ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1581775 - in /webservices/wss4j/branches/1_6_x-fixes/src: main/java/org/apache/ws/security/saml/ext/ test/java/org/apache/ws/security/saml/ test/java/org/apache/ws/security/saml/ext/
Date Wed, 26 Mar 2014 10:01:34 GMT
Author: coheigea
Date: Wed Mar 26 10:01:33 2014
New Revision: 1581775

URL: http://svn.apache.org/r1581775
Log:
[WSS-495] - Add support to configure the digest method used for SAML Assertions


Conflicts:
	src/main/java/org/apache/ws/security/saml/ext/SAMLCallback.java
	src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
	ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
	ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java

Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAlgorithmSuiteTest.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java?rev=1581775&r1=1581774&r2=1581775&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
Wed Mar 26 10:01:33 2014
@@ -37,6 +37,7 @@ import org.apache.xml.security.signature
 
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.common.impl.SAMLObjectContentReference;
 import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.AuthenticationStatement;
 import org.opensaml.saml1.core.AuthorizationDecisionStatement;
@@ -141,6 +142,11 @@ public class AssertionWrapper {
     private final String defaultDSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
     
     /**
+     * Default Signature Digest algorithm
+     */
+    private final String defaultSignatureDigestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
+    
+    /**
      * Whether this object was instantiated with a DOM Element or an XMLObject initially
      */
     private final boolean fromDOM;
@@ -420,9 +426,26 @@ public class AssertionWrapper {
      * @param signature the signature of this AssertionWrapper object.
      */
     public void setSignature(Signature signature) {
+        setSignature(signature, defaultSignatureDigestAlgorithm);
+    }
+    
+    /**
+     * Method setSignature sets the signature of this SamlAssertionWrapper object.
+     *
+     * @param signature the signature of this SamlAssertionWrapper object.
+     * @param signatureDigestAlgorithm the signature digest algorithm to use
+     */
+    public void setSignature(Signature signature, String signatureDigestAlgorithm) {
         if (xmlObject instanceof SignableSAMLObject) {
             SignableSAMLObject signableObject = (SignableSAMLObject) xmlObject;
             signableObject.setSignature(signature);
+            String digestAlg = signatureDigestAlgorithm;
+            if (digestAlg == null) {
+                digestAlg = defaultSignatureDigestAlgorithm;
+            }
+            SAMLObjectContentReference contentRef = 
+                (SAMLObjectContentReference)signature.getContentReferences().get(0);
+            contentRef.setDigestAlgorithm(digestAlg);
             signableObject.releaseDOM();
             signableObject.releaseChildrenDOM(true);
         } else {
@@ -445,7 +468,7 @@ public class AssertionWrapper {
 
         signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto,
                 sendKeyValue, defaultCanonicalizationAlgorithm,
-                defaultRSASignatureAlgorithm);
+                defaultRSASignatureAlgorithm, defaultSignatureDigestAlgorithm);
     }
     
     /**
@@ -463,6 +486,27 @@ public class AssertionWrapper {
             Crypto issuerCrypto, boolean sendKeyValue,
             String canonicalizationAlgorithm, String signatureAlgorithm)
             throws WSSecurityException {
+        signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto, sendKeyValue,
+                canonicalizationAlgorithm, signatureAlgorithm, defaultSignatureDigestAlgorithm);
+    }
+    
+    /**
+     * Create an enveloped signature on the assertion that has been created.
+     * 
+     * @param issuerKeyName the Issuer KeyName to use with the issuerCrypto argument
+     * @param issuerKeyPassword the Issuer Password to use with the issuerCrypto argument
+     * @param issuerCrypto the Issuer Crypto instance
+     * @param sendKeyValue whether to send the key value or not
+     * @param canonicalizationAlgorithm the canonicalization algorithm to be used for signing
+     * @param signatureAlgorithm the signature algorithm to be used for signing
+     * @param signatureDigestAlgorithm the signature Digest algorithm to use
+     * @throws WSSecurityException
+     */
+    public void signAssertion(String issuerKeyName, String issuerKeyPassword,
+            Crypto issuerCrypto, boolean sendKeyValue,
+            String canonicalizationAlgorithm, String signatureAlgorithm,
+            String signatureDigestAlgorithm)
+            throws WSSecurityException {
         //
         // Create the signature
         //
@@ -519,7 +563,7 @@ public class AssertionWrapper {
         }
 
         // add the signature to the assertion
-        setSignature(signature);
+        setSignature(signature, signatureDigestAlgorithm);
     }
 
     /**

Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAlgorithmSuiteTest.java?rev=1581775&r1=1581774&r2=1581775&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAlgorithmSuiteTest.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAlgorithmSuiteTest.java
Wed Mar 26 10:01:33 2014
@@ -19,11 +19,7 @@
 
 package org.apache.ws.security.saml;
 
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
-
-import javax.xml.namespace.QName;
 
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.WSConstants;

Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java?rev=1581775&r1=1581774&r2=1581775&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
Wed Mar 26 10:01:33 2014
@@ -22,21 +22,27 @@ package org.apache.ws.security.saml.ext;
 import java.io.InputStream;
 import java.security.KeyStore;
 
+import javax.xml.parsers.DocumentBuilderFactory;
+
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.common.SAML2CallbackHandler;
 import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.components.crypto.Merlin;
+import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.ws.security.util.DOM2Writer;
 import org.apache.ws.security.util.Loader;
 import org.junit.Assert;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * A list of test-cases to test the functionality of signing with
  * AssertionWrapper class implementation.
  */
-
 public class AssertionSigningTest extends org.junit.Assert {
 
     private Crypto issuerCrypto = null;
@@ -47,9 +53,12 @@ public class AssertionSigningTest extend
     // Default DSA Signature algorithm used by AssertionWrapper class.
     private final String defaultDSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
     // Custom Signature algorithm
-    private final String customSignatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+    private final String customSignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
     // Custom Canonicalization algorithm
     private final String customCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_OMIT_COMMENTS;
+    // Custom Signature Digest algorithm
+    private final String customSignatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";
+    private final DocumentBuilderFactory dbf;
 
     public AssertionSigningTest() throws Exception {
         WSSConfig.init();
@@ -61,6 +70,9 @@ public class AssertionSigningTest extend
                 "keys/client_keystore.jks");
         keyStore.load(input, "password".toCharArray());
         ((Merlin) issuerCrypto).setKeyStore(keyStore);
+        
+        dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
     }
 
     /**
@@ -87,6 +99,19 @@ public class AssertionSigningTest extend
                         defaultDSASignatureAlgorithm));
         Assert.assertEquals(defaultCanonicalizationAlgorithm,
                 signature.getCanonicalizationAlgorithm());
+        
+        // Verify Signature
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("client_certchain");
+        SAMLKeyInfo keyInfo = new SAMLKeyInfo(issuerCrypto.getX509Certificates(cryptoType));
+        
+        Document doc = dbf.newDocumentBuilder().newDocument();
+        
+        Element assertionElement = assertion.toDOM(doc);
+        doc.appendChild(assertionElement);
+        
+        assertion = new AssertionWrapper(assertionElement);
+        assertion.verifySignature(keyInfo);
     }
 
     /**
@@ -105,11 +130,27 @@ public class AssertionSigningTest extend
         AssertionWrapper assertion = new AssertionWrapper(samlParms);
         assertion.signAssertion("client_certchain", "password", issuerCrypto,
                 false, customCanonicalizationAlgorithm,
-                customSignatureAlgorithm);
+                customSignatureAlgorithm, customSignatureDigestAlgorithm);
         Signature signature = assertion.getSaml2().getSignature();
         Assert.assertEquals(customSignatureAlgorithm,
                 signature.getSignatureAlgorithm());
         Assert.assertEquals(customCanonicalizationAlgorithm,
                 signature.getCanonicalizationAlgorithm());
+        
+        Document doc = dbf.newDocumentBuilder().newDocument();
+        
+        Element assertionElement = assertion.toDOM(doc);
+        doc.appendChild(assertionElement);
+        String assertionString = DOM2Writer.nodeToString(assertionElement);
+        Assert.assertTrue(assertionString.contains(customSignatureDigestAlgorithm));
+
+        // Verify Signature
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("client_certchain");
+        SAMLKeyInfo keyInfo = new SAMLKeyInfo(issuerCrypto.getX509Certificates(cryptoType));
+        
+        assertion = new AssertionWrapper(assertionElement);
+        assertion.verifySignature(keyInfo);
     }
+    
 }



Mime
View raw message