ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1150615 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/ main/java/org/apache/ws/security/message/ main/java/org/apache/ws/security/message/token/ main/java/org/apache/ws/security/processor/ main/java/org/apache/ws/secu...
Date Mon, 25 Jul 2011 10:08:32 GMT
Author: coheigea
Date: Mon Jul 25 10:08:31 2011
New Revision: 1150615

URL: http://svn.apache.org/viewvc?rev=1150615&view=rev
Log:
[WSS-251] - Added a (mock) unit test for Direct Reference Signature using a Kerberos Token.

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Mon Jul
25 10:08:31 2011
@@ -243,6 +243,7 @@ public class WSConstants {
     public static final String WSS_KRB_V5_AP_REQ4120 = KERBEROS_NS11 + "#Kerberosv5_AP_REQ4120";
     public static final String WSS_GSS_KRB_V5_AP_REQ4120 = 
         KERBEROS_NS11 + "#GSS_Kerberosv5_AP_REQ4120";
+    public static final String WSS_KRB_KI_VALUE_TYPE = KERBEROS_NS11 + "#Kerberosv5APREQSHA1";
     
     //
     // Misc

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Mon Jul 25 10:08:31 2011
@@ -29,6 +29,7 @@ import org.apache.ws.security.components
 import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.DOMX509Data;
 import org.apache.ws.security.message.token.DOMX509IssuerSerial;
+import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.PKIPathSecurity;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
@@ -236,6 +237,9 @@ public class WSSecSignature extends WSSe
                 } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType))
{
                     secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                     refCust.setValueType(customTokenValueType);
+                } else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
+                    secRef.addTokenType(customTokenValueType);
+                    refCust.setValueType(customTokenValueType);
                 } else {
                     refCust.setValueType(customTokenValueType);
                 }
@@ -253,6 +257,9 @@ public class WSSecSignature extends WSSe
                 } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType))
{
                     secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                     refCustd.setValueType(customTokenValueType);
+                } else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
+                    secRef.addTokenType(customTokenValueType);
+                    refCustd.setValueType(customTokenValueType);
                 } else {
                     refCustd.setValueType(customTokenValueType);
                 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
Mon Jul 25 10:08:31 2011
@@ -61,6 +61,14 @@ public class KerberosSecurity extends Bi
      */
     public KerberosSecurity(Element elem, boolean bspCompliant) throws WSSecurityException
{
         super(elem, bspCompliant);
+        String valueType = getValueType();
+        if (bspCompliant && !WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType))
{
+            throw new WSSecurityException(
+                WSSecurityException.INVALID_SECURITY_TOKEN, 
+                "invalidValueType", 
+                new Object[]{valueType}
+            );
+        }
     }
 
     /**
@@ -164,5 +172,21 @@ public class KerberosSecurity extends Bi
         }
     }
     
+    /**
+     * Return true if the valueType represents a Kerberos Token
+     * @param valueType the valueType of the token
+     * @return true if the valueType represents a Kerberos Token
+     */
+    public static boolean isKerberosToken(String valueType) {
+        if (WSConstants.WSS_KRB_V5_AP_REQ.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType)
+            || WSConstants.WSS_KRB_V5_AP_REQ1510.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ1510.equals(valueType)
+            || WSConstants.WSS_KRB_V5_AP_REQ4120.equals(valueType)
+            || WSConstants.WSS_GSS_KRB_V5_AP_REQ4120.equals(valueType)) {
+            return true;
+        }
+        return false;
+    }
     
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
Mon Jul 25 10:08:31 2011
@@ -136,7 +136,7 @@ public class BinarySecurityTokenProcesso
             token = new X509Security(element, config.isWsiBSPCompliant());
         } else if (PKIPathSecurity.getType().equals(type)) {
             token = new PKIPathSecurity(element, config.isWsiBSPCompliant());
-        } else if (isKerberosToken(type)) {
+        } else if (KerberosSecurity.isKerberosToken(type)) {
             token = new KerberosSecurity(element, config.isWsiBSPCompliant());
         } else {
             token = new BinarySecurity(element, config.isWsiBSPCompliant());
@@ -144,21 +144,4 @@ public class BinarySecurityTokenProcesso
         return token;
     }
     
-    /**
-     * Return true if the valueType represents a Kerberos Token
-     * @param valueType the valueType of the token
-     * @return true if the valueType represents a Kerberos Token
-     */
-    private boolean isKerberosToken(String valueType) {
-        if (WSConstants.WSS_KRB_V5_AP_REQ.equals(valueType)
-            || WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType)
-            || WSConstants.WSS_KRB_V5_AP_REQ1510.equals(valueType)
-            || WSConstants.WSS_GSS_KRB_V5_AP_REQ1510.equals(valueType)
-            || WSConstants.WSS_KRB_V5_AP_REQ4120.equals(valueType)
-            || WSConstants.WSS_GSS_KRB_V5_AP_REQ4120.equals(valueType)) {
-            return true;
-        }
-        return false;
-    }
-
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
Mon Jul 25 10:08:31 2011
@@ -291,7 +291,7 @@ public class SignatureSTRParser implemen
         if (crypto == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
         }
-        BinarySecurity token = createSecurityToken(elem);
+        BinarySecurity token = createSecurityToken(elem, bspCompliant);
         if (bspCompliant) {
             BSPEnforcer.checkBinarySecurityBSPCompliance(secRef, token);
         }
@@ -309,18 +309,21 @@ public class SignatureSTRParser implemen
      * @param element The XML element that contains either a <code>BinarySecurityToken
      *                </code> or a <code>PKIPath</code> element. Other
element types a not
      *                supported
+     * @param bspCompliant Whether BSP compliance is enforced or not
      * @return the BinarySecurity object, either a <code>X509Security</code>
or a
      *         <code>PKIPathSecurity</code> object.
      * @throws WSSecurityException
      */
-    private static BinarySecurity createSecurityToken(Element element) throws WSSecurityException
{
-
+    private static BinarySecurity createSecurityToken(
+        Element element, 
+        boolean bspCompliant
+    ) throws WSSecurityException {
         String type = element.getAttribute("ValueType");
         if (X509Security.X509_V3_TYPE.equals(type)) {
-            X509Security x509 = new X509Security(element);
+            X509Security x509 = new X509Security(element, bspCompliant);
             return (BinarySecurity) x509;
         } else if (PKIPathSecurity.getType().equals(type)) {
-            PKIPathSecurity pkiPath = new PKIPathSecurity(element);
+            PKIPathSecurity pkiPath = new PKIPathSecurity(element, bspCompliant);
             return (BinarySecurity) pkiPath;
         }
         throw new WSSecurityException(

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java?rev=1150615&r1=1150614&r2=1150615&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
Mon Jul 25 10:08:31 2011
@@ -38,7 +38,11 @@ import org.apache.ws.security.validate.C
 import org.apache.ws.security.validate.Validator;
 import org.w3c.dom.Document;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.security.auth.callback.CallbackHandler;
+import javax.xml.crypto.dsig.SignatureMethod;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -49,8 +53,7 @@ import java.util.List;
 public class BSTKerberosTest extends org.junit.Assert {
     private static final org.apache.commons.logging.Log LOG = 
         org.apache.commons.logging.LogFactory.getLog(BSTKerberosTest.class);
-    private static final String AP_REQ = 
-        "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ";
+    private static final String AP_REQ = WSConstants.WSS_GSS_KRB_V5_AP_REQ;
     private static final String BASE64_NS = 
         WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
     private WSSecurityEngine secEngine = new WSSecurityEngine();
@@ -240,6 +243,45 @@ public class BSTKerberosTest extends org
         }
     }
     
+    /**
+     * A test for signing using a direct reference to a Kerberos token
+     */
+    @org.junit.Test
+    public void testKerberosSignatureDRCreation() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        BinarySecurity bst = new BinarySecurity(doc);
+        bst.setValueType(AP_REQ);
+        bst.setEncodingType(BASE64_NS);
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+        byte[] keyData = key.getEncoded();
+        
+        bst.setToken(keyData);
+        bst.setID("Id-" + bst.hashCode());
+        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
+        
+        WSSecSignature sign = new WSSecSignature();
+        sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+        sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+        sign.setCustomTokenValueType(AP_REQ);
+        sign.setCustomTokenId(bst.getID());
+        sign.setSecretKey(keyData);
+        
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+    }
+
     
     /**
      * Verifies the soap envelope



Mime
View raw message