Author: coheigea
Date: Mon Apr 27 11:40:09 2009
New Revision: 768934
URL: http://svn.apache.org/viewvc?rev=768934&view=rev
Log:
[WSS-177] - Backported the specific fix only to the 1_5_x-fixes branch.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecEncrypt.java
Mon Apr 27 11:40:09 2009
@@ -254,6 +254,8 @@
remoteCert = certs[0];
}
prepareInternal(this.ephemeralKey, remoteCert, crypto);
+ } else {
+ encryptedEphemeralKey = ephemeralKey;
}
}
@@ -291,9 +293,9 @@
envelope = document.getDocumentElement();
}
- SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
if (parts == null) {
parts = new Vector();
+ SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
@@ -304,9 +306,12 @@
}
Element refs = encryptForInternalRef(null, parts);
- addInternalRefElement(refs);
-
- prependToHeader(secHeader);
+ if (encryptedKeyElement != null) {
+ addInternalRefElement(refs);
+ prependToHeader(secHeader);
+ } else {
+ WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(),
refs);
+ }
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java?rev=768934&r1=768933&r2=768934&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew14.java
Mon Apr 27 11:40:09 2009
@@ -41,6 +41,8 @@
import java.io.IOException;
import java.io.InputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -72,6 +74,8 @@
private Crypto crypto = CryptoFactory.getInstance();
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
+ private byte[] keyData;
+ private SecretKey key;
/**
* TestWSSecurity constructor
@@ -103,6 +107,11 @@
AxisClient tmpEngine = new AxisClient(new NullProvider());
msgContext = new MessageContext(tmpEngine);
unsignedEnvelope = getSOAPEnvelope();
+
+ KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+ keyGen.init(128);
+ key = keyGen.generateKey();
+ keyData = key.getEncoded();
}
/**
@@ -231,6 +240,69 @@
LOG.info("After Encrypting EncryptedKeySHA1....");
verify(encryptedDoc);
}
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric
key, rather than a
+ * generated session key which is then encrypted using a public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testEncryptionSHA1Symmetric() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setSymmetricKey(key);
+ builder.setEncryptSymmKey(false);
+ builder.setUseKeyIdentifier(true);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
+
+
+ /**
+ * Test that encrypts using EncryptedKeySHA1, where it uses a symmetric
key (bytes),
+ * rather than a generated session key which is then encrypted using a
public key.
+ *
+ * @throws java.lang.Exception Thrown when there is any problem in
encryption or decryption
+ */
+ public void testEncryptionSHA1SymmetricBytes() throws Exception {
+ WSSecEncrypt builder = new WSSecEncrypt();
+
builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ builder.setEphemeralKey(keyData);
+ builder.setEncryptSymmKey(false);
+ builder.setUseKeyIdentifier(true);
+
+ LOG.info("Before Encrypting EncryptedKeySHA1....");
+ Document doc = unsignedEnvelope.getAsDocument();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("#EncryptedKeySHA1") != -1);
+
+ LOG.info("After Encrypting EncryptedKeySHA1....");
+ verify(encryptedDoc);
+ }
/**
* Verifies the soap envelope.
@@ -255,6 +327,7 @@
* for Testing we supply a fixed name here.
*/
pc.setPassword("security");
+ pc.setKey(keyData);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
