ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1526857 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-dom/src/main/java/org/apache/wss4j/dom/ ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ ws-security-dom/src/main/java/o...
Date Fri, 27 Sep 2013 11:39:32 GMT
Author: coheigea
Date: Fri Sep 27 11:39:31 2013
New Revision: 1526857

URL: http://svn.apache.org/r1526857
Log:
Added more tests for SecurityActionTokens

Added:
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/SignatureEncryptionActionToken.java
Fri Sep 27 11:39:31 2013
@@ -48,6 +48,9 @@ public abstract class SignatureEncryptio
     private List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
     private String optionalParts;
     private String cryptoProperties;
+    private String tokenType;
+    private String tokenId;
+    private String sha1Value;
     
     public X509Certificate getCertificate() {
         return certificate;
@@ -132,5 +135,23 @@ public abstract class SignatureEncryptio
     public void setCryptoProperties(String cryptoProperties) {
         this.cryptoProperties = cryptoProperties;
     }
+    public String getTokenType() {
+        return tokenType;
+    }
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+    public String getTokenId() {
+        return tokenId;
+    }
+    public void setTokenId(String tokenId) {
+        this.tokenId = tokenId;
+    }
+    public String getSha1Value() {
+        return sha1Value;
+    }
+    public void setSha1Value(String sha1Value) {
+        this.sha1Value = sha1Value;
+    }
 }
 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
Fri Sep 27 11:39:31 2013
@@ -384,11 +384,13 @@ public final class WSConstants {
      * Embeds a keyinfo/key name into the EncryptedData element.
      * <p/>
      */
+    @Deprecated
     public static final int EMBEDDED_KEYNAME = 5;
     
     /**
      * Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
      */
+    @Deprecated
     public static final int EMBED_SECURITY_TOKEN_REF = 6;
     
     /**

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
Fri Sep 27 11:39:31 2013
@@ -53,22 +53,7 @@ public class EncryptionAction implements
         if (encryptionToken.getKeyIdentifierId() != 0) {
             wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());
         }
-        if (encryptionToken.getKeyIdentifierId() == WSConstants.EMBEDDED_KEYNAME) {
-            String encKeyName = handler.getString(WSHandlerConstants.ENC_KEY_NAME,
-                    reqData.getMsgContext());
-            wsEncrypt.setEmbeddedKeyName(encKeyName);
-            CallbackHandler callbackHandler = 
-                handler.getCallbackHandler(
-                    WSHandlerConstants.ENC_CALLBACK_CLASS,
-                    WSHandlerConstants.ENC_CALLBACK_REF, 
-                    reqData
-                );
-            WSPasswordCallback passwordCallback = 
-                handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler,
reqData);
-            byte[] embeddedKey = passwordCallback.getKey();
-            wsEncrypt.setKey(embeddedKey);
-            wsEncrypt.setDocument(doc);
-        }
+
         if (encryptionToken.getSymmetricAlgorithm() != null) {
             wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
         }
@@ -98,14 +83,27 @@ public class EncryptionAction implements
         if (encryptionToken.getParts().size() > 0) {
             wsEncrypt.setParts(encryptionToken.getParts());
         }
-        if (!encryptionToken.isEncSymmetricEncryptionKey()) {
+        
+        wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
+        byte[] ephemeralKey = encryptionToken.getKey();
+        if (!encryptionToken.isEncSymmetricEncryptionKey() && ephemeralKey == null)
{
             CallbackHandler callbackHandler = 
                 handler.getPasswordCallbackHandler(reqData);
-            WSPasswordCallback passwordCallback = 
-                handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler,
reqData);
-            wsEncrypt.setEphemeralKey(passwordCallback.getKey());
-            wsEncrypt.setEncryptSymmKey(encryptionToken.isEncSymmetricEncryptionKey());
+            if (ephemeralKey == null) {
+                WSPasswordCallback passwordCallback = 
+                    handler.getPasswordCB(encryptionToken.getUser(), WSConstants.ENCR, callbackHandler,
reqData);
+                ephemeralKey = passwordCallback.getKey();
+            }
         }
+        wsEncrypt.setEphemeralKey(ephemeralKey);
+        
+        if (encryptionToken.getTokenId() != null) {
+            wsEncrypt.setEncKeyId(encryptionToken.getTokenId());
+        }
+        if (encryptionToken.getTokenType() != null) {
+            wsEncrypt.setCustomReferenceValue(encryptionToken.getTokenType());
+        }
+        
         try {
             wsEncrypt.build(doc, encryptionToken.getCrypto(), reqData.getSecHeader());
         } catch (WSSecurityException e) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
Fri Sep 27 11:39:31 2013
@@ -81,6 +81,16 @@ public class SignatureAction implements 
         } else if (signatureToken.getKey() != null) {
             wsSign.setSecretKey(signatureToken.getKey());
         }
+        
+        if (signatureToken.getTokenId() != null) {
+            wsSign.setCustomTokenId(signatureToken.getTokenId());
+        }
+        if (signatureToken.getTokenType() != null) {
+            wsSign.setCustomTokenValueType(signatureToken.getTokenType());
+        }
+        if (signatureToken.getSha1Value() != null) {
+            wsSign.setEncrKeySha1value(signatureToken.getSha1Value());
+        }
 
         try {
             wsSign.prepare(doc, signatureToken.getCrypto(), reqData.getSecHeader());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
Fri Sep 27 11:39:31 2013
@@ -644,7 +644,6 @@ public abstract class WSHandler {
                     || tmp == WSConstants.X509_KEY_IDENTIFIER
                     || tmp == WSConstants.SKI_KEY_IDENTIFIER
                     || tmp == WSConstants.BST_DIRECT_REFERENCE
-                    || tmp == WSConstants.EMBEDDED_KEYNAME
                     || tmp == WSConstants.THUMBPRINT_IDENTIFIER
                     || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
Fri Sep 27 11:39:31 2013
@@ -841,8 +841,6 @@ public final class WSHandlerConstants {
      * </li>
      * <li><code>SKIKeyIdentifier</code> for {@link WSConstants#SKI_KEY_IDENTIFIER}
      * </li>
-     * <li><code>EmbeddedKeyName</code> for {@link WSConstants#EMBEDDED_KEYNAME}
-     * </li>
      * <li><code>Thumbprint</code> for {@link WSConstants#THUMBPRINT}
      * </li>
      * <li><code>EncryptedKeySHA1</code> for {@link WSConstants#ENCRYPTED_KEY_SHA1_IDENTIFIER}
@@ -857,7 +855,6 @@ public final class WSHandlerConstants {
         keyIdentifier.put("IssuerSerial", WSConstants.ISSUER_SERIAL);
         keyIdentifier.put("X509KeyIdentifier", WSConstants.X509_KEY_IDENTIFIER);
         keyIdentifier.put("SKIKeyIdentifier", WSConstants.SKI_KEY_IDENTIFIER);
-        keyIdentifier.put("EmbeddedKeyName", WSConstants.EMBEDDED_KEYNAME);
         keyIdentifier.put("Thumbprint", WSConstants.THUMBPRINT_IDENTIFIER);
         keyIdentifier.put("EncryptedKeySHA1", WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
         keyIdentifier.put("KeyValue", WSConstants.KEY_VALUE);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Fri Sep 27 11:39:31 2013
@@ -56,10 +56,6 @@ public class WSSecEncrypt extends WSSecE
     private static org.slf4j.Logger log = 
         org.slf4j.LoggerFactory.getLogger(WSSecEncrypt.class);
     
-    private byte[] embeddedKey;
-
-    private String embeddedKeyName;
-
     /**
      * SecurityTokenReference to be inserted into EncryptedData/keyInfo element.
      */
@@ -92,16 +88,6 @@ public class WSSecEncrypt extends WSSecE
     }
     
     /**
-     * Sets the key to use during embedded encryption.
-     * 
-     * @param key to use during encryption. The key must fit the selected
-     *            symmetrical encryption algorithm
-     */
-    public void setKey(byte[] key) {
-        embeddedKey = key;
-    }
-
-    /**
      * Sets the algorithm to encode the symmetric key.
      * 
      * Default is the <code>WSConstants.KEYTRANSPORT_RSAOEP</code> algorithm.
@@ -115,16 +101,6 @@ public class WSSecEncrypt extends WSSecE
     }
 
     /**
-     * Set the key name for EMBEDDED_KEYNAME
-     * 
-     * @param embeddedKeyName
-     */
-    public void setEmbeddedKeyName(String embeddedKeyName) {
-        this.embeddedKeyName = embeddedKeyName;
-    }
-    
-    
-    /**
      * Initialize a WSSec Encrypt.
      * 
      * The method prepares and initializes a WSSec Encrypt structure after the
@@ -154,11 +130,7 @@ public class WSSecEncrypt extends WSSecE
             ephemeralKey = symmetricKey.getEncoded();
         }
         
-        if (symmetricKey == null) {
-            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
-        } else {
-            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, symmetricKey.getEncoded());
-        }
+        symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
         
         //
         // Get the certificate that contains the public key for the public key
@@ -204,23 +176,7 @@ public class WSSecEncrypt extends WSSecE
         throws WSSecurityException {
         doDebug = log.isDebugEnabled();
 
-        if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME
-            || keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
-            encryptSymmKey = false;
-            document = doc;
-            //
-            // Generate a symmetric key from the specified key (password) for this
-            // algorithm, and set the cipher into encryption mode.
-            //
-            if (symmetricKey == null) {
-                if (embeddedKey == null) {
-                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"noKeySupplied");
-                }
-                symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, embeddedKey);
-            }
-        } else {
-            prepare(doc, crypto);
-        }
+        prepare(doc, crypto);
         
         if (envelope == null) {
             envelope = document.getDocumentElement();
@@ -504,8 +460,6 @@ public class WSSecEncrypt extends WSSecE
             }
             secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
             keyInfo.addUnknownElement(secToken.getElement());
-        } else if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
-            keyInfo.addKeyName(embeddedKeyName == null ? user : embeddedKeyName);
         } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) {
             SecurityTokenReference secToken = new SecurityTokenReference(document);
             secToken.addWSSENamespace();

Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java?rev=1526857&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
(added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CombinedCallbackHandler.java
Fri Sep 27 11:39:31 2013
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.common;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+/**
+ * A combined Callback Handler implementation which wraps the SecretKeyCallbackHandler and
the 
+ * KeystoreCallbackHandler.
+ */
+public class CombinedCallbackHandler implements CallbackHandler {
+    
+    private final CallbackHandler secretCallbackHandler;
+    private final CallbackHandler keystoreCallbackHandler;
+    
+    public CombinedCallbackHandler(
+        CallbackHandler secretCallbackHandler, CallbackHandler keystoreCallbackHandler
+    ) {
+        this.secretCallbackHandler = secretCallbackHandler;
+        this.keystoreCallbackHandler = keystoreCallbackHandler;
+    }
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                if ((pc.getUsage() == WSPasswordCallback.Usage.SECRET_KEY)
+                    || (pc.getUsage() == WSPasswordCallback.Usage.SECURITY_CONTEXT_TOKEN))
{
+                    secretCallbackHandler.handle(callbacks);
+                } else {
+                    keystoreCallbackHandler.handle(callbacks);
+                }
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+}

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SecurityActionTokenTest.java
Fri Sep 27 11:39:31 2013
@@ -25,8 +25,10 @@ import java.util.List;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.security.auth.callback.CallbackHandler;
 import javax.xml.crypto.dsig.SignatureMethod;
 
+import org.apache.wss4j.common.EncryptionActionToken;
 import org.apache.wss4j.common.SignatureActionToken;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -37,12 +39,14 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.WSSecurityEngine;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CombinedCallbackHandler;
 import org.apache.wss4j.dom.common.CustomHandler;
 import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
 import org.apache.wss4j.dom.common.SOAPUtil;
 import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
 import org.apache.wss4j.dom.common.SecurityTestUtil;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Base64;
 import org.w3c.dom.Document;
 
@@ -107,7 +111,7 @@ public class SecurityActionTokenTest ext
             LOG.debug(outputString);
         }
         
-        verify(doc);
+        verify(doc, null);
     }
     
     @org.junit.Test
@@ -148,8 +152,7 @@ public class SecurityActionTokenTest ext
         String identifier = Base64.encode(encodedBytes);
         secretKeyCallbackHandler.addSecretKey(identifier, keyData);
         
-        WSSecurityEngine symmetricSecEngine = new WSSecurityEngine();
-        symmetricSecEngine.processSecurityHeader(doc, null, secretKeyCallbackHandler, null,
crypto);
+        verify(doc, secretKeyCallbackHandler);
     }
     
     @org.junit.Test
@@ -194,6 +197,8 @@ public class SecurityActionTokenTest ext
                 XMLUtils.PrettyDocumentToString(doc);
             LOG.debug(outputString);
         }
+        
+        // Not verifying due to two separate Crypto instances...
     }
     
     @org.junit.Test
@@ -238,11 +243,331 @@ public class SecurityActionTokenTest ext
                 XMLUtils.PrettyDocumentToString(doc);
             LOG.debug(outputString);
         }
+        
+        SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+        byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+        String identifier = Base64.encode(encodedBytes);
+        secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+        
+        verify(doc, secretKeyCallbackHandler);
+    }
+    
+    @org.junit.Test
+    public void testAsymmetricEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setUser("wss40");
+        actionToken.setCryptoProperties("wss40.properties");
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        verify(doc, new KeystoreCallbackHandler());
+    }
+    
+    @org.junit.Test
+    public void testSymmetricEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        actionToken.setKey(keyData);
+        actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+        actionToken.setEncSymmetricEncryptionKey(false);
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+        byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+        String identifier = Base64.encode(encodedBytes);
+        secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+        
+        verify(doc, secretKeyCallbackHandler);
+    }
+    
+    @org.junit.Test
+    public void testAsymmetricDoubleEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setUser("wss40");
+        actionToken.setCryptoProperties("wss40.properties");
+        
+        EncryptionActionToken actionToken2 = new EncryptionActionToken();
+        actionToken2.setUser("16c73ab6-b892-458f-abf5-2f875f74882e");
+        actionToken2.setCryptoProperties("crypto.properties");
+        WSEncryptionPart encP =
+            new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+        actionToken2.setParts(Collections.singletonList(encP));
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        actions.add(new HandlerAction(WSConstants.TS, null));
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        // Not verifying due to two separate Crypto instances...
+    }
+    
+    @org.junit.Test
+    public void testMixedDoubleEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setUser("wss40");
+        actionToken.setCryptoProperties("wss40.properties");
+        
+        EncryptionActionToken actionToken2 = new EncryptionActionToken();
+        actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        actionToken2.setKey(keyData);
+        actionToken2.setSymmetricAlgorithm(WSConstants.AES_128);
+        actionToken2.setEncSymmetricEncryptionKey(false);
+        WSEncryptionPart encP =
+            new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "");
+        actionToken2.setParts(Collections.singletonList(encP));
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        actions.add(new HandlerAction(WSConstants.TS, null));
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+        byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+        String identifier = Base64.encode(encodedBytes);
+        secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+        
+        CombinedCallbackHandler combinedCallbackHandler = 
+            new CombinedCallbackHandler(secretKeyCallbackHandler, new KeystoreCallbackHandler());
+        
+        verify(doc, combinedCallbackHandler);
+    }
+    
+    // Using the same key for signature + encryption here for convenience...
+    @org.junit.Test
+    public void testAsymmetricSignatureEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        SignatureActionToken actionToken = new SignatureActionToken();
+        actionToken.setUser("wss40");
+        actionToken.setCryptoProperties("wss40.properties");
+        actionToken.setKeyIdentifierId(WSConstants.BST_DIRECT_REFERENCE);
+        
+        EncryptionActionToken actionToken2 = new EncryptionActionToken();
+        actionToken2.setUser("wss40");
+        actionToken2.setCryptoProperties("wss40.properties");
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.SIGN, actionToken));
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken2));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        verify(doc, new KeystoreCallbackHandler());
+    }
+    
+    @org.junit.Test
+    public void testSymmetricSignatureEncryption() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setKey(keyData);
+        actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+        actionToken.setKeyIdentifierId(WSConstants.SKI_KEY_IDENTIFIER);
+        actionToken.setUser("wss40");
+        actionToken.setCryptoProperties("wss40.properties");
+        actionToken.setTokenId(IDGenerator.generateID("EK-"));
+        
+        SignatureActionToken actionToken2 = new SignatureActionToken();
+        actionToken2.setKeyIdentifierId(WSConstants.CUSTOM_SYMM_SIGNING);
+        actionToken2.setKey(keyData);
+        actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+        actionToken2.setTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+        actionToken2.setTokenId(actionToken.getTokenId());
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        verify(doc, new KeystoreCallbackHandler());
     }
     
+    @org.junit.Test
+    public void testSymmetricSignatureEncryptionResponse() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String,
Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new KeystoreCallbackHandler()
+        );
+        reqData.setMsgContext(messageContext);
+        
+        EncryptionActionToken actionToken = new EncryptionActionToken();
+        actionToken.setKey(keyData);
+        actionToken.setSymmetricAlgorithm(WSConstants.AES_128);
+        actionToken.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        actionToken.setEncSymmetricEncryptionKey(false);
+        
+        SignatureActionToken actionToken2 = new SignatureActionToken();
+        actionToken2.setKeyIdentifierId(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+        actionToken2.setKey(keyData);
+        actionToken2.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.SIGN, actionToken2));
+        actions.add(new HandlerAction(WSConstants.ENCR, actionToken));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+            
+        SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
+        byte[] encodedBytes = WSSecurityUtil.generateDigest(keyData);
+        String identifier = Base64.encode(encodedBytes);
+        secretKeyCallbackHandler.addSecretKey(identifier, keyData);
+        
+        verify(doc, secretKeyCallbackHandler);
+    }
 
-    private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
-        return secEngine.processSecurityHeader(doc, null, null, crypto);
+    private List<WSSecurityEngineResult> verify(
+        Document doc, CallbackHandler callbackHandler
+    ) throws Exception {
+        return secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
     }
 
     

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java?rev=1526857&r1=1526856&r2=1526857&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureEncryptionTest.java
Fri Sep 27 11:39:31 2013
@@ -26,11 +26,8 @@ import org.apache.wss4j.dom.WSSecurityEn
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
 import org.apache.wss4j.dom.common.SOAPUtil;
-import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
 import org.apache.wss4j.dom.common.SecurityTestUtil;
-import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.common.WSEncryptionPart;
-import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.util.XMLUtils;
@@ -40,7 +37,6 @@ import org.w3c.dom.Document;
 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.crypto.dsig.SignatureMethod;
 
-import java.util.Collections;
 import java.util.List;
 import java.util.ArrayList;
 
@@ -66,20 +62,6 @@ public class SignatureEncryptionTest ext
     private WSSecurityEngine secEngine = new WSSecurityEngine();
     private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
     
-    private static final byte[] key = {
-        (byte)0x31, (byte)0xfd,
-        (byte)0xcb, (byte)0xda,
-        (byte)0xfb, (byte)0xcd,
-        (byte)0x6b, (byte)0xa8,
-        (byte)0xe6, (byte)0x19,
-        (byte)0xa7, (byte)0xbf,
-        (byte)0x51, (byte)0xf7,
-        (byte)0xc7, (byte)0x3e,
-        (byte)0x80, (byte)0xae,
-        (byte)0x98, (byte)0x51,
-        (byte)0xc8, (byte)0x51,
-        (byte)0x34, (byte)0x04,
-    };
     private Crypto crypto = null;
     
     @org.junit.AfterClass
@@ -326,58 +308,6 @@ public class SignatureEncryptionTest ext
     }
     
     /**
-     * Test that encrypts and signs a WS-Security envelope, then performs
-     * verification and decryption.
-     * <p/>
-     * 
-     * @throws Exception Thrown when there is any problem in signing, encryption,
-     *                   decryption, or verification
-     */
-    @org.junit.Test
-    public void testSigningEncryptionEmbedded() throws Exception {
-        WSSecEncrypt encrypt = new WSSecEncrypt();
-        WSSecSignature sign = new WSSecSignature();
-        
-        encrypt.setUserInfo("wss40");
-        encrypt.setKeyIdentifierType(WSConstants.EMBEDDED_KEYNAME);
-        encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);        
-        encrypt.setKey(key);
-
-        sign.setUserInfo("wss40", "security");
-        LOG.info("Before Encryption....");
-        Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
-        encrypt.setDocument(doc);
-        WSSecHeader secHeader = new WSSecHeader();
-        secHeader.insertSecurityHeader(doc);                
-        Document signedDoc = sign.build(doc, crypto, secHeader);
-        Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
-
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Encrypted message, RSA-OAEP keytransport, 3DES:");
-            String outputString = 
-                XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
-            LOG.debug(outputString);
-        }
-        LOG.info("After Encryption....");
-        
-        SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
-        secretKeyCallbackHandler.setOutboundSecret(key);
-        WSSecurityEngine engine = new WSSecurityEngine();
-        RequestData data = new RequestData();
-        data.setCallbackHandler(secretKeyCallbackHandler);
-        data.setSigVerCrypto(crypto);
-        data.setDecCrypto(crypto);
-        data.setIgnoredBSPRules(Collections.singletonList(BSPRule.R5426));
-        
-        engine.processSecurityHeader(doc, "", data);
-        if (LOG.isDebugEnabled()) {
-            String outputString = 
-                XMLUtils.PrettyDocumentToString(doc);
-            LOG.debug(outputString);
-        }
-    }
-    
-    /**
      * Test signature created using an encrypted key
      * SOAP Body is signed and encrypted. In the encryption, The ReferenceList element is

      * put into the Encrypted Key, as a child of the EncryptedKey. Signature is created 



Mime
View raw message