Author: coheigea
Date: Mon Nov 22 12:40:47 2010
New Revision: 1037694
URL: http://svn.apache.org/viewvc?rev=1037694&view=rev
Log:
[WSS-238] - Forward-merged to trunk.
Added:
webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
- copied, changed from r1037678,
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
Modified:
webservices/wss4j/trunk/ (props changed)
webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java (props
changed)
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/test/log4j.properties (props changed)
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
Propchange: webservices/wss4j/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes:996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678
Propchange: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDocInfo.java:947604,996180,996298,996339,997529,997535,1001926,1002116,1002347,1032939,1036805,1036890,1037678
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
Mon Nov 22 12:40:47 2010
@@ -78,7 +78,7 @@ public class WSSecBase {
}
/**
- * Gets the value of the <code>keyIdentifyerType</code>.
+ * Gets the value of the <code>keyIdentifierType</code>.
*
* @return The <code>keyIdentifyerType</code>.
* @see WSConstants#ISSUER_SERIAL
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
Mon Nov 22 12:40:47 2010
@@ -85,7 +85,7 @@ public class WSSecEncrypt extends WSSecE
* Custom reference value
*/
private String customReferenceValue;
-
+
/**
* True if the encKeyId is a direct reference to a key identifier instead
of a URI to a key
*/
@@ -531,6 +531,9 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(secToken.getElement());
} else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
keyInfo.addKeyName(embeddedKeyName == null ? user :
embeddedKeyName);
+ } else if
(SecurityTokenReference.SAML_ID_URI.equals(customReferenceValue)) {
+ SecurityTokenReference secToken = new
SecurityTokenReference(document);
+ secToken.setSAMLKeyIdentifier((encKeyIdDirectId ? "":"#") +
encKeyId);
} else if (securityTokenReference != null) {
Element tmpE = securityTokenReference.getElement();
tmpE.setAttributeNS(
@@ -640,11 +643,11 @@ public class WSSecEncrypt extends WSSecE
public boolean isEncryptSymmKey() {
return encryptSymmKey;
}
-
+
public void setEncryptSymmKey(boolean encryptSymmKey) {
this.encryptSymmKey = encryptSymmKey;
}
-
+
private String getSHA1(byte[] input) throws WSSecurityException {
try {
MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
@@ -659,7 +662,7 @@ public class WSSecEncrypt extends WSSecE
);
}
}
-
+
public void setCustomReferenceValue(String customReferenceValue) {
this.customReferenceValue = customReferenceValue;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Mon Nov 22 12:40:47 2010
@@ -97,6 +97,16 @@ public class WSSecEncryptedKey extends W
protected String encKeyId = null;
/**
+ * Custom token value
+ */
+ protected String customEKTokenValueType;
+
+ /**
+ * Custom token id
+ */
+ protected String customEKTokenId;
+
+ /**
* BinarySecurityToken to be included in the case where
BST_DIRECT_REFERENCE
* is used to refer to the asymmetric encryption cert
*/
@@ -289,6 +299,10 @@ public class WSSecEncryptedKey extends W
ref.setValueType(bstToken.getValueType());
secToken.setReference(ref);
break;
+
+ case WSConstants.CUSTOM_KEY_IDENTIFIER:
+ secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
+ break;
default:
throw new WSSecurityException(WSSecurityException.FAILURE,
"unsupportedKeyId");
@@ -519,4 +533,11 @@ public class WSSecEncryptedKey extends W
return encryptedEphemeralKey;
}
+ public void setCustomEKTokenValueType(String customEKTokenValueType) {
+ this.customEKTokenValueType = customEKTokenValueType;
+ }
+
+ public void setCustomEKTokenId(String customEKTokenId) {
+ this.customEKTokenId = customEKTokenId;
+ }
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Nov 22 12:40:47 2010
@@ -32,6 +32,8 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -369,7 +371,20 @@ public class EncryptedKeyProcessor imple
// This method is _not_ recommended by OASIS WS-S specification, X509
profile
//
else if (secRef.containsKeyIdentifier()) {
- certs = secRef.getKeyIdentifier(crypto);
+ if
(WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()))
{
+ Element token =
+ secRef.getKeyIdentifierTokenElement(doc, docInfo, cb);
+
+ if (crypto == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noSigCryptoFile"
+ );
+ }
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(token, crypto,
cb);
+ certs = samlKi.getCerts();
+ } else {
+ certs = secRef.getKeyIdentifier(crypto);
+ }
if (certs == null || certs.length < 1 || certs[0] == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Mon Nov 22 12:40:47 2010
@@ -349,27 +349,42 @@ public class ReferenceListProcessor impl
}
}
} else if (secRef.containsKeyIdentifier()){
- String keyIdentifierValue = secRef.getKeyIdentifierValue();
- WSPasswordCallback pwcb =
- new WSPasswordCallback(
- keyIdentifierValue,
- null,
- secRef.getKeyIdentifierValueType(),
- WSPasswordCallback.ENCRYPTED_KEY_TOKEN
- );
-
- try {
- Callback[] callbacks = new Callback[]{pwcb};
- cb.handle(callbacks);
- } catch (Exception e) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "noPassword",
- new Object[] {keyIdentifierValue},
- e
- );
+ if
(WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()))
{
+ Element token =
+
secRef.getKeyIdentifierTokenElement(secRefToken.getOwnerDocument(), wsDocInfo,
cb);
+
+ if (crypto == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noSigCryptoFile"
+ );
+ }
+ SAMLKeyInfo keyInfo = SAMLUtil.getSAMLKeyInfo(token, crypto,
cb);
+ // TODO Handle malformed SAML tokens where they don't have the
+ // secret in them
+ decryptedData = keyInfo.getSecret();
+ } else {
+ String keyIdentifierValue = secRef.getKeyIdentifierValue();
+ WSPasswordCallback pwcb =
+ new WSPasswordCallback(
+ keyIdentifierValue,
+ null,
+ secRef.getKeyIdentifierValueType(),
+ WSPasswordCallback.ENCRYPTED_KEY_TOKEN
+ );
+
+ try {
+ Callback[] callbacks = new Callback[]{pwcb};
+ cb.handle(callbacks);
+ } catch (Exception e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noPassword",
+ new Object[] {keyIdentifierValue},
+ e
+ );
+ }
+ decryptedData = pwcb.getKey();
}
- decryptedData = pwcb.getKey();
} else {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
"noReference");
}
Propchange: webservices/wss4j/trunk/test/log4j.properties
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 22 12:40:47 2010
@@ -1 +1 @@
-/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890
+/webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties:1036805,1036890,1037678
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java?rev=1037694&r1=1037693&r2=1037694&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew3.java Mon Nov 22
12:40:47 2010
@@ -318,7 +318,7 @@ public class TestWSSecurityNew3 extends
* e.g.:
pc.setPassword(passStore.getPassword(pc.getIdentfifier))
* for Testing we supply a fixed name here.
*/
- pc.setPassword("password");
+ pc.setPassword("security");
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
Copied: webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
(from r1037678,
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java)
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java?p2=webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java&p1=webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java&r1=1037678&r2=1037694&rev=1037694&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySAMLKeyIdentifier.java
(original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecuritySAMLKeyIdentifier.java Mon
Nov 22 12:40:47 2010
@@ -52,6 +52,7 @@ import org.opensaml.SAMLAssertion;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.List;
import java.util.Vector;
import javax.security.auth.callback.Callback;
@@ -152,10 +153,10 @@ public class TestWSSecuritySAMLKeyIdenti
builder.setCustomEKTokenId(assertion.getId());
builder.prepare(doc, hokCrypto);
- Vector parts = new Vector();
+ List<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
WSEncryptionPart encP = new WSEncryptionPart("testMethod",
"uri:LogTestService2", "Element");
parts.add(encP);
- Element refElement = builder.encryptForInternalRef(null, parts);
+ Element refElement = builder.encryptForRef(null, parts);
builder.addInternalRefElement(refElement);
builder.appendToHeader(secHeader);
@@ -166,7 +167,7 @@ public class TestWSSecuritySAMLKeyIdenti
LOG.debug(outputString);
}
- Vector results = verify(doc, hokCrypto);
+ List<WSSecurityEngineResult> results = verify(doc, hokCrypto);
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
SAMLAssertion receivedAssertion =
@@ -181,8 +182,9 @@ public class TestWSSecuritySAMLKeyIdenti
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
- private Vector verify(Document doc, Crypto verifyCrypto) throws Exception {
- Vector results = secEngine.processSecurityHeader(doc, null, this,
verifyCrypto);
+ private List<WSSecurityEngineResult> verify(Document doc, Crypto
verifyCrypto) throws Exception {
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, this, verifyCrypto);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
assertTrue(outputString.indexOf("LogTestService2") > 0 ? true : false);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
