ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1753253 - in /webservices/wss4j/trunk: src/site/xdoc/ ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/ ws-security-dom/src/test/java/org/apache/wss4j/dom/common/ ws-secur...
Date Mon, 18 Jul 2016 15:56:36 GMT
Author: coheigea
Date: Mon Jul 18 15:56:35 2016
New Revision: 1753253

URL: http://svn.apache.org/viewvc?rev=1753253&view=rev
Log:
WSS-584 - Don't create ReplayCache instances internally

Modified:
    webservices/wss4j/trunk/src/site/xdoc/config.xml
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SecurityTestUtil.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/ReplayTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java

Modified: webservices/wss4j/trunk/src/site/xdoc/config.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/site/xdoc/config.xml?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/site/xdoc/config.xml (original)
+++ webservices/wss4j/trunk/src/site/xdoc/config.xml Mon Jul 18 15:56:35 2016
@@ -585,23 +585,6 @@ not (for IssuerSerial, Thumbprint, SKI c
 not (for IssuerSerial, Thumbprint, SKI cases). Default is "false"</td>
 </tr>
 <tr>
-<td><b>WSS4J 2.0.0</b> ENABLE_NONCE_CACHE</td>
-<td>enableNonceCache</td>
-<td>Whether to cache UsernameToken nonces. Default is "true"</td>
-</tr>
-<tr>
-<td><b>WSS4J 2.0.0</b> ENABLE_TIMESTAMP_CACHE</td>
-<td>enableTimestampCache</td>
-<td>Whether to cache Timestamp Created Strings (these are only cached in
-conjunction with a message Signature). Default is "true"</td>
-</tr>
-<tr>
-<td><b>WSS4J 2.0.0</b> ENABLE_SAML_ONE_TIME_USE_CACHE</td>
-<td>enableSamlOneTimeUseCache</td>
-<td>Whether to cache SAML2 Token Identifiers, if the token contains a
-"OneTimeUse" Condition. Default is "true". </td>
-</tr>
-<tr>
 <td><b>WSS4J 2.0.0</b> USE_2005_12_NAMESPACE</td>
 <td>use200512Namespace</td>
 <td>Whether to use the 2005/12 namespace for SecureConveration + DerivedKeys,

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Mon Jul 18 15:56:35 2016
@@ -507,23 +507,6 @@ public class ConfigurationConstants {
     public static final String INCLUDE_ENCRYPTION_TOKEN = "includeEncryptionToken";
 
     /**
-     * Whether to cache UsernameToken nonces. The default value is "true".
-     */
-    public static final String ENABLE_NONCE_CACHE = "enableNonceCache";
-
-    /**
-     * Whether to cache Timestamp Created Strings (these are only cached in conjunction with
a message
-     * Signature). The default value is "true".
-     */
-    public static final String ENABLE_TIMESTAMP_CACHE = "enableTimestampCache";
-
-    /**
-     * Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition.
-     * The default value is "true".
-     */
-    public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "enableSamlOneTimeUseCache";
-
-    /**
      * Whether to use the "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
      * namespace for SecureConversation + Derived Keys. If set to "false", it will use the
      * namespace "http://schemas.xmlsoap.org/ws/2005/02/sc".

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
Mon Jul 18 15:56:35 2016
@@ -21,7 +21,6 @@ package org.apache.wss4j.dom.handler;
 
 import java.security.cert.Certificate;
 import java.util.ArrayList;
-import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedList;
@@ -36,7 +35,6 @@ import org.apache.wss4j.common.Signature
 import org.apache.wss4j.common.bsp.BSPEnforcer;
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.cache.ReplayCache;
-import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
@@ -45,7 +43,6 @@ import org.apache.wss4j.dom.SOAPConstant
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.wss4j.dom.message.WSSecHeader;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.validate.Validator;
 import org.apache.xml.security.encryption.Serializer;
 
@@ -197,18 +194,22 @@ public class RequestData {
 
     private boolean expandXopIncludeForSignature = true;
 
+    @Deprecated
     public boolean isEnableTimestampReplayCache() {
         return enableTimestampReplayCache;
     }
 
+    @Deprecated
     public void setEnableTimestampReplayCache(boolean enableTimestampReplayCache) {
         this.enableTimestampReplayCache = enableTimestampReplayCache;
     }
 
+    @Deprecated
     public boolean isEnableNonceReplayCache() {
         return enableNonceReplayCache;
     }
 
+    @Deprecated
     public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
         this.enableNonceReplayCache = enableNonceReplayCache;
     }
@@ -420,19 +421,9 @@ public class RequestData {
      * @throws WSSecurityException
      */
     public ReplayCache getTimestampReplayCache() throws WSSecurityException {
-        if (enableTimestampReplayCache && timestampReplayCache == null) {
-            timestampReplayCache = createCache("wss4j.timestamp.cache-");
-        }
-
         return timestampReplayCache;
     }
 
-    private synchronized ReplayCache createCache(String key) throws WSSecurityException {
-        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
-        String cacheKey = key + Base64.getEncoder().encodeToString(WSSecurityUtil.generateNonce(10));
-        return replayCacheFactory.newReplayCache(cacheKey, null);
-    }
-
     /**
      * Set the replay cache for Nonces
      */
@@ -445,10 +436,6 @@ public class RequestData {
      * @throws WSSecurityException
      */
     public ReplayCache getNonceReplayCache() throws WSSecurityException {
-        if (enableNonceReplayCache && nonceReplayCache == null) {
-            nonceReplayCache = createCache("wss4j.nonce.cache-");
-        }
-
         return nonceReplayCache;
     }
 
@@ -464,10 +451,6 @@ public class RequestData {
      * @throws WSSecurityException
      */
     public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
-        if (enableSamlOneTimeUseReplayCache && samlOneTimeUseReplayCache == null)
{
-            samlOneTimeUseReplayCache = createCache("wss4j.saml.one.time.use.cache-");
-        }
-
         return samlOneTimeUseReplayCache;
     }
 
@@ -599,10 +582,12 @@ public class RequestData {
         this.passwordEncryptor = passwordEncryptor;
     }
 
+    @Deprecated
     public boolean isEnableSamlOneTimeUseReplayCache() {
         return enableSamlOneTimeUseReplayCache;
     }
 
+    @Deprecated
     public void setEnableSamlOneTimeUseReplayCache(boolean enableSamlOneTimeUseReplayCache)
{
         this.enableSamlOneTimeUseReplayCache = enableSamlOneTimeUseReplayCache;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SecurityTestUtil.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SecurityTestUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SecurityTestUtil.java
Mon Jul 18 15:56:35 2016
@@ -19,6 +19,12 @@
 package org.apache.wss4j.dom.common;
 
 import java.io.File;
+import java.util.Base64;
+
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 
 /**
  * A utility class for security tests
@@ -43,4 +49,9 @@ public final class SecurityTestUtil {
         }
     }
 
+    public static ReplayCache createCache(String key) throws WSSecurityException {
+        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
+        String cacheKey = key + Base64.getEncoder().encodeToString(WSSecurityUtil.generateNonce(10));
+        return replayCacheFactory.newReplayCache(cacheKey, null);
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ReplayTest.java
Mon Jul 18 15:56:35 2016
@@ -33,6 +33,7 @@ import org.apache.wss4j.dom.engine.WSSCo
 import org.apache.wss4j.dom.engine.WSSecurityEngine;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.cache.MemoryReplayCache;
+import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -101,7 +102,7 @@ public class ReplayTest extends org.juni
                 XMLUtils.prettyDocumentToString(createdDoc);
             LOG.debug(outputString);
         }
-
+        
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
@@ -152,11 +153,13 @@ public class ReplayTest extends org.juni
                 XMLUtils.prettyDocumentToString(createdDoc);
             LOG.debug(outputString);
         }
-
+        
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
         data.setCallbackHandler(callbackHandler);
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.timestamp.cache-");
+        data.setTimestampReplayCache(replayCache);
 
         // Successfully verify timestamp
         verify(createdDoc, wssConfig, data);
@@ -168,6 +171,8 @@ public class ReplayTest extends org.juni
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
+        
+        replayCache.close();
     }
 
     @Test
@@ -197,7 +202,7 @@ public class ReplayTest extends org.juni
                 XMLUtils.prettyDocumentToString(createdDoc);
             LOG.debug(outputString);
         }
-
+        
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
@@ -243,12 +248,14 @@ public class ReplayTest extends org.juni
                 XMLUtils.prettyDocumentToString(createdDoc);
             LOG.debug(outputString);
         }
-
+        
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
         data.setCallbackHandler(callbackHandler);
-
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.timestamp.cache-");
+        data.setTimestampReplayCache(replayCache);
+        
         // Successfully verify timestamp
         verify(createdDoc, wssConfig, data);
 
@@ -259,6 +266,8 @@ public class ReplayTest extends org.juni
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
+        
+        replayCache.close();
     }
 
     @Test
@@ -349,6 +358,8 @@ public class ReplayTest extends org.juni
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
         data.setCallbackHandler(callbackHandler);
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.timestamp.cache-");
+        data.setTimestampReplayCache(replayCache);
 
         // Successfully verify timestamp
         verify(createdDoc, wssConfig, data);
@@ -360,6 +371,8 @@ public class ReplayTest extends org.juni
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
+        
+        replayCache.close();
     }
 
     @Test
@@ -416,6 +429,8 @@ public class ReplayTest extends org.juni
         RequestData data = new RequestData();
         data.setCallbackHandler(new UsernamePasswordCallbackHandler());
         data.setWssConfig(wssConfig);
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.nonce.cache-");
+        data.setNonceReplayCache(replayCache);
 
         // Successfully verify UsernameToken
         verify(signedDoc, wssConfig, data);
@@ -427,6 +442,8 @@ public class ReplayTest extends org.juni
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
+        
+        replayCache.close();
     }
 
     /**
@@ -473,12 +490,16 @@ public class ReplayTest extends org.juni
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
         data.setCallbackHandler(callbackHandler);
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.saml.one.time.use.cache-");
+        data.setSamlOneTimeUseReplayCache(replayCache);
 
         // Successfully verify SAML Token
         verify(unsignedDoc, wssConfig, data);
 
         // Now try again - this should work fine as well
         verify(unsignedDoc, wssConfig, data);
+        
+        replayCache.close();
     }
 
     /**
@@ -526,6 +547,8 @@ public class ReplayTest extends org.juni
         RequestData data = new RequestData();
         data.setWssConfig(wssConfig);
         data.setCallbackHandler(callbackHandler);
+        ReplayCache replayCache = SecurityTestUtil.createCache("wss4j.saml.one.time.use.cache-");
+        data.setSamlOneTimeUseReplayCache(replayCache);
 
         // Successfully verify SAML Token
         verify(unsignedDoc, wssConfig, data);
@@ -537,6 +560,8 @@ public class ReplayTest extends org.juni
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
+        
+        replayCache.close();
     }
 
     /**

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Mon Jul 18 15:56:35 2016
@@ -25,7 +25,6 @@ import java.security.cert.CertificateFac
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.X509CRL;
 import java.util.ArrayList;
-import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -40,14 +39,12 @@ import javax.xml.namespace.QName;
 
 import org.apache.wss4j.common.bsp.BSPRule;
 import org.apache.wss4j.common.cache.ReplayCache;
-import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.Merlin;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.wss4j.stax.validate.Validator;
-import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityProperties;
 
 /**
@@ -734,25 +731,9 @@ public class WSSSecurityProperties exten
      * @throws WSSecurityException
      */
     public ReplayCache getTimestampReplayCache() throws WSSecurityException {
-        if (enableTimestampReplayCache && timestampReplayCache == null) {
-            timestampReplayCache = createCache("wss4j.timestamp.cache-");
-        }
-
         return timestampReplayCache;
     }
 
-    private synchronized ReplayCache createCache(String key) throws WSSecurityException {
-        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
-        byte[] nonceValue;
-        try {
-            nonceValue = WSSConstants.generateBytes(10);
-            String cacheKey = key + Base64.getEncoder().encodeToString(nonceValue);
-            return replayCacheFactory.newReplayCache(cacheKey, null);
-        } catch (XMLSecurityException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
-        }
-    }
-
     /**
      * Set the replay cache for Nonces
      */
@@ -765,10 +746,6 @@ public class WSSSecurityProperties exten
      * @throws WSSecurityException
      */
     public ReplayCache getNonceReplayCache() throws WSSecurityException {
-        if (enableNonceReplayCache && nonceReplayCache == null) {
-            nonceReplayCache = createCache("wss4j.nonce.cache-");
-        }
-
         return nonceReplayCache;
     }
 
@@ -784,10 +761,6 @@ public class WSSSecurityProperties exten
      * @throws WSSecurityException
      */
     public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
-        if (enableSamlOneTimeUseReplayCache && samlOneTimeUseReplayCache == null)
{
-            samlOneTimeUseReplayCache = createCache("wss4j.saml.one.time.use.cache-");
-        }
-
         return samlOneTimeUseReplayCache;
     }
 
@@ -879,26 +852,32 @@ public class WSSSecurityProperties exten
         this.includeEncryptionToken = includeEncryptionToken;
     }
 
+    @Deprecated
     public boolean isEnableTimestampReplayCache() {
         return enableTimestampReplayCache;
     }
 
+    @Deprecated
     public void setEnableTimestampReplayCache(boolean enableTimestampReplayCache) {
         this.enableTimestampReplayCache = enableTimestampReplayCache;
     }
 
+    @Deprecated
     public boolean isEnableNonceReplayCache() {
         return enableNonceReplayCache;
     }
 
+    @Deprecated
     public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
         this.enableNonceReplayCache = enableNonceReplayCache;
     }
 
+    @Deprecated
     public boolean isEnableSamlOneTimeUseReplayCache() {
         return enableSamlOneTimeUseReplayCache;
     }
 
+    @Deprecated
     public void setEnableSamlOneTimeUseReplayCache(boolean enableSamlOneTimeUseReplayCache)
{
         this.enableSamlOneTimeUseReplayCache = enableSamlOneTimeUseReplayCache;
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/ConfigurationConverter.java
Mon Jul 18 15:56:35 2016
@@ -452,18 +452,6 @@ public final class ConfigurationConverte
             decodeBooleanConfigValue(ConfigurationConstants.INCLUDE_ENCRYPTION_TOKEN, false,
config);
         properties.setIncludeEncryptionToken(includeEncryptionToken);
 
-        boolean enableTimestampCache =
-            decodeBooleanConfigValue(ConfigurationConstants.ENABLE_TIMESTAMP_CACHE, true,
config);
-        properties.setEnableTimestampReplayCache(enableTimestampCache);
-
-        boolean enableNonceCache =
-            decodeBooleanConfigValue(ConfigurationConstants.ENABLE_NONCE_CACHE, true, config);
-        properties.setEnableNonceReplayCache(enableNonceCache);
-
-        boolean enableSamlOneTimeUseCache =
-            decodeBooleanConfigValue(ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE,
true, config);
-        properties.setEnableSamlOneTimeUseReplayCache(enableSamlOneTimeUseCache);
-
         boolean encryptSymmetricEncryptionKey =
             decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY, true, config);
         properties.setEncryptSymmetricEncryptionKey(encryptSymmetricEncryptionKey);

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/ReplayTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/ReplayTest.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/ReplayTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/ReplayTest.java
Mon Jul 18 15:56:35 2016
@@ -21,6 +21,7 @@ package org.apache.wss4j.stax.test;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
+import java.util.Base64;
 import java.util.Properties;
 
 import javax.xml.stream.XMLStreamException;
@@ -29,6 +30,8 @@ import javax.xml.transform.dom.DOMSource
 import javax.xml.transform.stream.StreamResult;
 
 import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.apache.wss4j.dom.WSConstants;
@@ -47,6 +50,18 @@ import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
 public class ReplayTest extends AbstractTestBase {
+    
+    private ReplayCache createCache(String key) throws WSSecurityException {
+        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
+        byte[] nonceValue;
+        try {
+            nonceValue = WSSConstants.generateBytes(10);
+            String cacheKey = key + Base64.getEncoder().encodeToString(nonceValue);
+            return replayCacheFactory.newReplayCache(cacheKey, null);
+        } catch (XMLSecurityException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+        }
+    }
 
     @Test
     public void testReplayedTimestamp() throws Exception {
@@ -68,10 +83,10 @@ public class ReplayTest extends Abstract
         }
 
         //done signature; now test sig-verification:
-        ReplayCache replayCache = null;
+        ReplayCache replayCache = createCache("wss4j.timestamp.cache-");
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-            replayCache = securityProperties.getTimestampReplayCache();
+            securityProperties.setTimestampReplayCache(replayCache);
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
@@ -100,6 +115,8 @@ public class ReplayTest extends Abstract
                 Assert.assertEquals("The message has expired", e.getCause().getMessage());
             }
         }
+        
+        replayCache.close();
     }
 
     @Test
@@ -121,10 +138,10 @@ public class ReplayTest extends Abstract
         }
 
         //done UsernameToken; now test verification:
-        ReplayCache replayCache = null;
+        ReplayCache replayCache = createCache("wss4j.nonce.cache-");
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-            replayCache = securityProperties.getNonceReplayCache();
+            securityProperties.setNonceReplayCache(replayCache);
             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
@@ -152,6 +169,8 @@ public class ReplayTest extends Abstract
                 Assert.assertTrue(e.getCause() instanceof XMLSecurityException);
             }
         }
+        
+        replayCache.close();
     }
 
     /**
@@ -185,7 +204,7 @@ public class ReplayTest extends Abstract
         }
 
         // process SAML Token
-        ReplayCache replayCache = null;
+        ReplayCache replayCache = createCache("wss4j.saml.one.time.use.cache-");
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
 
@@ -194,7 +213,7 @@ public class ReplayTest extends Abstract
             securityProperties.addValidator(WSSConstants.TAG_SAML2_ASSERTION, validator);
             securityProperties.addValidator(WSSConstants.TAG_SAML_ASSERTION, validator);
 
-            replayCache = securityProperties.getSamlOneTimeUseReplayCache();
+            securityProperties.setSamlOneTimeUseReplayCache(replayCache);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
 
@@ -218,6 +237,8 @@ public class ReplayTest extends Abstract
             Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
             Assert.assertNotNull(document);
         }
+        
+        replayCache.close();
     }
 
     /**
@@ -250,7 +271,7 @@ public class ReplayTest extends Abstract
         }
 
         // process SAML Token
-        ReplayCache replayCache = null;
+        ReplayCache replayCache = createCache("wss4j.saml.one.time.use.cache-");
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
 
@@ -259,7 +280,7 @@ public class ReplayTest extends Abstract
             securityProperties.addValidator(WSSConstants.TAG_SAML2_ASSERTION, validator);
             securityProperties.addValidator(WSSConstants.TAG_SAML_ASSERTION, validator);
 
-            replayCache = securityProperties.getSamlOneTimeUseReplayCache();
+            securityProperties.setSamlOneTimeUseReplayCache(replayCache);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
 
@@ -287,6 +308,8 @@ public class ReplayTest extends Abstract
                 Assert.assertTrue(e.getCause() instanceof XMLSecurityException);
             }
         }
+        
+        replayCache.close();
     }
 
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Mon Jul 18 15:56:35 2016
@@ -23,6 +23,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Calendar;
 import java.util.GregorianCalendar;
 import java.util.HashMap;
@@ -38,6 +39,8 @@ import javax.xml.transform.dom.DOMSource
 import javax.xml.transform.stream.StreamResult;
 
 import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -51,6 +54,7 @@ import org.apache.wss4j.stax.setup.Outbo
 import org.apache.wss4j.stax.setup.WSSec;
 import org.apache.wss4j.stax.test.utils.StAX2DOM;
 import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
+import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
 import org.junit.Assert;
@@ -264,6 +268,8 @@ public class UsernameTokenTest extends A
 
         WSSSecurityProperties securityProperties = new WSSSecurityProperties();
         securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+        ReplayCache replayCache = createCache("wss4j.nonce.cache-");
+        securityProperties.setNonceReplayCache(replayCache);
         InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties, false, true);
         XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(req.getBytes())));
         StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
@@ -275,6 +281,8 @@ public class UsernameTokenTest extends A
         } catch (XMLStreamException e) {
             Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.FAILED_AUTHENTICATION);
         }
+        
+        replayCache.close();
     }
 
     /**
@@ -828,4 +836,16 @@ public class UsernameTokenTest extends A
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
         }
     }
+    
+    private ReplayCache createCache(String key) throws WSSecurityException {
+        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
+        byte[] nonceValue;
+        try {
+            nonceValue = WSSConstants.generateBytes(10);
+            String cacheKey = key + Base64.getEncoder().encodeToString(nonceValue);
+            return replayCacheFactory.newReplayCache(cacheKey, null);
+        } catch (XMLSecurityException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+        }
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java?rev=1753253&r1=1753252&r2=1753253&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
Mon Jul 18 15:56:35 2016
@@ -29,7 +29,6 @@ import java.util.Map;
 import java.util.Properties;
 
 import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamReader;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.xpath.XPathConstants;
@@ -42,9 +41,7 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.setup.InboundWSSec;
 import org.apache.wss4j.stax.setup.WSSec;
-import org.apache.wss4j.stax.test.utils.StAX2DOM;
 import org.apache.xml.security.stax.config.Init;
 import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
 import org.junit.Assert;
@@ -270,44 +267,6 @@ public class VulnerabliltyVectorsTest ex
     */
 
     @Test
-    public void testReplayAttackInbound() throws Exception {
-
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        {
-            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
-            String action = WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE;
-            Properties properties = new Properties();
-            properties.setProperty(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
-            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
properties);
-
-            //some test that we can really sure we get what we want from WSS4J
-            NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
-            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
-
-            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
-            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
-        }
-
-        //done signature; now test sig-verification:
-        {
-            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
-            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
-            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties, false, true);
-            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
-
-            StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
-
-            try {
-                xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
-                StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
-                Assert.fail("Expected XMLStreamException");
-            } catch (XMLStreamException e) {
-                Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(),
WSSecurityException.MESSAGE_EXPIRED);
-            }
-        }
-    }
-
-    @Test
     public void testMaximumAllowedReferencesPerManifest() throws Exception {
 
         InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");



Mime
View raw message