Author: ruchithf
Date: Fri Oct 26 01:40:09 2007
New Revision: 588559
URL: http://svn.apache.org/viewvc?rev=588559&view=rev
Log:
Applied patch in WSS-92. Thanks Nandana
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSPasswordCallback.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew10.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew9.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Fri Oct
26 01:40:09 2007
@@ -65,6 +65,12 @@
public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
/*
+ * The relative URI to be used for encrypted key SHA1 (Without #)
+ * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
+ */
+ public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
+
+ /*
* The namespace prefixes used. We uses the same prefix convention
* as shown in the specifications
*/
@@ -357,6 +363,20 @@
* The signing key, reference id and value type are set externally.
*/
public static final int CUSTOM_SYMM_SIGNING = 9;
+
+ /**
+ * <code>ENCRYPTED_KEY_SHA1_IDENTIFIER</code> is used to set the specific
key identifier
+ * ThumbprintSHA1.
+ *
+ * This identifier uses the SHA-1 digest of a security token to
+ * identify the security token. Please refer to chapter 7.3 of the OASIS
WSS 1.1
+ * specification.
+ *
+ */
+ public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER = 10;
+
+
+ public static final String ENCRYPTED_HEADER = "EncryptedHeader";
/*
* The following values are bits that can be combined to for a set.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSPasswordCallback.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSPasswordCallback.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSPasswordCallback.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSPasswordCallback.java
Fri Oct 26 01:40:09 2007
@@ -74,6 +74,7 @@
public static final int USERNAME_TOKEN_UNKNOWN = 5;
public final static int SECURITY_CONTEXT_TOKEN = 6;
public final static int CUSTOM_TOKEN = 7;
+ public final static int ENCRYPTED_KEY_TOKEN = 8;
private String identifier;
private String password;
@@ -181,4 +182,5 @@
this.customToken = customToken;
}
}
+
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
Fri Oct 26 01:40:09 2007
@@ -46,6 +46,7 @@
WSHandlerConstants.ENC_CALLBACK_REF, reqData)
.getKey();
wsEncrypt.setKey(embeddedKey);
+ wsEncrypt.setDocument(doc);
}
if (reqData.getEncSymmAlgo() != null) {
wsEncrypt.setSymmetricEncAlgorithm(reqData.getEncSymmAlgo());
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
Fri Oct 26 01:40:09 2007
@@ -19,6 +19,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.SOAP11Constants;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
@@ -31,8 +32,11 @@
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
@@ -59,6 +63,8 @@
protected byte[] embeddedKey = null;
protected String embeddedKeyName = null;
+
+ protected boolean useKeyIdentifier;
/**
* Symmetric key used in the EncrytpedKey.
@@ -117,6 +123,15 @@
public void setEmbeddedKeyName(String embeddedKeyName) {
this.embeddedKeyName = embeddedKeyName;
}
+
+ /**
+ * Set this true if a key identifier must be used in the KeyInfo
+ *
+ * @param useKeyIdentifier
+ */
+ public void setUseKeyIdentifier(boolean useKeyIdentifier) {
+ this.useKeyIdentifier = useKeyIdentifier;
+ }
/**
* Set the name of the symmetric encryption algorithm to use.
@@ -150,7 +165,7 @@
public void setEncCanonicalization(String algo) {
encCanonAlgo = algo;
}
-
+
/**
* Get the name of symmetric encryption algorithm to use.
*
@@ -166,6 +181,14 @@
public String getSymmetricEncAlgorithm() {
return symEncAlgo;
}
+
+ /**
+ * Returns if Key Identifiers should be used in KeyInfo
+ * @return
+ */
+ public boolean getUseKeyIdentifier() {
+ return useKeyIdentifier;
+ }
/**
* Initialize a WSSec Encrypt.
@@ -403,7 +426,21 @@
private Vector doEncryption(Document doc, SecretKey secretKey,
Vector references) throws WSSecurityException {
- return doEncryption(doc, secretKey, null, references);
+
+ KeyInfo keyInfo = null;
+
+ // Prepare KeyInfo if useKeyIdentifier is set
+ if ( useKeyIdentifier &&
+ keyIdentifierType ==
WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
+
+ keyInfo = new KeyInfo(document);
+ SecurityTokenReference secToken = new
SecurityTokenReference(document);
+ secToken.setKeyIdentifierEncKeySHA1(secretKey.getEncoded());
+
+ keyInfo.addUnknownElement(secToken.getElement());
+ }
+
+ return doEncryption(doc, secretKey, keyInfo, references);
}
private Vector doEncryption(Document doc, SecretKey secretKey,
@@ -441,7 +478,7 @@
.getDocumentElement(), idToEnc, null);
}
} else {
- body = (Element) WSSecurityUtil.findElement(envelope, elemName,
+ body = (Element) WSSecurityUtil.findElement(document, elemName,
nmSpace);
}
if (body == null) {
@@ -468,11 +505,40 @@
* xenc:EncryptedData
*/
try {
- xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
- EncryptedData encData = xmlCipher.getEncryptedData();
- encData.setId(xencEncryptedDataId);
- encData.setKeyInfo(keyInfo);
- xmlCipher.doFinal(doc, body, content);
+
+ if (modifier.equals("Header")) {
+
+ Element elem =
doc.createElementNS(WSConstants.WSSE11_NS,"wsse11:"+WSConstants.ENCRYPTED_HEADER);
+ NamedNodeMap map = body.getAttributes();
+
+ for (int i = 0 ; i < map.getLength() ; i++) {
+ Attr attr = (Attr)map.item(i);
+ if
(attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
+ ||
attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {
+ elem.setAttributeNode(attr);
+ }
+ }
+
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+ EncryptedData encData = xmlCipher.getEncryptedData();
+ encData.setId(xencEncryptedDataId);
+ encData.setKeyInfo(keyInfo);
+ xmlCipher.doFinal(doc, body, content);
+
+ Element encDataElem =
WSSecurityUtil.findElementById(document
+ .getDocumentElement(), xencEncryptedDataId, null);
+ Node clone = encDataElem.cloneNode(true);
+ elem.appendChild(clone);
+ encDataElem.getParentNode().appendChild(elem);
+ encDataElem.getParentNode().removeChild(encDataElem);
+
+ } else {
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+ EncryptedData encData = xmlCipher.getEncryptedData();
+ encData.setId(xencEncryptedDataId);
+ encData.setKeyInfo(keyInfo);
+ xmlCipher.doFinal(doc, body, content);
+ }
if(cloneKeyInfo) {
keyInfo = null;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
Fri Oct 26 01:40:09 2007
@@ -33,6 +33,7 @@
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.util.UUIDGenerator;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
@@ -185,7 +186,7 @@
*/
protected void prepareInternal(byte[] keyBytes, X509Certificate remoteCert,
Crypto crypto) throws WSSecurityException {
- String certUri = "EncCertId-" + remoteCert.hashCode();
+ String certUri = UUIDGenerator.getUUID();
Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
try {
cipher.init(Cipher.ENCRYPT_MODE, remoteCert.getPublicKey());
@@ -230,7 +231,7 @@
*/
encryptedKeyElement = createEnrcyptedKey(document, keyEncAlgo);
if(this.encKeyId == null || "".equals(this.encKeyId)) {
- this.encKeyId = "EncKeyId-" + encryptedKeyElement.hashCode();
+ this.encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
}
encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
@@ -489,6 +490,10 @@
*/
public void setEncKeyId(String encKeyId) {
this.encKeyId = encKeyId;
+ }
+
+ public boolean isCertSet() {
+ return (useThisCert == null ? true : false) ;
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
Fri Oct 26 01:40:09 2007
@@ -287,7 +287,8 @@
*/
X509Certificate[] certs = null;
if (keyIdentifierType != WSConstants.UT_SIGNING
- && keyIdentifierType != WSConstants.CUSTOM_SYMM_SIGNING) {
+ && keyIdentifierType != WSConstants.CUSTOM_SYMM_SIGNING
+ && keyIdentifierType !=
WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new
WSSecurityException(WSSecurityException.FAILURE,
@@ -413,6 +414,10 @@
case WSConstants.THUMBPRINT_IDENTIFIER:
secRef.setKeyIdentifierThumb(certs[0]);
break;
+
+ case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
+ secRef.setKeyIdentifierEncKeySHA1(this.secretKey);
+ break;
case WSConstants.CUSTOM_SYMM_SIGNING :
Reference refCust = new Reference(document);
@@ -665,7 +670,8 @@
WSDocInfoStore.store(wsDocInfo);
try {
if (keyIdentifierType == WSConstants.UT_SIGNING ||
- keyIdentifierType ==
WSConstants.CUSTOM_SYMM_SIGNING) {
+ keyIdentifierType ==
WSConstants.CUSTOM_SYMM_SIGNING ||
+ keyIdentifierType ==
WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
sig.sign(sig.createSecretKey(secretKey));
} else {
sig.sign(crypto.getPrivateKey(user, password));
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Fri Oct 26 01:40:09 2007
@@ -56,6 +56,7 @@
public static final String SKI_URI = WSConstants.X509TOKEN_NS +
"#X509SubjectKeyIdentifier";
public static final String THUMB_URI = WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.THUMBPRINT;
public static final String SAML_ID_URI = WSConstants.SAMLTOKEN_NS + "#" +
WSConstants.SAML_ASSERTION_ID;
+ public static final String ENC_KEY_SHA1_URI = WSConstants.SOAPMESSAGE_NS11
+ "#" + WSConstants.ENC_KEY_SHA1_URI;
protected Element element = null;
private XMLX509IssuerSerial issuerSerial = null;
private byte[] skiBytes = null;
@@ -201,13 +202,14 @@
}
tokElement = sa;
} else {
-
+
tokElement = WSSecurityUtil.getElementByWsuId(doc, uri);
// In some scenarios id is used rather than wsu:Id
if (tokElement == null) {
- tokElement = WSSecurityUtil.getElementByGenId(doc, uri);
+ tokElement = WSSecurityUtil.getElementByGenId(doc, uri);
}
+
}
if (tokElement == null) {
throw new
WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
@@ -296,6 +298,25 @@
createKeyIdentifier(doc, THUMB_URI, text);
}
+
+ public void setKeyIdentifierEncKeySHA1(byte[] secret)
+ throws WSSecurityException {
+ Document doc = this.element.getOwnerDocument();
+ MessageDigest sha = null;
+ try {
+ sha = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e1) {
+ throw new WSSecurityException(0, "noSHA1availabe");
+ }
+ sha.reset();
+ sha.update(secret);
+ byte[] data = sha.digest();
+
+ org.w3c.dom.Text text = doc.createTextNode(Base64.encode(data));
+ createKeyIdentifier(doc, ENC_KEY_SHA1_URI, text);
+
+ }
+
public void setSAMLKeyIdentifier(String keyIdVal)
throws WSSecurityException {
Document doc = this.element.getOwnerDocument();
@@ -318,6 +339,7 @@
this.element.appendChild(keyId);
}
}
+
/*
* Several helper and utility methods.
*/
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
Fri Oct 26 01:40:09 2007
@@ -33,6 +33,8 @@
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Element;
+import sun.security.x509.KeyIdentifier;
+
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -118,6 +120,9 @@
if (str != null) {
Processor processor;
String uri = null;
+ String keyIdentifierValueType = null;
+ String keyIdentifierValue = null;
+
if(str.containsReference()) {
Reference ref = str.getReference();
@@ -125,13 +130,17 @@
processor = wsDocInfo.getProcessor(uri.substring(1));
} else {
//Contains key identifier
- String keyIdentifier = str.getKeyIdentifierValue();
- processor = wsDocInfo.getProcessor(keyIdentifier);
+ keyIdentifierValue = str.getKeyIdentifierValue();
+ keyIdentifierValueType = str.getKeyIdentifierValueType();
+ processor = wsDocInfo.getProcessor(keyIdentifierValue);
}
if(processor == null && uri != null) {
//Now use the callback and get it
this.secret = this.getSecret(cb, uri.substring(1));
+ } else if (processor == null && keyIdentifierValue != null
+ && keyIdentifierValueType != null) {
+ this.secret = this.getSecret(cb, keyIdentifierValue,
keyIdentifierValueType);
} else if (processor instanceof EncryptedKeyProcessor) {
this.secret = ((EncryptedKeyProcessor) processor)
.getDecryptedBytes();
@@ -177,6 +186,36 @@
}
return callback.getKey();
+ }
+
+ private byte[] getSecret(CallbackHandler cb, String keyIdentifierValue,
String keyIdentifierType)
+ throws
WSSecurityException {
+
+ if (cb == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "noCallback");
+ }
+
+ WSPasswordCallback pwcb = null;
+
+ //Handle the EncryptedKeySHA1 type key references
+ if (keyIdentifierType.equals
+ (SecurityTokenReference.ENC_KEY_SHA1_URI)) {
+
+ pwcb = new WSPasswordCallback(keyIdentifierValue,
+
WSPasswordCallback.ENCRYPTED_KEY_TOKEN);
+ try {
+ cb.handle(new Callback[]{pwcb});
+ } catch (IOException e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
"noKey",
+ new Object[] { id });
+ } catch (UnsupportedCallbackException e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
"noKey",
+ new Object[] { id });
+ }
+
+ }
+ return pwcb.getKey();
}
/**
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Fri Oct 26 01:40:09 2007
@@ -47,6 +47,8 @@
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -319,6 +321,7 @@
"ReferenceList", WSConstants.ENC_NS);
ArrayList dataRefUris = new ArrayList();
if (refList != null) {
+
for (tmpE = refList.getFirstChild();
tmpE != null; tmpE = tmpE.getNextSibling()) {
if (tmpE.getNodeType() != Node.ELEMENT_NODE) {
@@ -519,4 +522,5 @@
public byte[] getDecryptedBytes() {
return decryptedBytes;
}
+
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Fri Oct 26 01:40:09 2007
@@ -103,6 +103,7 @@
dataRefUris.add(dataRefURI.substring(1));
}
}
+
return dataRefUris;
}
@@ -148,7 +149,7 @@
if (secRefToken == null) {
symmetricKey = X509Util.getSharedKey(tmpE, symEncAlgo,
cb);
} else
- symmetricKey = getKeyFromReference(secRefToken,
symEncAlgo, crypto, cb);
+ symmetricKey =
getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb);
// initialize Cipher ....
XMLCipher xmlCipher = null;
@@ -163,8 +164,22 @@
if (content) {
encBodyData = (Element) encBodyData.getParentNode();
}
+
try {
+ Node parentEncBody =encBodyData.getParentNode();
+
xmlCipher.doFinal(doc, encBodyData, content);
+
+
if(parentEncBody.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
+ &&
parentEncBody.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
+ Node decryptedHeader =
parentEncBody.getFirstChild();
+ Node decryptedHeaderClone =
decryptedHeader.cloneNode(true);
+ Node encryptedHeader =
decryptedHeader.getParentNode();
+
parentEncBody.getParentNode().appendChild(decryptedHeaderClone);
+
parentEncBody.getParentNode().removeChild(parentEncBody);
+
+ }
+
} catch (Exception e) {
throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
null, null, e);
@@ -207,7 +222,7 @@
* @return The secret key for the specified algorithm
* @throws WSSecurityException
*/
- private SecretKey getKeyFromReference(Element secRefToken, String
algorithm,
+ private SecretKey getKeyFromSecurityTokenReference(Element secRefToken,
String algorithm,
Crypto crypto, CallbackHandler cb)
throws WSSecurityException {
@@ -253,7 +268,24 @@
//secret in them
decryptedData = keyInfo.getSecret();
}
- } else {
+ } else if (secRef.containsKeyIdentifier()){
+
+ if (
secRef.getKeyIdentifierValueType().equals(SecurityTokenReference.ENC_KEY_SHA1_URI))
{
+
+ String sha = secRef.getKeyIdentifierValue();
+
+ WSPasswordCallback pwcb = new
WSPasswordCallback(sha, WSPasswordCallback.ENCRYPTED_KEY_TOKEN);
+
+ try {
+ cb.handle(new Callback[]{pwcb});
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "noPassword", new Object[] { sha });
+ }
+ decryptedData = pwcb.getKey();
+ }
+
+ }else {
throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
"noReference");
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
Fri Oct 26 01:40:09 2007
@@ -232,9 +232,9 @@
} else if (el.equals(WSSecurityEngine.SAML_TOKEN)) {
samlKi = SAMLUtil.getSAMLKeyInfo(
(Element) token, crypto, cb);
-
certs = samlKi.getCerts();
secretKey = samlKi.getSecret();
+
} else if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
EncryptedKeyProcessor encryptKeyProcessor = new
EncryptedKeyProcessor();
encryptKeyProcessor.handleEncryptedKey((Element)token,
cb, crypto);
@@ -269,7 +269,24 @@
} else if (secRef.containsX509Data() ||
secRef.containsX509IssuerSerial()) {
certs = secRef.getX509IssuerSerial(crypto);
} else if (secRef.containsKeyIdentifier()) {
- certs = secRef.getKeyIdentifier(crypto);
+ if (secRef.getKeyIdentifierValueType().equals
+ (SecurityTokenReference.ENC_KEY_SHA1_URI)) {
+
+ String id = secRef.getKeyIdentifierValue();
+ WSPasswordCallback pwcb = new WSPasswordCallback(id,
+
WSPasswordCallback.ENCRYPTED_KEY_TOKEN);
+ try {
+ cb.handle(new Callback[]{pwcb});
+ } catch (Exception e) {
+ throw new
WSSecurityException(WSSecurityException.FAILURE,
+ "noPassword", new Object[] { id });
+ }
+
+ secretKey = pwcb.getKey();
+
+ } else {
+ certs = secRef.getKeyIdentifier(crypto);
+ }
} else {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew10.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew10.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew10.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew10.java Fri Oct 26
01:40:09 2007
@@ -181,6 +181,7 @@
wsEncrypt.setSecurityTokenReference(secRef);
wsEncrypt.setKey(key);
wsEncrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
+ wsEncrypt.setDocument(doc);
// Step 4 :: Encrypting using the key.
Document encDoc = wsEncrypt.build(doc, crypto, secHeader);
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew9.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew9.java?rev=588559&r1=588558&r2=588559&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew9.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew9.java Fri Oct 26
01:40:09 2007
@@ -161,6 +161,7 @@
sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
log.info("Before Encryption....");
Document doc = unsignedEnvelope.getAsDocument();
+ encrypt.setDocument(doc);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = sign.build(doc, crypto, secHeader);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
