ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1868512 - in /webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src: main/java/org/apache/wss4j/dom/action/ main/java/org/apache/wss4j/dom/handler/ main/java/org/apache/wss4j/dom/message/ main/java/org/apache/wss4j/dom/processor/ main...
Date Wed, 16 Oct 2019 15:59:00 GMT
Author: coheigea
Date: Wed Oct 16 15:58:59 2019
New Revision: 1868512

URL: http://svn.apache.org/viewvc?rev=1868512&view=rev
Log:
WSS-656 - Add the ability to specify a security Provider to use with Signature

Added:
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
Modified:
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
Wed Oct 16 15:58:59 2019
@@ -85,6 +85,7 @@ public class SAMLTokenSignedAction imple
         wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
         wsSign.setWsDocInfo(reqData.getWsDocInfo());
         wsSign.setExpandXopInclude(reqData.isExpandXopInclude());
+        wsSign.setSignatureProvider(reqData.getSignatureProvider());
 
         CallbackHandler callbackHandler =
             handler.getPasswordCallbackHandler(reqData);

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
Wed Oct 16 15:58:59 2019
@@ -62,6 +62,7 @@ public class SignatureAction implements
         wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
         wsSign.setWsDocInfo(reqData.getWsDocInfo());
         wsSign.setExpandXopInclude(reqData.isExpandXopInclude());
+        wsSign.setSignatureProvider(reqData.getSignatureProvider());
 
         if (signatureToken.getKeyIdentifierId() != 0) {
             wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
Wed Oct 16 15:58:59 2019
@@ -19,6 +19,7 @@
 
 package org.apache.wss4j.dom.handler;
 
+import java.security.Provider;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -95,6 +96,7 @@ public class RequestData {
     private boolean storeBytesInAttachment;
     private Serializer encryptionSerializer;
     private WSDocInfo wsDocInfo;
+    private Provider signatureProvider;
 
     /**
      * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
@@ -771,4 +773,15 @@ public class RequestData {
     public void setWsDocInfo(WSDocInfo wsDocInfo) {
         this.wsDocInfo = wsDocInfo;
     }
+
+    public Provider getSignatureProvider() {
+        return signatureProvider;
+    }
+
+    /**
+     * Set a security Provider instance to use for Signature
+     */
+    public void setSignatureProvider(Provider signatureProvider) {
+        this.signatureProvider = signatureProvider;
+    }
 }

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
Wed Oct 16 15:58:59 2019
@@ -109,6 +109,7 @@ public class WSSecSignature extends WSSe
     private boolean includeSignatureToken;
     private boolean addInclusivePrefixes = true;
     private Element customKeyInfoElement;
+    private Provider signatureProvider;
 
     public WSSecSignature(WSSecHeader securityHeader) {
         super(securityHeader);
@@ -598,6 +599,9 @@ public class WSSecSignature extends WSSe
             } else {
                 signContext = new DOMSignContext(key, securityHeaderElement);
             }
+            if (signatureProvider != null) {
+                signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
signatureProvider);
+            }
 
             signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
             if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
@@ -925,4 +929,12 @@ public class WSSecSignature extends WSSe
     public Element getCustomKeyInfoElement() {
         return customKeyInfoElement;
     }
+
+    public Provider getSignatureProvider() {
+        return signatureProvider;
+    }
+
+    public void setSignatureProvider(Provider signatureProvider) {
+        this.signatureProvider = signatureProvider;
+    }
 }

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
Wed Oct 16 15:58:59 2019
@@ -204,6 +204,9 @@ public class SAMLTokenProcessor implemen
             XMLValidateContext context = new DOMValidateContext(key, sig.getDOM());
             context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
             context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
+            if (data.getSignatureProvider() != null) {
+                context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", data.getSignatureProvider());
+            }
 
             XMLSignature xmlSignature;
             try {
@@ -264,7 +267,7 @@ public class SAMLTokenProcessor implemen
 
                 // Set the Transform algorithms as well
                 @SuppressWarnings("unchecked")
-                List<Transform> transforms = (List<Transform>)reference.getTransforms();
+                List<Transform> transforms = reference.getTransforms();
                 List<String> transformAlgorithms = new ArrayList<>(transforms.size());
                 for (Transform transform : transforms) {
                     transformAlgorithms.add(transform.getAlgorithm());

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Wed Oct 16 15:58:59 2019
@@ -349,6 +349,9 @@ public class SignatureProcessor implemen
         context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
         context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
         context.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);
+        if (data.getSignatureProvider() != null) {
+            context.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", data.getSignatureProvider());
+        }
 
         context.setProperty(AttachmentContentSignatureTransform.ATTACHMENT_CALLBACKHANDLER,
                             data.getAttachmentCallbackHandler());

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1868512&r1=1868511&r2=1868512&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
Wed Oct 16 15:58:59 2019
@@ -512,6 +512,10 @@ public class WSSecSignatureSAML extends
             } else {
                 signContext = new DOMSignContext(key, securityHeaderElement);
             }
+            if (getSignatureProvider() != null) {
+                signContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider",
getSignatureProvider());
+            }
+
             signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
             if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(getSigCanonicalization())) {
                 signContext.putNamespacePrefix(

Added: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java?rev=1868512&view=auto
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
(added)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureProviderTest.java
Wed Oct 16 15:58:59 2019
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.message;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+/**
+ * A set of test-cases for signing and verifying SOAP requests using a specific provider
+ */
+public class SignatureProviderTest {
+    private static final org.slf4j.Logger LOG =
+        org.slf4j.LoggerFactory.getLogger(SignatureProviderTest.class);
+
+    private WSSecurityEngine secEngine = new WSSecurityEngine();
+
+    @AfterAll
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+    }
+
+    public SignatureProviderTest() throws Exception {
+        WSSConfig.init();
+    }
+
+    @Test
+    public void testBouncyCastleSignature() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSignature builder = new WSSecSignature(secHeader);
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        builder.setSignatureProvider(new BouncyCastleProvider());
+        LOG.info("Before Signing IS....");
+
+        Crypto crypto = CryptoFactory.getInstance();
+        Document signedDoc = builder.build(crypto);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed message with IssuerSerial key identifier:");
+            String outputString =
+                XMLUtils.prettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+        LOG.info("After Signing IS....");
+        WSHandlerResult results = verify(signedDoc, crypto);
+
+        WSSecurityEngineResult actionResult =
+            results.getActionResults().get(WSConstants.SIGN).get(0);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType =
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
+    }
+
+    private WSHandlerResult verify(Document doc, Crypto crypto) throws Exception {
+        RequestData data = new RequestData();
+        data.setWssConfig(WSSConfig.getNewInstance());
+        data.setSigVerCrypto(crypto);
+        data.setDecCrypto(crypto);
+        data.setSignatureProvider(new BouncyCastleProvider());
+        data.setCallbackHandler(new KeystoreCallbackHandler());
+        Element securityHeader = WSSecurityUtil.getSecurityHeader(doc, null);
+        return secEngine.processSecurityHeader(securityHeader, data);
+    }
+
+}
\ No newline at end of file



Mime
View raw message