Hi,
Attached herewith are a few patches for the Sec Conv implementation.
These fixed the problems (xml sec init. stuff) with the two unit test cases.
* Derived Key Encrypt/Decrypt
* Derived Key Sign/Verify
And there are updates for the two Secure Conversation handlers which
I'm working on to get the existing sample working, so that the guys
working on the WS-RM/SC/T interop can use it as guide.
Jaliya can you please apply these patches.
Regards
Ruchith
Index: ConversationConstants.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/conversation/ConversationConstants.java,v
retrieving revision 1.4
diff -u -r1.4 ConversationConstants.java
--- ConversationConstants.java 16 Oct 2004 06:06:53 -0000 1.4
+++ ConversationConstants.java 17 Mar 2005 06:47:23 -0000
@@ -26,6 +26,10 @@
*/
public final static String WSC_NS =
"http://schemas.xmlsoap.org/ws/2004/04/sc";;
+
+
+ public final static String VALUE_TYPE_DERIVED_KEY =
"http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk";;
+
/**
* Field WSC_PREFIX
Index: ConversationEngine.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/conversation/ConversationEngine.java,v
retrieving revision 1.8
diff -u -r1.8 ConversationEngine.java
--- ConversationEngine.java 13 Nov 2004 22:44:18 -0000 1.8
+++ ConversationEngine.java 17 Mar 2005 06:47:52 -0000
@@ -68,6 +68,8 @@
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
+import com.sun.rsasign.t;
+
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -340,6 +342,7 @@
try {
if (verifyTrust) {
TrustEngine trstEngine = new TrustEngine(this.trustPropFile);
+
// TODO :: Verify trust......
System.out.println("...........Verifying trust.........");
@@ -399,7 +402,7 @@
throw new ConversationException("noXMLSig");
} catch (XMLSecurityException e2) {
throw new ConversationException("noXMLSig");
- }
+ }
String sigMethodURI = sig.getSignedInfo().getSignatureMethodURI();
//verifying the sinature
if (sigMethodURI.equals(XMLSignature.ALGO_ID_MAC_HMAC_SHA1)) {
@@ -542,7 +545,7 @@
WSSecurityEngine eng = new WSSecurityEngine();
- boolean content = this.isContent(encBodyData);
+ boolean content = this.isContent(encBodyData);//Whether content
encryption or element encryption
if (content) {
encBodyData = (Element) encBodyData.getParentNode();
@@ -579,7 +582,9 @@
String valueType = ref.getValueType();
// System.out.println("ref.getURI()" + ref.getURI());
- if
(valueType.equals("http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk";)) {
+ //If the reference type is a derived key token
+ if
(valueType.equals(ConversationConstants.VALUE_TYPE_DERIVED_KEY)) {
+ //Get hold of the DerivedKeyToken 'Element'
Element ele =
WSSecurityUtil.getElementByWsuId(
WSSConfig.getDefaultWSConfig(),
@@ -591,9 +596,9 @@
String uuid = null;
DerivedKeyToken dkToken = null;
try {
- dkToken = new DerivedKeyToken(ele);
+ dkToken = new DerivedKeyToken(ele); //Cover the 'Element'
into 'DerivedKeyToken' object
if (dkToken.getSecuityTokenReference() == null) {
- //if dkToken doesn't have a STR
+ //if dkToken doesn't have a STR find a
SecurityContextToken in the SOAP Envelope
SecurityContextToken secContextTk =
ConversationUtil.getSCT(dkToken);
uuid = secContextTk.getIdentifier();
@@ -655,15 +660,13 @@
}
}else{
- throw new ConversationException("Don't know how to
process here");
+ throw new ConversationException("Cannot handle
this type of security token reference: " +
dkToken.getSecuityTokenReference().getReference().getValueType());
}
} //////end :if dkToken has a STR
//TODO :: Ask ruchith to throw correct exception
} catch (WSSecurityException e2) {
- // TODO Auto-generated catch block
e2.printStackTrace();
} catch (ConversationException e2) {
- // TODO Auto-generated catch block
e2.printStackTrace();
}
@@ -1014,9 +1017,6 @@
throw new ConversationException("Cannot find
passwordcallback");
}
-
-
-
}
/**
*
Index: TestDkEncrypt.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/test/secconv/components/TestDkEncrypt.java,v
retrieving revision 1.3
diff -u -r1.3 TestDkEncrypt.java
--- TestDkEncrypt.java 16 Oct 2004 06:05:00 -0000 1.3
+++ TestDkEncrypt.java 17 Mar 2005 06:49:17 -0000
@@ -17,15 +17,11 @@
package secconv.components;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Vector;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.parsers.DocumentBuilderFactory;
import junit.framework.Test;
@@ -36,26 +32,25 @@
import org.apache.axis.MessageContext;
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
-//import org.apache.axis.encoding.Callback;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.utils.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.axis.security.conversation.ConvHandlerConstants;
import org.apache.ws.axis.security.util.AxisUtil;
-import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.conversation.ConvEngineResult;
import org.apache.ws.security.conversation.ConversationEngine;
import org.apache.ws.security.conversation.ConversationManager;
import org.apache.ws.security.conversation.ConversationUtil;
import org.apache.ws.security.conversation.DerivedKeyCallbackHandler;
-import org.apache.ws.security.conversation.DerivedKeyTokenAdder;
import org.apache.ws.security.conversation.message.info.DerivedKeyInfo;
import org.apache.ws.security.conversation.message.info.SecurityContextInfo;
import org.apache.ws.security.conversation.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.utils.EncryptionConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -86,7 +81,19 @@
HashMap config;
static{
- org.apache.xml.security.Init.init();
+ org.apache.xml.security.Init.init();
+ String Id = "BC";
+ if (java.security.Security.getProvider(Id) == null) {
+ log.debug("The provider " + Id
+ + " had to be added to the java.security.Security");
+ java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
+ }
+ Transform.init();
+ try {
+ Transform.register(STRTransform.implementedTransformURI,
+ "org.apache.ws.security.transform.STRTransform");
+ } catch (Exception ex) {
+ }
}
//sharedSecret = "SriLankaSriLankaSriLanka".getBytes();
@@ -184,6 +191,7 @@
*/
public void testPerformDkEncrypt() throws Exception {
+
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
SOAPEnvelope envelope = null;
@@ -217,7 +225,8 @@
SecurityTokenReference secTokRef =
dkInfo.getSecTokRef2DkToken();
//manager.performDK_ENCR(ConversationUtil.generateIdentifier(uuid,
dkInfo.getId()), "", true, doc, secTokRef, dkcbHandler);
- manager.performDK_ENCR(ConversationUtil.generateIdentifier(uuid,
dkInfo.getId()), "", true, doc, secTokRef, dkcbHandler, null,
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc";);
+
+ manager.performDK_ENCR(ConversationUtil.generateIdentifier(uuid,
dkInfo.getId()), "", true, doc, secTokRef, dkcbHandler, null,
EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES);
manager.addDkToken(doc, dkInfo);
@@ -233,7 +242,14 @@
XMLUtils.PrettyElementToWriter(
signedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
- verifyDkSign(doc);
+ dkDecrypt(doc);
+
+ System.out.println("----------------Dercypted
Messsage----------------");
+ signedMsg = (Message) AxisUtil.toSOAPMessage(doc);
+
+ XMLUtils.PrettyElementToWriter(
+ signedMsg.getSOAPEnvelope().getAsDOM(),
+ new PrintWriter(System.out));
}
/**
@@ -243,12 +259,12 @@
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
- private void verifyDkSign(Document doc)
+ private void dkDecrypt(Document doc)
throws Exception {
log.info("Before verifying the derived key signature");
ConversationEngine engine = new ConversationEngine(config);
Vector results = engine.processSecConvHeader(doc, "",
dkcbHandler,null);
-
+
}
}
Index: TestDkSign.java
===================================================================
RCS file: /home/cvspublic/ws-fx/wss4j/test/secconv/components/TestDkSign.java,v
retrieving revision 1.4
diff -u -r1.4 TestDkSign.java
--- TestDkSign.java 16 Oct 2004 06:05:00 -0000 1.4
+++ TestDkSign.java 17 Mar 2005 06:49:40 -0000
@@ -17,15 +17,11 @@
package secconv.components;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Vector;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.parsers.DocumentBuilderFactory;
import junit.framework.Test;
@@ -42,18 +38,16 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.axis.security.conversation.ConvHandlerConstants;
import org.apache.ws.axis.security.util.AxisUtil;
-import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.conversation.ConvEngineResult;
import org.apache.ws.security.conversation.ConversationEngine;
import org.apache.ws.security.conversation.ConversationManager;
-import org.apache.ws.security.conversation.ConversationUtil;
import org.apache.ws.security.conversation.DerivedKeyCallbackHandler;
-import org.apache.ws.security.conversation.DerivedKeyTokenAdder;
import org.apache.ws.security.conversation.message.info.DerivedKeyInfo;
import org.apache.ws.security.conversation.message.info.SecurityContextInfo;
import org.apache.ws.security.conversation.message.token.SecurityContextToken;
+import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.transforms.Transform;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -84,7 +78,19 @@
HashMap config;
static{
- org.apache.xml.security.Init.init();
+ org.apache.xml.security.Init.init();
+ String Id = "BC";
+ if (java.security.Security.getProvider(Id) == null) {
+ log.debug("The provider " + Id
+ + " had to be added to the java.security.Security");
+ java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
+ }
+ Transform.init();
+ try {
+ Transform.register(STRTransform.implementedTransformURI,
+ "org.apache.ws.security.transform.STRTransform");
+ } catch (Exception ex) {
+ }
}
//sharedSecret = "SriLankaSriLankaSriLanka".getBytes();
Index: ConversationClientHandler.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConversationClientHandler.java,v
retrieving revision 1.11
diff -u -r1.11 ConversationClientHandler.java
--- ConversationClientHandler.java 16 Oct 2004 07:40:08 -0000 1.11
+++ ConversationClientHandler.java 17 Mar 2005 08:55:46 -0000
@@ -65,10 +65,12 @@
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.SecurityTokenReference;
//import org.apache.ws.security.trust.TrustCommunicator;
+import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.trust.TrustConstants;
import org.apache.ws.security.trust.message.token.TokenType;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -126,6 +128,18 @@
int[] actionsInt;
static {
org.apache.xml.security.Init.init();
+ String Id = "BC";
+ if (java.security.Security.getProvider(Id) == null) {
+ log.debug("The provider " + Id
+ + " had to be added to the java.security.Security");
+ java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
+ }
+ Transform.init();
+ try {
+ Transform.register(STRTransform.implementedTransformURI,
+ "org.apache.ws.security.transform.STRTransform");
+ } catch (Exception ex) {
+ }
}
public ConversationClientHandler() throws AxisFault {
Index: ConversationServerHandler.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/axis/security/conversation/ConversationServerHandler.java,v
retrieving revision 1.11
diff -u -r1.11 ConversationServerHandler.java
--- ConversationServerHandler.java 9 Mar 2005 22:33:45 -0000 1.11
+++ ConversationServerHandler.java 17 Mar 2005 08:56:13 -0000
@@ -34,8 +34,10 @@
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -85,6 +87,18 @@
static{
org.apache.xml.security.Init.init();
+ String Id = "BC";
+ if (java.security.Security.getProvider(Id) == null) {
+ log.debug("The provider " + Id
+ + " had to be added to the java.security.Security");
+ java.security.Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
+ }
+ Transform.init();
+ try {
+ Transform.register(STRTransform.implementedTransformURI,
+ "org.apache.ws.security.transform.STRTransform");
+ } catch (Exception ex) {
+ }
}
