ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1491414 - in /webservices/wss4j/branches/1_6_x-fixes/src: main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Date Mon, 10 Jun 2013 11:10:23 GMT
Author: coheigea
Date: Mon Jun 10 11:10:22 2013
New Revision: 1491414

URL: http://svn.apache.org/r1491414
Log:
Fixed an error in not validating EncryptionAlgorithms against the BSP spec when referenced
via an EncryptedKey.


Conflicts:
	src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
	ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java

Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1491414&r1=1491413&r2=1491414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Jun 10 11:10:22 2013
@@ -397,6 +397,25 @@ public class EncryptedKeyProcessor imple
         // Prepare the SecretKey object to decrypt EncryptedData
         //
         String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+        
+        // EncryptionAlgorithm cannot be null
+        if (data.getWssConfig().isWsiBSPCompliant() && symEncAlgo == null) {
+            throw new WSSecurityException(
+                WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
+            );
+        }
+        // EncryptionAlgorithm must be 3DES, or AES128, or AES256
+        if (data.getWssConfig().isWsiBSPCompliant() 
+            && !WSConstants.TRIPLE_DES.equals(symEncAlgo)
+            && !WSConstants.AES_128.equals(symEncAlgo)
+            && !WSConstants.AES_128_GCM.equals(symEncAlgo)
+            && !WSConstants.AES_256.equals(symEncAlgo)
+            && !WSConstants.AES_256_GCM.equals(symEncAlgo)) {
+            throw new WSSecurityException(
+                WSSecurityException.INVALID_SECURITY, "badEncAlgo", new Object[]{symEncAlgo}
+            );
+        }
+        
         SecretKey symmetricKey = null;
         try {
             symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);

Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java?rev=1491414&r1=1491413&r2=1491414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionGCMTest.java
Mon Jun 10 11:10:22 2013
@@ -95,6 +95,40 @@ public class EncryptionGCMTest extends o
     }
     
     @org.junit.Test
+    public void testAES192GCM() throws Exception {
+        //
+        // This test fails with the IBM JDK 7
+        //
+        if ("IBM Corporation".equals(System.getProperty("java.vendor"))
+            && System.getProperty("java.version") != null
+            &&  System.getProperty("java.version").startsWith("1.7")) {
+            return;
+        }
+        WSSecEncrypt builder = new WSSecEncrypt();
+        builder.setUserInfo("wss40");
+        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        builder.setSymmetricEncAlgorithm(WSConstants.AES_192_GCM);
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document encryptedDoc = builder.build(doc, crypto, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Encrypted message:");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
+        
+        WSSecurityEngine newEngine = new WSSecurityEngine();
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        wssConfig.setWsiBSPCompliant(false);
+        newEngine.setWssConfig(wssConfig);
+        verify(encryptedDoc, newEngine, keystoreCallbackHandler, SOAP_BODY);
+    }
+    
+    @org.junit.Test
     public void testAES256GCM() throws Exception {
         //
         // This test fails with the IBM JDK 7
@@ -123,21 +157,23 @@ public class EncryptionGCMTest extends o
         verify(encryptedDoc, keystoreCallbackHandler, SOAP_BODY);
     }
 
-    /**
-     * Verifies the soap envelope
-     * <p/>
-     * 
-     * @param envelope 
-     * @throws Exception Thrown when there is a problem in verification
-     */
+    private void verify(
+        Document doc,
+        CallbackHandler handler,
+        javax.xml.namespace.QName expectedEncryptedElement
+    ) throws Exception {
+        verify(doc, secEngine, handler, expectedEncryptedElement);
+    }
+    
     @SuppressWarnings("unchecked")
     private void verify(
         Document doc,
+        WSSecurityEngine wsSecurityEngine,
         CallbackHandler handler,
         javax.xml.namespace.QName expectedEncryptedElement
     ) throws Exception {
         final java.util.List<WSSecurityEngineResult> results = 
-            secEngine.processSecurityHeader(doc, null, handler, null, crypto);
+            wsSecurityEngine.processSecurityHeader(doc, null, handler, null, crypto);
         String outputString = 
             org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
         if (LOG.isDebugEnabled()) {



Mime
View raw message