ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1534653 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/util/ ws-security-stax/src/main/java/org/apache/wss4j/stax/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ ws-securit...
Date Tue, 22 Oct 2013 15:06:33 GMT
Author: coheigea
Date: Tue Oct 22 15:06:32 2013
New Revision: 1534653

URL: http://svn.apache.org/r1534653
Log:
Fixing problem with secret keys

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/KeyUtils.java
Tue Oct 22 15:06:32 2013
@@ -55,13 +55,13 @@ public final class KeyUtils {
         }
         String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
         SecretKeySpec keySpec;
-        if (size <= 0 || keyAlgorithm.startsWith("HmacSHA") && rawKey.length <=
64) {
-            keySpec = new SecretKeySpec(rawKey, keyAlgorithm);
-        } else {
+        if (size > 0 && !symEncAlgo.endsWith("gcm")) {
             keySpec = 
                 new SecretKeySpec(
                     rawKey, 0, rawKey.length > size ? size : rawKey.length, keyAlgorithm
                 );
+        } else {
+            keySpec = new SecretKeySpec(rawKey, keyAlgorithm);
         }
         return keySpec;
     }    

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Tue Oct 22 15:06:32 2013
@@ -206,7 +206,9 @@ public class WSSec {
                 if (securityProperties.getSignatureCanonicalizationAlgorithm() == null) {
                     securityProperties.setSignatureCanonicalizationAlgorithm(WSSConstants.NS_C14N_EXCL);
                 }
-                securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
+                if (securityProperties.getSignatureKeyIdentifier() == null) {
+                    securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
+                }
                 if (securityProperties.getEncryptionSymAlgorithm() == null) {
                     securityProperties.setEncryptionSymAlgorithm(WSSConstants.NS_XENC_AES256);
                 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
Tue Oct 22 15:06:32 2013
@@ -18,23 +18,24 @@
  */
 package org.apache.wss4j.stax.impl.securityToken;
 
+import java.security.Key;
+
+import javax.crypto.spec.SecretKeySpec;
+import javax.security.auth.callback.CallbackHandler;
+
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSUtils;
 import org.apache.wss4j.stax.securityToken.EncryptedKeySha1SecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 
-import javax.security.auth.callback.CallbackHandler;
-
-import java.security.Key;
-
 public class EncryptedKeySha1SecurityTokenImpl
         extends AbstractInboundSecurityToken implements EncryptedKeySha1SecurityToken {
 
@@ -71,7 +72,8 @@ public class EncryptedKeySha1SecurityTok
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey",
getSha1Identifier());
         }
 
-        key = KeyUtils.prepareSecretKey(algorithmURI, secretKeyCallback.getKey());
+        String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+        key = new SecretKeySpec(secretKeyCallback.getKey(), keyAlgorithm);
         setSecretKey(algorithmURI, key);
         return key;
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ExternalSecurityTokenImpl.java
Tue Oct 22 15:06:32 2013
@@ -21,15 +21,16 @@ package org.apache.wss4j.stax.impl.secur
 import java.io.IOException;
 import java.security.Key;
 
+import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
@@ -69,7 +70,8 @@ public class ExternalSecurityTokenImpl e
 
     @Override
     protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
String correlationID) throws XMLSecurityException {
-        return KeyUtils.prepareSecretKey(algorithmURI, key);
+        String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+        return new SecretKeySpec(key, keyAlgorithm);
     }
 
     @Override

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
Tue Oct 22 15:06:32 2013
@@ -28,6 +28,7 @@ import java.security.cert.CertificateNot
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -41,12 +42,12 @@ import org.apache.wss4j.common.saml.Open
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
@@ -131,11 +132,13 @@ public class SamlSecurityTokenImpl exten
         if (this.key != null) {
             key = this.key;
         } else if (secret != null) {
-            key = KeyUtils.prepareSecretKey(algorithmURI, secret);
+            String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+            key = new SecretKeySpec(secret, keyAlgorithm);
         } else if (this.subjectSecurityToken != null) {
             key = subjectSecurityToken.getSecretKey(algorithmURI, algorithmUsage, correlationID);
         } else if (subjectKeyInfo != null && subjectKeyInfo.getSecret() != null)
{
-            key = KeyUtils.prepareSecretKey(algorithmURI, subjectKeyInfo.getSecret());
+            String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+            key = new SecretKeySpec(subjectKeyInfo.getSecret(), keyAlgorithm);
         }
         if (key != null) {
             super.setSecretKey(algorithmURI, key);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
Tue Oct 22 15:06:32 2013
@@ -21,9 +21,9 @@ package org.apache.wss4j.stax.validate;
 import org.apache.wss4j.binding.wssc.AbstractSecurityContextTokenType;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSSUtils;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
@@ -31,6 +31,8 @@ import org.apache.xml.security.stax.secu
 
 import java.security.Key;
 
+import javax.crypto.spec.SecretKeySpec;
+
 public class SecurityContextTokenValidatorImpl implements SecurityContextTokenValidator {
 
     @Override
@@ -64,7 +66,8 @@ public class SecurityContextTokenValidat
                     throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE,
                             "noKey", securityContextTokenType.getId());
                 }
-                key = KeyUtils.prepareSecretKey(algorithmURI, passwordCallback.getKey());
+                String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
+                key = new SecretKeySpec(passwordCallback.getKey(), keyAlgorithm);
                 setSecretKey(algorithmURI, key);
                 return key;
             }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java?rev=1534653&r1=1534652&r2=1534653&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/DerivedKeyTokenTest.java
Tue Oct 22 15:06:32 2013
@@ -569,7 +569,6 @@ public class DerivedKeyTokenTest extends
             securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
             securityProperties.setEncryptionUser("receiver");
             securityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
-            securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
             securityProperties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
 
             OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);



Mime
View raw message