Author: coheigea Date: Mon Aug 16 19:05:57 2010 New Revision: 986099 URL: http://svn.apache.org/viewvc?rev=986099&view=rev Log: [WSS-233] - Allow configuration of UsernameTokenSpec 1.1 derived key functionality through WSHandler. - Note that unlike 1_5_fixes, the password is referenced through USERNAME_TOKEN_UNKNOWN on both the outbound and inbound sides.
Added: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1In.java webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1Out.java Removed: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1.java Modified: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java webservices/wss4j/trunk/test/interop/TestJAXRPCHandler.java webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java webservices/wss4j/trunk/test/wssec/TestWSSecurityUTSignature.java webservices/wss4j/trunk/xdocs/package.xml Modified: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd (original) +++ webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd Mon Aug 16 19:05:57 2010 @@ -23,7 +23,7 @@ <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="user" value="Chris"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="action" value="UsernameToken"/> <parameter name="passwordType" value="PasswordText" /> </handler> @@ -36,7 +36,7 @@ <parameter name="action" value="UsernameToken Encrypt"/> <parameter name="user" value="Chris"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="passwordType" value="PasswordText" /> <parameter name="addUTElements" value="Nonce Created" /> <parameter name="encryptionPropFile" value="wsstest.properties" /> @@ -56,14 +56,15 @@ <parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/> <parameter name="user" value="Chris"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="encryptionPropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <!-- Use the Server's cert/key to encrypt the request --> <parameter name="encryptionUser" value="bob" /> <parameter name="encryptionParts" - value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" /> + value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" /> + <parameter name="useDerivedKey" value="false" /> </handler> </requestFlow> </service> @@ -74,11 +75,11 @@ <parameter name="action" value="UsernameTokenSignature Timestamp"/> <parameter name="user" value="Chris"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="passwordType" value="PasswordDigest" /> <parameter name="signatureParts" value="Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" /> - + <parameter name="useDerivedKey" value="false" /> </handler> </requestFlow> </service> @@ -90,7 +91,7 @@ <!-- Use the Client's cert/key to sign the request --> <parameter name="user" value="alice"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> @@ -101,7 +102,7 @@ <responseFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -115,13 +116,13 @@ <!-- Use the Client's cert/key to sign the request --> <parameter name="user" value="alice"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="EmbeddedKeyName" /> <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <parameter name="EmbeddedKeyCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1" /> + value="org.apache.ws.axis.oasis.PWCallback1Out" /> <parameter name="EmbeddedKeyName" value="SessionKey" /> </handler> </requestFlow> @@ -143,7 +144,7 @@ <!-- Use the Client's cert/key to sign the request --> <parameter name="user" value="alice"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="signatureParts" value="{}{http://xmlsoap.org/Ping}ticket" /> @@ -153,7 +154,7 @@ <!-- Use the Client's cert/key to sign the request --> <parameter name="user" value="alice"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -167,7 +168,7 @@ <!-- Use the Client's cert/key to sign the request --> <parameter name="user" value="alice"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> @@ -178,7 +179,7 @@ </requestFlow> <responseFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Encrypt Signature Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -191,7 +192,7 @@ <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="user" value="alice"/> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform" /> @@ -205,7 +206,7 @@ <responseFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="decryptionPropFile" value="wsstest.properties" /> Added: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1In.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1In.java?rev=986099&view=auto ============================================================================== --- webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1In.java (added) +++ webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1In.java Mon Aug 16 19:05:57 2010 @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * @author Werner Dittmann (werner.dittm...@siemens.com) + */ +package org.apache.ws.axis.oasis; + +import org.apache.ws.security.WSPasswordCallback; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import java.io.IOException; + + +/** + * Class PWCallback + */ +public class PWCallback1In implements CallbackHandler { + + /** Field key */ + private static final byte[] key = { + (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb, + (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19, + (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7, + (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51, + (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04, + + }; + + + /* + * (non-Javadoc) + * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[]) + */ + + + /** + * Method handle + * + * @param callbacks + * @throws java.io.IOException + * @throws javax.security.auth.callback.UnsupportedCallbackException + */ + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + + /* + * This usage type is used only in case we received a + * username token with a password of type PasswordText or + * an unknown password type. + * + * This case the WSPasswordCallback object contains the + * identifier (aka username), the password we received, and + * the password type string to identify the type. + * + * Here we perform only a very simple check. + */ + + if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { + if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) { + return; + } + if (pc.getPassword().equals("sirhC")) { + return; + } + throw new UnsupportedCallbackException(callbacks[i], + "check failed"); + } + + /* + * here call a function/method to lookup the password for + * the given identifier (e.g. a user name or keystore alias) + * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier)) + * for Testing we supply a fixed name here. + */ + + if (pc.getUsage() == WSPasswordCallback.KEY_NAME) { + pc.setKey(key); + } else if(pc.getIdentifier().equals("alice")) { + pc.setPassword("password"); + } else if(pc.getIdentifier().equals("bob")) { + pc.setPassword("password"); + } else if(pc.getIdentifier().equals("Ron")) { + pc.setPassword("noR"); + } else { + pc.setPassword("sirhC"); + } + + } else { + throw new UnsupportedCallbackException(callbacks[i], + "Unrecognized Callback"); + } + } + } +} + Added: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1Out.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1Out.java?rev=986099&view=auto ============================================================================== --- webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1Out.java (added) +++ webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback1Out.java Mon Aug 16 19:05:57 2010 @@ -0,0 +1,94 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * @author Werner Dittmann (werner.dittm...@siemens.com) + */ +package org.apache.ws.axis.oasis; + +import org.apache.ws.security.WSPasswordCallback; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import java.io.IOException; + + +/** + * Class PWCallback + */ +public class PWCallback1Out implements CallbackHandler { + + /** Field key */ + private static final byte[] key = { + (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb, + (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19, + (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7, + (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51, + (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04, + + }; + + + /* + * (non-Javadoc) + * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[]) + */ + + + /** + * Method handle + * + * @param callbacks + * @throws java.io.IOException + * @throws javax.security.auth.callback.UnsupportedCallbackException + */ + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + + + /* + * here call a function/method to lookup the password for + * the given identifier (e.g. a user name or keystore alias) + * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier)) + * for Testing we supply a fixed name here. + */ + + if (pc.getUsage() == WSPasswordCallback.KEY_NAME) { + pc.setKey(key); + } else if(pc.getIdentifier().equals("alice")) { + pc.setPassword("password"); + } else if(pc.getIdentifier().equals("bob")) { + pc.setPassword("password"); + } else if(pc.getIdentifier().equals("Ron")) { + pc.setPassword("noR"); + } else { + pc.setPassword("sirhC"); + } + } else { + throw new UnsupportedCallbackException(callbacks[i], + "Unrecognized Callback"); + } + } + } +} + Modified: webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd (original) +++ webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd Mon Aug 16 19:05:57 2010 @@ -39,7 +39,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="UsernameToken"/> </handler> </requestFlow> @@ -67,7 +67,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="UsernameToken Encrypt"/> <parameter name="decryptionPropFile" value="wsstest.properties" /> </handler> @@ -96,9 +96,10 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="UsernameTokenSignature UsernameToken Encrypt Timestamp"/> <parameter name="decryptionPropFile" value="wsstest.properties" /> + <parameter name="useDerivedKey" value="false" /> </handler> </requestFlow> </service> @@ -125,8 +126,9 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="UsernameTokenSignature UsernameToken Timestamp"/> + <parameter name="useDerivedKey" value="false" /> </handler> </requestFlow> </service> @@ -153,7 +155,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -164,7 +166,7 @@ <!-- Use the Server's cert/key to sign the response --> <parameter name="user" value="bob"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> @@ -197,7 +199,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -208,13 +210,13 @@ <!-- Use the Server's cert/key to sign the response --> <parameter name="user" value="bob"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="EmbeddedKeyName" /> <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <parameter name="EmbeddedKeyCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1" /> + value="org.apache.ws.axis.oasis.PWCallback1Out" /> <parameter name="EmbeddedKeyName" value="SessionKey" /> </handler> </responseFlow> @@ -242,7 +244,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Signature Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -271,7 +273,7 @@ /> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Encrypt Signature Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> </handler> @@ -282,7 +284,7 @@ <!-- Use the Server's cert/key to sign the response --> <parameter name="user" value="bob"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionKeyIdentifier" value="DirectReference" /> @@ -316,7 +318,7 @@ <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> - <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/> + <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1In"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="decryptionPropFile" value="wsstest.properties" /> @@ -328,7 +330,7 @@ <!-- Use the Server's cert/key to sign the response --> <parameter name="user" value="bob"/> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="signaturePropFile" value="wsstest.properties" /> <parameter name="encryptionPropFile" value="wsstest.properties" /> Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Mon Aug 16 19:05:57 2010 @@ -53,8 +53,15 @@ public class UsernameTokenSignedAction i WSSecUsernameToken builder = new WSSecUsernameToken(); builder.setWsConfig(reqData.getWssConfig()); - builder.setPasswordType(reqData.getPwType()); // enhancement by Alberto Coletti - builder.setSecretKeyLength(reqData.getSecretKeyLength()); + + if (reqData.isUseDerivedKey()) { + int iterations = reqData.getDerivedKeyIterations(); + boolean useMac = reqData.isUseDerivedKeyForMAC(); + builder.addDerivedKey(useMac, null, iterations); + } else { + builder.setPasswordType(reqData.getPwType()); // enhancement by Alberto Coletti + builder.setSecretKeyLength(reqData.getSecretKeyLength()); + } builder.setUserInfo(reqData.getUsername(), password); builder.addCreated(); @@ -83,10 +90,15 @@ public class UsernameTokenSignedAction i sign.setCustomTokenId(builder.getId()); sign.setSecretKey(builder.getSecretKey()); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); - sign.setSignatureAlgorithm(WSConstants.HMAC_SHA1); if (reqData.getSigDigestAlgorithm() != null) { sign.setDigestAlgo(reqData.getSigDigestAlgorithm()); } + + if (reqData.getSigAlgorithm() != null) { + sign.setSignatureAlgorithm(reqData.getSigAlgorithm()); + } else { + sign.setSignatureAlgorithm(WSConstants.HMAC_SHA1); + } sign.prepare(doc, null, reqData.getSecHeader()); Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java Mon Aug 16 19:05:57 2010 @@ -24,6 +24,7 @@ import org.apache.ws.security.WSConstant import org.apache.ws.security.WSSConfig; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.message.WSSecHeader; +import org.apache.ws.security.message.token.UsernameToken; import java.util.List; import java.util.Vector; @@ -62,6 +63,9 @@ public class RequestData { private WSSecHeader secHeader = null; private boolean encSymmetricEncryptionKey = true; private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN; + private boolean useDerivedKey = true; + private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION; + private boolean useDerivedKeyForMAC = true; public void clear() { soapConstants = null; @@ -77,6 +81,9 @@ public class RequestData { encSymmetricEncryptionKey = true; secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN; signatureUser = null; + useDerivedKey = true; + derivedKeyIterations = UsernameToken.DEFAULT_ITERATION; + useDerivedKeyForMAC = true; } public Object getMsgContext() { @@ -297,4 +304,53 @@ public class RequestData { public void setSecHeader(WSSecHeader secHeader) { this.secHeader = secHeader; } + + /** + * @param derivedKey Set whether to derive keys as per the + * UsernameTokenProfile 1.1 spec. Default is true. + */ + public void setUseDerivedKey(boolean derivedKey) { + useDerivedKey = derivedKey; + } + + /** + * Return whether to derive keys as per the UsernameTokenProfile + * 1.1 spec. Default is true. + */ + public boolean isUseDerivedKey() { + return useDerivedKey; + } + + /** + * Set the derived key iterations. Default is 1000. + * @param iterations The number of iterations to use when deriving a key + */ + public void setDerivedKeyIterations(int iterations) { + derivedKeyIterations = iterations; + } + + /** + * Get the derived key iterations. + * @return The number of iterations to use when deriving a key + */ + public int getDerivedKeyIterations() { + return derivedKeyIterations; + } + + /** + * Whether to use the derived key for a MAC. + * @param useMac Whether to use the derived key for a MAC. + */ + public void setUseDerivedKeyForMAC(boolean useMac) { + useDerivedKeyForMAC = useMac; + } + + /** + * Whether to use the derived key for a MAC. + * @return Whether to use the derived key for a MAC. + */ + public boolean isUseDerivedKeyForMAC() { + return useDerivedKeyForMAC; + } + } Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Mon Aug 16 19:05:57 2010 @@ -527,6 +527,24 @@ public abstract class WSHandler { if (add != null) { reqData.setUtElements(StringUtil.split(add, ' ')); } + + String derived = getString(WSHandlerConstants.USE_DERIVED_KEY, mc); + if (derived != null) { + boolean useDerivedKey = Boolean.parseBoolean(derived); + reqData.setUseDerivedKey(useDerivedKey); + } + + String derivedMAC = getString(WSHandlerConstants.USE_DERIVED_KEY, mc); + boolean useDerivedKeyForMAC = Boolean.parseBoolean(derivedMAC); + if (useDerivedKeyForMAC) { + reqData.setUseDerivedKeyForMAC(useDerivedKeyForMAC); + } + + String iterations = getString(WSHandlerConstants.DERIVED_KEY_ITERATIONS, mc); + if (iterations != null) { + int iIterations = Integer.parseInt(iterations); + reqData.setDerivedKeyIterations(iIterations); + } } protected void decodeSignatureParameter(RequestData reqData) @@ -882,9 +900,11 @@ public abstract class WSHandler { switch (doAction) { case WSConstants.UT: - case WSConstants.UT_SIGN: reason = WSPasswordCallback.USERNAME_TOKEN; break; + case WSConstants.UT_SIGN: + reason = WSPasswordCallback.USERNAME_TOKEN_UNKNOWN; + break; case WSConstants.SIGN: reason = WSPasswordCallback.SIGNATURE; break; Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Mon Aug 16 19:05:57 2010 @@ -602,6 +602,25 @@ public class WSHandlerConstants { * The default value is 16 bytes. */ public static final String WSE_SECRET_KEY_LENGTH = "wseSecretKeyLength"; + + /** + * This parameter sets whether to use UsernameToken Key Derivation, as defined + * in the UsernameTokenProfile 1.1 specification. The default is true. If false, + * then it falls back to the old behaviour of WSE derived key functionality. + */ + public static final String USE_DERIVED_KEY = "useDerivedKey"; + + /** + * This parameter sets whether to use the Username Token derived key for a MAC + * or not. The default is true. + */ + public static final String USE_DERIVED_KEY_FOR_MAC = "useDerivedKeyForMAC"; + + /** + * This parameter sets the number of iterations to use when deriving a key + * from a Username Token. The default is 1000. + */ + public static final String DERIVED_KEY_ITERATIONS = "derivedKeyIterations"; /** * The name of the crypto property file to use for SOAP Encryption. Modified: webservices/wss4j/trunk/test/interop/TestJAXRPCHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/interop/TestJAXRPCHandler.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/test/interop/TestJAXRPCHandler.java (original) +++ webservices/wss4j/trunk/test/interop/TestJAXRPCHandler.java Mon Aug 16 19:05:57 2010 @@ -58,7 +58,7 @@ public class TestJAXRPCHandler extends T config.put("action", "UsernameToken"); config.put("user", "Chris"); config.put("passwordType", "PasswordText"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); invokeService (config, 1); } public void testScenario2() throws Exception { @@ -72,7 +72,7 @@ public class TestJAXRPCHandler extends T config.put("encryptionPropFile", "wsstest.properties"); config.put("encryptionKeyIdentifier", "SKIKeyIdentifier"); config.put("encryptionUser", "bob"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("encryptionParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"); invokeService (config, 2); } @@ -81,7 +81,7 @@ public class TestJAXRPCHandler extends T config.put("deployment", "client"); config.put("action", "Signature Encrypt Timestamp"); config.put("user", "alice"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("signatureKeyIdentifier", "DirectReference"); config.put("signaturePropFile", "wsstest.properties"); config.put("encryptionKeyIdentifier", "SKIKeyIdentifier"); @@ -93,12 +93,12 @@ public class TestJAXRPCHandler extends T config.put("deployment", "client"); config.put("action", "Signature Encrypt Timestamp"); config.put("user", "alice"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("signatureKeyIdentifier", "DirectReference"); config.put("signaturePropFile", "wsstest.properties"); config.put("encryptionKeyIdentifier", "EmbeddedKeyName"); config.put("encryptionSymAlgorithm", "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); - config.put("EmbeddedKeyCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("EmbeddedKeyCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("EmbeddedKeyName", "SessionKey"); invokeService (config, 4); } @@ -111,7 +111,7 @@ public class TestJAXRPCHandler extends T config.put("deployment", "client"); config.put("action", "Signature NoSerialization"); config.put("user", "alice"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("signatureKeyIdentifier", "DirectReference"); config.put("signaturePropFile", "wsstest.properties"); config.put("signatureParts", "{}{http://xmlsoap.org/Ping}ticket"); @@ -122,7 +122,7 @@ public class TestJAXRPCHandler extends T config.put("deployment", "client"); config.put("action", "Encrypt Signature Timestamp"); config.put("user", "alice"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("signatureKeyIdentifier", "DirectReference"); config.put("signaturePropFile", "wsstest.properties"); config.put("encryptionKeyIdentifier", "SKIKeyIdentifier"); @@ -134,7 +134,7 @@ public class TestJAXRPCHandler extends T config.put("deployment", "client"); config.put("action", "Signature Encrypt Timestamp"); config.put("user", "alice"); - config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1"); + config.put("passwordCallbackClass", "org.apache.ws.axis.oasis.PWCallback1Out"); config.put("signatureKeyIdentifier", "DirectReference"); config.put("signaturePropFile", "wsstest.properties"); config.put("encryptionKeyIdentifier", "SKIKeyIdentifier"); Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java (original) +++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew13.java Mon Aug 16 19:05:57 2010 @@ -196,6 +196,7 @@ public class TestWSSecurityNew13 extends config.put("password", "verySecret"); config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); config.put(WSHandlerConstants.WSE_SECRET_KEY_LENGTH, "32"); + config.put(WSHandlerConstants.USE_DERIVED_KEY, "false"); reqData.setUsername("wernerd"); reqData.setMsgContext(config); Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityUTSignature.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityUTSignature.java?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/test/wssec/TestWSSecurityUTSignature.java (original) +++ webservices/wss4j/trunk/test/wssec/TestWSSecurityUTSignature.java Mon Aug 16 19:05:57 2010 @@ -24,12 +24,15 @@ import junit.framework.TestSuite; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ws.security.WSConstants; +import org.apache.ws.security.WSSConfig; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.WSPasswordCallback; import org.apache.ws.security.WSSecurityEngine; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; +import org.apache.ws.security.handler.RequestData; +import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.message.WSSecHeader; import org.apache.ws.security.message.WSSecSignature; import org.apache.ws.security.message.WSSecUsernameToken; @@ -174,6 +177,98 @@ public class TestWSSecurityUTSignature e } /** + * Test using a UsernameToken derived key for signing a SOAP body via WSHandler + */ + public void testHandlerSignature() throws Exception { + + final WSSConfig cfg = WSSConfig.getNewInstance(); + RequestData reqData = new RequestData(); + reqData.setWssConfig(cfg); + java.util.Map messageContext = new java.util.TreeMap(); + messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this); + messageContext.put(WSHandlerConstants.USE_DERIVED_KEY, "true"); + reqData.setMsgContext(messageContext); + reqData.setUsername("bob"); + + final java.util.Vector actions = new java.util.Vector(); + actions.add(new Integer(WSConstants.UT_SIGN)); + + Document doc = SOAPUtil.toSOAPPart(SOAPMSG); + MyHandler handler = new MyHandler(); + handler.send( + WSConstants.UT_SIGN, + doc, + reqData, + actions, + true + ); + + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); + assertTrue(outputString.indexOf("wsse:Username") != -1); + assertTrue(outputString.indexOf("wsse:Password") == -1); + assertTrue(outputString.indexOf("wsse11:Salt") != -1); + assertTrue(outputString.indexOf("wsse11:Iteration") != -1); + if (LOG.isDebugEnabled()) { + LOG.debug(outputString); + } + + List results = verify(doc); + WSSecurityEngineResult actionResult = + WSSecurityUtil.fetchActionResult(results, WSConstants.UT_SIGN); + java.security.Principal principal = + (java.security.Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL); + assertTrue(principal.getName().indexOf("bob") != -1); + } + + /** + * Test using a UsernameToken derived key for signing a SOAP body via WSHandler + */ + public void testHandlerSignatureIterations() throws Exception { + + final WSSConfig cfg = WSSConfig.getNewInstance(); + RequestData reqData = new RequestData(); + reqData.setWssConfig(cfg); + java.util.Map messageContext = new java.util.TreeMap(); + messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, this); + messageContext.put(WSHandlerConstants.USE_DERIVED_KEY, "true"); + messageContext.put(WSHandlerConstants.DERIVED_KEY_ITERATIONS, "1234"); + reqData.setMsgContext(messageContext); + reqData.setUsername("bob"); + + final java.util.Vector actions = new java.util.Vector(); + actions.add(new Integer(WSConstants.UT_SIGN)); + + Document doc = SOAPUtil.toSOAPPart(SOAPMSG); + MyHandler handler = new MyHandler(); + handler.send( + WSConstants.UT_SIGN, + doc, + reqData, + actions, + true + ); + + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); + assertTrue(outputString.indexOf("wsse:Username") != -1); + assertTrue(outputString.indexOf("wsse:Password") == -1); + assertTrue(outputString.indexOf("wsse11:Salt") != -1); + assertTrue(outputString.indexOf("wsse11:Iteration") != -1); + assertTrue(outputString.indexOf("1234") != -1); + if (LOG.isDebugEnabled()) { + LOG.debug(outputString); + } + + List results = verify(doc); + WSSecurityEngineResult actionResult = + WSSecurityUtil.fetchActionResult(results, WSConstants.UT_SIGN); + java.security.Principal principal = + (java.security.Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL); + assertTrue(principal.getName().indexOf("bob") != -1); + } + + /** * Verifies the soap envelope. * * @param env soap envelope Modified: webservices/wss4j/trunk/xdocs/package.xml URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/xdocs/package.xml?rev=986099&r1=986098&r2=986099&view=diff ============================================================================== --- webservices/wss4j/trunk/xdocs/package.xml (original) +++ webservices/wss4j/trunk/xdocs/package.xml Mon Aug 16 19:05:57 2010 @@ -59,7 +59,7 @@ on the client (application) side. <parameter name="user" value="werner"/> <parameter name="passwordType" value="PasswordText" /> <parameter name="passwordCallbackClass" - value="org.apache.ws.axis.oasis.PWCallback1"/> + value="org.apache.ws.axis.oasis.PWCallback1Out"/> </handler> </requestFlow> </service> --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org