Author: coheigea
Date: Fri Mar 27 18:06:15 2009
New Revision: 759293
URL: http://svn.apache.org/viewvc?rev=759293&view=rev
Log:
[WSS-170] - A fix + test for "SignatureAction does not set DigestAlgorithm on
WSSecSignature instance"
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew18.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java?rev=759293&r1=759292&r2=759293&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
Fri Mar 27 18:06:15 2009
@@ -27,13 +27,13 @@
public class SignatureAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc,
RequestData reqData)
throws WSSecurityException {
- String password;
- password =
- handler.getPassword(reqData.getUsername(),
- actionToDo,
- WSHandlerConstants.PW_CALLBACK_CLASS,
- WSHandlerConstants.PW_CALLBACK_REF, reqData)
- .getPassword();
+ String password =
+ handler.getPassword(
+ reqData.getUsername(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData
+ ).getPassword();
WSSecSignature wsSign = new WSSecSignature();
wsSign.setWsConfig(reqData.getWssConfig());
@@ -44,6 +44,9 @@
if (reqData.getSigAlgorithm() != null) {
wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm());
}
+ if (reqData.getSigDigestAlgorithm() != null) {
+ wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
+ }
wsSign.setUserInfo(reqData.getUsername(), password);
if (reqData.getSignatureParts().size() > 0) {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=759293&r1=759292&r2=759293&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
Fri Mar 27 18:06:15 2009
@@ -43,6 +43,7 @@
private Crypto decCrypto = null;
private int sigKeyId = 0;
private String sigAlgorithm = null;
+ private String signatureDigestAlgorithm = null;
private Vector signatureParts = new Vector();
private Crypto encCrypto = null;
private int encKeyId = 0;
@@ -66,6 +67,7 @@
utElements = null;
wssConfig = null;
signatureValues.clear();
+ signatureDigestAlgorithm = null;
}
public Object getMsgContext() {
@@ -155,6 +157,14 @@
public void setSigAlgorithm(String sigAlgorithm) {
this.sigAlgorithm = sigAlgorithm;
}
+
+ public String getSigDigestAlgorithm() {
+ return signatureDigestAlgorithm;
+ }
+
+ public void setSigDigestAlgorithm(String sigDigestAlgorithm) {
+ this.signatureDigestAlgorithm = sigDigestAlgorithm;
+ }
public Vector getSignatureParts() {
return signatureParts;
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=759293&r1=759292&r2=759293&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
Fri Mar 27 18:06:15 2009
@@ -526,6 +526,9 @@
}
String algo = getString(WSHandlerConstants.SIG_ALGO, mc);
reqData.setSigAlgorithm(algo);
+
+ String digestAlgo = getString(WSHandlerConstants.SIG_DIGEST_ALGO, mc);
+ reqData.setSigDigestAlgorithm(digestAlgo);
String parts = getString(WSHandlerConstants.SIGNATURE_PARTS, mc);
if (parts != null) {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=759293&r1=759292&r2=759293&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
Fri Mar 27 18:06:15 2009
@@ -509,18 +509,33 @@
public static final String SIG_KEY_ID = "signatureKeyIdentifier";
/**
- * Defines which signature algorithm to use. Currently this
- * parameter is ignored - SHA1RSA is the only supported algorithm,
- * will be enhanced soon.
+ * Defines which signature algorithm to use.
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.SIG_ALGO, "SHA1RSA");
+ * call.setProperty(
+ * WSHandlerConstants.SIG_ALGO,
+ * "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+ * );
* </pre>
* However, the parameter in the WSDD deployment file overwrites the
* property setting (deployment setting overwrites application setting).
*/
public static final String SIG_ALGO = "signatureAlgorithm";
+
+ /**
+ * Defines which signature digest algorithm to use.
+ * <p/>
+ * The application may set this parameter using the following method:
+ * <pre>
+ * call.setProperty(
+ * WSHandlerConstants.SIG_DIGEST_ALGO,
"http://www.w3.org/2001/04/xmlenc#sha256";
+ * );
+ * </pre>
+ * However, the parameter in the WSDD deployment file overwrites the
+ * property setting (deployment setting overwrites application setting).
+ */
+ public static final String SIG_DIGEST_ALGO = "signatureDigestAlgorithm";
/**
* Parameter to define which parts of the request shall be signed.
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew18.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew18.java?rev=759293&r1=759292&r2=759293&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew18.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew18.java Fri Mar 27
18:06:15 2009
@@ -27,10 +27,14 @@
import org.apache.axis.message.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
import org.w3c.dom.Document;
@@ -189,4 +193,101 @@
CustomCrypto custom = (CustomCrypto)crypto;
assertSame(tmp, custom.config);
}
+
+ /**
+ * A test for "SignatureAction does not set DigestAlgorithm on
WSSecSignature instance"
+ */
+ public void
+ testWSS170() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+ java.util.Map config = new java.util.TreeMap();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIG_ALGO,
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+ );
+ config.put(
+ WSHandlerConstants.SIG_DIGEST_ALGO,
+ "http://www.w3.org/2001/04/xmlenc#sha256";
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.Vector actions = new java.util.Vector();
+ actions.add(new Integer(action));
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.doit(
+ action,
+ doc,
+ reqData,
+ actions
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ assertTrue(
+
outputString.indexOf("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";) != -1
+ );
+ assertTrue(
+ outputString.indexOf("http://www.w3.org/2001/04/xmlenc#sha256";) !=
-1
+ );
+
+ verify(doc);
+ }
+
+ /**
+ * a trivial extension of the WSHandler type
+ */
+ public static class MyHandler extends WSHandler {
+
+ public Object
+ getOption(String key) {
+ return null;
+ }
+
+ public void
+ setProperty(
+ Object msgContext,
+ String key,
+ Object value
+ ) {
+ }
+
+ public Object
+ getProperty(Object ctx, String key) {
+ return ((java.util.Map)ctx).get(key);
+ }
+
+ public void
+ setPassword(Object msgContext, String password) {
+ }
+
+ public String
+ getPassword(Object msgContext) {
+ return (String)((java.util.Map)msgContext).get("password");
+ }
+
+ void doit(
+ int action,
+ Document doc,
+ RequestData reqData,
+ java.util.Vector actions
+ ) throws org.apache.ws.security.WSSecurityException {
+ doSenderAction(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
