TestWSSecurityNew17.java

coheigea Tue, 28 Apr 2009 03:41:23 -0700

Author: coheigea
Date: Tue Apr 28 10:40:59 2009
New Revision: 769329

URL: http://svn.apache.org/viewvc?rev=769329&view=rev
Log:
[WSS-179] - Backported specifix fix only to 1_5_x-fixes branch.


Modified:
    
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java

Modified: 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java?rev=769329&r1=769328&r2=769329&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
 (original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/WSSecSignature.java
 Tue Apr 28 10:40:59 2009
@@ -33,6 +33,7 @@
 import org.apache.ws.security.message.token.X509Security;
 import org.apache.ws.security.saml.SAMLUtil;
 import org.apache.ws.security.transform.STRTransform;
+import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.SignatureAlgorithm;
 import org.apache.xml.security.c14n.Canonicalizer;
@@ -54,6 +55,8 @@
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.HashSet;
 import java.util.Set;
@@ -430,7 +433,11 @@
             break;
             
         case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
-            secRef.setKeyIdentifierEncKeySHA1(this.encrKeySha1value);
+            if (encrKeySha1value != null) {
+                secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
+            } else {
+                secRef.setKeyIdentifierEncKeySHA1(getSHA1(secretKey));
+            }
             break;
 
         case WSConstants.CUSTOM_SYMM_SIGNING :
@@ -876,4 +883,19 @@
         this.useThisCert = cer;
     }
     
+    private String getSHA1(byte[] input) throws WSSecurityException {
+        try {
+            MessageDigest sha = MessageDigest.getInstance("SHA-1");
+            sha.reset();
+            sha.update(input);
+            byte[] data = sha.digest();
+            
+            return Base64.encode(data);
+        } catch (NoSuchAlgorithmException e) {
+            throw new WSSecurityException(
+                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
+            );
+        }
+    }
+    
 }

Modified: 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java?rev=769329&r1=769328&r2=769329&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java 
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew17.java 
Tue Apr 28 10:40:59 2009
@@ -21,6 +21,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -73,6 +75,7 @@
     private Crypto crypto = CryptoFactory.getInstance();
     private MessageContext msgContext;
     private Message message;
+    private byte[] keyData;
 
     /**
      * TestWSSecurity constructor
@@ -104,6 +107,11 @@
         AxisClient tmpEngine = new AxisClient(new NullProvider());
         msgContext = new MessageContext(tmpEngine);
         message = getSOAPMessage();
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+        keyData = key.getEncoded();
     }
 
     /**
@@ -119,6 +127,70 @@
         msg.setMessageContext(msgContext);
         return msg;
     }
+    
+    /**
+     * Test signing a message body using a symmetric key with EncryptedKeySHA1
+     */
+    public void testSymmetricSignatureSHA1() throws Exception {
+        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+        Document doc = unsignedEnvelope.getAsDocument();
+        
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecSignature sign = new WSSecSignature();
+        sign.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        sign.setSecretKey(keyData);
+        sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed symmetric message SHA1:");
+            String outputString = 
+                
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+        
+        verify(signedDoc);
+    }
+    
+    
+    /**
+     * Test signing a message body using a symmetric key with Direct Reference 
to an
+     * EncryptedKey
+     */
+    public void testSymmetricSignatureDR() throws Exception {
+        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+        Document doc = unsignedEnvelope.getAsDocument();
+        
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+        encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", 
"security");
+        encrKey.setKeySize(192);
+        encrKey.prepare(doc, crypto);
+        
+        WSSecSignature sign = new WSSecSignature();
+        sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+        sign.setCustomTokenId(encrKey.getId());
+        sign.setSecretKey(encrKey.getEphemeralKey());
+        sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+        sign.setCustomTokenValueType(
+            WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE
+        );
+
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed symmetric message DR:");
+            String outputString = 
+                
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+    }
 
     /**
      * Test that first signs, then encrypts a WS-Security envelope.
@@ -198,6 +270,7 @@
                  * for Testing we supply a fixed name here.
                  */
                 pc.setPassword("security");
+                pc.setKey(keyData);
             } else {
                 throw new UnsupportedCallbackException(callbacks[i], 
"Unrecognized Callback");
             }



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r769329 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/message/WSSecSignature.java test/wssec/TestWSSecurityNew17.java

Reply via email to