ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1530914 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/ ws-security-stax/src/main/java...
Date Thu, 10 Oct 2013 10:59:36 GMT
Author: coheigea
Date: Thu Oct 10 10:59:35 2013
New Revision: 1530914

URL: http://svn.apache.org/r1530914
Log:
Some bug fixes + enhancements surrounding derived keys

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Thu Oct 10 10:59:35 2013
@@ -518,6 +518,15 @@ public final class ConfigurationConstant
      */
     public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "enableSamlOneTimeUseCache";
     
+    /**
+     * Whether to use the "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"

+     * namespace for SecureConversation + Derived Keys. If set to "false", it will use the
+     * namespace "http://schemas.xmlsoap.org/ws/2005/02/sc".
+     * 
+     * The default is true.
+     */
+    public static final String USE_2005_12_NAMESPACE = "use200512Namespace";
+    
     //
     // (Non-boolean) Configuration parameters for the actions/processors
     //
@@ -850,5 +859,34 @@ public final class ConfigurationConstant
      */
     public static final String PASSWORD_ENCRYPTOR_INSTANCE = "passwordEncyptorInstance";
     
+    /**
+     * This controls how deriving tokens are referenced. The valid values are:
+     * 
+     * <code>DirectReference</code>, <code>EncryptedKey</code>, 
+     * <code>SecurityContextToken</code>.
+     */
+    public static final String DERIVED_TOKEN_REFERENCE = "derivedTokenReference";
+    
+    /**
+     * This controls the key identifier of Derived Tokens.
+     */
+    public static final String DERIVED_TOKEN_KEY_ID = "derivedTokenKeyIdentifier";
+    
+    /**
+     * The length to use (in bytes) when deriving a key for Signature. If this is not specified,
+     * it defaults to a value based on the signature algorithm.
+     * 
+     * Currently only used in the streaming code.
+     */
+    public static final String DERIVED_SIGNATURE_KEY_LENGTH = "derivedSignatureKeyLength";
+    
+    /**
+     * The length to use (in bytes) when deriving a key for Encryption. If this is not specified,
+     * it defaults to a value based on the encryption algorithm.
+     * 
+     * Currently only used in the streaming code.
+     */
+    public static final String DERIVED_ENCRYPTION_KEY_LENGTH = "derivedEncryptionKeyLength";
+    
 }
 

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Thu Oct 10 10:59:35 2013
@@ -453,6 +453,10 @@ public final class ConfigurationConverte
         boolean encryptSymmetricEncryptionKey = 
             decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY, true, config);
         properties.setEncryptSymmetricEncrytionKey(encryptSymmetricEncryptionKey);
+        
+        boolean use200512Namespace = 
+            decodeBooleanConfigValue(ConfigurationConstants.USE_2005_12_NAMESPACE, true,
config);
+        properties.setUse200512Namespace(use200512Namespace);
     }
     
     private static void parseNonBooleanProperties(
@@ -644,6 +648,43 @@ public final class ConfigurationConverte
         if (samlOneTimeUseCache != null) {
             properties.setSamlOneTimeUseReplayCache(samlOneTimeUseCache);
         }
+        
+        String derivedSignatureKeyLength = getString(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH,
config);
+        if (derivedSignatureKeyLength != null) {
+            int sigLength = Integer.parseInt(derivedSignatureKeyLength);
+            properties.setDerivedSignatureKeyLength(sigLength);
+        }
+        
+        String derivedEncryptionKeyLength = getString(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH,
config);
+        if (derivedEncryptionKeyLength != null) {
+            int encLength = Integer.parseInt(derivedEncryptionKeyLength);
+            properties.setDerivedEncryptionKeyLength(encLength);
+        }
+        
+        String derivedTokenReference = getString(ConfigurationConstants.DERIVED_TOKEN_REFERENCE,
config);
+        WSSConstants.DerivedKeyTokenReference convertedDerivedTokenReference = 
+            convertDerivedReference(derivedTokenReference);
+        if (convertedDerivedTokenReference != null) {
+            properties.setDerivedKeyTokenReference(convertedDerivedTokenReference);
+        }
+        
+        String derivedKeyIdentifier = getString(ConfigurationConstants.DERIVED_TOKEN_KEY_ID,
config);
+        WSSecurityTokenConstants.KeyIdentifier convertedDerivedKeyIdentifier = 
+            convertKeyIdentifier(derivedKeyIdentifier);
+        if (convertedDerivedKeyIdentifier != null) {
+            properties.setDerivedKeyKeyIdentifier(convertedDerivedKeyIdentifier);
+        }
+    }
+    
+    private static WSSConstants.DerivedKeyTokenReference convertDerivedReference(String derivedTokenReference)
{
+        if ("EncryptedKey".equals(derivedTokenReference)) {
+           return WSSConstants.DerivedKeyTokenReference.EncryptedKey;
+        } else if ("DirectReference".equals(derivedTokenReference)) {
+            return WSSConstants.DerivedKeyTokenReference.DirectReference;
+        } else if ("SecurityContextToken".equals(derivedTokenReference)) {
+            return WSSConstants.DerivedKeyTokenReference.SecurityContextToken;
+        }
+        return null;
     }
     
     private static WSSecurityTokenConstants.KeyIdentifier convertKeyIdentifier(String keyIdentifier)
{
@@ -668,7 +709,7 @@ public final class ConfigurationConverte
         }
         return null;
     }
-        
+    
     private static int decodeTimeToLive(Map<String, Object> config, boolean timestamp)
{
         String tag = ConfigurationConstants.TTL_TIMESTAMP;
         if (!timestamp) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Thu Oct 10 10:59:35 2013
@@ -327,6 +327,10 @@ public class OutboundWSSec {
             if (derivedEncryption) {
                 String id = 
                     outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY);
+                if (id == null) {
+                    // Maybe not encrypting the key here...
+                    id = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+                }
                 setDerivedIdentifier(outputProcessorChain, id);
             }
             
@@ -638,7 +642,7 @@ public class OutboundWSSec {
     
     private void setDerivedIdentifier(OutputProcessorChainImpl outputProcessorChain, String
id) {
         WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference = securityProperties.getDerivedKeyTokenReference();
-        switch (derivedKeyTokenReference) {
+            switch (derivedKeyTokenReference) {
 
             case DirectReference:
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY,
id);
@@ -651,6 +655,6 @@ public class OutboundWSSec {
             case SecurityContextToken:
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN,
id);
                 break;
-        }
+            }
     }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
Thu Oct 10 10:59:35 2013
@@ -248,17 +248,17 @@ public class WSSConstants extends XMLSec
     public static final QName TAG_wsc0502_DerivedKeyToken = new QName(NS_WSC_05_02, "DerivedKeyToken",
PREFIX_WSC);
     public static final QName TAG_wsc0512_DerivedKeyToken = new QName(NS_WSC_05_12, "DerivedKeyToken",
PREFIX_WSC);
     public static final QName TAG_wsc0502_Properties = new QName(NS_WSC_05_02, "Properties",
PREFIX_WSC);
-    public static final QName TAG_wsc0512_Properties = new QName(NS_WSC_05_02, "Properties",
PREFIX_WSC);
+    public static final QName TAG_wsc0512_Properties = new QName(NS_WSC_05_12, "Properties",
PREFIX_WSC);
     public static final QName TAG_wsc0502_Length = new QName(NS_WSC_05_02, "Length", PREFIX_WSC);
-    public static final QName TAG_wsc0512_Length = new QName(NS_WSC_05_02, "Length", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Length = new QName(NS_WSC_05_12, "Length", PREFIX_WSC);
     public static final QName TAG_wsc0502_Generation = new QName(NS_WSC_05_02, "Generation",
PREFIX_WSC);
-    public static final QName TAG_wsc0512_Generation = new QName(NS_WSC_05_02, "Generation",
PREFIX_WSC);
+    public static final QName TAG_wsc0512_Generation = new QName(NS_WSC_05_12, "Generation",
PREFIX_WSC);
     public static final QName TAG_wsc0502_Offset = new QName(NS_WSC_05_02, "Offset", PREFIX_WSC);
-    public static final QName TAG_wsc0512_Offset = new QName(NS_WSC_05_02, "Offset", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Offset = new QName(NS_WSC_05_12, "Offset", PREFIX_WSC);
     public static final QName TAG_wsc0502_Label = new QName(NS_WSC_05_02, "Label", PREFIX_WSC);
-    public static final QName TAG_wsc0512_Label = new QName(NS_WSC_05_02, "Label", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Label = new QName(NS_WSC_05_12, "Label", PREFIX_WSC);
     public static final QName TAG_wsc0502_Nonce = new QName(NS_WSC_05_02, "Nonce", PREFIX_WSC);
-    public static final QName TAG_wsc0512_Nonce = new QName(NS_WSC_05_02, "Nonce", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Nonce = new QName(NS_WSC_05_12, "Nonce", PREFIX_WSC);
 
     public static final String P_SHA_1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
     public static final String P_SHA_1_2005_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1";

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Thu Oct 10 10:59:35 2013
@@ -73,6 +73,7 @@ public class WSSSecurityProperties exten
     private boolean addUsernameTokenNonce;
     private boolean addUsernameTokenCreated;
     private boolean encryptSymmetricEncrytionKey = true;
+    private boolean use200512Namespace;
 
     /**
      * This variable controls whether types other than PasswordDigest or PasswordText
@@ -90,6 +91,8 @@ public class WSSSecurityProperties exten
 
     private WSSecurityTokenConstants.KeyIdentifier derivedKeyKeyIdentifier;
     private WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference;
+    private int derivedSignatureKeyLength;
+    private int derivedEncryptionKeyLength;
 
     private WSSCrypto signatureWSSCrypto;
     private String signatureUser;
@@ -137,8 +140,11 @@ public class WSSSecurityProperties exten
         this.usernameTokenPasswordType = wssSecurityProperties.usernameTokenPasswordType;
         this.allowUsernameTokenNoPassword = wssSecurityProperties.allowUsernameTokenNoPassword;
         this.tokenUser = wssSecurityProperties.tokenUser;
+        this.use200512Namespace = wssSecurityProperties.use200512Namespace;
         this.derivedKeyKeyIdentifier = wssSecurityProperties.derivedKeyKeyIdentifier;
         this.derivedKeyTokenReference = wssSecurityProperties.derivedKeyTokenReference;
+        this.derivedSignatureKeyLength = wssSecurityProperties.derivedSignatureKeyLength;
+        this.derivedEncryptionKeyLength = wssSecurityProperties.derivedEncryptionKeyLength;
         this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
         this.signatureUser = wssSecurityProperties.signatureUser;
         this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
@@ -916,5 +922,29 @@ public class WSSSecurityProperties exten
     public Collection<Pattern> getSubjectCertConstraints() {
         return subjectDNPatterns;
     }
+
+    public int getDerivedSignatureKeyLength() {
+        return derivedSignatureKeyLength;
+    }
+
+    public void setDerivedSignatureKeyLength(int derivedSignatureKeyLength) {
+        this.derivedSignatureKeyLength = derivedSignatureKeyLength;
+    }
+
+    public int getDerivedEncryptionKeyLength() {
+        return derivedEncryptionKeyLength;
+    }
+
+    public void setDerivedEncryptionKeyLength(int derivedEncryptionKeyLength) {
+        this.derivedEncryptionKeyLength = derivedEncryptionKeyLength;
+    }
+
+    public boolean isUse200512Namespace() {
+        return use200512Namespace;
+    }
+
+    public void setUse200512Namespace(boolean use200512Namespace) {
+        this.use200512Namespace = use200512Namespace;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Thu Oct 10 10:59:35 2013
@@ -77,11 +77,17 @@ public class DerivedKeyTokenOutputProces
 
             XMLSecurityConstants.Action action = getAction();
             if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
-                length = JCEAlgorithmMapper.getKeyLengthFromURI(getSecurityProperties().getSignatureAlgorithm())
/ 8;
-                System.out.println("SIG LEN: " + length);
+                if (((WSSSecurityProperties)getSecurityProperties()).getDerivedSignatureKeyLength()
> 0) {
+                    length = ((WSSSecurityProperties)getSecurityProperties()).getDerivedSignatureKeyLength();
+                } else {
+                    length = JCEAlgorithmMapper.getKeyLengthFromURI(getSecurityProperties().getSignatureAlgorithm())
/ 8;
+                }
             } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
-                length = JCEAlgorithmMapper.getKeyLengthFromURI(getSecurityProperties().getEncryptionSymAlgorithm())
/ 8;
-                System.out.println("ENC LEN: " + length);
+                if (((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength()
> 0) {
+                    length = ((WSSSecurityProperties)getSecurityProperties()).getDerivedEncryptionKeyLength();
+                } else {
+                    length = JCEAlgorithmMapper.getKeyLengthFromURI(getSecurityProperties().getEncryptionSymAlgorithm())
/ 8;
+                }
             }
 
             byte[] label;
@@ -171,7 +177,9 @@ public class DerivedKeyTokenOutputProces
             }
             outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(wsuIdDKT,
derivedKeysecurityTokenProvider);
             FinalDerivedKeyTokenOutputProcessor finalDerivedKeyTokenOutputProcessor =
-                    new FinalDerivedKeyTokenOutputProcessor(derivedKeySecurityToken, offset,
length, new String(Base64.encodeBase64(nonce)));
+                    new FinalDerivedKeyTokenOutputProcessor(derivedKeySecurityToken, offset,
length, new String(Base64.encodeBase64(nonce)),
+                                                            ((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace(),
+                                                            wrappingSecurityToken.getSha1Identifier());
             finalDerivedKeyTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
             finalDerivedKeyTokenOutputProcessor.setAction(getAction());
             finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
@@ -189,14 +197,20 @@ public class DerivedKeyTokenOutputProces
         private final int offset;
         private final int length;
         private final String nonce;
+        private final boolean use200512Namespace;
+        private final String sha1Identifier;
 
-        FinalDerivedKeyTokenOutputProcessor(OutboundSecurityToken securityToken, int offset,
int length, String nonce) throws XMLSecurityException {
+        FinalDerivedKeyTokenOutputProcessor(OutboundSecurityToken securityToken, int offset,

+                                            int length, String nonce, boolean use200512Namespace,
+                                            String sha1Identifier) throws XMLSecurityException
{
 
             super();
             this.securityToken = securityToken;
             this.offset = offset;
             this.length = length;
             this.nonce = nonce;
+            this.use200512Namespace = use200512Namespace;
+            this.sha1Identifier = sha1Identifier;
         }
 
         @Override
@@ -207,7 +221,7 @@ public class DerivedKeyTokenOutputProces
 
             if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, ((WSSSecurityProperties) getSecurityProperties()).getActor()))
{
 
-                final QName headerElementName = WSSConstants.TAG_wsc0502_DerivedKeyToken;
+                final QName headerElementName = getHeaderElementName();
                 WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, headerElementName,
getAction(), false);
 
                 OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
@@ -218,16 +232,17 @@ public class DerivedKeyTokenOutputProces
 
                 createSecurityTokenReferenceStructureForDerivedKey(subOutputProcessorChain,
securityToken,
                         ((WSSSecurityProperties) getSecurityProperties()).getDerivedKeyKeyIdentifier(),
-                        ((WSSSecurityProperties) getSecurityProperties()).getDerivedKeyTokenReference(),
getSecurityProperties().isUseSingleCert());
-                createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Offset,
false, null);
+                        ((WSSSecurityProperties) getSecurityProperties()).getDerivedKeyTokenReference(),
+                        getSecurityProperties().isUseSingleCert());
+                createStartElementAndOutputAsEvent(subOutputProcessorChain, getOffsetName(),
false, null);
                 createCharactersAndOutputAsEvent(subOutputProcessorChain, "" + offset);
-                createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Offset);
-                createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Length,
false, null);
+                createEndElementAndOutputAsEvent(subOutputProcessorChain, getOffsetName());
+                createStartElementAndOutputAsEvent(subOutputProcessorChain, getLengthName(),
false, null);
                 createCharactersAndOutputAsEvent(subOutputProcessorChain, "" + length);
-                createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Length);
-                createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Nonce,
false, null);
+                createEndElementAndOutputAsEvent(subOutputProcessorChain, getLengthName());
+                createStartElementAndOutputAsEvent(subOutputProcessorChain, getNonceName(),
false, null);
                 createCharactersAndOutputAsEvent(subOutputProcessorChain, nonce);
-                createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_wsc0502_Nonce);
+                createEndElementAndOutputAsEvent(subOutputProcessorChain, getNonceName());
                 createEndElementAndOutputAsEvent(subOutputProcessorChain, headerElementName);
 
                 outputProcessorChain.removeProcessor(this);
@@ -246,7 +261,8 @@ public class DerivedKeyTokenOutputProces
             attributes.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID(null)));
             if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)
&& !useSingleCertificate) {
                 attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_X509PKIPathv1));
-            } else if (derivedKeyTokenReference == WSSConstants.DerivedKeyTokenReference.EncryptedKey)
{
+            } else if (derivedKeyTokenReference == WSSConstants.DerivedKeyTokenReference.EncryptedKey
+                || WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier))
{
                 attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
             }
             createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
false, attributes);
@@ -254,7 +270,10 @@ public class DerivedKeyTokenOutputProces
             X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
             String tokenId = securityToken.getKeyWrappingToken().getId();
 
-            if (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier))
{
+            if (derivedKeyTokenReference == WSSConstants.DerivedKeyTokenReference.EncryptedKey)
{
+                String valueType = WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE;
+                WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId,
valueType);
+            } else if (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier))
{
                 WSSUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
             } else if (WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(keyIdentifier))
{
                 WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain,
x509Certificates);
@@ -270,10 +289,40 @@ public class DerivedKeyTokenOutputProces
                     valueType = WSSConstants.NS_X509PKIPathv1;
                 }
                 WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId,
valueType);
+            } else if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier))
{
+                WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain,
sha1Identifier);
             } else {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedSecurityToken");
             }
             createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
         }
+        
+        private QName getHeaderElementName() {
+            if (use200512Namespace) {
+                return WSSConstants.TAG_wsc0512_DerivedKeyToken;
+            }
+            return WSSConstants.TAG_wsc0502_DerivedKeyToken;
+        }
+        
+        private QName getOffsetName() {
+            if (use200512Namespace) {
+                return WSSConstants.TAG_wsc0512_Offset;
+            }
+            return WSSConstants.TAG_wsc0502_Offset;
+        }
+        
+        private QName getLengthName() {
+            if (use200512Namespace) {
+                return WSSConstants.TAG_wsc0512_Length;
+            }
+            return WSSConstants.TAG_wsc0502_Length;
+        }
+        
+        private QName getNonceName() {
+            if (use200512Namespace) {
+                return WSSConstants.TAG_wsc0512_Nonce;
+            }
+            return WSSConstants.TAG_wsc0502_Nonce;
+        }
     }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Thu Oct 10 10:59:35 2013
@@ -266,7 +266,14 @@ public class EncryptOutputProcessor exte
                     attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
                     if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
                         attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
-                    }
+                    } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(tokenType))
{
+                        boolean use200512Namespace = ((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace();
+                        if (use200512Namespace) {
+                            attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType,
WSSConstants.NS_WSC_05_12 + "/dk"));
+                        } else {
+                            attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType,
WSSConstants.NS_WSC_05_02 + "/dk"));
+                        }
+                    } 
                     createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference,
false, attributes);
                     createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
                 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java?rev=1530914&r1=1530913&r2=1530914&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
Thu Oct 10 10:59:35 2013
@@ -112,7 +112,6 @@ public class WSSSignatureEndingOutputPro
                 || WSSecurityTokenConstants.KeyIdentifier_EncryptedKey.equals(keyIdentifier))
{
                 attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
             }
-            
             createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
false, attributes);
 
             String tokenId = securityToken.getId();
@@ -148,6 +147,13 @@ public class WSSSignatureEndingOutputPro
                     valueType = null;
                 } else if (WSSecurityTokenConstants.KerberosToken.equals(securityToken.getTokenType()))
{
                     valueType = WSSConstants.NS_GSS_Kerberos5_AP_REQ;
+                } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(securityToken.getTokenType()))
{
+                    boolean use200512Namespace = ((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace();
+                    if (use200512Namespace) {
+                        valueType = WSSConstants.NS_WSC_05_12 + "/dk";
+                    } else {
+                        valueType = WSSConstants.NS_WSC_05_02 + "/dk";
+                    }
                 } else {
                     if (useSingleCertificate) {
                         valueType = WSSConstants.NS_X509_V3_TYPE;



Mime
View raw message