ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1519450 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-common/src/main/java/org/apache/wss4j/common/crypto/ ws-security-common/src/test/java/org/apache/wss4j/common/crypto/ ws-security-...
Date Mon, 02 Sep 2013 14:26:18 GMT
Author: coheigea
Date: Mon Sep  2 14:26:18 2013
New Revision: 1519450

URL: http://svn.apache.org/r1519450
Log:
Renaming default PasswordEncryptor based on Jasypt to allow for different algorithms to be
used

Added:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/JasyptPasswordEncryptor.java
      - copied, changed from r1516222, webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java
Removed:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Mon Sep  2 14:26:18 2013
@@ -828,7 +828,7 @@ public final class ConfigurationConstant
      * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or

      * decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
      * 
-     * By default, WSS4J uses the StrongJasyptPasswordEncryptor, which must be instantiated
with a 
+     * By default, WSS4J uses the JasyptPasswordEncryptor, which must be instantiated with
a 
      * master password to use to decrypt keystore passwords in the Merlin Crypto properties
file.
      * This master password is obtained via the CallbackHandler defined via PW_CALLBACK_CLASS
      * or PW_CALLBACK_REF.

Copied: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/JasyptPasswordEncryptor.java
(from r1516222, webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/JasyptPasswordEncryptor.java?p2=webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/JasyptPasswordEncryptor.java&p1=webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java&r1=1516222&r2=1519450&rev=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/StrongJasyptPasswordEncryptor.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/JasyptPasswordEncryptor.java
Mon Sep  2 14:26:18 2013
@@ -26,27 +26,39 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import org.apache.wss4j.common.ext.WSPasswordCallback;
-import org.jasypt.util.text.StrongTextEncryptor;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 
 
 /**
- * An implementation of PasswordEncryptor that relies on Jasypt's StrongTextEncryptor to
encrypt
- * and decrypt passwords.
+ * An implementation of PasswordEncryptor that relies on Jasypt's StandardPBEStringEncryptor
to 
+ * encrypt and decrypt passwords. The default algorithm that is used is "PBEWithMD5AndTripleDES".
  */
-public class StrongJasyptPasswordEncryptor implements PasswordEncryptor {
+public class JasyptPasswordEncryptor implements PasswordEncryptor {
+    
+    public static final String DEFAULT_ALGORITHM = "PBEWithMD5AndTripleDES";
     
     private static final org.slf4j.Logger LOG = 
-        org.slf4j.LoggerFactory.getLogger(StrongJasyptPasswordEncryptor.class);
+        org.slf4j.LoggerFactory.getLogger(JasyptPasswordEncryptor.class);
+    
+    private final StandardPBEStringEncryptor passwordEncryptor;
     
-    private final StrongTextEncryptor passwordEncryptor;
+    public JasyptPasswordEncryptor(String masterPassword) {
+        this(masterPassword, DEFAULT_ALGORITHM);
+    }
     
-    public StrongJasyptPasswordEncryptor(String masterPassword) {
-        passwordEncryptor = new StrongTextEncryptor();
+    public JasyptPasswordEncryptor(String masterPassword, String algorithm) {
+        passwordEncryptor = new StandardPBEStringEncryptor();
         passwordEncryptor.setPassword(masterPassword);
+        passwordEncryptor.setAlgorithm(algorithm);
+    }
+    
+    public JasyptPasswordEncryptor(CallbackHandler callbackHandler) {
+        this(callbackHandler, DEFAULT_ALGORITHM);
     }
     
-    public StrongJasyptPasswordEncryptor(CallbackHandler callbackHandler) {
-        passwordEncryptor = new StrongTextEncryptor();
+    public JasyptPasswordEncryptor(CallbackHandler callbackHandler, String algorithm) {
+        passwordEncryptor = new StandardPBEStringEncryptor();
+        passwordEncryptor.setAlgorithm(algorithm);
         
         WSPasswordCallback pwCb = 
             new WSPasswordCallback("", WSPasswordCallback.Usage.PASSWORD_ENCRYPTOR_PASSWORD);

Modified: webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/PasswordEncryptorTest.java
Mon Sep  2 14:26:18 2013
@@ -29,7 +29,7 @@ public class PasswordEncryptorTest exten
     public void testStrongJasyptPasswordEncryptor() throws Exception {
         
         PasswordEncryptor passwordEncryptor = 
-            new StrongJasyptPasswordEncryptor("master-password");
+            new JasyptPasswordEncryptor("master-password");
         String encryptedPassword = passwordEncryptor.encrypt("password");
         assertNotEquals(encryptedPassword, "password");
         String decryptedPassword = passwordEncryptor.decrypt(encryptedPassword);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
Mon Sep  2 14:26:18 2013
@@ -43,8 +43,8 @@ import org.apache.wss4j.dom.action.Actio
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
-import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
@@ -1095,7 +1095,7 @@ public abstract class WSHandler {
         
         CallbackHandler callbackHandler = requestData.getCallbackHandler();
         if (callbackHandler != null) {
-            return new StrongJasyptPasswordEncryptor(callbackHandler);
+            return new JasyptPasswordEncryptor(callbackHandler);
         }
         
         return null;

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordEncryptorTest.java
Mon Sep  2 14:26:18 2013
@@ -26,8 +26,8 @@ import javax.security.auth.callback.Call
 
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
-import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
@@ -54,7 +54,7 @@ public class PasswordEncryptorTest exten
     private WSSecurityEngine secEngine = new WSSecurityEngine();
     private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
     private PasswordEncryptor passwordEncryptor = 
-        new StrongJasyptPasswordEncryptor("this-is-a-secret");
+        new JasyptPasswordEncryptor("this-is-a-secret");
     private Crypto crypto = null;
     
     @org.junit.AfterClass

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Mon Sep  2 14:26:18 2013
@@ -33,8 +33,8 @@ import org.apache.wss4j.common.Configura
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
-import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.common.util.StringUtil;
@@ -167,7 +167,7 @@ public final class ConfigurationConverte
         if (passwordEncryptor == null) {
             CallbackHandler callbackHandler = properties.getCallbackHandler();
             if (callbackHandler != null) {
-                passwordEncryptor = new StrongJasyptPasswordEncryptor(callbackHandler);
+                passwordEncryptor = new JasyptPasswordEncryptor(callbackHandler);
             }
         }
         

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java?rev=1519450&r1=1519449&r2=1519450&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/PasswordEncryptorTest.java
Mon Sep  2 14:26:18 2013
@@ -30,8 +30,8 @@ import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
 
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
-import org.apache.wss4j.common.crypto.StrongJasyptPasswordEncryptor;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.OutboundWSSec;
@@ -63,7 +63,7 @@ public class PasswordEncryptorTest exten
             Properties properties = 
                 CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
             PasswordEncryptor passwordEncryptor = 
-                new StrongJasyptPasswordEncryptor(new CallbackHandlerImpl());
+                new JasyptPasswordEncryptor(new CallbackHandlerImpl());
             securityProperties.setSignatureCryptoProperties(properties, passwordEncryptor);
             securityProperties.setSignatureUser("transmitter");
             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
@@ -110,7 +110,7 @@ public class PasswordEncryptorTest exten
             Properties properties = 
                 CryptoFactory.getProperties("transmitter-crypto-enc.properties", this.getClass().getClassLoader());
             PasswordEncryptor passwordEncryptor = 
-                new StrongJasyptPasswordEncryptor(new CallbackHandlerImpl());
+                new JasyptPasswordEncryptor(new CallbackHandlerImpl());
             securityProperties.setEncryptionCryptoProperties(properties, passwordEncryptor);
             securityProperties.setEncryptionUser("receiver");
 



Mime
View raw message