token.KerberosSecurity; @@ -199,7 +200,7 @@ public abstract class WSSecDerivedKeyBase extends WSSecSignatureBase { byte[] label; String labelText = clientLabel + serviceLabel; label = labelText.getBytes(StandardCharsets.UTF_8); - byte[] nonce = WSSecurityUtil.generateNonce(16); + byte[] nonce = UsernameTokenUtil.generateNonce(16); byte[] seed = new byte[label.length + nonce.length]; System.arraycopy(label, 0, seed, 0, label.length); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java index 1b791948b..165afefe3 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java @@ -288,7 +288,7 @@ public class UsernameToken { } byte[] nonceValue = null; try { - nonceValue = WSSecurityUtil.generateNonce(16); + nonceValue = UsernameTokenUtil.generateNonce(16); } catch (WSSecurityException ex) { LOG.debug(ex.getMessage(), ex); return; diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java index 8021887f4..fd0e570bd 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java @@ -32,7 +32,6 @@ import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.handler.HandlerAction; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandlerConstants; -import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -627,23 +626,6 @@ public final class WSSecurityUtil { return actions; } - /** - * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom - * instance that backs this method is cached for efficiency. - * - * @return a nonce of the given length - * @throws WSSecurityException - */ - public static byte[] generateNonce(int length) throws WSSecurityException { - try { - return XMLSecurityConstants.generateBytes(length); - } catch (Exception ex) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex, - "empty", new Object[] {"Error in generating nonce of length " + length} - ); - } - } - public static void inlineAttachments(List<Element> includeElements, CallbackHandler attachmentCallbackHandler, boolean removeAttachments) throws WSSecurityException { diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java index 09e90fd07..36704d6c2 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java @@ -19,10 +19,7 @@ package org.apache.wss4j.dom.handler; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Set; +import java.util.*; import javax.security.auth.callback.CallbackHandler; @@ -42,7 +39,6 @@ import org.apache.wss4j.dom.engine.WSSecurityEngine; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.dom.message.WSSecHeader; import org.apache.wss4j.dom.message.token.SignatureConfirmation; -import org.apache.wss4j.dom.util.WSSecurityUtil; import org.junit.jupiter.api.Test; import org.w3c.dom.Document; @@ -288,7 +284,9 @@ public class SignatureConfirmationTest { WSSecHeader secHeader = new WSSecHeader(doc); secHeader.insertSecurityHeader(); - byte[] randomBytes = WSSecurityUtil.generateNonce(20); + Random random = new Random(); + byte[] randomBytes = new byte[20]; + random.nextBytes(randomBytes); SignatureConfirmation sigConf = new SignatureConfirmation(doc, randomBytes); Element sigConfElement = sigConf.getElement(); secHeader.getSecurityHeaderElement().appendChild(sigConfElement); diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java index 6e3e6e23c..46a1d1145 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SecurityContextTokenTest.java @@ -38,6 +38,8 @@ import org.apache.wss4j.dom.util.WSSecurityUtil; import org.junit.jupiter.api.Test; import org.w3c.dom.Document; +import java.util.Random; + import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; @@ -104,7 +106,9 @@ public class SecurityContextTokenTest { WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); @@ -154,7 +158,9 @@ public class SecurityContextTokenTest { sctBuilder.setWscVersion(ConversationConstants.VERSION_05_12); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); @@ -203,7 +209,9 @@ public class SecurityContextTokenTest { WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); @@ -241,7 +249,9 @@ public class SecurityContextTokenTest { WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); @@ -284,7 +294,9 @@ public class SecurityContextTokenTest { WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); @@ -332,7 +344,9 @@ public class SecurityContextTokenTest { WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(secHeader, null); sctBuilder.prepare(crypto); - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + Random random = new Random(); + byte[] tempSecret = new byte[16]; + random.nextBytes(tempSecret); // Store the secret callbackHandler.addSecretKey(sctBuilder.getIdentifier(), tempSecret); diff --git a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java index 23056e091..300452dca 100644 --- a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java +++ b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java @@ -47,7 +47,6 @@ import org.apache.wss4j.dom.message.WSSecDKSign; import org.apache.wss4j.dom.message.WSSecHeader; import org.apache.wss4j.dom.message.WSSecSecurityContextToken; import org.apache.wss4j.dom.message.WSSecSignature; -import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent; @@ -63,6 +62,7 @@ import org.apache.wss4j.stax.test.utils.XmlReaderToWriter; import org.apache.wss4j.stax.validate.SecurityContextTokenValidator; import org.apache.wss4j.stax.validate.SecurityContextTokenValidatorImpl; import org.apache.wss4j.stax.validate.TokenContext; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.apache.xml.security.stax.securityEvent.SecurityEvent; import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent; import org.apache.xml.security.stax.securityToken.InboundSecurityToken; @@ -131,7 +131,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTDKTEncryptInbound(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -217,7 +217,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTDKTEncryptInboundAction(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); @@ -342,7 +342,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTSignInbound(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -436,7 +436,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTSignInboundAction(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); @@ -525,7 +525,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTSignAbsoluteInbound(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -573,7 +573,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTSignEncrypt(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -697,7 +697,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTSignEncryptAction(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); @@ -797,7 +797,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTEncryptSign(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -921,7 +921,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTKDKTEncryptSignAction(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); @@ -1021,7 +1021,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTSign(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); @@ -1113,7 +1113,7 @@ public class SecurityContextTokenTest extends AbstractTestBase { @ParameterizedTest @ValueSource(ints = {ConversationConstants.VERSION_05_02, ConversationConstants.VERSION_05_12}) public void testSCTCustomValidator(int version) throws Exception { - byte[] tempSecret = WSSecurityUtil.generateNonce(16); + byte[] tempSecret = XMLSecurityConstants.generateBytes(16); ByteArrayOutputStream baos = new ByteArrayOutputStream(); { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);