ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1203612 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/WSConstants.java main/java/org/apache/ws/security/message/WSSecEncryptedKey.java test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Date Fri, 18 Nov 2011 11:45:54 GMT
Author: coheigea
Date: Fri Nov 18 11:45:54 2011
New Revision: 1203612

URL: http://svn.apache.org/viewvc?rev=1203612&view=rev
Log:
[WSS-325] - Add support for GCM algorithms via BouncyCastle

Added:
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1203612&r1=1203611&r2=1203612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Fri Nov
18 11:45:54 2011
@@ -99,6 +99,10 @@ public class WSConstants {
         "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
     public static final String AES_192 = 
         "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+    public static final String AES_128_GCM = 
+        "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+    public static final String AES_256_GCM = 
+        "http://www.w3.org/2009/xmlenc11#aes256-gcm";
     public static final String DSA = 
         "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
     public static final String RSA = 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=1203612&r1=1203611&r2=1203612&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecEncryptedKey.java
Fri Nov 18 11:45:54 2011
@@ -393,11 +393,13 @@ public class WSSecEncryptedKey extends W
                 keyAlgorithm = JCEMapper.translateURItoJCEID(symEncAlgo);
             }
             KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
-            if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+            if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
+                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
                 keyGen.init(128);
             } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
                 keyGen.init(192);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
+                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
                 keyGen.init(256);
             }
             return keyGen;

Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java?rev=1203612&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
(added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Fri Nov 18 11:45:54 2011
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.common.KeystoreCallbackHandler;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.w3c.dom.Document;
+
+/**
+ * A set of test-cases for encrypting and decrypting SOAP requests using GCM. See:
+ * https://issues.apache.org/jira/browse/WSS-325
+ */
+public class EncryptionGCMTest extends org.junit.Assert {
+    private static final org.apache.commons.logging.Log LOG = 
+        org.apache.commons.logging.LogFactory.getLog(EncryptionGCMTest.class);
+    private static final javax.xml.namespace.QName SOAP_BODY =
+        new javax.xml.namespace.QName(
+            WSConstants.URI_SOAP11_ENV,
+            "Body"
+        );
+
+    private WSSecurityEngine secEngine = new WSSecurityEngine();
+    private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
+    private Crypto crypto = null;
+    
+    public EncryptionGCMTest() throws Exception {
+        crypto = CryptoFactory.getInstance("wss40.properties");
+    }
+    
+    /**
+     * Setup method
+     * 
+     * @throws java.lang.Exception Thrown when there is a problem in setup
+     */
+    @org.junit.Before
+    public void setUp() throws Exception {
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        wssConfig.setWsiBSPCompliant(true);
+        secEngine.setWssConfig(wssConfig);
+    }
+    
+    @org.junit.Test
+    public void testAES128GCM() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setUserInfo("wss40");
+        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_128_GCM);
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+        verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+    }
+    
+    @org.junit.Test
+    public void testAES256GCM() throws Exception {
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setUserInfo("wss40");
+        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_256_GCM);
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+        verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
+    }
+
+    /**
+     * Verifies the soap envelope
+     * <p/>
+     * 
+     * @param envelope 
+     * @throws Exception Thrown when there is a problem in verification
+     */
+    @SuppressWarnings("unchecked")
+    private void verify(
+        Document doc,
+        CallbackHandler handler,
+        javax.xml.namespace.QName expectedEncryptedElement
+    ) throws Exception {
+        final java.util.List<WSSecurityEngineResult> results = 
+            secEngine.processSecurityHeader(doc, null, handler, null, crypto);
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+        //
+        // walk through the results, and make sure there is an encryption
+        // action, together with a reference to the decrypted element 
+        // (as a QName)
+        //
+        boolean encrypted = false;
+        for (java.util.Iterator<WSSecurityEngineResult> ipos = results.iterator();

+            ipos.hasNext();) {
+            final WSSecurityEngineResult result = ipos.next();
+            final Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+            assertNotNull(action);
+            if ((action.intValue() & WSConstants.ENCR) != 0) {
+                final java.util.List<WSDataRef> refs =
+                    (java.util.List<WSDataRef>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+                assertNotNull(refs);
+                encrypted = true;
+                for (java.util.Iterator<WSDataRef> jpos = refs.iterator(); jpos.hasNext();)
{
+                    final WSDataRef ref = jpos.next();
+                    assertNotNull(ref);
+                    assertNotNull(ref.getName());
+                    assertEquals(
+                        expectedEncryptedElement,
+                        ref.getName()
+                    );
+                    assertNotNull(ref.getProtectedElement());
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("WSDataRef element: ");
+                        LOG.debug(
+                            org.apache.ws.security.util.DOM2Writer.nodeToString(
+                                ref.getProtectedElement()
+                            )
+                        );
+                    }
+                }
+            }
+        }
+        assertTrue(encrypted);
+    }
+
+}



Mime
View raw message