ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1041394 - in /webservices/wss4j/trunk: src/org/apache/ws/security/components/crypto/ src/org/apache/ws/security/message/ src/org/apache/ws/security/message/token/ src/org/apache/ws/security/util/ test/components/
Date Thu, 02 Dec 2010 14:38:08 GMT
Author: coheigea
Date: Thu Dec  2 14:38:07 2010
New Revision: 1041394

URL: http://svn.apache.org/viewvc?rev=1041394&view=rev
Log:
Refactored the cached SecureRandom and MessageDigest instances and how they are used.

Removed:
    webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java
Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
    webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
    webservices/wss4j/trunk/test/components/PackageTests.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java Thu
Dec  2 14:38:07 2010
@@ -602,8 +602,7 @@ public abstract class CryptoBase impleme
         }
 
         try {
-            sha = WSSecurityUtil.resolveMessageDigest();
-            sha.reset();
+            sha = MessageDigest.getInstance("SHA1");
         } catch (NoSuchAlgorithmException e) {
             throw new WSSecurityException(
                 WSSecurityException.FAILURE, "noSHA1availabe", null, e
@@ -689,19 +688,15 @@ public abstract class CryptoBase impleme
             // remove 22-byte algorithm ID and header
             byte[] value = new byte[encoded.length - 22];
             System.arraycopy(encoded, 22, value, 0, value.length);
-            MessageDigest sha;
             try {
-                sha = WSSecurityUtil.resolveMessageDigest();
-            } catch (NoSuchAlgorithmException ex) {
+                return WSSecurityUtil.generateDigest(value);
+            } catch (WSSecurityException ex) {
                 throw new WSSecurityException(
                     WSSecurityException.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling",
                     new Object[]{"Wrong certificate version (<3) and no SHA1 message digest
availabe"},
                     ex
                 );
             }
-            sha.reset();
-            sha.update(value);
-            return sha.digest();
         }
 
         //

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Thu Dec 
2 14:38:07 2010
@@ -43,7 +43,6 @@ import org.w3c.dom.NamedNodeMap;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 
-import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -526,7 +525,8 @@ public class WSSecEncrypt extends WSSecE
             if (customReferenceValue != null) {
                 secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
             } else {
-                secToken.setKeyIdentifierEncKeySHA1(getSHA1(encryptedEphemeralKey));
+                byte[] encodedBytes = WSSecurityUtil.generateDigest(encryptedEphemeralKey);
+                secToken.setKeyIdentifierEncKeySHA1(Base64.encode(encodedBytes));
             }
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
@@ -648,21 +648,6 @@ public class WSSecEncrypt extends WSSecE
         this.encryptSymmKey = encryptSymmKey;
     }
     
-    private String getSHA1(byte[] input) throws WSSecurityException {
-        try {
-            MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
-            sha.reset();
-            sha.update(input);
-            byte[] data = sha.digest();
-            
-            return Base64.encode(data);
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
-            );
-        }
-    }
-    
     public void setCustomReferenceValue(String customReferenceValue) {
         this.customReferenceValue = customReferenceValue;
     }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Thu
Dec  2 14:38:07 2010
@@ -20,7 +20,6 @@
 package org.apache.ws.security.message;
 
 import java.security.InvalidKeyException;
-import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 
 import javax.crypto.BadPaddingException;
@@ -330,11 +329,8 @@ public class WSSecEncryptedKey extends W
      * @throws WSSecurityException
      */
     protected byte[] generateEphemeralKey() throws WSSecurityException {
-        try {     
-            final SecureRandom r = WSSecurityUtil.resolveSecureRandom();
-            byte[] temp = new byte[this.keySize / 8];
-            r.nextBytes(temp);
-            return temp;
+        try {
+            return WSSecurityUtil.generateNonce(this.keySize / 8);
         } catch (Exception e) {
             throw new WSSecurityException("Error in creating the ephemeral key", e);
         }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Thu Dec
 2 14:38:07 2010
@@ -40,8 +40,6 @@ import org.apache.ws.security.util.WSSec
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
@@ -211,7 +209,8 @@ public class WSSecSignature extends WSSe
             if (encrKeySha1value != null) {
                 secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
             } else {
-                secRef.setKeyIdentifierEncKeySHA1(getSHA1(secretKey));
+                byte[] digestBytes = WSSecurityUtil.generateDigest(secretKey);
+                secRef.setKeyIdentifierEncKeySHA1(Base64.encode(digestBytes));
             }
             break;
 
@@ -681,22 +680,6 @@ public class WSSecSignature extends WSSe
         return secRef;
     }
 
-    private String getSHA1(byte[] input) throws WSSecurityException {
-        try {
-            MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
-            sha.reset();
-            sha.update(input);
-            byte[] data = sha.digest();
-            
-            return Base64.encode(data);
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
-            );
-        }
-    }
-    
-    
     /**
      * Set up the X509 Certificate(s) for signing.
      */

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Thu Dec  2 14:38:07 2010
@@ -39,8 +39,6 @@ import javax.xml.namespace.QName;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 
@@ -360,26 +358,23 @@ public class SecurityTokenReference {
      */
     public void setKeyIdentifierThumb(X509Certificate cert) throws WSSecurityException {
         Document doc = element.getOwnerDocument();
-        MessageDigest sha = null;
+        byte[] encodedCert = null;
         try {
-            sha = WSSecurityUtil.resolveMessageDigest();
-        } catch (NoSuchAlgorithmException e1) {
+            encodedCert = cert.getEncoded();
+        } catch (CertificateEncodingException e1) {
             throw new WSSecurityException(
-                WSSecurityException.FAILURE, "noSHA1availabe", null, e1
+                WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e1
             );
         }
-        sha.reset();
         try {
-            sha.update(cert.getEncoded());
-        } catch (CertificateEncodingException e1) {
+            byte[] encodedBytes = WSSecurityUtil.generateDigest(encodedCert);
+            org.w3c.dom.Text text = doc.createTextNode(Base64.encode(encodedBytes));
+            createKeyIdentifier(doc, THUMB_URI, text, true);
+        } catch (WSSecurityException e1) {
             throw new WSSecurityException(
-                WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e1
+                WSSecurityException.FAILURE, "noSHA1availabe", null, e1
             );
         }
-        byte[] data = sha.digest();
-
-        org.w3c.dom.Text text = doc.createTextNode(Base64.encode(data));
-        createKeyIdentifier(doc, THUMB_URI, text, true);
     }
     
 

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java Thu
Dec  2 14:38:07 2010
@@ -39,7 +39,6 @@ import javax.xml.namespace.QName;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
-import java.security.SecureRandom;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.text.DateFormat;
@@ -63,7 +62,6 @@ public class UsernameToken {
     
     private static final Log LOG = LogFactory.getLog(UsernameToken.class.getName());
     private static final boolean DO_DEBUG = LOG.isDebugEnabled();
-    private static SecureRandom random;
 
     protected Element element = null;
     protected Element elementUsername = null;
@@ -77,16 +75,6 @@ public class UsernameToken {
     private String rawPassword;        // enhancement by Alberto Coletti
     private boolean passwordsAreEncoded = false;
     
-    static {
-        try {
-            random = WSSecurityUtil.resolveSecureRandom();
-        } catch (NoSuchAlgorithmException e) {
-            if (DO_DEBUG) {
-                LOG.debug(e.getMessage(), e);
-            }
-        }
-    }
-    
     /**
      * Constructs a <code>UsernameToken</code> object and parses the
      * <code>wsse:UsernameToken</code> element to initialize it.
@@ -272,8 +260,13 @@ public class UsernameToken {
         if (elementNonce != null) {
             return;
         }
-        byte[] nonceValue = new byte[16];
-        random.nextBytes(nonceValue);
+        byte[] nonceValue = null;
+        try {
+            nonceValue = WSSecurityUtil.generateNonce(16);
+        } catch (WSSecurityException ex) {
+            LOG.debug(ex.getMessage(), ex);
+            return;
+        }
         elementNonce = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.NONCE_LN);
         elementNonce.appendChild(doc.createTextNode(Base64.encode(nonceValue)));
         elementNonce.setAttributeNS(null, "EncodingType", BASE64_ENCODING);
@@ -530,10 +523,8 @@ public class UsernameToken {
 
             System.arraycopy(b3, 0, b4, offset, b3.length);
             
-            MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
-            sha.reset();
-            sha.update(b4);
-            passwdDigest = Base64.encode(sha.digest());
+            byte[] digestBytes = WSSecurityUtil.generateDigest(b4);
+            passwdDigest = Base64.encode(digestBytes);
         } catch (Exception e) {
             if (DO_DEBUG) {
                 LOG.debug(e.getMessage(), e);
@@ -724,7 +715,7 @@ public class UsernameToken {
 
         MessageDigest sha = null;
         try {
-            sha = WSSecurityUtil.resolveMessageDigest();
+            sha = MessageDigest.getInstance("SHA1");
         } catch (NoSuchAlgorithmException e) {
             if (DO_DEBUG) {
                 LOG.debug(e.getMessage(), e);
@@ -733,8 +724,6 @@ public class UsernameToken {
                 WSSecurityException.FAILURE, "noSHA1availabe", null, e
             );
         }
-        sha.reset();
-
         //
         // Make the first hash round with start value
         //
@@ -825,8 +814,13 @@ public class UsernameToken {
      * @return Returns the 128 bit salt value as byte array
      */
     public static byte[] generateSalt(boolean useForMac) {
-        byte[] saltValue = new byte[16];
-        random.nextBytes(saltValue);
+        byte[] saltValue = null;
+        try {
+            saltValue = WSSecurityUtil.generateNonce(16);
+        } catch (WSSecurityException ex) {
+            LOG.debug(ex.getMessage(), ex);
+            return null;
+        }
         if (useForMac) {
             saltValue[15] = 0x01;
         } else {

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Thu Dec  2
14:38:07 2010
@@ -66,13 +66,11 @@ public class WSSecurityUtil {
      * overhead.
      */
     private static SecureRandom random = null;
-    private static String randomAlgorithm = null;
     
     /**
      * A cached MessageDigest object
      */
     private static MessageDigest digest = null;
-    private static String digestAlgorithm = null;
     
     /**
      * Returns the first WS-Security header element for a given actor. Only one
@@ -968,23 +966,44 @@ public class WSSecurityUtil {
     }
 
     /**
-     * Generate a nonce of the given length
+     * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom
+     * instance that backs this method is cached for efficiency.
      * 
      * @return a nonce of the given length
-     * @throws Exception
+     * @throws WSSecurityException
      */
-    public static byte[] generateNonce(int length) throws WSSecurityException {
-        try {            
-            final SecureRandom r = resolveSecureRandom();
-            if (r == null) {
-                throw new WSSecurityException("Random generator is not initialized.");
+    public static synchronized byte[] generateNonce(int length) throws WSSecurityException
{
+        try {
+            if (random == null) {
+                random = SecureRandom.getInstance("SHA1PRNG");
+                random.setSeed(System.currentTimeMillis());
             }
-            byte[] temp = new byte[length];            
-            r.nextBytes(temp);
+            byte[] temp = new byte[length];
+            random.nextBytes(temp);
             return temp;
+        } catch (Exception ex) {
+            throw new WSSecurityException(
+                "Error in generating nonce of length " + length, ex
+            );
+        }
+    }
+    
+    /**
+     * Generate a (SHA1) digest of the input bytes. The MessageDigest instance that backs
this
+     * method is cached for efficiency.  
+     * @param inputBytes the bytes to digest
+     * @return the digest of the input bytes
+     * @throws WSSecurityException
+     */
+    public static synchronized byte[] generateDigest(byte[] inputBytes) throws WSSecurityException
{
+        try {
+            if (digest == null) {
+                digest = MessageDigest.getInstance("SHA-1");
+            }
+            return digest.digest(inputBytes);
         } catch (Exception e) {
             throw new WSSecurityException(
-                "Error in generating nonce of length " + length, e
+                "Error in generating digest", e
             );
         }
     }
@@ -1091,58 +1110,6 @@ public class WSSecurityUtil {
         log.debug("All required elements are signed");
     }
     
-    /**
-     * @return      a SecureRandom instance initialized with the "SHA1PRNG"
-     *              algorithm identifier
-     */
-    public static SecureRandom
-    resolveSecureRandom() throws NoSuchAlgorithmException {
-        return resolveSecureRandom("SHA1PRNG");
-    }
-    
-    /**
-     * @param       algorithm
-     *              
-     * @return      a SecureRandom instance initialized with the identifier
-     *              specified in algorithm
-     */
-    public synchronized static SecureRandom
-    resolveSecureRandom(
-        final String algorithm
-    ) throws NoSuchAlgorithmException {
-        if (random == null || !algorithm.equals(randomAlgorithm)) {
-            random = SecureRandom.getInstance(algorithm);
-            randomAlgorithm = algorithm;
-            random.setSeed(System.currentTimeMillis());
-        }
-        return random;
-    }
-    
-    /**
-     * @return      a MessageDigest instance initialized with the "SHA-1"
-     *              algorithm identifier
-     */
-    public static MessageDigest
-    resolveMessageDigest() throws NoSuchAlgorithmException {
-        return resolveMessageDigest("SHA-1");
-    }
-    
-    /**
-     * @param       algorithm
-     *              
-     * @return      a MessageDigest instance initialized with the identifier
-     *              specified in algorithm
-     */
-    public synchronized static MessageDigest
-    resolveMessageDigest(
-        final String algorithm
-    ) throws NoSuchAlgorithmException {
-        if (digest == null || !algorithm.equals(digestAlgorithm)) {
-            digest = MessageDigest.getInstance(algorithm);
-            digestAlgorithm = algorithm;
-        }
-        return digest;
-    }
     
     /**
      * @return  a list of child Nodes

Modified: webservices/wss4j/trunk/test/components/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/components/PackageTests.java?rev=1041394&r1=1041393&r2=1041394&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/components/PackageTests.java (original)
+++ webservices/wss4j/trunk/test/components/PackageTests.java Thu Dec  2 14:38:07 2010
@@ -37,7 +37,6 @@ public class PackageTests extends TestCa
         suite.addTestSuite(TestMerlin.class);
         suite.addTestSuite(TestX509NameTokenizer.class);
         suite.addTestSuite(TestReference.class);
-        suite.addTestSuite(TestWSSecurityUtil.class);
         return suite;
     }
 



Mime
View raw message