Author: coheigea
Date: Mon Jun 10 11:10:22 2013
New Revision: 1491414
URL: http://svn.apache.org/r1491414
Log:
Fixed an error in not validating EncryptionAlgorithms against the BSP spec when referenced
via an EncryptedKey.
Conflicts:
src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1491414&r1=1491413&r2=1491414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Jun 10 11:10:22 2013
@@ -397,6 +397,25 @@ public class EncryptedKeyProcessor imple
// Prepare the SecretKey object to decrypt EncryptedData
//
String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+
+ // EncryptionAlgorithm cannot be null
+ if (data.getWssConfig().isWsiBSPCompliant() && symEncAlgo == null) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
+ );
+ }
+ // EncryptionAlgorithm must be 3DES, or AES128, or AES256
+ if (data.getWssConfig().isWsiBSPCompliant()
+ && !WSConstants.TRIPLE_DES.equals(symEncAlgo)
+ && !WSConstants.AES_128.equals(symEncAlgo)
+ && !WSConstants.AES_128_GCM.equals(symEncAlgo)
+ && !WSConstants.AES_256.equals(symEncAlgo)
+ && !WSConstants.AES_256_GCM.equals(symEncAlgo)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY, "badEncAlgo", new Object[]{symEncAlgo}
+ );
+ }
+
SecretKey symmetricKey = null;
try {
symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java?rev=1491414&r1=1491413&r2=1491414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Mon Jun 10 11:10:22 2013
@@ -95,6 +95,40 @@ public class EncryptionGCMTest extends o
}
@org.junit.Test
+ public void testAES192GCM() throws Exception {
+ //
+ // This test fails with the IBM JDK 7
+ //
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))
+ && System.getProperty("java.version") != null
+ && System.getProperty("java.version").startsWith("1.7")) {
+ return;
+ }
+ WSSecEncrypt builder = new WSSecEncrypt();
+ builder.setUserInfo("wss40");
+ builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ builder.setSymmetricEncAlgorithm(WSConstants.AES_192_GCM);
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Encrypted message:");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+
+ WSSecurityEngine newEngine = new WSSecurityEngine();
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(false);
+ newEngine.setWssConfig(wssConfig);
+ verify(encryptedDoc, newEngine, keystoreCallbackHandler, SOAP_BODY);
+ }
+
+ @org.junit.Test
public void testAES256GCM() throws Exception {
//
// This test fails with the IBM JDK 7
@@ -123,21 +157,23 @@ public class EncryptionGCMTest extends o
verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
}
- /**
- * Verifies the soap envelope
- * <p/>
- *
- * @param envelope
- * @throws Exception Thrown when there is a problem in verification
- */
+ private void verify(
+ Document doc,
+ CallbackHandler handler,
+ javax.xml.namespace.QName expectedEncryptedElement
+ ) throws Exception {
+ verify(doc, secEngine, handler, expectedEncryptedElement);
+ }
+
@SuppressWarnings("unchecked")
private void verify(
Document doc,
+ WSSecurityEngine wsSecurityEngine,
CallbackHandler handler,
javax.xml.namespace.QName expectedEncryptedElement
) throws Exception {
final java.util.List<WSSecurityEngineResult> results =
- secEngine.processSecurityHeader(doc, null, handler, null, crypto);
+ wsSecurityEngine.processSecurityHeader(doc, null, handler, null, crypto);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled()) {
|