ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1470644 - in /webservices/wss4j/trunk/ws-security-stax/src: main/java/org/apache/wss4j/stax/ext/ main/java/org/apache/wss4j/stax/impl/processor/output/ main/java/org/apache/wss4j/stax/impl/securityToken/ main/java/org/apache/wss4j/stax/sec...
Date Mon, 22 Apr 2013 18:13:11 GMT
Author: giger
Date: Mon Apr 22 18:13:10 2013
New Revision: 1470644

URL: http://svn.apache.org/r1470644
Log:
WSS-432 - Support EncryptedKeySHA1 KeyIdentifier in the StaX code 

Added:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java   (with props)
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/EncryptedKeySha1SecurityToken.java
      - copied, changed from r1470399, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/SecureConversationSecurityToken.java
Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/WSS4JCallbackHandlerImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Mon Apr 22 18:13:10 2013
@@ -180,6 +180,8 @@ public class WSSConstants extends XMLSec
     public static final String NS_X509SubjectKeyIdentifier = NS_X509TOKEN_PROFILE + "#X509SubjectKeyIdentifier";
     public static final String NS_THUMBPRINT = NS11_SOAPMESSAGE_SECURITY + "#ThumbprintSHA1";
 
+    public static final String NS_ENCRYPTED_KEY_SHA1 = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKeySHA1";
+
     public static final String SOAPMESSAGE_NS10_BASE64_ENCODING = NS10_SOAPMESSAGE_SECURITY + "#Base64Binary";
 
     public static final QName TAG_wsse_UsernameToken = new QName(NS_WSSE10, "UsernameToken", PREFIX_WSSE);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java Mon Apr 22 18:13:10 2013
@@ -40,6 +40,7 @@ import javax.xml.stream.XMLStreamExcepti
 import javax.xml.stream.events.Attribute;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.security.Key;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -284,12 +285,8 @@ public class WSSUtils extends XMLSecurit
         attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT));
         abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, attributes);
         try {
-            MessageDigest sha;
-            sha = MessageDigest.getInstance("SHA-1");
-            sha.reset();
-            sha.update(x509Certificates[0].getEncoded());
-            byte[] data = sha.digest();
-
+            MessageDigest sha = MessageDigest.getInstance("SHA-1");
+            byte[] data = sha.digest(x509Certificates[0].getEncoded());
             abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
         } catch (CertificateEncodingException e) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
@@ -299,6 +296,24 @@ public class WSSUtils extends XMLSecurit
         abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
     }
 
+    public static void createEncryptedKeySha1IdentifierStructure(AbstractOutputProcessor abstractOutputProcessor,
+                                                                 OutputProcessorChain outputProcessorChain, Key key)
+            throws XMLStreamException, XMLSecurityException {
+
+        List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
+        attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
+        attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_ENCRYPTED_KEY_SHA1));
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, attributes);
+        try {
+            MessageDigest sha = MessageDigest.getInstance("SHA-1");
+            byte[] data = sha.digest(key.getEncoded());
+            abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+        } catch (NoSuchAlgorithmException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+        }
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+    }
+
     public static void createBSTReferenceStructure(AbstractOutputProcessor abstractOutputProcessor,
                                                    OutputProcessorChain outputProcessorChain, String referenceId,
                                                    String valueType)

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java Mon Apr 22 18:13:10 2013
@@ -27,6 +27,7 @@ import org.apache.wss4j.stax.ext.WSSSecu
 import org.apache.wss4j.stax.ext.WSSUtils;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
 import org.apache.xml.security.stax.ext.*;
 import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
 import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
@@ -37,6 +38,7 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
+import javax.crypto.spec.SecretKeySpec;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import java.security.Key;
@@ -65,15 +67,22 @@ public class BinarySecurityTokenOutputPr
                 WSPasswordCallback pwCb = new WSPasswordCallback(alias, WSPasswordCallback.Usage.SIGNATURE);
                 WSSUtils.doPasswordCallback(((WSSSecurityProperties)getSecurityProperties()).getCallbackHandler(), pwCb);
                 String password = pwCb.getPassword();
-                if (password == null) {
+                byte[] secretKey = pwCb.getKey();
+                if (password == null && secretKey == null) {
                     throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noPassword", alias);
                 }
-                key = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().getPrivateKey(alias, password);
-                CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-                cryptoType.setAlias(alias);
-                x509Certificates = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().getX509Certificates(cryptoType);
-                if (x509Certificates == null || x509Certificates.length == 0) {
-                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", alias);
+                if (password != null) {
+                    key = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().getPrivateKey(alias, password);
+                    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                    cryptoType.setAlias(alias);
+                    x509Certificates = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().getX509Certificates(cryptoType);
+                    if (x509Certificates == null || x509Certificates.length == 0) {
+                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", alias);
+                    }
+                } else {
+                    x509Certificates = null;
+                    String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(getSecurityProperties().getSignatureAlgorithm());
+                    key = new SecretKeySpec(secretKey, algoFamily);
                 }
             } else if (WSSConstants.ENCRYPT.equals(action) ||
                     WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
@@ -98,20 +107,15 @@ public class BinarySecurityTokenOutputPr
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound",
                                 ((WSSSecurityProperties) getSecurityProperties()).getEncryptionUser());
                     }
-                    if (securityProperties.isEnableRevocation()) {
-                        crypto.verifyTrust(x509Certificates, true);
-                    }
                 }
                 
                 // Check for Revocation
-                if (x509Certificates != null) {
-                    WSSSecurityProperties securityProperties = ((WSSSecurityProperties) getSecurityProperties());
-                    if (securityProperties.isEnableRevocation()) {
-                        Crypto crypto = securityProperties.getEncryptionCrypto();
-                        crypto.verifyTrust(x509Certificates, true);
-                    }
+                WSSSecurityProperties securityProperties = ((WSSSecurityProperties) getSecurityProperties());
+                if (securityProperties.isEnableRevocation()) {
+                    Crypto crypto = securityProperties.getEncryptionCrypto();
+                    crypto.verifyTrust(x509Certificates, true);
                 }
-                
+
                 key = null;
             } else {
                 x509Certificates = null;

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java Mon Apr 22 18:13:10 2013
@@ -33,6 +33,7 @@ import javax.xml.stream.events.Attribute
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
 import org.apache.xml.security.stax.ext.OutputProcessorChain;
@@ -206,10 +207,15 @@ public class EncryptOutputProcessor exte
             createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
             createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
 
-            List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
-            attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, attributes);
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+            if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(
+                    ((WSSSecurityProperties) getSecurityProperties()).getEncryptionKeyIdentifier())) {
+                WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
+            } else {
+                List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+                attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
+                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, attributes);
+                createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+            }
             createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
             createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java Mon Apr 22 18:13:10 2013
@@ -332,6 +332,9 @@ public class EncryptedKeyOutputProcessor
                 WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)) {
                 WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
+            } else if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier)) {
+                //not applicable, fallback to thumbprint...
+                WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)) {
                 String valueType;
                 if (useSingleCertificate) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java Mon Apr 22 18:13:10 2013
@@ -108,6 +108,8 @@ public class WSSSignatureEndingOutputPro
             attributes.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID(null)));
             if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier) && !useSingleCertificate) {
                 attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_X509PKIPathv1));
+            } else if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier)) {
+                attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
             } else if (WSSecurityTokenConstants.Saml10Token.equals(securityToken.getTokenType())
                     || WSSecurityTokenConstants.Saml11Token.equals(securityToken.getTokenType())) {
                 attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE));
@@ -128,6 +130,9 @@ public class WSSSignatureEndingOutputPro
                 WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)) {
                 WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
+            } else if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier)) {
+                WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain,
+                        securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm()));
             } else if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)) {
                 String valueType;
                 if (WSSecurityTokenConstants.Saml20Token.equals(securityToken.getTokenType())) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java Mon Apr 22 18:13:10 2013
@@ -19,8 +19,6 @@
 package org.apache.wss4j.stax.impl.processor.output;
 
 import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
@@ -31,7 +29,6 @@ import javax.xml.stream.XMLStreamConstan
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.Attribute;
 
-import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSUtils;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -77,59 +74,50 @@ public class WSSSignatureOutputProcessor
                 if (securePart != null) {
 
                     logger.debug("Matched securePart for signature");
-                    InternalSignatureOutputProcessor internalSignatureOutputProcessor;
-                    try {
-                        SignaturePartDef signaturePartDef = new SignaturePartDef();
-                        signaturePartDef.setTransforms(securePart.getTransforms());
-                        signaturePartDef.setExcludeVisibleC14Nprefixes(true);
-                        String digestMethod = securePart.getDigestMethod();
-                        if (digestMethod == null) {
-                            digestMethod = getSecurityProperties().getSignatureDigestAlgorithm();
-                        }
-                        signaturePartDef.setDigestAlgo(digestMethod);
 
-                        if (securePart.getIdToSign() == null) {
-                            signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
-                            signaturePartDef.setSigRefId(IDGenerator.generateID(null));
-
-                            Attribute attribute = xmlSecStartElement.getAttributeByName(WSSConstants.ATT_wsu_Id);
-                            if (attribute != null) {
-                                signaturePartDef.setSigRefId(attribute.getValue());
-                            } else {
-                                List<XMLSecAttribute> attributeList = new ArrayList<XMLSecAttribute>(1);
-                                attributeList.add(createAttribute(WSSConstants.ATT_wsu_Id, signaturePartDef.getSigRefId()));
-                                xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
-                            }
+                    SignaturePartDef signaturePartDef = new SignaturePartDef();
+                    signaturePartDef.setTransforms(securePart.getTransforms());
+                    signaturePartDef.setExcludeVisibleC14Nprefixes(true);
+                    String digestMethod = securePart.getDigestMethod();
+                    if (digestMethod == null) {
+                        digestMethod = getSecurityProperties().getSignatureDigestAlgorithm();
+                    }
+                    signaturePartDef.setDigestAlgo(digestMethod);
+
+                    if (securePart.getIdToSign() == null) {
+                        signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
+                        signaturePartDef.setSigRefId(IDGenerator.generateID(null));
+
+                        Attribute attribute = xmlSecStartElement.getAttributeByName(WSSConstants.ATT_wsu_Id);
+                        if (attribute != null) {
+                            signaturePartDef.setSigRefId(attribute.getValue());
                         } else {
-                            if (WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(securePart.getName().getLocalPart())) {
-                                signaturePartDef.setSigRefId(securePart.getIdToReference());
-                                String[] transforms = new String[]{
-                                        WSSConstants.SOAPMESSAGE_NS10_STRTransform,
-                                        WSSConstants.NS_C14N_EXCL
-                                };
-                                signaturePartDef.setTransforms(transforms);
-                            } else {
-                                signaturePartDef.setSigRefId(securePart.getIdToSign());
-                            }
+                            List<XMLSecAttribute> attributeList = new ArrayList<XMLSecAttribute>(1);
+                            attributeList.add(createAttribute(WSSConstants.ATT_wsu_Id, signaturePartDef.getSigRefId()));
+                            xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
+                        }
+                    } else {
+                        if (WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(securePart.getName().getLocalPart())) {
+                            signaturePartDef.setSigRefId(securePart.getIdToReference());
+                            String[] transforms = new String[]{
+                                    WSSConstants.SOAPMESSAGE_NS10_STRTransform,
+                                    WSSConstants.NS_C14N_EXCL
+                            };
+                            signaturePartDef.setTransforms(transforms);
+                        } else {
+                            signaturePartDef.setSigRefId(securePart.getIdToSign());
                         }
-
-                        getSignaturePartDefList().add(signaturePartDef);
-                        internalSignatureOutputProcessor = new InternalWSSSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
-                        internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
-                        internalSignatureOutputProcessor.setAction(getAction());
-                        internalSignatureOutputProcessor.addAfterProcessor(WSSSignatureOutputProcessor.class.getName());
-                        internalSignatureOutputProcessor.addBeforeProcessor(WSSSignatureEndingOutputProcessor.class.getName());
-                        internalSignatureOutputProcessor.init(outputProcessorChain);
-
-                    } catch (NoSuchAlgorithmException e) {
-                        throw new WSSecurityException(
-                                WSSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedKeyTransp",
-                                e, "No such algorithm: " + getSecurityProperties().getSignatureAlgorithm()
-                        );
-                    } catch (NoSuchProviderException e) {
-                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noSecProvider", e);
                     }
 
+                    getSignaturePartDefList().add(signaturePartDef);
+                    InternalSignatureOutputProcessor internalSignatureOutputProcessor =
+                            new InternalWSSSignatureOutputProcessor(signaturePartDef, xmlSecStartElement);
+                    internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+                    internalSignatureOutputProcessor.setAction(getAction());
+                    internalSignatureOutputProcessor.addAfterProcessor(WSSSignatureOutputProcessor.class.getName());
+                    internalSignatureOutputProcessor.addBeforeProcessor(WSSSignatureEndingOutputProcessor.class.getName());
+                    internalSignatureOutputProcessor.init(outputProcessorChain);
+
                     setActiveInternalSignatureOutputProcessor(internalSignatureOutputProcessor);
                     //we can remove this processor when the whole body will be signed since there is
                     //nothing more which can be signed.
@@ -234,7 +222,7 @@ public class WSSSignatureOutputProcessor
 
     class InternalWSSSignatureOutputProcessor extends InternalSignatureOutputProcessor {
 
-        public InternalWSSSignatureOutputProcessor(SignaturePartDef signaturePartDef, XMLSecStartElement xmlSecStartElement) throws XMLSecurityException, NoSuchProviderException, NoSuchAlgorithmException {
+        public InternalWSSSignatureOutputProcessor(SignaturePartDef signaturePartDef, XMLSecStartElement xmlSecStartElement) throws XMLSecurityException {
             super(signaturePartDef, xmlSecStartElement);
             this.addBeforeProcessor(InternalWSSSignatureOutputProcessor.class.getName());
         }

Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java?rev=1470644&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java Mon Apr 22 18:13:10 2013
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.securityToken;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.wss4j.stax.securityToken.EncryptedKeySha1SecurityToken;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
+
+import javax.crypto.spec.SecretKeySpec;
+import javax.security.auth.callback.CallbackHandler;
+import java.security.Key;
+
+public class EncryptedKeySha1SecurityTokenImpl
+        extends AbstractInboundSecurityToken implements EncryptedKeySha1SecurityToken {
+
+    private CallbackHandler callbackHandler;
+    private String sha1Identifier;
+
+    public EncryptedKeySha1SecurityTokenImpl(WSInboundSecurityContext inboundSecurityContext,
+                                             CallbackHandler callbackHandler, String sha1Identifier,
+                                             String id, SecurityTokenConstants.KeyIdentifier keyIdentifier) {
+
+        super(inboundSecurityContext, id, keyIdentifier);
+        this.callbackHandler = callbackHandler;
+        this.sha1Identifier = sha1Identifier;
+    }
+
+    @Override
+    public boolean isAsymmetric() throws XMLSecurityException {
+        return false;
+    }
+
+    @Override
+    protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
+                         String correlationID) throws XMLSecurityException {
+
+        Key key = getSecretKey().get(algorithmURI);
+        if (key != null) {
+            return key;
+        }
+
+        WSPasswordCallback secretKeyCallback =
+                new WSPasswordCallback(getId(), null,
+                        WSSConstants.NS_ENCRYPTED_KEY_SHA1, WSPasswordCallback.Usage.SECRET_KEY);
+        WSSUtils.doSecretKeyCallback(callbackHandler, secretKeyCallback, sha1Identifier);
+        if (secretKeyCallback.getKey() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey", sha1Identifier);
+        }
+
+        String algoFamily = JCEAlgorithmMapper.getJCERequiredKeyFromURI(algorithmURI);
+        key = new SecretKeySpec(secretKeyCallback.getKey(), algoFamily);
+        setSecretKey(algorithmURI, key);
+        return key;
+    }
+
+    @Override
+    public SecurityTokenConstants.TokenType getTokenType() {
+        return WSSecurityTokenConstants.EncryptedKeyToken;
+    }
+}

Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java Mon Apr 22 18:13:10 2013
@@ -156,6 +156,10 @@ public class SecurityTokenFactoryImpl ex
                             (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
                             securityTokenReferenceType.getId(), WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier,
                             securityProperties);
+                } else if (WSSConstants.NS_ENCRYPTED_KEY_SHA1.equals(valueType)) {
+                    return new EncryptedKeySha1SecurityTokenImpl(
+                            (WSInboundSecurityContext) inboundSecurityContext, callbackHandler, keyIdentifierType.getValue(),
+                            securityTokenReferenceType.getId(), WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier);
                 } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType)) {
                     if (WSSConstants.NS_SAML20_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType)) {
                         ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6617);

Copied: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/EncryptedKeySha1SecurityToken.java (from r1470399, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/SecureConversationSecurityToken.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/EncryptedKeySha1SecurityToken.java?p2=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/EncryptedKeySha1SecurityToken.java&p1=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/SecureConversationSecurityToken.java&r1=1470399&r2=1470644&rev=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/SecureConversationSecurityToken.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/EncryptedKeySha1SecurityToken.java Mon Apr 22 18:13:10 2013
@@ -20,5 +20,5 @@ package org.apache.wss4j.stax.securityTo
 
 import org.apache.xml.security.stax.securityToken.SecurityToken;
 
-public interface SecureConversationSecurityToken extends SecurityToken {
+public interface EncryptedKeySha1SecurityToken extends SecurityToken {
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java Mon Apr 22 18:13:10 2013
@@ -40,6 +40,7 @@ public class WSSecurityTokenConstants ex
     public static final KeyIdentifier KeyIdentifier_X509KeyIdentifier = new KeyIdentifier("X509KeyIdentifier");
     public static final KeyIdentifier KeyIdentifier_SkiKeyIdentifier = new KeyIdentifier("SkiKeyIdentifier");
     public static final KeyIdentifier KeyIdentifier_ThumbprintIdentifier = new KeyIdentifier("ThumbprintIdentifier");
+    public static final KeyIdentifier KeyIdentifier_EncryptedKeySha1Identifier = new KeyIdentifier("EncryptedKeySha1Identifier");
     public static final KeyIdentifier KeyIdentifier_EmbeddedKeyIdentifierRef = new KeyIdentifier("EmbeddedKeyIdentifierRef");
     public static final KeyIdentifier KeyIdentifier_UsernameTokenReference = new KeyIdentifier("UsernameTokenReference");
     public static final KeyIdentifier KeyIdentifier_SecurityTokenReference = new KeyIdentifier("SecurityTokenReference");

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java Mon Apr 22 18:13:10 2013
@@ -120,21 +120,27 @@ public abstract class AbstractTestBase {
         return doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(inputStream), securityEventList, securityEventListener);
     }
 
-    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader) throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
+    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader)
+            throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
         return doInboundSecurity(securityProperties, xmlStreamReader, null);
     }
 
-    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader, SecurityEventListener securityEventListener) throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
+    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader,
+                                      SecurityEventListener securityEventListener)
+            throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
         return doInboundSecurity(securityProperties, xmlStreamReader, new ArrayList<SecurityEvent>(), securityEventListener);
     }
 
-    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader, List<SecurityEvent> securityEventList, SecurityEventListener securityEventListener) throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
+    public Document doInboundSecurity(WSSSecurityProperties securityProperties, XMLStreamReader xmlStreamReader,
+                                      List<SecurityEvent> securityEventList, SecurityEventListener securityEventListener)
+            throws XMLStreamException, ParserConfigurationException, XMLSecurityException {
         InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
         XMLStreamReader outXmlStreamReader = wsSecIn.processInMessage(xmlStreamReader, securityEventList, securityEventListener);
         return StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), outXmlStreamReader);
     }
 
-    protected ByteArrayOutputStream doOutboundSecurity(WSSSecurityProperties securityProperties, InputStream sourceDocument) throws Exception {
+    protected ByteArrayOutputStream doOutboundSecurity(WSSSecurityProperties securityProperties, InputStream sourceDocument)
+            throws Exception {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
         XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
@@ -144,7 +150,8 @@ public abstract class AbstractTestBase {
         return baos;
     }
 
-    protected Document doOutboundSecurityWithWSS4J(InputStream sourceDocument, String action, Properties properties) throws WSSecurityException, TransformerException {
+    protected Document doOutboundSecurityWithWSS4J(InputStream sourceDocument, String action, Properties properties)
+            throws WSSecurityException, TransformerException {
         Map<String, Object> context = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
         return (Document) context.get(SECURED_DOCUMENT);
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/EncDecryptionTest.java Mon Apr 22 18:13:10 2013
@@ -23,7 +23,10 @@ import org.apache.commons.compress.compr
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.message.WSSecEncrypt;
+import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
@@ -43,6 +46,8 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.transform.Transformer;
@@ -1453,6 +1458,91 @@ public class EncDecryptionTest extends A
     }
 
     @Test
+    public void testEncDecryptionKeyIdentifierSHA1Outbound() throws Exception {
+
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.ENCRYPT};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+            securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier);
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+            baos = doOutboundSecurity(securityProperties, sourceDocument);
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
+            node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+        }
+
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
+    public void testEncDecryptionKeyIdentifierSHA1Inbound() throws Exception {
+
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+            Document doc = documentBuilderFactory.newDocumentBuilder().parse(sourceDocument);
+
+            WSSecHeader secHeader = new WSSecHeader();
+            secHeader.insertSecurityHeader(doc);
+
+            WSSecEncrypt builder = new WSSecEncrypt();
+            builder.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+            builder.setSymmetricKey(key);
+            builder.setEncryptSymmKey(false);
+            Document securedDocument = builder.build(doc, null, secHeader);
+
+            XPathExpression xPathExpression = getXPath("/env:Envelope/env:Body/xenc:EncryptedData/dsig:KeyInfo/wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+
+        //done encryption; now test decryption:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new org.apache.wss4j.stax.test.CallbackHandlerImpl(key.getEncoded()));
+            Document document = doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            //no encrypted content
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 0);
+        }
+    }
+
+    @Test
     public void testDecryptionReferenceListOutsideEncryptedKey() throws Exception {
 
         ByteArrayOutputStream baos;

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Mon Apr 22 18:13:10 2013
@@ -20,12 +20,18 @@ package org.apache.wss4j.stax.test;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.crypto.dsig.SignatureMethod;
 import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
@@ -37,8 +43,12 @@ import javax.xml.xpath.XPathExpression;
 
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.message.WSSecSignature;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.InboundWSSec;
 import org.apache.wss4j.stax.ext.OutboundWSSec;
@@ -935,6 +945,122 @@ public class SignatureTest extends Abstr
     }
 
     @Test
+    public void testSignatureKeyIdentifierSha1Outbound() throws Exception {
+
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        final SecretKey key = keyGen.generateKey();
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+            securityProperties.setOutAction(actions);
+            securityProperties.setSignatureUser("transmitter");
+            securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+            securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier);
+            securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
+            securityProperties.setCallbackHandler(
+                    new org.apache.wss4j.stax.test.CallbackHandlerImpl(key.getEncoded()){
+                        @Override
+                        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+                            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
+                            pc.setKey(key.getEncoded());
+                        }
+                    }
+            );
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+            XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+            XPathExpression xPathExpression =
+                    getXPath("/env:Envelope/env:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/" +
+                            "wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType=" +
+                            "'http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
+            Node node = (Node) xPathExpression.evaluate(document, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+
+            nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP11, WSSConstants.TAG_soap_Body_LocalName);
+            Assert.assertEquals(nodeList.getLength(), 1);
+            String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart());
+            Assert.assertNotNull(idAttrValue);
+            Assert.assertTrue(idAttrValue.length() > 0);
+        }
+
+        //done signature; now test sig-verification:
+        {
+            String action = WSHandlerConstants.SIGNATURE;
+            Properties properties = new Properties();
+            WSS4JCallbackHandlerImpl callbackHandler = new WSS4JCallbackHandlerImpl(key.getEncoded());
+            properties.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
+            doInboundSecurityWithWSS4J_1(
+                    documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())),
+                    action, properties, true);
+        }
+    }
+
+    @Test
+    public void testSignatureKeyIdentifierSha1Inbound() throws Exception {
+
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey key = keyGen.generateKey();
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+            Document doc = documentBuilderFactory.newDocumentBuilder().parse(sourceDocument);
+            WSSecHeader secHeader = new WSSecHeader();
+            secHeader.insertSecurityHeader(doc);
+
+            WSSecSignature sign = new WSSecSignature();
+            sign.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+            sign.setSecretKey(key.getEncoded());
+            sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+
+            Document securedDocument = sign.build(doc, null, secHeader);
+
+            //some test that we can really sure we get what we want from WSS4J
+            XPathExpression xPathExpression =
+                    getXPath("/env:Envelope/env:Header/wsse:Security/dsig:Signature/dsig:KeyInfo/" +
+                                    "wsse:SecurityTokenReference/wsse:KeyIdentifier[@ValueType=" +
+                                    "'http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1']");
+            Node node = (Node) xPathExpression.evaluate(securedDocument, XPathConstants.NODE);
+            Assert.assertNotNull(node);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.setCallbackHandler(new org.apache.wss4j.stax.test.CallbackHandlerImpl(key.getEncoded()));
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+            Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+        }
+    }
+
+    @Test
     public void testSignatureUsePKIPathOutbound() throws Exception {
         
         // Needs BouncyCastle to work properly...

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/WSS4JCallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/WSS4JCallbackHandlerImpl.java?rev=1470644&r1=1470643&r2=1470644&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/WSS4JCallbackHandlerImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/WSS4JCallbackHandlerImpl.java Mon Apr 22 18:13:10 2013
@@ -50,7 +50,8 @@ public class WSS4JCallbackHandlerImpl im
             throw new UnsupportedCallbackException(pc, "Unrecognized CallbackHandlerImpl");
         }
 */
-        if (pc.getUsage() == WSPasswordCallback.Usage.SECURITY_CONTEXT_TOKEN) {
+        if (pc.getUsage() == WSPasswordCallback.Usage.SECRET_KEY ||
+                pc.getUsage() == WSPasswordCallback.Usage.SECURITY_CONTEXT_TOKEN) {
             pc.setKey(secret);
         }
     }



Mime
View raw message