ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1464904 - in /webservices/wss4j/trunk: ./ ws-security-dom/ ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-dom/src/test/java/org/apache/wss4j/dom/message/
Date Fri, 05 Apr 2013 10:05:23 GMT
Author: coheigea
Date: Fri Apr  5 10:05:23 2013
New Revision: 1464904

URL: http://svn.apache.org/r1464904
Log:
Enable Caching in DOM code by default

Modified:
    webservices/wss4j/trunk/pom.xml
    webservices/wss4j/trunk/ws-security-dom/pom.xml
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java

Modified: webservices/wss4j/trunk/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/pom.xml?rev=1464904&r1=1464903&r2=1464904&view=diff
==============================================================================
--- webservices/wss4j/trunk/pom.xml (original)
+++ webservices/wss4j/trunk/pom.xml Fri Apr  5 10:05:23 2013
@@ -121,16 +121,20 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>2.5</version>
+                <version>2.7.1</version>
                 <configuration>
-                    <sourceEncoding>utf-8</sourceEncoding>
+                    <sourceEncoding>UTF-8</sourceEncoding>
                     <failOnViolation>true</failOnViolation>
                     <linkXRef>false</linkXRef>
+                    <verbose>true</verbose>
                     <minimumTokens>100</minimumTokens>
                     <targetJdk>${targetJdk}</targetJdk>
                     <excludes>
                         <exclude>**/CryptoBase.java, **/DOM2Writer.java</exclude>
                     </excludes>
+                    <excludeRoots>
+                        <excludeRoot>${basedir}/src/main/generated</excludeRoot>
+                    </excludeRoots>
                 </configuration>
                 <executions>
                     <execution>
@@ -257,6 +261,9 @@
                         <includes>
                             <include>**/*Test.java</include>
                         </includes>
+                        <systemPropertyVariables>
+                            <java.io.tmpdir>${basedir}/target</java.io.tmpdir>
+                        </systemPropertyVariables>
                     </configuration>
                 </plugin>
                 <plugin>

Modified: webservices/wss4j/trunk/ws-security-dom/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/pom.xml?rev=1464904&r1=1464903&r2=1464904&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/pom.xml (original)
+++ webservices/wss4j/trunk/ws-security-dom/pom.xml Fri Apr  5 10:05:23 2013
@@ -209,6 +209,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+         <dependency>
+            <groupId>net.sf.ehcache</groupId>
+            <artifactId>ehcache-core</artifactId>
+            <scope>runtime</scope>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1464904&r1=1464903&r2=1464904&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
Fri Apr  5 10:05:23 2013
@@ -37,12 +37,15 @@ import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.bsp.BSPEnforcer;
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.validate.Validator;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * This class holds per request data.
@@ -64,7 +67,7 @@ public class RequestData {
     private String sigAlgorithm;
     private String signatureDigestAlgorithm;
     private String encryptionDigestAlgorithm;
-    private String encryptionMGFAlgorithm ;
+    private String encryptionMGFAlgorithm;
     private List<WSEncryptionPart> signatureParts = new ArrayList<WSEncryptionPart>();
     private int encKeyId;
     private String encSymmAlgo;
@@ -510,11 +513,22 @@ public class RequestData {
 
     /**
      * Get the replay cache for Timestamps
+     * @throws WSSecurityException 
      */
-    public ReplayCache getTimestampReplayCache() {
+    public ReplayCache getTimestampReplayCache() throws WSSecurityException {
+        if (timestampReplayCache == null) {
+            timestampReplayCache = createCache("wss4j-timestamp-cache-");
+        }
+        
         return timestampReplayCache;
     }
     
+    private synchronized ReplayCache createCache(String key) throws WSSecurityException {
+        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
+        String cacheKey = key + Base64.encode(WSSecurityUtil.generateNonce(10));
+        return replayCacheFactory.newReplayCache(cacheKey, null);
+    }
+    
     /**
      * Set the replay cache for Nonces
      */
@@ -524,8 +538,13 @@ public class RequestData {
 
     /**
      * Get the replay cache for Nonces
+     * @throws WSSecurityException 
      */
-    public ReplayCache getNonceReplayCache() {
+    public ReplayCache getNonceReplayCache() throws WSSecurityException {
+        if (nonceReplayCache == null) {
+            nonceReplayCache = createCache("wss4j-nonce-cache-");
+        }
+        
         return nonceReplayCache;
     }
     

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1464904&r1=1464903&r2=1464904&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Fri Apr  5 10:05:23 2013
@@ -529,7 +529,7 @@ public class SignatureProcessor implemen
         RequestData requestData,
         WSDocInfo wsDocInfo
     ) throws WSSecurityException {
-        List<WSDataRef> protectedRefs = new java.util.ArrayList<WSDataRef>();
+        List<WSDataRef> protectedRefs = new ArrayList<WSDataRef>();
         List<?> referencesList = signedInfo.getReferences();
         for (int i = 0; i < referencesList.size(); i++) {
             Reference siRef = (Reference)referencesList.get(i);

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java?rev=1464904&r1=1464903&r2=1464904&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
Fri Apr  5 10:05:23 2013
@@ -110,6 +110,58 @@ public class ReplayTest extends org.juni
     }
     
     @org.junit.Test
+    public void testEhCacheReplayedTimestamp() throws Exception {
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecTimestamp timestamp = new WSSecTimestamp();
+        timestamp.setTimeToLive(300);
+        Document createdDoc = timestamp.build(doc, secHeader);
+        
+        WSSecSignature builder = new WSSecSignature();
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        
+        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "Timestamp", WSConstants.WSU_NS, "");
+        parts.add(encP);
+        builder.setParts(parts);
+        
+        builder.prepare(createdDoc, crypto, secHeader);
+        
+        List<javax.xml.crypto.dsig.Reference> referenceList = 
+            builder.addReferencesToSign(parts, secHeader);
+
+        builder.computeSignature(referenceList, false, null);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(createdDoc);
+            LOG.debug(outputString);
+        }
+        
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        RequestData data = new RequestData();
+        data.setWssConfig(wssConfig);
+        data.setCallbackHandler(callbackHandler);
+        
+        // Successfully verify timestamp
+        verify(createdDoc, wssConfig, data);
+        
+        // Now try again - a replay attack should be detected
+        try {
+            verify(createdDoc, wssConfig, data);
+            fail("Expected failure on a replay attack");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);

+        }   
+    }
+    
+    @org.junit.Test
     public void testReplayedTimestampBelowSignature() throws Exception {
 
         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -158,6 +210,53 @@ public class ReplayTest extends org.juni
     }
     
     @org.junit.Test
+    public void testEhCacheReplayedTimestampBelowSignature() throws Exception {
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecTimestamp timestamp = new WSSecTimestamp();
+        timestamp.setTimeToLive(300);
+        Document createdDoc = timestamp.build(doc, secHeader);
+        
+        WSSecSignature builder = new WSSecSignature();
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        
+        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "Timestamp", WSConstants.WSU_NS, "");
+        parts.add(encP);
+        builder.setParts(parts);
+        
+        builder.build(createdDoc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(createdDoc);
+            LOG.debug(outputString);
+        }
+        
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        RequestData data = new RequestData();
+        data.setWssConfig(wssConfig);
+        data.setCallbackHandler(callbackHandler);
+        
+        // Successfully verify timestamp
+        verify(createdDoc, wssConfig, data);
+        
+        // Now try again - a replay attack should be detected
+        try {
+            verify(createdDoc, wssConfig, data);
+            fail("Expected failure on a replay attack");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);

+        }   
+    }
+    
+    @org.junit.Test
     public void testReplayedTimestampNoExpires() throws Exception {
 
         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -211,6 +310,58 @@ public class ReplayTest extends org.juni
     }
     
     @org.junit.Test
+    public void testEhCacheReplayedTimestampNoExpires() throws Exception {
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecTimestamp timestamp = new WSSecTimestamp();
+        timestamp.setTimeToLive(0);
+        Document createdDoc = timestamp.build(doc, secHeader);
+        
+        WSSecSignature builder = new WSSecSignature();
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        
+        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "Timestamp", WSConstants.WSU_NS, "");
+        parts.add(encP);
+        builder.setParts(parts);
+        
+        builder.prepare(createdDoc, crypto, secHeader);
+        
+        List<javax.xml.crypto.dsig.Reference> referenceList = 
+            builder.addReferencesToSign(parts, secHeader);
+
+        builder.computeSignature(referenceList, false, null);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(createdDoc);
+            LOG.debug(outputString);
+        }
+        
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        RequestData data = new RequestData();
+        data.setWssConfig(wssConfig);
+        data.setCallbackHandler(callbackHandler);
+        
+        // Successfully verify timestamp
+        verify(createdDoc, wssConfig, data);
+        
+        // Now try again - a replay attack should be detected
+        try {
+            verify(createdDoc, wssConfig, data);
+            fail("Expected failure on a replay attack");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);

+        }   
+    }
+    
+    @org.junit.Test
     public void testReplayedUsernameToken() throws Exception {
         WSSecUsernameToken builder = new WSSecUsernameToken();
         builder.setUserInfo("wernerd", "verySecret");
@@ -244,6 +395,39 @@ public class ReplayTest extends org.juni
         }   
     }
     
+    @org.junit.Test
+    public void testEhCacheReplayedUsernameToken() throws Exception {
+        WSSecUsernameToken builder = new WSSecUsernameToken();
+        builder.setUserInfo("wernerd", "verySecret");
+        
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document signedDoc = builder.build(doc, secHeader);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+        
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        RequestData data = new RequestData();
+        data.setCallbackHandler(new UsernamePasswordCallbackHandler());
+        data.setWssConfig(wssConfig);
+        
+        // Successfully verify UsernameToken
+        verify(signedDoc, wssConfig, data);
+        
+        // Now try again - a replay attack should be detected
+        try {
+            verify(signedDoc, wssConfig, data);
+            fail("Expected failure on a replay attack");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);

+        }   
+    }
+    
     /**
      * Verifies the soap envelope
      * 



Mime
View raw message