cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1151134 - in /cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security: saml/SamlHeaderOutInterceptor.java xml/EncryptionUtils.java xml/XmlEncInHandler.java xml/XmlEncOutInterceptor.java
Date Tue, 26 Jul 2011 15:22:04 GMT
Author: sergeyb
Date: Tue Jul 26 15:22:00 2011
New Revision: 1151134

URL: http://svn.apache.org/viewvc?rev=1151134&view=rev
Log:
[CXF-3677] Some refactoring of encryption tests

Added:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
  (with props)
Modified:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java?rev=1151134&r1=1151133&r2=1151134&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
Tue Jul 26 15:22:00 2011
@@ -55,6 +55,7 @@ public class SamlHeaderOutInterceptor ex
         useDeflateEncoding = deflate;
     }
     
+    @SuppressWarnings("unchecked")
     public void handleMessage(Message message) throws Fault {
         AssertionWrapper assertionWrapper = createAssertion(message);
         try {

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java?rev=1151134&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
Tue Jul 26 15:22:00 2011
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.cert.X509Certificate;
+
+import javax.crypto.Cipher;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.XMLEncryptionException;
+
+public final class EncryptionUtils {
+    private EncryptionUtils() {
+        
+    }
+    
+    public static Cipher initCipherWithCert(String keyEncAlgo, int mode, X509Certificate
cert)
+        throws WSSecurityException {
+        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+        try {
+            cipher.init(mode, cert);
+        } catch (InvalidKeyException e) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+            );
+        }
+        return cipher;
+    }
+    
+    public static Cipher initCipherWithKey(String keyEncAlgo, int mode, Key key)
+        throws WSSecurityException {
+        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+        try {
+            cipher.init(mode, key);
+        } catch (InvalidKeyException e) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+            );
+        }
+        return cipher;
+    }
+    
+    public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) 
+        throws WSSecurityException {
+        try {
+            XMLCipher cipher = XMLCipher.getInstance(symEncAlgo);
+            cipher.init(mode, key);
+            return cipher;
+        } catch (XMLEncryptionException ex) {
+            throw new WSSecurityException(
+                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
+            );
+        }
+    }
+    
+}
+

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/EncryptionUtils.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java?rev=1151134&r1=1151133&r2=1151134&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
Tue Jul 26 15:22:00 2011
@@ -24,16 +24,13 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.URL;
-import java.security.InvalidKeyException;
 import java.security.PrivateKey;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Properties;
 import java.util.logging.Logger;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
 import javax.security.auth.callback.CallbackHandler;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
@@ -43,6 +40,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Exception;
@@ -63,6 +61,8 @@ import org.apache.ws.security.handler.Re
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
 
 public class XmlEncInHandler implements RequestHandler {
@@ -90,22 +90,13 @@ public class XmlEncInHandler implements 
         
 
         Element root = doc.getDocumentElement();
-        Element encKeyElement = getNode(root, WSConstants.ENC_NS, "EncryptedKey", 0);
-        if (encKeyElement == null) {
-            throwFault("EncryptedKey element is not available", null);
-        }
-        byte[] symmetricKeyBytes = getSymmetricKey(message, encKeyElement);
+        
+        byte[] symmetricKeyBytes = getSymmetricKeyBytes(message, root);
                 
         String algorithm = getEncodingMethodAlgorithm(root);
-        Element cipherValue = getNode(root, WSConstants.ENC_NS, "CipherValue", 1);
-        if (cipherValue == null) {
-            throwFault("CipherValue element is not available", null);
-        }
-        
         byte[] decryptedPayload = null;
         try {
-            decryptedPayload = decryptPayload(symmetricKeyBytes, cipherValue.getTextContent().trim(),
-                                                algorithm);
+            decryptedPayload = decryptPayload(root, symmetricKeyBytes, algorithm);
         } catch (Exception ex) {
             throwFault("Payload can not be decrypted", ex);
         }
@@ -123,7 +114,14 @@ public class XmlEncInHandler implements 
         return null;
     }
     
-    private byte[] getSymmetricKey(Message message, Element encKeyElement) {
+    protected byte[] getSymmetricKeyBytes(Message message, Element encDataElement) {
+        // Subclasses can overwrite it and return the bytes, assuming they know the actual
key
+        Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey",
0);
+        if (encKeyElement == null) {
+            //TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of
band
+            throwFault("EncryptedKey element is not available", null);
+        }
+        
         Element certNode = getNode(encKeyElement, 
                                       Constants.SignatureSpecNS, "X509Certificate", 0);
         if (certNode == null) {
@@ -136,22 +134,20 @@ public class XmlEncInHandler implements 
             throwFault("Base64 decoding has failed", ex);
         }
         
-        X509Certificate cert = null;
+        Crypto crypto = null;
         try {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(certBytes));
+            crypto = getCrypto(message, SecurityConstants.ENCRYPT_PROPERTIES);
         } catch (Exception ex) {
-            throwFault("X509Certificate can not be created", ex);
+            throwFault("Crypto can not be loaded", ex);
         }
         
-        Crypto crypto = null;
+        X509Certificate cert = null;
         try {
-            crypto = getCrypto(message, SecurityConstants.ENCRYPT_PROPERTIES);
+            cert = crypto.loadCertificate(new ByteArrayInputStream(certBytes));
         } catch (Exception ex) {
-            throwFault("Crypto can not be loaded", ex);
+            throwFault("X509Certificate can not be created", ex);
         }
         
-            
         Credential trustCredential = new Credential();
         trustCredential.setPublicKey(null);
         trustCredential.setCertificates(new X509Certificate[]{cert});
@@ -187,7 +183,8 @@ public class XmlEncInHandler implements 
         }
         return encMethod.getAttribute("Algorithm");
     }
-    
+
+    //TODO: Support symmetric keys if requested
     protected byte[] decryptSymmetricKey(String base64EncodedKey, 
                                          X509Certificate cert,
                                          Crypto crypto,
@@ -200,18 +197,11 @@ public class XmlEncInHandler implements 
         } catch (Exception ex) {
             throwFault("Encrypted key can not be decrypted", ex);
         }
-        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
-        try {
-            // see more: WSS4J EncryptedDataProcessor
-            cipher.init(Cipher.DECRYPT_MODE, key);
-        } catch (InvalidKeyException e) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
-            );
-        }
+        Cipher cipher = 
+            EncryptionUtils.initCipherWithKey(keyEncAlgo, Cipher.DECRYPT_MODE, key);
         try {
             byte[] encryptedBytes = Base64Utility.decode(base64EncodedKey);
-            return doDecrypt(cipher, encryptedBytes); 
+            return cipher.doFinal(encryptedBytes);
         } catch (Base64Exception ex) {
             throwFault("Base64 decoding has failed", ex);
         } catch (Exception ex) {
@@ -221,45 +211,22 @@ public class XmlEncInHandler implements 
         
     }
     
-    protected byte[] decryptPayload(byte[] secretKeyBytes,
-                                    String base64EncodedPayload, 
+    protected byte[] decryptPayload(Element root, 
+                                    byte[] secretKeyBytes,
                                     String symEncAlgo) throws WSSecurityException {
-        byte[] encryptedBytes = null;
+        SecretKey key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKeyBytes);
         try {
-            encryptedBytes = Base64Utility.decode(base64EncodedPayload);
-        } catch (Base64Exception ex) {
-            throwFault("Base64 decoding has failed", ex);
-        }
-        
-        Cipher cipher = WSSecurityUtil.getCipherInstance(symEncAlgo);
-        try {
-            // see more: WSS4J EncryptedDataProcessor
-            SecretKey key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKeyBytes);
-            // IV spec
-            int ivLen = cipher.getBlockSize();
-            byte[] ivBytes = new byte[ivLen];
-            System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
-            IvParameterSpec iv = new IvParameterSpec(ivBytes);
-            
-            cipher.init(Cipher.DECRYPT_MODE, key, iv);
-            
-            return cipher.doFinal(encryptedBytes, 
-                             ivLen, 
-                             encryptedBytes.length - ivLen);
-            
-        } catch (InvalidKeyException e) {
+            XMLCipher xmlCipher = 
+                EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
+            return xmlCipher.decryptToByteArray(root);
+        } catch (XMLEncryptionException ex) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
             );
-        } catch (Exception e) {
-            throw new WSSecurityException(
-                 WSSecurityException.FAILED_ENCRYPTION, null, null, e);
         }
+        
     }
     
-    private byte[] doDecrypt(Cipher cipher, byte[] encryptedBytes) throws Exception {
-        return cipher.doFinal(encryptedBytes);
-    }
     
     private Element getNode(Element parent, String ns, String name, int index) {
         NodeList list = parent.getElementsByTagNameNS(ns, name);

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java?rev=1151134&r1=1151133&r2=1151134&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
Tue Jul 26 15:22:00 2011
@@ -24,7 +24,6 @@ import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.lang.annotation.Annotation;
 import java.net.URL;
-import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -82,7 +81,6 @@ import org.apache.ws.security.util.UUIDG
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
 
 public class XmlEncOutInterceptor extends AbstractPhaseInterceptor<Message> {
     private static final Logger LOG = 
@@ -157,15 +155,9 @@ public class XmlEncOutInterceptor extend
         }
                
         // encrypt payloadDoc
-        XMLCipher xmlCipher = null;
-        try {
-            xmlCipher = XMLCipher.getInstance(symEncAlgo);
-        } catch (XMLEncryptionException ex) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
-            );
-        }
-        xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
+        XMLCipher xmlCipher = 
+            EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey);
+        
         Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(),
false);
         NodeList list = result.getElementsByTagNameNS(WSConstants.ENC_NS, "CipherValue");
         if (list.getLength() != 1) {
@@ -231,14 +223,8 @@ public class XmlEncOutInterceptor extend
     protected byte[] encryptSymmetricKey(byte[] keyBytes, 
                                          X509Certificate remoteCert,
                                          Crypto crypto) throws WSSecurityException {
-        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
-        try {
-            cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
-        } catch (InvalidKeyException e) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
-            );
-        }
+        Cipher cipher = 
+            EncryptionUtils.initCipherWithCert(keyEncAlgo, Cipher.ENCRYPT_MODE, remoteCert);
         int blockSize = cipher.getBlockSize();
         if (blockSize > 0 && blockSize < keyBytes.length) {
             throw new WSSecurityException(



Mime
View raw message