ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1557657 - in /webservices/wss4j/trunk/ws-security-stax/src: main/java/org/apache/wss4j/stax/ext/ main/java/org/apache/wss4j/stax/impl/processor/output/ test/java/org/apache/wss4j/stax/test/
Date Mon, 13 Jan 2014 08:09:06 GMT
Author: giger
Date: Mon Jan 13 08:09:05 2014
New Revision: 1557657

URL: http://svn.apache.org/r1557657
Log:
WSS-468 - Symmetric Binding + EncryptBeforeSigning puts the Signature in front of the EncryptedKey

Added:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
  (with props)
Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Mon Jan 13 08:09:05 2014
@@ -195,18 +195,26 @@ public class OutboundWSSec {
 
                 } else if (WSSConstants.ENCRYPT.equals(action)) {
                     encryptionAction = true;
+
+                    EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
                     if (securityProperties.isEncryptSymmetricEncryptionKey()) {
                         final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor
=
                             new BinarySecurityTokenOutputProcessor();
                         initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor,
action);
 
-                        final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
+                        encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
                         initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
                     }
 
                     final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor,
action);
 
+                    if (encryptedKeyOutputProcessor == null) {
+                        final ReferenceListOutputProcessor referenceListOutputProcessor =
new ReferenceListOutputProcessor();
+                        referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+                        initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor,
action);
+                    }
+
                 } else if (WSSConstants.USERNAMETOKEN.equals(action)) {
                     final UsernameTokenOutputProcessor usernameTokenOutputProcessor = new
UsernameTokenOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, usernameTokenOutputProcessor,
action);
@@ -252,15 +260,16 @@ public class OutboundWSSec {
                     encryptionAction = true;
                     derivedEncryption = true;
 
+                    EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
+
                     if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey)
{
-                        final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
+                        encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
                         initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
 
                     } else if (securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.SecurityContextToken)
{
                         final SecurityContextTokenOutputProcessor securityContextTokenOutputProcessor
=
                                 new SecurityContextTokenOutputProcessor();
                         initializeOutputProcessor(outputProcessorChain, securityContextTokenOutputProcessor,
action);
-
                     }
                     final DerivedKeyTokenOutputProcessor derivedKeyTokenOutputProcessor =
new DerivedKeyTokenOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, derivedKeyTokenOutputProcessor,
action);
@@ -268,6 +277,11 @@ public class OutboundWSSec {
                     final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor,
action);
 
+                    if (encryptedKeyOutputProcessor == null) {
+                        final ReferenceListOutputProcessor referenceListOutputProcessor =
new ReferenceListOutputProcessor();
+                        referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+                        initializeOutputProcessor(outputProcessorChain, referenceListOutputProcessor,
action);
+                    }
                 } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
                     signatureAction = true;
                     signedSAML = true;

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -187,7 +187,7 @@ public class DerivedKeyTokenOutputProces
             if (wrappingSecurityToken.getProcessor() != null) {
                 finalDerivedKeyTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
             } else {
-                finalDerivedKeyTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+                finalDerivedKeyTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
             }
             finalDerivedKeyTokenOutputProcessor.init(outputProcessorChain);
             derivedKeySecurityToken.setProcessor(finalDerivedKeyTokenOutputProcessor);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -46,10 +46,6 @@ public class EncryptEndingOutputProcesso
     @Override
     public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException,
XMLSecurityException {
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
-            || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey())
{
-            WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
-        }
         if (attachmentCount(outputProcessorChain) > 0) {
             WSSUtils.createEncryptedDataStructureForAttachments(this, subOutputProcessorChain);
         }
@@ -70,11 +66,6 @@ public class EncryptEndingOutputProcesso
                 case XMLStreamConstants.START_ELEMENT:
                     if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
 
-                        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
-                            || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncryptionKey())
{
-                            WSSUtils.updateSecurityHeaderOrder(
-                                    outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList,
getAction(), true);                            
-                        }
                         int attachmentCount = attachmentCount(outputProcessorChain);
                         for (int i = 0; i < attachmentCount; i++) {
                             WSSUtils.updateSecurityHeaderOrder(

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptedKeyOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -72,7 +72,8 @@ public class EncryptedKeyOutputProcessor
             if (tokenId == null) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
             }
-            SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider
= outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+            SecurityTokenProvider<OutboundSecurityToken> wrappingSecurityTokenProvider
=
+                    outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
             if (wrappingSecurityTokenProvider == null) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
             }
@@ -81,20 +82,28 @@ public class EncryptedKeyOutputProcessor
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
             }
             
-            // See if a Symmetric Key is already available
-            String encTokenId = 
-                outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
             SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider
= null;
             GenericOutboundSecurityToken encryptedKeySecurityToken = null;
-            if (encTokenId != null) {
-                encryptedKeySecurityTokenProvider = 
-                    outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
-                if (encryptedKeySecurityTokenProvider != null) {
-                    encryptedKeySecurityToken = 
-                        (GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
-                }
+
+            String sigTokenId =
+                    outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
+            // See if a Symmetric Key is already available
+            String encTokenId =
+                    outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+            if (encTokenId == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
             }
 
+            encryptedKeySecurityTokenProvider =
+                outputProcessorChain.getSecurityContext().getSecurityTokenProvider(encTokenId);
+            if (encryptedKeySecurityTokenProvider == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+            }
+            encryptedKeySecurityToken =
+                    (GenericOutboundSecurityToken)encryptedKeySecurityTokenProvider.getSecurityToken();
+
+            boolean sharedToken = encTokenId.equals(sigTokenId);
+
             FinalEncryptedKeyOutputProcessor finalEncryptedKeyOutputProcessor = new FinalEncryptedKeyOutputProcessor(encryptedKeySecurityToken);
             finalEncryptedKeyOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
             finalEncryptedKeyOutputProcessor.setAction(getAction());
@@ -102,8 +111,27 @@ public class EncryptedKeyOutputProcessor
             if (WSSConstants.ENCRYPT.equals(action)) {
                 if (wrappingSecurityToken.getProcessor() != null) {
                     finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+                } else if (sharedToken) {
+                    finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+                    //hint for the headerReordering processor where to place the EncryptedKey
+                    if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT)
<
+                            getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE))
{
+                        finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+                        finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE);
+                    }
+                    finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+
+                    ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+                    referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+                    referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+                    referenceListOutputProcessor.setAction(getAction());
+                    referenceListOutputProcessor.init(outputProcessorChain);
                 } else {
                     finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
                 }
             } else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
                 if (wrappingSecurityToken.getProcessor() != null) {
@@ -111,15 +139,37 @@ public class EncryptedKeyOutputProcessor
                 } else {
                     finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                 }
+                finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
             } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
                 if (wrappingSecurityToken.getProcessor() != null) {
                     finalEncryptedKeyOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
+                } else if (sharedToken) {
+                    finalEncryptedKeyOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
+                    finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+
+                    //hint for the headerReordering processor where to place the EncryptedKey
+                    if (getSecurityProperties().getActions().indexOf(WSSConstants.ENCRYPT_WITH_DERIVED_KEY)
<
+                            getSecurityProperties().getActions().indexOf(WSSConstants.SIGNATURE_WITH_DERIVED_KEY))
{
+                        finalEncryptedKeyOutputProcessor.setAction(WSSConstants.SIGNATURE_WITH_DERIVED_KEY);
+                    }
+                    finalEncryptedKeyOutputProcessor.setOutputReferenceList(false);
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
                 } else {
                     finalEncryptedKeyOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
+                    finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
                 }
+                ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
+                referenceListOutputProcessor.addBeforeProcessor(finalEncryptedKeyOutputProcessor);
+                referenceListOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
+                referenceListOutputProcessor.setAction(getAction());
+                referenceListOutputProcessor.init(outputProcessorChain);
+            } else {
+                finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
             }
-            finalEncryptedKeyOutputProcessor.init(outputProcessorChain);
-            outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(encryptedKeySecurityToken.getId(),
encryptedKeySecurityTokenProvider);
+
+            outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(
+                    encryptedKeySecurityToken.getId(), encryptedKeySecurityTokenProvider);
             encryptedKeySecurityToken.setProcessor(finalEncryptedKeyOutputProcessor);
         } finally {
             outputProcessorChain.removeProcessor(this);
@@ -130,6 +180,7 @@ public class EncryptedKeyOutputProcessor
     class FinalEncryptedKeyOutputProcessor extends AbstractOutputProcessor {
 
         private final OutboundSecurityToken securityToken;
+        private boolean outputReferenceList = true;
 
         FinalEncryptedKeyOutputProcessor(OutboundSecurityToken securityToken) throws XMLSecurityException
{
             super();
@@ -137,6 +188,10 @@ public class EncryptedKeyOutputProcessor
             this.securityToken = securityToken;
         }
 
+        protected void setOutputReferenceList(boolean outputReferenceList) {
+            this.outputReferenceList = outputReferenceList;
+        }
+
         /*
        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncKeyId-1483925398">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
/>
@@ -295,7 +350,7 @@ public class EncryptedKeyOutputProcessor
                 createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_CipherValue);
                 createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_xenc_CipherData);
 
-                if (WSSConstants.ENCRYPT.equals(getAction())) {
+                if (outputReferenceList && WSSConstants.ENCRYPT.equals(getAction()))
{
                     WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
                 }
                 createEndElementAndOutputAsEvent(subOutputProcessorChain, headerElementName);

Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java?rev=1557657&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
(added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl.processor.output;
+
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
+import org.apache.xml.security.stax.ext.OutputProcessorChain;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+public class ReferenceListOutputProcessor extends AbstractOutputProcessor {
+
+    public ReferenceListOutputProcessor() throws XMLSecurityException {
+        super();
+    }
+
+    @Override
+    public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain)
+            throws XMLStreamException, XMLSecurityException {
+        outputProcessorChain.processEvent(xmlSecEvent);
+
+        if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, ((WSSSecurityProperties) getSecurityProperties()).getActor()))
{
+
+            final QName headerElementName = WSSConstants.TAG_xenc_ReferenceList;
+            WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, headerElementName, getAction(),
false);
+
+            OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
+            WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
+
+            outputProcessorChain.removeProcessor(this);
+        }
+    }
+}

Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/ReferenceListOutputProcessor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityContextTokenOutputProcessor.java
Mon Jan 13 08:09:05 2014
@@ -116,6 +116,7 @@ public class SecurityContextTokenOutputP
                 if (wrappingSecurityToken.getProcessor() != null) {
                     finalSecurityContextTokenOutputProcessor.addBeforeProcessor(wrappingSecurityToken.getProcessor());
                 } else {
+                    finalSecurityContextTokenOutputProcessor.addAfterProcessor(ReferenceListOutputProcessor.class.getName());
                     finalSecurityContextTokenOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                 }
             }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java?rev=1557657&r1=1557656&r2=1557657&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureEncryptionTest.java
Mon Jan 13 08:09:05 2014
@@ -258,7 +258,17 @@ public class SignatureEncryptionTest ext
             XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
             xmlStreamWriter.close();
 
-            documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+            NodeList securityHeaderElement = document.getElementsByTagNameNS(WSConstants.WSSE_NS,
"Security");
+            Assert.assertEquals(1, securityHeaderElement.getLength());
+            NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+            Assert.assertEquals(childs.getLength(), 4);
+            Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+            Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+            Assert.assertEquals(childs.item(2).getLocalName(), "ReferenceList");
+            Assert.assertEquals(childs.item(3).getLocalName(), "Signature");
         }
 
         //done encryption; now test decryption:
@@ -269,6 +279,108 @@ public class SignatureEncryptionTest ext
     }
 
     @Test
+    public void testEncryptionSignatureSymmetricOutbound() throws Exception {
+
+        ByteArrayOutputStream baos;
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
+            actions.add(WSSConstants.ENCRYPT);
+            actions.add(WSSConstants.SIGNATURE);
+            actions.add(WSSConstants.TIMESTAMP);
+            securityProperties.setActions(actions);
+            securityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+            securityProperties.setEncryptionUser("receiver");
+
+            securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+            securityProperties.setSignatureUser("transmitter");
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+            securityProperties.setSignatureAlgorithm(WSSConstants.NS_XMLDSIG_HMACSHA1);
+            securityProperties.setSignatureKeyIdentifier(
+                    WSSecurityTokenConstants.KeyIdentifier_EncryptedKey
+            );
+
+            securityProperties.addSignaturePart(
+                    new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), SecurePart.Modifier.Element)
+            );
+            securityProperties.addSignaturePart(
+                    new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
+            );
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+
+            // Symmetric Key
+            String keyAlgorithm =
+                    JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(WSSConstants.NS_XENC_AES128);
+            KeyGenerator keyGen;
+            try {
+                keyGen = KeyGenerator.getInstance(keyAlgorithm);
+            } catch (NoSuchAlgorithmException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+            }
+            int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(WSSConstants.NS_XENC_AES128);
+            keyGen.init(keyLength);
+
+            final Key symmetricKey = keyGen.generateKey();
+
+            final String ekId = IDGenerator.generateID(null);
+
+            final GenericOutboundSecurityToken encryptedKeySecurityToken =
+                    new GenericOutboundSecurityToken(ekId, WSSecurityTokenConstants.EncryptedKeyToken,
symmetricKey);
+
+            final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider
=
+                    new SecurityTokenProvider<OutboundSecurityToken>() {
+
+                        @Override
+                        public OutboundSecurityToken getSecurityToken() throws XMLSecurityException
{
+                            return encryptedKeySecurityToken;
+                        }
+
+                        @Override
+                        public String getId() {
+                            return ekId;
+                        }
+                    };
+
+            final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+            outboundSecurityContext.putList(SecurityEvent.class, new ArrayList<SecurityEvent>());
+
+            // Save Token on the security context
+            outboundSecurityContext.registerSecurityTokenProvider(encryptedKeySecurityTokenProvider.getId(),
encryptedKeySecurityTokenProvider);
+            outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
encryptedKeySecurityTokenProvider.getId());
+            outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
encryptedKeySecurityTokenProvider.getId());
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+
+            baos = new ByteArrayOutputStream();
+            XMLStreamWriter xmlStreamWriter =
+                    wsSecOut.processOutMessage(baos, "UTF-8", outboundSecurityContext);
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+            NodeList securityHeaderElement = document.getElementsByTagNameNS(WSConstants.WSSE_NS,
"Security");
+            Assert.assertEquals(1, securityHeaderElement.getLength());
+            NodeList childs = securityHeaderElement.item(0).getChildNodes();
+
+            Assert.assertEquals(childs.getLength(), 4);
+            Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
+            Assert.assertEquals(childs.item(1).getLocalName(), "EncryptedKey");
+            Assert.assertEquals(childs.item(2).getLocalName(), "Signature");
+            Assert.assertEquals(childs.item(3).getLocalName(), "ReferenceList");
+        }
+
+        //done encryption; now test decryption:
+        {
+            String action = WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE
+ " " + WSHandlerConstants.TIMESTAMP;
+            doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+        }
+    }
+
+    @Test
     public void testEncryptedDataTokenSecurityHeaderWithoutReferenceInbound() throws Exception
{
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         {



Mime
View raw message