ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1158190 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/message/WSSecEncrypt.java main/java/org/apache/ws/security/message/WSSecSignature.java test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
Date Tue, 16 Aug 2011 10:41:29 GMT
Author: coheigea
Date: Tue Aug 16 10:41:28 2011
New Revision: 1158190

URL: http://svn.apache.org/viewvc?rev=1158190&view=rev
Log:
[WSS-307] - Added some support for referencing a Kerberos ticket correctly for signature +
encryption

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncrypt.java
Tue Aug 16 10:41:28 2011
@@ -25,6 +25,7 @@ import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.Base64;
@@ -526,6 +527,11 @@ public class WSSecEncrypt extends WSSecE
             secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
             secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, encKeyId);
             keyInfo.addUnknownElement(secToken.getElement());
+        } else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) {
+            SecurityTokenReference secToken = new SecurityTokenReference(document);
+            secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
+            secToken.setKeyIdentifier(customReferenceValue, encKeyId);
+            keyInfo.addUnknownElement(secToken.getElement());
         } else if (securityTokenReference != null) {
             Element tmpE = securityTokenReference.getElement();
             tmpE.setAttributeNS(
@@ -545,7 +551,11 @@ public class WSSecEncrypt extends WSSecE
                 ref.setValueType(customReferenceValue);
             }
             secToken.setReference(ref);
-            secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+            if (KerberosSecurity.isKerberosToken(customReferenceValue)) {
+                secToken.addTokenType(customReferenceValue);
+            } else {
+                secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+            }
             keyInfo.addUnknownElement(secToken.getElement());
         }
         Element keyInfoElement = keyInfo.getElement();

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Tue Aug 16 10:41:28 2011
@@ -276,7 +276,9 @@ public class WSSecSignature extends WSSe
                     secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                 } else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customTokenValueType))
{
                     secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-                }
+                } else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
+                } 
                 break;
                 
             case WSConstants.KEY_VALUE:

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java?rev=1158190&r1=1158189&r2=1158190&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
Tue Aug 16 10:41:28 2011
@@ -30,9 +30,11 @@ import org.apache.ws.security.common.SOA
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.WSSecEncrypt;
 import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.Validator;
@@ -281,6 +283,127 @@ public class BSTKerberosTest extends org
             LOG.debug(outputString);
         }
     }
+    
+    /**
+     * A test for signing using a KeyIdentifier to a Kerberos token
+     */
+    @org.junit.Test
+    public void testKerberosSignatureKICreation() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        BinarySecurity bst = new BinarySecurity(doc);
+        bst.setValueType(AP_REQ);
+        bst.setEncodingType(BASE64_NS);
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+        byte[] keyData = key.getEncoded();
+        
+        bst.setToken(keyData);
+        bst.setID("Id-" + bst.hashCode());
+        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
+        
+        WSSecSignature sign = new WSSecSignature();
+        sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+        sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+        sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+        
+        byte[] digestBytes = WSSecurityUtil.generateDigest(keyData);
+        sign.setCustomTokenId(Base64.encode(digestBytes));
+        sign.setSecretKey(keyData);
+        
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+    }
+    
+    /**
+     * A test for encryption using a direct reference to a Kerberos token
+     */
+    @org.junit.Test
+    public void testKerberosEncryptionDRCreation() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        BinarySecurity bst = new BinarySecurity(doc);
+        bst.setValueType(AP_REQ);
+        bst.setEncodingType(BASE64_NS);
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+        byte[] keyData = key.getEncoded();
+        
+        bst.setToken(keyData);
+        bst.setID("Id-" + bst.hashCode());
+        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
+        
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+        builder.setSymmetricKey(key);
+        builder.setEncryptSymmKey(false);
+        builder.setCustomReferenceValue(AP_REQ);
+        builder.setEncKeyId(bst.getID());
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+            LOG.debug(outputString);
+        }
+    }
+    
+    /**
+     * A test for encryption using a Key Identifier to a Kerberos token
+     */
+    @org.junit.Test
+    public void testKerberosEncryptionKICreation() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        BinarySecurity bst = new BinarySecurity(doc);
+        bst.setValueType(AP_REQ);
+        bst.setEncodingType(BASE64_NS);
+        
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+        byte[] keyData = key.getEncoded();
+        
+        bst.setToken(keyData);
+        bst.setID("Id-" + bst.hashCode());
+        WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
+        
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+        builder.setSymmetricKey(key);
+        builder.setEncryptSymmKey(false);
+        builder.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+        
+        byte[] digestBytes = WSSecurityUtil.generateDigest(keyData);
+        builder.setEncKeyId(Base64.encode(digestBytes));
+        
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+            LOG.debug(outputString);
+        }
+    }
+
 
     
     /**



Mime
View raw message