coheigea commented on a change in pull request #2: WSS-659 SecurityContextToken
validator fixing QName
URL: https://github.com/apache/ws-wss4j/pull/2#discussion_r364669211
##########
File path:
ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
##########
@@ -1114,4 +1122,66 @@ public void testSCTSign() throws Exception {
);
}
}
+
+ @Test
+ public void testSCTCustomValidator() throws Exception {
+ byte[] tempSecret = WSSecurityUtil.generateNonce(16);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSecurityContextToken sctBuilder = new
WSSecSecurityContextToken(secHeader, null);
+ sctBuilder.setWscVersion(version);
+ Crypto crypto =
CryptoFactory.getInstance("transmitter-crypto.properties");
+ sctBuilder.prepare(crypto);
+
+ // Store the secret
+ SecretKeyCallbackHandler callbackHandler = new
SecretKeyCallbackHandler();
+ callbackHandler.addSecretKey(sctBuilder.getIdentifier(),
tempSecret);
+
+ String tokenId = sctBuilder.getSctId();
+
+ WSSecSignature builder = new WSSecSignature(secHeader);
+ builder.setSecretKey(tempSecret);
+ builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ builder.setCustomTokenValueType(WSConstants.WSC_SCT);
+ builder.setCustomTokenId(tokenId);
+ builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+ builder.build(crypto);
+
+ sctBuilder.prependSCTElementToHeader();
+
+ javax.xml.transform.Transformer transformer =
TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(doc), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+
securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+ CallbackHandlerImpl callbackHandler = new
CallbackHandlerImpl(tempSecret);
+ securityProperties.setCallbackHandler(callbackHandler);
+
+ final boolean[] validatorCalled = {false};
+ SecurityContextTokenValidator validator = new
SecurityContextTokenValidatorImpl() {
+ @Override
+ public InboundSecurityToken
validate(AbstractSecurityContextTokenType securityContextTokenType, String
identifier, TokenContext tokenContext) throws WSSecurityException {
+ validatorCalled[0] = true;
+ return super.validate(securityContextTokenType,
identifier, tokenContext);
+ }
+ };
+ securityProperties.addValidator(WSSConstants.TAG_WSC0502_SCT,
validator);
+ securityProperties.addValidator(WSSConstants.TAG_WSC0512_SCT,
validator);
Review comment:
Replace these two lines with the following, to make sure we are only setting
the validator for the correct version:
if (version == ConversationConstants.VERSION_05_02) {
securityProperties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
} else {
securityProperties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
