ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r567453 - in /webservices/wss4j/branches/1_5_3: interop/ interop/org/apache/ws/axis/oasis/ interop/org/apache/ws/axis/oasis/ping/ src/org/apache/ws/security/action/ src/org/apache/ws/security/message/ src/org/apache/ws/security/message/toke...
Date Sun, 19 Aug 2007 18:31:06 GMT
Author: ruchithf
Date: Sun Aug 19 11:31:04 2007
New Revision: 567453

URL: http://svn.apache.org/viewvc?view=rev&rev=567453
Log:
Merged Werner's changes from the trunk to the 1.5.3 branch

Added:
    webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Scenario2b.java
    webservices/wss4j/branches/1_5_3/test/interop/TestScenario2b.java
Modified:
    webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
    webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
    webservices/wss4j/branches/1_5_3/interop/ping.wsdl
    webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
    webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/token/UsernameToken.java
    webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
    webservices/wss4j/branches/1_5_3/test/wssec/TestWSSecurityNew13.java

Modified: webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd (original)
+++ webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd Sun
Aug 19 11:31:04 2007
@@ -68,6 +68,21 @@
   </requestFlow>
   </service>
 
+ <service name="Ping2b">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="UsernameTokenSignature Timestamp"/>
+    <parameter name="user" value="Chris"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="passwordType" value="PasswordDigest" />
+    <parameter name="signatureParts" 
+      value="Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"
/>  
+    
+   </handler>
+  </requestFlow>
+  </service>
+
  <service name="Ping3">
   <requestFlow>
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >

Added: webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Scenario2b.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Scenario2b.java?view=auto&rev=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Scenario2b.java (added)
+++ webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/Scenario2b.java Sun
Aug 19 11:31:04 2007
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario2b
+ */
+public class Scenario2b {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping2b";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing2b(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 2b text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}

Modified: webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd (original)
+++ webservices/wss4j/branches/1_5_3/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd Sun
Aug 19 11:31:04 2007
@@ -103,6 +103,34 @@
   </requestFlow>
   </service>
 
+  <service name="Ping2b" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping2"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping"
>
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType"
xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameTokenSignature UsernameToken Timestamp"/>
+   </handler>
+  </requestFlow>
+  </service>
+
   <service name="Ping3" provider="java:RPC" style="wrapped" use="literal">
       <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
       <parameter name="wsdlServiceElement" value="PingService"/>

Modified: webservices/wss4j/branches/1_5_3/interop/ping.wsdl
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/interop/ping.wsdl?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/interop/ping.wsdl (original)
+++ webservices/wss4j/branches/1_5_3/interop/ping.wsdl Sun Aug 19 11:31:04 2007
@@ -70,6 +70,9 @@
         <port name="Ping2a" binding="tns:PingBinding">
             <soap:address location="http://localhost:9080/pingservice/Ping2a"/>
         </port>
+        <port name="Ping2b" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping2b"/>
+        </port>        
         <port name="Ping3" binding="tns:PingBinding">
             <soap:address location="http://localhost:9080/pingservice/Ping3"/>
         </port>

Modified: webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
(original)
+++ webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
Sun Aug 19 11:31:04 2007
@@ -1,5 +1,5 @@
 /*
- * Copyright  2003-2004 The Apache Software Foundation.
+ * Copyright  2003-2007 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -17,15 +17,31 @@
 
 package org.apache.ws.security.action;
 
+import java.util.Vector;
+
+import org.apache.ws.security.SOAPConstants;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.WSSecUsernameToken;
 import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.signature.XMLSignature;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Sign a request using a secret key derived from UsernameToken data.
+ * 
+ * Enhanced by Alberto Coletti to support digest password type for 
+ * username token signature
+ * 
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de)
+ */
 
 public class UsernameTokenSignedAction implements Action {
     public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
@@ -37,28 +53,66 @@
 
         WSSecUsernameToken builder = new WSSecUsernameToken();
         builder.setWsConfig(reqData.getWssConfig());
-        builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+        builder.setPasswordType(reqData.getPwType());  // enhancement by Alberto Coletti
+        
         builder.setUserInfo(reqData.getUsername(), password);
         builder.addCreated();
         builder.addNonce();
         builder.prepare(doc);
+
+        // Now prepare to sign.
+        // First step:  Get a WS Signature object and set config parameters
+        // second step: set user data and algorithm parameters. This
+        //              _must_ be done before we "prepare"
+        // third step:  Call "prepare". This creates the internal WS Signature
+        //              data structures, XML element, fills in the algorithms
+        //              and other data.
+        // fourth step: Get the references. These references identify the parts
+        //              of the document that will be included into the 
+        //              signature. If no references are given sign the message
+        //              body by default.
+        // fifth step:  compute the signature
+        //
+        // after "prepare" the Signature XML element is ready and may prepend
+        // this to the security header.
         
         WSSecSignature sign = new WSSecSignature();
         sign.setWsConfig(reqData.getWssConfig());
 
-        if (reqData.getSignatureParts().size() > 0) {
-            sign.setParts(reqData.getSignatureParts());
-        }
         sign.setUsernameToken(builder);
         sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
         sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+        sign.prepare(doc, null, reqData.getSecHeader());
+
+        // prepend in this order: first the Signature Element and then the
+        // UsernameToken Element. This way the server gets the UsernameToken
+        // first, can check it and are prepared to compute the Signature key.  
+        sign.prependToHeader(reqData.getSecHeader());
+        builder.prependToHeader(reqData.getSecHeader());
+
+        Vector parts = null;
+        if (reqData.getSignatureParts().size() > 0) {
+            parts = reqData.getSignatureParts();
+        }
+        else {
+            SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+                    .getDocumentElement());
+            
+            parts = new Vector();
+            WSEncryptionPart encP = new WSEncryptionPart(soapConstants
+                    .getBodyQName().getLocalPart(), soapConstants
+                    .getEnvelopeURI(), "Content");
+            parts.add(encP);
+        }
+        sign.addReferencesToSign(parts, reqData.getSecHeader());
+
         try {
-            sign.build(doc, null, reqData.getSecHeader());
+            sign.computeSignature();
             reqData.getSignatureValues().add(sign.getSignatureValue());
         } catch (WSSecurityException e) {
             throw new WSSecurityException("WSHandler: Error during Signature with UsernameToken
secret"
                     + e);
         }
-        builder.prependToHeader(reqData.getSecHeader());
     }
 }

Modified: webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/WSSecSignature.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/WSSecSignature.java
(original)
+++ webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/WSSecSignature.java
Sun Aug 19 11:31:04 2007
@@ -710,8 +710,6 @@
 			log.debug("Beginning signing...");
 		}
 
-		Element securityHeader = secHeader.getSecurityHeader();
-
 		prepare(doc, cr, secHeader);
 
 		SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc

Modified: webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/token/UsernameToken.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++ webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/message/token/UsernameToken.java
Sun Aug 19 11:31:04 2007
@@ -1,5 +1,5 @@
 /*
- * Copyright  2003-2004 The Apache Software Foundation.
+ * Copyright  2003-2007 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -44,13 +44,17 @@
 /**
  * UsernameToken according to WS Security specifications, UsernameToken profile.
  * 
+ * Enhanced to support digest password type for username token signature
+ * 
  * @author Davanum Srinivas (dims@yahoo.com)
- * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de)
  */
 public class UsernameToken {
     private static Log log = LogFactory.getLog(UsernameToken.class.getName());
 
     public static final String PASSWORD_TYPE = "passwordType";
+    
+    private String raw_password;        // enhancment by Alberto Coletti
 
     protected Element element = null;
 
@@ -325,7 +329,7 @@
 
     /**
      * Gets the password string. This is the password as it is in the password
-     * element of a username, token. Thus it can be either plain text or the
+     * element of a username token. Thus it can be either plain text or the
      * password digest value.
      * 
      * @return the password string or <code>null</code> if no such node
@@ -397,6 +401,7 @@
         if (pwd == null) {
             throw new IllegalArgumentException("pwd == null");
         }
+        raw_password = pwd;             // enhancement by Alberto coletti
         Text node = getFirstNode(this.elementPassword);
         try {
             if (!hashed) {
@@ -413,6 +418,15 @@
         }
     }
 
+    /**
+     * Set the raw (plain text) password used to compute secret key.
+     * 
+     * @param raw_password the raw_password to set
+     */
+    public void setRawPassword(String raw_password) {
+        this.raw_password = raw_password;
+    }
+    
     public static String doPasswordDigest(String nonce, String created,
             String password) {
         String passwdDigest = null;
@@ -541,7 +555,7 @@
         byte[] key = null;
         try {
             Mac mac = Mac.getInstance("HMACSHA1");
-            byte[] password = getPassword().getBytes("UTF-8");
+            byte[] password = raw_password.getBytes("UTF-8"); // enhancement by Alberto Coletti
             byte[] label = labelString.getBytes("UTF-8");
             byte[] nonce = Base64.decode(getNonce());
             byte[] created = getCreated().getBytes("UTF-8");
@@ -571,6 +585,8 @@
         }
         return key;
     }
+    
+  
 
     /**
      * This static method generates a derived key as defined in WSS Username

Modified: webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/SignatureProcessor.java
Sun Aug 19 11:31:04 2007
@@ -203,14 +203,17 @@
                 QName el = new QName(token.getNamespaceURI(), token
                         .getLocalName());
                 if (el.equals(WSSecurityEngine.usernameToken)) {
-                    ut = new UsernameToken(token);
+                    String id = token.getAttributeNS(WSConstants.WSU_NS, "Id");
+                    UsernameTokenProcessor utProcessor = 
+                        (UsernameTokenProcessor) wsDocInfo.getProcessor(id);
+                    ut = utProcessor.getUt();
                     secretKey = ut.getSecretKey();
                 } else if(el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_02) ||
                         el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_12)) {
                     dkt = new DerivedKeyToken(token);
                     String id = dkt.getID();
-                    DerivedKeyTokenProcessor dktProcessor = (DerivedKeyTokenProcessor) wsDocInfo
-                            .getProcessor(id);
+                    DerivedKeyTokenProcessor dktProcessor = 
+                        (DerivedKeyTokenProcessor) wsDocInfo.getProcessor(id);
                     String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
                     int keyLength = (dkt.getLength() > 0) ? dkt.getLength() : 
                         WSSecurityUtil.getKeyLength(signatureMethodURI);

Modified: webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_3/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
Sun Aug 19 11:31:04 2007
@@ -41,6 +41,7 @@
     private static Log log = LogFactory.getLog(UsernameTokenProcessor.class.getName());
 
     private String utId;
+    private UsernameToken ut;
     
     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler
cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
         if (log.isDebugEnabled()) {
@@ -75,7 +76,7 @@
      * @throws WSSecurityException
      */
     public WSUsernameTokenPrincipal handleUsernameToken(Element token, CallbackHandler cb)
throws WSSecurityException {
-        UsernameToken ut = new UsernameToken(token);
+        ut = new UsernameToken(token);
         String user = ut.getName();
         String password = ut.getPassword();
         String nonce = ut.getNonce();
@@ -87,6 +88,8 @@
         }
 
         Callback[] callbacks = new Callback[1];
+        String origPassword = null;
+        
         if (ut.isHashed()) {
             if (cb == null) {
                 throw new WSSecurityException(WSSecurityException.FAILURE,
@@ -106,7 +109,7 @@
                         "noPassword",
                         new Object[]{user}, e);
             }
-            String origPassword = pwCb.getPassword();
+            origPassword = pwCb.getPassword();
             if (log.isDebugEnabled()) {
                 log.debug("UsernameToken callback password " + origPassword);
             }
@@ -120,6 +123,7 @@
                     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
                 }
             }
+            ut.setRawPassword(origPassword);
         } else if (cb != null) {
             WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
                     pwType, WSPasswordCallback.USERNAME_TOKEN_UNKNOWN);
@@ -133,8 +137,8 @@
                 throw new WSSecurityException(WSSecurityException.FAILURE,
                         "noPassword", new Object[]{user});
             }
+            ut.setRawPassword(password);
         }
-
         WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(user, ut.isHashed());
         principal.setNonce(nonce);
         principal.setPassword(password);
@@ -149,5 +153,14 @@
      */
     public String getId() {
     	return utId;
+    }
+
+    /**
+     * Get the processed USernameToken.
+     * 
+     * @return the ut
+     */
+    public UsernameToken getUt() {
+        return ut;
     }    
 }

Added: webservices/wss4j/branches/1_5_3/test/interop/TestScenario2b.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/test/interop/TestScenario2b.java?view=auto&rev=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/test/interop/TestScenario2b.java (added)
+++ webservices/wss4j/branches/1_5_3/test/interop/TestScenario2b.java Sun Aug 19 11:31:04
2007
@@ -0,0 +1,65 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package interop;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.apache.ws.axis.oasis.Scenario2b;
+
+/**
+ * WS-Security Test Case
+ * <p/>
+ * 
+ * @author Davanum Srinivas (dims@yahoo.com)
+ */
+public class TestScenario2b extends TestCase {
+    /**
+     * TestScenario1 constructor
+     * <p/>
+     * 
+     * @param name name of the test
+     */
+    public TestScenario2b(String name) {
+        super(name);
+    }
+
+    /**
+     * JUnit suite
+     * <p/>
+     * 
+     * @return a junit test suite
+     */
+    public static Test suite() {
+        return new TestSuite(TestScenario2b.class);
+    }
+
+    /**
+     * Main method
+     * <p/>
+     * 
+     * @param args command line args
+     */
+    public static void main(String[] args) throws Exception {
+        Scenario2b.main(args);
+    }
+
+    public void testScenario2b() throws Exception {
+        Scenario2b.main(new String[]{"-lhttp://localhost:8080/axis/services/Ping2b"});
+    }
+}

Modified: webservices/wss4j/branches/1_5_3/test/wssec/TestWSSecurityNew13.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_3/test/wssec/TestWSSecurityNew13.java?view=diff&rev=567453&r1=567452&r2=567453
==============================================================================
--- webservices/wss4j/branches/1_5_3/test/wssec/TestWSSecurityNew13.java (original)
+++ webservices/wss4j/branches/1_5_3/test/wssec/TestWSSecurityNew13.java Sun Aug 19 11:31:04
2007
@@ -142,7 +142,7 @@
         sign.setUsernameToken(builder);
         sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
         sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
-        log.info("Before signing....");
+        log.info("Before signing with UT text....");
         sign.build(doc, null, secHeader);
         log.info("Before adding UsernameToken PW Text....");
         builder.prependToHeader(secHeader);
@@ -156,6 +156,45 @@
         log.info("After adding UsernameToken PW Text....");
         verify(signedDoc);
     }
+    
+    /**
+     * Test the specific signing mehtod that use UsernameToken values
+     * <p/>
+     * 
+     * @throws java.lang.Exception Thrown when there is any problem in signing or verification
+     */
+    public void testUsernameTokenSigningDigest() throws Exception {
+        Document doc = unsignedEnvelope.getAsDocument();
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+
+        WSSecUsernameToken builder = new WSSecUsernameToken();
+        builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
+        builder.setUserInfo("wernerd", "verySecret");
+        builder.addCreated();
+        builder.addNonce();
+        builder.prepare(doc);
+        
+        WSSecSignature sign = new WSSecSignature();
+        sign.setUsernameToken(builder);
+        sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
+        sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+        log.info("Before signing with UT digest....");
+        sign.build(doc, null, secHeader);
+        log.info("Before adding UsernameToken PW Digest....");
+        builder.prependToHeader(secHeader);
+        Document signedDoc = doc;
+        Message signedMsg = SOAPUtil.toAxisMessage(signedDoc);
+        if (log.isDebugEnabled()) {
+            log.debug("Message with UserNameToken PW Digest:");
+            XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
+        }
+        signedDoc = signedMsg.getSOAPEnvelope().getAsDocument();
+        log.info("After adding UsernameToken PW Digest....");
+        verify(signedDoc);
+    }
+
     /**
      * Verifies the soap envelope
      * <p/>



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message