ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1861500 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/util/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/ ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/ ws-securit...
Date Mon, 17 Jun 2019 11:37:23 GMT
Author: coheigea
Date: Mon Jun 17 11:37:23 2019
New Revision: 1861500

URL: http://svn.apache.org/viewvc?rev=1861500&view=rev
Log:
Consolidating password digest code

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/UsernameTokenUtil.java
Mon Jun 17 11:37:23 2019
@@ -140,4 +140,34 @@ public final class UsernameTokenUtil {
             );
         }
     }
+
+    public static String doPasswordDigest(byte[] nonce, String created, String password)
throws WSSecurityException {
+        return doPasswordDigest(nonce, created, password.getBytes(StandardCharsets.UTF_8));
+    }
+
+    public static String doPasswordDigest(byte[] nonce, String created, byte[] password)
throws WSSecurityException {
+        String passwdDigest = null;
+        try {
+            byte[] b1 = nonce != null ? nonce : new byte[0];
+            byte[] b2 = created != null ? created.getBytes(StandardCharsets.UTF_8) : new
byte[0];
+            byte[] b3 = password;
+            byte[] b4 = new byte[b1.length + b2.length + b3.length];
+            int offset = 0;
+            System.arraycopy(b1, 0, b4, offset, b1.length);
+            offset += b1.length;
+
+            System.arraycopy(b2, 0, b4, offset, b2.length);
+            offset += b2.length;
+
+            System.arraycopy(b3, 0, b4, offset, b3.length);
+
+            byte[] digestBytes = KeyUtils.generateDigest(b4);
+            passwdDigest = org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes);
+        } catch (Exception e) {
+            LOG.debug(e.getMessage(), e);
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
+        }
+        return passwdDigest;
+    }
+
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
Mon Jun 17 11:37:23 2019
@@ -20,7 +20,6 @@
 package org.apache.wss4j.dom.message.token;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
 import java.security.Principal;
 import java.time.Instant;
 import java.time.ZoneOffset;
@@ -42,7 +41,6 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.wss4j.common.util.DateUtil;
-import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.common.util.UsernameTokenUtil;
 import org.apache.wss4j.common.util.WSCurrentTimeSource;
 import org.apache.wss4j.common.util.WSTimeSource;
@@ -500,11 +498,12 @@ public class UsernameToken {
         Text node = getFirstNode(elementPassword);
         try {
             if (hashed) {
+                byte[] decodedNonce = org.apache.xml.security.utils.XMLUtils.decode(getNonce());
                 if (passwordsAreEncoded) {
-                    node.setData(doPasswordDigest(getNonce(), getCreated(),
+                    node.setData(UsernameTokenUtil.doPasswordDigest(decodedNonce, getCreated(),
                                                   org.apache.xml.security.utils.XMLUtils.decode(pwd)));
                 } else {
-                    node.setData(doPasswordDigest(getNonce(), getCreated(), pwd));
+                    node.setData(UsernameTokenUtil.doPasswordDigest(decodedNonce, getCreated(),
pwd));
                 }
             } else {
                 node.setData(pwd);
@@ -556,40 +555,6 @@ public class UsernameToken {
         return passwordsAreEncoded;
     }
 
-    public static String doPasswordDigest(String nonce, String created, byte[] password)
{
-        String passwdDigest = null;
-        try {
-            byte[] b1 = nonce != null ? org.apache.xml.security.utils.XMLUtils.decode(nonce)
: new byte[0];
-            byte[] b2 = created != null ? created.getBytes(StandardCharsets.UTF_8) : new
byte[0];
-            byte[] b3 = password;
-            byte[] b4 = new byte[b1.length + b2.length + b3.length];
-            int offset = 0;
-            System.arraycopy(b1, 0, b4, offset, b1.length);
-            offset += b1.length;
-
-            System.arraycopy(b2, 0, b4, offset, b2.length);
-            offset += b2.length;
-
-            System.arraycopy(b3, 0, b4, offset, b3.length);
-
-            byte[] digestBytes = KeyUtils.generateDigest(b4);
-            passwdDigest = org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes);
-        } catch (Exception e) {
-            LOG.debug(e.getMessage(), e);
-        }
-        return passwdDigest;
-    }
-
-    public static String doPasswordDigest(String nonce, String created, String password)
{
-        String passwdDigest = null;
-        try {
-            passwdDigest = doPasswordDigest(nonce, created, password.getBytes(StandardCharsets.UTF_8));
-        } catch (Exception e) {
-            LOG.debug(e.getMessage(), e);
-        }
-        return passwdDigest;
-    }
-
     /**
      * Returns the first text node of an element.
      *

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
Mon Jun 17 11:37:23 2019
@@ -27,6 +27,7 @@ import javax.security.auth.callback.Unsu
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.xml.security.utils.XMLUtils;
@@ -166,11 +167,12 @@ public class UsernameTokenValidator impl
         }
         if (usernameToken.isHashed()) {
             String passDigest;
+            byte[] decodedNonce = XMLUtils.decode(nonce);
             if (passwordsAreEncoded) {
-                passDigest = UsernameToken.doPasswordDigest(nonce, createdTime,
+                passDigest = UsernameTokenUtil.doPasswordDigest(decodedNonce, createdTime,
                                                             XMLUtils.decode(origPassword));
             } else {
-                passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
+                passDigest = UsernameTokenUtil.doPasswordDigest(decodedNonce, createdTime,
origPassword);
             }
             if (!passDigest.equals(password)) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
Mon Jun 17 11:37:23 2019
@@ -36,6 +36,7 @@ import org.apache.wss4j.common.bsp.BSPRu
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
 import org.apache.wss4j.common.util.WSTimeSource;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
@@ -174,7 +175,8 @@ public class UsernameTokenTest implement
         String nonce = "0x7bXAPZVn40AdCD0Xbt0g==";
         String created = "2010-06-28T15:16:37Z";
         String expectedPasswordDigest = "C0rena/6gKpRZ9ATj+e6ss5sAbQ=";
-        String actualPasswordDigest = UsernameToken.doPasswordDigest(nonce, created, passwordHash);
+        byte[] decodedNonce = org.apache.xml.security.utils.XMLUtils.decode(nonce);
+        String actualPasswordDigest = UsernameTokenUtil.doPasswordDigest(decodedNonce, created,
passwordHash);
         assertEquals("the password digest is not as expected", expectedPasswordDigest, actualPasswordDigest);
     }
 

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
Mon Jun 17 11:37:23 2019
@@ -204,7 +204,7 @@ public class UsernameTokenOutputProcesso
                     createCharactersAndOutputAsEvent(subOutputProcessorChain,
                             ((WSSSecurityProperties) getSecurityProperties()).getUsernameTokenPasswordType()
                                 == WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST
-                                    ? WSSUtils.doPasswordDigest(this.nonceValue, created,
this.password)
+                                    ? UsernameTokenUtil.doPasswordDigest(this.nonceValue,
created, this.password)
                                     : this.password);
                     createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_WSSE_PASSWORD);
                 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
Mon Jun 17 11:37:23 2019
@@ -19,7 +19,6 @@
 package org.apache.wss4j.stax.utils;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -113,30 +112,6 @@ public class WSSUtils extends XMLSecurit
         }
     }
 
-    public static String doPasswordDigest(byte[] nonce, String created, String password)
throws WSSecurityException {
-        try {
-            byte[] b1 = nonce != null ? nonce : new byte[0];
-            byte[] b2 = created != null ? created.getBytes(StandardCharsets.UTF_8) : new
byte[0];
-            byte[] b3 = password.getBytes(StandardCharsets.UTF_8);
-            byte[] b4 = new byte[b1.length + b2.length + b3.length];
-            int offset = 0;
-            System.arraycopy(b1, 0, b4, offset, b1.length);
-            offset += b1.length;
-
-            System.arraycopy(b2, 0, b4, offset, b2.length);
-            offset += b2.length;
-
-            System.arraycopy(b3, 0, b4, offset, b3.length);
-
-            MessageDigest sha = MessageDigest.getInstance("SHA-1");
-            sha.reset();
-            sha.update(b4);
-            return XMLUtils.encodeToString(sha.digest());
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
-        }
-    }
-
     public static String getSOAPMessageVersionNamespace(XMLSecEvent xmlSecEvent) {
         XMLSecStartElement xmlSecStartElement = xmlSecEvent.getStartElementAtLevel(1);
         if (xmlSecStartElement != null) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Mon Jun 17 11:37:23 2019
@@ -25,6 +25,7 @@ import org.apache.wss4j.binding.wss10.Us
 import org.apache.wss4j.binding.wsu10.AttributedDateTime;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -179,7 +180,7 @@ public class UsernameTokenValidatorImpl
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
         }
 
-        String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
+        String passDigest = UsernameTokenUtil.doPasswordDigest(nonceVal, created, pwCb.getPassword());
         if (!passwordType.getValue().equals(passDigest)) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1861500&r1=1861499&r2=1861500&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Mon Jun 17 11:37:23 2019
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.cache.Rep
 import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
@@ -249,8 +250,8 @@ public class UsernameTokenTest extends A
         ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
         String createdString = DateUtil.getDateTimeFormatter(true).format(created);
         String digest =
-            org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
-                "Ex2YESUvsa1qne1m6TM8XA==", createdString, "default"
+            UsernameTokenUtil.doPasswordDigest(
+                XMLUtils.decode("Ex2YESUvsa1qne1m6TM8XA=="), createdString, "default"
             );
 
         String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -299,8 +300,8 @@ public class UsernameTokenTest extends A
         String createdString = DateUtil.getDateTimeFormatter(true).format(created);
 
         String digest =
-            org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
-                "Ex2YEKVvsa1qne1m6TM8XA==", createdString, "default"
+            UsernameTokenUtil.doPasswordDigest(
+                XMLUtils.decode("Ex2YEKVvsa1qne1m6TM8XA=="), createdString, "default"
             );
 
         String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -343,8 +344,8 @@ public class UsernameTokenTest extends A
         String createdString = DateUtil.getDateTimeFormatter(true).format(created);
 
         String digest =
-            org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
-                "Ex2YEKVvSa1qne1m6TM8XA==", createdString, "default"
+            UsernameTokenUtil.doPasswordDigest(
+                XMLUtils.decode("Ex2YEKVvSa1qne1m6TM8XA=="), createdString, "default"
             );
 
         String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
@@ -380,8 +381,8 @@ public class UsernameTokenTest extends A
         String createdString = DateUtil.getDateTimeFormatter(true).format(created);
 
         String digest =
-            org.apache.wss4j.dom.message.token.UsernameToken.doPasswordDigest(
-                "Ex2YEKVvsa1Qne1m6TM8XA==", createdString, "default"
+            UsernameTokenUtil.doPasswordDigest(
+                XMLUtils.decode("Ex2YEKVvsa1Qne1m6TM8XA=="), createdString, "default"
             );
 
         String req = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +



Mime
View raw message