ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1531255 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-common/src/main/java/org/apache/wss4j/common/util/ ws-security-dom/src/main/java/org/apache/wss4j/dom/ ws-security-dom/src/main/ja...
Date Fri, 11 Oct 2013 11:24:03 GMT
Author: coheigea
Date: Fri Oct 11 11:24:03 2013
New Revision: 1531255

URL: http://svn.apache.org/r1531255
Log:
Added a "Custom Token" action, to allow (DOM) Tokens to be passed through from external code

Added:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/CustomTokenAction.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomTokenTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/X509Util.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Fri Oct 11 11:24:03 2013
@@ -113,6 +113,12 @@ public final class ConfigurationConstant
      */
     public static final String KERBEROS_TOKEN = "KerberosToken";
     
+    /**
+     * Add a "Custom" token. This token will be retrieved from a CallbackHandler via 
+     * WSPasswordCallback.Usage.CUSTOM_TOKEN and written out as is in the security header.
+     */
+    public static final String CUSTOM_TOKEN = "CustomToken";
+    
     //
     // User properties
     //

Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java?rev=1531255&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java Fri Oct 11 11:24:03 2013
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.util;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.xml.security.algorithms.JCEMapper;
+
+public final class KeyUtils {
+    private static org.slf4j.Logger LOG =
+            org.slf4j.LoggerFactory.getLogger(KeyUtils.class);
+
+    /**
+     * Returns the length of the key in # of bytes
+     * 
+     * @param algorithm
+     * @return the key length
+     */
+    public static int getKeyLength(String algorithm) throws WSSecurityException {
+        return JCEMapper.getKeyLengthFromURI(algorithm) / 8;
+    }
+    
+    /**
+     * Convert the raw key bytes into a SecretKey object of type symEncAlgo.
+     */
+    public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey) {
+        // Do an additional check on the keysize required by the encryption algorithm
+        int size = 0;
+        try {
+            size = getKeyLength(symEncAlgo);
+        } catch (Exception e) {
+            // ignore - some unknown (to JCEMapper) encryption algorithm
+            if (LOG.isDebugEnabled()) {
+                LOG.debug(e.getMessage());
+            }
+        }
+        String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
+        SecretKeySpec keySpec;
+        if (size <= 0 || keyAlgorithm.startsWith("HmacSHA") && rawKey.length <= 64) {
+            keySpec = new SecretKeySpec(rawKey, keyAlgorithm);
+        } else {
+            keySpec = 
+                new SecretKeySpec(
+                    rawKey, 0, rawKey.length > size ? size : rawKey.length, keyAlgorithm
+                );
+        }
+        return keySpec;
+    }    
+}

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSConstants.java Fri Oct 11 11:24:03 2013
@@ -475,6 +475,7 @@ public final class WSConstants {
     public static final int DKT = 0x800; //DerivedKeyToken
     public static final int BST = 0x1000; //BinarySecurityToken
     public static final int UT_NOPASSWORD = 0x2000; // perform UsernameToken
+    public static final int CUSTOM_TOKEN = 0x4000; // perform a Custom Token action
 
     private WSConstants() {
         // Complete

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java Fri Oct 11 11:24:03 2013
@@ -101,6 +101,10 @@ public class WSSConfig {
                 WSConstants.SC,
                 org.apache.wss4j.dom.action.SignatureConfirmationAction.class
             );
+            tmp.put(
+                WSConstants.CUSTOM_TOKEN,
+                org.apache.wss4j.dom.action.CustomTokenAction.class
+            );
         } catch (final Exception ex) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug(ex.getMessage(), ex);

Added: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/CustomTokenAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/CustomTokenAction.java?rev=1531255&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/CustomTokenAction.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/CustomTokenAction.java Fri Oct 11 11:24:03 2013
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.action;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.wss4j.common.SecurityActionToken;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandler;
+
+public class CustomTokenAction implements Action {
+    
+    public void execute(WSHandler handler, SecurityActionToken actionToken,
+                        Document doc, RequestData reqData)
+        throws WSSecurityException {
+        CallbackHandler callbackHandler = reqData.getCallbackHandler();
+        if (callbackHandler == null) {
+            callbackHandler = handler.getPasswordCallbackHandler(reqData);
+        }
+        
+        if (callbackHandler == null) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.FAILURE, "noCallback"
+            );
+        }
+        
+        WSPasswordCallback wsPasswordCallback = 
+            new WSPasswordCallback(reqData.getUsername(), WSPasswordCallback.Usage.CUSTOM_TOKEN);
+        
+        try {
+            callbackHandler.handle(new Callback[]{wsPasswordCallback});
+        } catch (Exception e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                    "empty", e, "WSHandler: password callback failed");
+        }
+        
+        Element customToken = wsPasswordCallback.getCustomToken();
+        if (customToken == null) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.FAILURE, "resourceNotFound", "CustomToken"
+            );
+        }
+        
+        Element securityHeader = reqData.getSecHeader().getSecurityHeader();
+        securityHeader.appendChild(securityHeader.getOwnerDocument().adoptNode(customToken));
+    }
+}

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Fri Oct 11 11:24:03 2013
@@ -221,6 +221,7 @@ public abstract class WSHandler {
             case WSConstants.ST_UNSIGNED:
             case WSConstants.TS:
             case WSConstants.UT_SIGN:
+            case WSConstants.CUSTOM_TOKEN:
                 wssConfig.getAction(actionToDo.getAction()).execute(
                     this, actionToDo.getActionToken(), doc, reqData);
                 break;

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Fri Oct 11 11:24:03 2013
@@ -23,6 +23,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
 import org.apache.wss4j.common.derivedKey.ConversationException;
 import org.apache.wss4j.dom.message.token.Reference;
@@ -110,7 +111,7 @@ public class WSSecDKEncrypt extends WSSe
         
         KeyInfo keyInfo = createKeyInfo();
 
-        SecretKey key = WSSecurityUtil.prepareSecretKey(symEncAlgo, derivedKeyBytes);
+        SecretKey key = KeyUtils.prepareSecretKey(symEncAlgo, derivedKeyBytes);
 
         List<String> encDataRefs = 
             WSSecEncrypt.doEncryption(
@@ -185,7 +186,7 @@ public class WSSecDKEncrypt extends WSSe
      */
     protected int getDerivedKeyLength() throws WSSecurityException{
         return derivedKeyLength > 0 ? derivedKeyLength : 
-            WSSecurityUtil.getKeyLength(symEncAlgo);
+            KeyUtils.getKeyLength(symEncAlgo);
     }
     
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java Fri Oct 11 11:24:03 2013
@@ -24,6 +24,7 @@ import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
 import org.apache.wss4j.common.derivedKey.ConversationException;
 import org.apache.wss4j.dom.message.token.Reference;
@@ -250,7 +251,7 @@ public class WSSecDKSign extends WSSecDe
     ) throws WSSecurityException {
         try {
             java.security.Key key = 
-                WSSecurityUtil.prepareSecretKey(sigAlgo, derivedKeyBytes);
+                KeyUtils.prepareSecretKey(sigAlgo, derivedKeyBytes);
             SignatureMethod signatureMethod = 
                 signatureFactory.newSignatureMethod(sigAlgo, null);
             SignedInfo signedInfo = 
@@ -312,7 +313,7 @@ public class WSSecDKSign extends WSSecDe
      */
     protected int getDerivedKeyLength() throws WSSecurityException {
         return derivedKeyLength > 0 ? derivedKeyLength : 
-            WSSecurityUtil.getKeyLength(sigAlgo);
+            KeyUtils.getKeyLength(sigAlgo);
     }
     
     /**

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Fri Oct 11 11:24:03 2013
@@ -25,6 +25,7 @@ import org.apache.wss4j.common.WSEncrypt
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
 import org.apache.wss4j.dom.message.token.Reference;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
@@ -130,7 +131,7 @@ public class WSSecEncrypt extends WSSecE
             ephemeralKey = symmetricKey.getEncoded();
         }
         
-        symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
+        symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, ephemeralKey);
         
         //
         // Get the certificate that contains the public key for the public key

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Fri Oct 11 11:24:03 2013
@@ -37,6 +37,7 @@ import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.message.token.DOMX509Data;
 import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
@@ -48,7 +49,6 @@ import org.apache.xml.security.algorithm
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.XMLUtils;
-
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
@@ -196,7 +196,7 @@ public class WSSecEncryptedKey extends W
         }
         
         if (symmetricKey == null) {
-            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, ephemeralKey);
+            symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, ephemeralKey);
         }
 
         //

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Fri Oct 11 11:24:03 2013
@@ -26,6 +26,7 @@ import org.apache.wss4j.common.WSEncrypt
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.message.token.DOMX509Data;
 import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
@@ -526,7 +527,7 @@ public class WSSecSignature extends WSSe
             if (secretKey == null) {
                 key = crypto.getPrivateKey(user, password);
             } else {
-                key = WSSecurityUtil.prepareSecretKey(sigAlgo, secretKey);
+                key = KeyUtils.prepareSecretKey(sigAlgo, secretKey);
             }
             SignatureMethod signatureMethod = 
                 signatureFactory.newSignatureMethod(sigAlgo, null);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java Fri Oct 11 11:24:03 2013
@@ -31,12 +31,12 @@ import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -107,13 +107,13 @@ public class EncryptedDataProcessor impl
             );
             byte[] secretKey = strParser.getSecretKey();
             principal = strParser.getPrincipal();
-            key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKey);
+            key = KeyUtils.prepareSecretKey(symEncAlgo, secretKey);
         } else if (encryptedKeyElement != null) {
             EncryptedKeyProcessor encrKeyProc = new EncryptedKeyProcessor();
             encrKeyResults = encrKeyProc.handleToken(encryptedKeyElement, request, wsDocInfo);
             byte[] symmKey = 
                 (byte[])encrKeyResults.get(0).get(WSSecurityEngineResult.TAG_SECRET);
-            key = WSSecurityUtil.prepareSecretKey(symEncAlgo, symmKey);
+            key = KeyUtils.prepareSecretKey(symEncAlgo, symmKey);
         } else {
             throw new WSSecurityException(
                 WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncKey"

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Fri Oct 11 11:24:03 2013
@@ -36,11 +36,11 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
-
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -247,7 +247,7 @@ public class EncryptedKeyProcessor imple
                 Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, wsDocInfo, uri);
                 String algorithmURI = X509Util.getEncAlgo(ee);
                 alg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-                size = WSSecurityUtil.getKeyLength(algorithmURI);
+                size = KeyUtils.getKeyLength(algorithmURI);
             }
             KeyGenerator kgen = KeyGenerator.getInstance(alg);
             kgen.init(size * 8);
@@ -467,7 +467,7 @@ public class EncryptedKeyProcessor imple
         
         SecretKey symmetricKey = null;
         try {
-            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
+            symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, decryptedData);
         } catch (IllegalArgumentException ex) {
             throw new WSSecurityException(
                 WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "badEncAlgo", 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java Fri Oct 11 11:24:03 2013
@@ -31,12 +31,12 @@ import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -174,7 +174,7 @@ public class ReferenceListProcessor impl
             );
             byte[] secretKey = strParser.getSecretKey();
             principal = strParser.getPrincipal();
-            symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKey);
+            symmetricKey = KeyUtils.prepareSecretKey(symEncAlgo, secretKey);
         }
         
         // Check for compliance against the defined AlgorithmSuite

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Fri Oct 11 11:24:03 2013
@@ -57,7 +57,6 @@ import org.apache.wss4j.common.principal
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
@@ -66,6 +65,7 @@ import org.apache.wss4j.common.crypto.Cr
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -389,7 +389,7 @@ public class SignatureProcessor implemen
         } else if (publicKey != null) {
             key = publicKey;
         } else {
-            key = WSSecurityUtil.prepareSecretKey(signatureMethod, secretKey);
+            key = KeyUtils.prepareSecretKey(signatureMethod, secretKey);
         }
         
         XMLValidateContext context = new DOMValidateContext(key, elem);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/X509Util.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/X509Util.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/X509Util.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/X509Util.java Fri Oct 11 11:24:03 2013
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.processor;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -31,6 +32,7 @@ import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
+
 import java.io.IOException;
 
 public final class X509Util {
@@ -120,7 +122,7 @@ public final class X509Util {
                 "noPassword",
                 keyName);
         }
-        return WSSecurityUtil.prepareSecretKey(algorithm, decryptedData);
+        return KeyUtils.prepareSecretKey(algorithm, decryptedData);
     }
 
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java Fri Oct 11 11:24:03 2013
@@ -45,6 +45,7 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSignature;
@@ -499,7 +500,7 @@ public class WSSecSignatureSAML extends 
             if (senderVouches) {
                 key = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPW);
             } else if (secretKey != null) {
-                key = WSSecurityUtil.prepareSecretKey(sigAlgo, secretKey);
+                key = KeyUtils.prepareSecretKey(sigAlgo, secretKey);
             } else {
                 key = userCrypto.getPrivateKey(user, password);
             }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java Fri Oct 11 11:24:03 2013
@@ -34,6 +34,7 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSecurityEngine;
@@ -300,7 +301,7 @@ public class SecurityTokenRefSTRParser i
             byte[] secret = 
                 (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
             String algorithm = (String)parameters.get(SIGNATURE_METHOD);
-            secretKey = dkt.deriveKey(WSSecurityUtil.getKeyLength(algorithm), secret);
+            secretKey = dkt.deriveKey(KeyUtils.getKeyLength(algorithm), secret);
             principal = dkt.createPrincipal();
         } else if (WSConstants.ST_UNSIGNED == action || WSConstants.ST_SIGNED == action) {
             SamlAssertionWrapper samlAssertion =

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java Fri Oct 11 11:24:03 2013
@@ -32,7 +32,6 @@ import javax.xml.namespace.QName;
 
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
 import org.w3c.dom.Element;
-
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -42,6 +41,7 @@ import org.apache.wss4j.common.saml.Open
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSecurityEngine;
@@ -499,7 +499,7 @@ public class SignatureSTRParser implemen
             int keyLength = dkt.getLength();
             if (keyLength <= 0) {
                 String algorithm = (String)parameters.get(SIGNATURE_METHOD);
-                keyLength = WSSecurityUtil.getKeyLength(algorithm);
+                keyLength = KeyUtils.getKeyLength(algorithm);
             }
             byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
             secretKey = dkt.deriveKey(keyLength, secret); 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Fri Oct 11 11:24:03 2013
@@ -45,8 +45,6 @@ import org.w3c.dom.Text;
 
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
 import javax.xml.crypto.dom.DOMCryptoContext;
 import javax.xml.namespace.QName;
 
@@ -800,35 +798,6 @@ public final class WSSecurityUtil {
         return getSOAPConstants(startElement).getEnvelopeURI();
     }
     
-    
-    /**
-     * Convert the raw key bytes into a SecretKey object of type symEncAlgo.
-     */
-    public static SecretKey prepareSecretKey(String symEncAlgo, byte[] rawKey) {
-        // Do an additional check on the keysize required by the encryption algorithm
-        int size = 0;
-        try {
-            size = WSSecurityUtil.getKeyLength(symEncAlgo);
-        } catch (Exception e) {
-            // ignore - some unknown (to JCEMapper) encryption algorithm
-            if (log.isDebugEnabled()) {
-                log.debug(e.getMessage());
-            }
-        }
-        String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
-        SecretKeySpec keySpec;
-        if (size > 0) {
-            keySpec = 
-                new SecretKeySpec(
-                    rawKey, 0, rawKey.length > size ? size : rawKey.length, keyAlgorithm
-                );
-        } else {
-            keySpec = new SecretKeySpec(rawKey, keyAlgorithm);
-        }
-        return keySpec;
-    }
-
-
     /**
      * Translate the "cipherAlgo" URI to a JCE ID, and return a javax.crypto.Cipher instance
      * of this type. 
@@ -1029,16 +998,6 @@ public final class WSSecurityUtil {
     }
 
     /**
-     * Returns the length of the key in # of bytes
-     * 
-     * @param algorithm
-     * @return the key length
-     */
-    public static int getKeyLength(String algorithm) throws WSSecurityException {
-        return JCEMapper.getKeyLengthFromURI(algorithm) / 8;
-    }
-
-    /**
      * Generate a nonce of the given length using the SHA1PRNG algorithm. The SecureRandom
      * instance that backs this method is cached for efficiency.
      * 

Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomTokenTest.java?rev=1531255&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomTokenTest.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/CustomTokenTest.java Fri Oct 11 11:24:03 2013
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.handler;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CustomHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.message.WSSecTimestamp;
+import org.apache.wss4j.dom.message.token.Timestamp;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+/**
+ * A test to add a Custom Token to an outbound message
+ */
+public class CustomTokenTest extends org.junit.Assert {
+    private static final org.slf4j.Logger LOG = 
+        org.slf4j.LoggerFactory.getLogger(CustomTokenTest.class);
+
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+    }
+    
+    // Add a Timestamp via a "Custom Token"
+    @org.junit.Test
+    public void testCustomTokenTimestamp() throws Exception {
+        // Create a Timestamp manually
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        Document timestampDoc = dbf.newDocumentBuilder().newDocument();
+        
+        WSSecTimestamp timestamp = new WSSecTimestamp();
+        timestamp.setTimeToLive(300);
+        timestamp.prepare(timestampDoc);
+        Element timestampElement = timestamp.getElement();
+        
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        java.util.Map<String, Object> messageContext = new java.util.TreeMap<String, Object>();
+        messageContext.put(
+            WSHandlerConstants.PW_CALLBACK_REF, new CustomCallbackHandler(timestampElement)
+        );
+        reqData.setMsgContext(messageContext);
+        
+        final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        CustomHandler handler = new CustomHandler();
+        List<HandlerAction> actions = new ArrayList<HandlerAction>();
+        actions.add(new HandlerAction(WSConstants.CUSTOM_TOKEN, null));
+        handler.send(
+            doc, 
+            reqData, 
+            actions,
+            true
+        );
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        WSSecurityEngine secEngine = new WSSecurityEngine();
+        List<WSSecurityEngineResult> wsResults = 
+            secEngine.processSecurityHeader(doc, null, null, null);
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(wsResults, WSConstants.TS);
+        assertTrue(actionResult != null);
+        
+        Timestamp receivedTimestamp = 
+            (Timestamp)actionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
+        assertTrue(receivedTimestamp != null);
+    }
+    
+    private static class CustomCallbackHandler implements CallbackHandler {
+        
+        private final Element customElement;
+
+        public CustomCallbackHandler(Element customElement) {
+            this.customElement = customElement;
+        }
+        
+        @Override
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+            for (Callback callback : callbacks) {
+                if (callback instanceof WSPasswordCallback) {
+                    WSPasswordCallback passwordCallback = (WSPasswordCallback)callback;
+                    if (passwordCallback.getUsage() == WSPasswordCallback.Usage.CUSTOM_TOKEN) {
+                        passwordCallback.setCustomToken(customElement);
+                        return;
+                    }
+                }
+            }
+            
+        }
+        
+    }
+    
+}

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Fri Oct 11 11:24:03 2013
@@ -115,6 +115,8 @@ public final class ConfigurationConverte
                 actions.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
             } else if (single[i].equals(ConfigurationConstants.KERBEROS_TOKEN)) {
                 actions.add(WSSConstants.KERBEROS_TOKEN);
+            } else if (single[i].equals(ConfigurationConstants.CUSTOM_TOKEN)) {
+                actions.add(WSSConstants.CUSTOM_TOKEN);
             }
         }
 

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java Fri Oct 11 11:24:03 2013
@@ -305,6 +305,10 @@ public class OutboundWSSec {
                     final BinarySecurityTokenOutputProcessor kerberosTokenOutputProcessor =
                         new BinarySecurityTokenOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, kerberosTokenOutputProcessor, action);
+                } else if (WSSConstants.CUSTOM_TOKEN.equals(action)) {
+                    final CustomTokenOutputProcessor unknownTokenOutputProcessor =
+                        new CustomTokenOutputProcessor();
+                    initializeOutputProcessor(outputProcessorChain, unknownTokenOutputProcessor, action);
                 }
             }
             

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Fri Oct 11 11:24:03 2013
@@ -269,6 +269,7 @@ public class WSSConstants extends XMLSec
     public static final String PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS = "PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS";
     public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
     public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN";
 
     public static final String PROP_TIMESTAMP_SECURITYEVENT = "PROP_TIMESTAMP";
 
@@ -285,6 +286,7 @@ public class WSSConstants extends XMLSec
     public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
     public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
     public static final Action KERBEROS_TOKEN = new Action("KerberosToken");
+    public static final Action CUSTOM_TOKEN = new Action("CustomToken");
 
     public static final AlgorithmUsage Comp_Key = new AlgorithmUsage("Comp_Key");
     public static final AlgorithmUsage Enc_KD = new AlgorithmUsage("Enc_KD");

Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java?rev=1531255&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/CustomTokenOutputProcessor.java Fri Oct 11 11:24:03 2013
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.processor.output;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
+import org.apache.xml.security.stax.ext.OutputProcessorChain;
+import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.ext.stax.XMLSecNamespace;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
+
+public class CustomTokenOutputProcessor extends AbstractOutputProcessor {
+
+    public CustomTokenOutputProcessor() throws XMLSecurityException {
+        super();
+        addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+        addBeforeProcessor(EncryptedKeyOutputProcessor.class.getName());
+    }
+    
+    @Override
+    public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+        try {
+            String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN);
+            if (tokenId == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+            }
+                
+            WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(tokenId, WSPasswordCallback.Usage.CUSTOM_TOKEN);
+            WSSUtils.doPasswordCallback(
+                    ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
+                    wsPasswordCallback);
+            Element customToken = wsPasswordCallback.getCustomToken();
+            if (customToken == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+            }
+            
+            FinalUnknownTokenOutputProcessor outputProcessor = 
+                new FinalUnknownTokenOutputProcessor(customToken);
+            outputProcessor.setXMLSecurityProperties(getSecurityProperties());
+            outputProcessor.setAction(getAction());
+            outputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+            outputProcessor.addBeforeProcessor(EncryptedKeyOutputProcessor.class.getName());
+            outputProcessor.init(outputProcessorChain);
+        } finally {
+            outputProcessorChain.removeProcessor(this);
+        }
+        outputProcessorChain.processEvent(xmlSecEvent);
+    }
+    
+    class FinalUnknownTokenOutputProcessor extends AbstractOutputProcessor {
+
+        private final Element token;
+
+        FinalUnknownTokenOutputProcessor(Element token) throws XMLSecurityException {
+            super();
+            this.addAfterProcessor(CustomTokenOutputProcessor.class.getName());
+            this.token = token;
+        }
+        
+        @Override
+        public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
+            throws XMLStreamException, XMLSecurityException {
+    
+            outputProcessorChain.processEvent(xmlSecEvent);
+    
+            if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
+                
+                final QName headerElementName = new QName(token.getNamespaceURI(), token.getLocalName());
+                WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, headerElementName, getAction(), false);
+    
+                OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
+    
+                outputToken(token, subOutputProcessorChain);
+    
+                outputProcessorChain.removeProcessor(this);
+            }
+        }
+        
+        private void outputToken(Element element, OutputProcessorChain outputProcessorChain)
+                throws XMLStreamException, XMLSecurityException {
+
+            NamedNodeMap namedNodeMap = element.getAttributes();
+            List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(namedNodeMap.getLength());
+            List<XMLSecNamespace> namespaces = new ArrayList<XMLSecNamespace>(namedNodeMap.getLength());
+            for (int i = 0; i < namedNodeMap.getLength(); i++) {
+                Attr attribute = (Attr) namedNodeMap.item(i);
+                if (attribute.getPrefix() == null) {
+                    attributes.add(
+                            createAttribute(
+                                    new QName(attribute.getNamespaceURI(), attribute.getLocalName()), attribute.getValue()));
+                } else if ("xmlns".equals(attribute.getPrefix()) || "xmlns".equals(attribute.getLocalName())) {
+                    namespaces.add(createNamespace(attribute.getLocalName(), attribute.getValue()));
+                } else {
+                    attributes.add(
+                            createAttribute(
+                                    new QName(attribute.getNamespaceURI(), attribute.getLocalName(), attribute.getPrefix()),
+                                    attribute.getValue()));
+                }
+            }
+
+            QName elementName = new QName(element.getNamespaceURI(), element.getLocalName(), element.getPrefix());
+            createStartElementAndOutputAsEvent(outputProcessorChain, elementName, namespaces, attributes);
+            NodeList childNodes = element.getChildNodes();
+            for (int i = 0; i < childNodes.getLength(); i++) {
+                Node childNode = childNodes.item(i);
+                switch (childNode.getNodeType()) {
+                    case Node.ELEMENT_NODE:
+                        outputToken((Element) childNode, outputProcessorChain);
+                        break;
+                    case Node.TEXT_NODE:
+                        createCharactersAndOutputAsEvent(outputProcessorChain, ((Text) childNode).getData());
+                        break;
+                }
+            }
+            createEndElementAndOutputAsEvent(outputProcessorChain, elementName);
+        }
+    }
+}

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java Fri Oct 11 11:24:03 2013
@@ -20,19 +20,19 @@ package org.apache.wss4j.stax.impl.secur
 
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSUtils;
 import org.apache.wss4j.stax.securityToken.EncryptedKeySha1SecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 
-import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.callback.CallbackHandler;
+
 import java.security.Key;
 
 public class EncryptedKeySha1SecurityTokenImpl
@@ -71,8 +71,7 @@ public class EncryptedKeySha1SecurityTok
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey", getSha1Identifier());
         }
 
-        String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-        key = new SecretKeySpec(secretKeyCallback.getKey(), algoFamily);
+        key = KeyUtils.prepareSecretKey(algorithmURI, secretKeyCallback.getKey());
         setSecretKey(algorithmURI, key);
         return key;
     }

Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java?rev=1531255&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java Fri Oct 11 11:24:03 2013
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.securityToken;
+
+import java.io.IOException;
+import java.security.Key;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
+import org.w3c.dom.Element;
+
+public class ExternalSecurityTokenImpl extends AbstractInboundSecurityToken {
+
+    private Element tokenElement;
+    private byte[] key;
+    
+    public ExternalSecurityTokenImpl(WSInboundSecurityContext wsInboundSecurityContext, String id,
+                                 WSSecurityTokenConstants.KeyIdentifier keyIdentifier,
+                                 WSSSecurityProperties securityProperties) throws WSSecurityException {
+        super(wsInboundSecurityContext, id, keyIdentifier, false);
+        if (securityProperties.getCallbackHandler() != null) {
+            // Try to get the token from a CallbackHandler
+            WSPasswordCallback pwcb = 
+                new WSPasswordCallback(id, WSPasswordCallback.Usage.CUSTOM_TOKEN);
+            try {
+                securityProperties.getCallbackHandler().handle(new Callback[]{pwcb});
+            } catch (IOException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noPassword", e);
+            } catch (UnsupportedCallbackException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noPassword", e);
+            }
+            this.tokenElement = pwcb.getCustomToken();
+            this.key = pwcb.getKey();
+        }
+        
+        if (this.tokenElement == null) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", id
+            );
+        }
+    }
+
+    @Override
+    protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String correlationID) throws XMLSecurityException {
+        return KeyUtils.prepareSecretKey(algorithmURI, key);
+    }
+
+    @Override
+    public TokenType getTokenType() {
+        if ("SecurityContextToken".equals(tokenElement.getLocalName())) {
+            return WSSecurityTokenConstants.SecurityContextToken;
+        }
+        return null;
+    }
+
+}

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1531255&r1=1531254&r2=1531255&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java Fri Oct 11 11:24:03 2013
@@ -40,6 +40,7 @@ import org.apache.xml.security.stax.secu
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.x500.X500Principal;
+
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
@@ -306,6 +307,15 @@ public class SecurityTokenFactoryImpl ex
                     throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "badReferenceURI");
                 }
                 if (!uri.startsWith("#")) {
+                    // Delegate to a CallbackHandler, in case the token is not in the request
+                    try {
+                        return new ExternalSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, 
+                                                     uri,
+                                                     WSSecurityTokenConstants.KeyIdentifier_ExternalReference, 
+                                                     securityProperties);
+                    } catch (WSSecurityException ex) { //NOPMD
+                        // just continue
+                    }
                     ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R5204);
                 }
                 uri = WSSUtils.dropReferenceMarker(uri);
@@ -327,7 +337,12 @@ public class SecurityTokenFactoryImpl ex
                 SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
                         inboundSecurityContext.getSecurityTokenProvider(uri);
                 if (securityTokenProvider == null) {
-                    throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
+                    // Delegate to a CallbackHandler, in case the token is not in the request
+                    return new ExternalSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, 
+                                                     uri,
+                                                     WSSecurityTokenConstants.KeyIdentifier_ExternalReference, 
+                                                     securityProperties);
+                    // throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
                 }
                 if (securityTokenProvider.getSecurityToken() instanceof SecurityTokenReference) {
                     ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3057);



Mime
View raw message