ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1294114 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/ main/java/org/apache/ws/security/processor/ test/java/org/apache/ws/security/message/
Date Mon, 27 Feb 2012 11:23:32 GMT
Author: coheigea
Date: Mon Feb 27 11:23:30 2012
New Revision: 1294114

URL: http://svn.apache.org/viewvc?rev=1294114&view=rev
Log:
Only decrypt a Data Reference in the ReferenceListProcessor, if it hasn't already been decrypted
by the EncryptedDataProcessor

Added:
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptedDataInHeaderTest.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java?rev=1294114&r1=1294113&r2=1294114&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java Mon Feb 27
11:23:30 2012
@@ -255,6 +255,30 @@ public class WSDocInfo {
         }
         return foundResults;
     }
+    
+    /**
+     * Get a WSSecurityEngineResult of the given Integer tag for the given Id
+     */
+    public WSSecurityEngineResult getResultByTag(Integer tag, String uri) {
+        String id = uri;
+        if (id == null) {
+            return null;
+        } else if (id.charAt(0) == '#') {
+            id = id.substring(1);
+        }
+        if (resultsList != null) {
+            for (WSSecurityEngineResult result : resultsList) {
+                if (result != null) {
+                    Integer resultTag = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
+                    String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
+                    if ((tag.intValue() == resultTag.intValue()) && id.equals(cId))
{
+                        return result;
+                    }
+                }
+            }
+        }
+        return null;
+    }
 
     /**
      * @return the signature crypto class used to process

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=1294114&r1=1294113&r2=1294114&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
Mon Feb 27 11:23:30 2012
@@ -20,6 +20,7 @@
 package org.apache.ws.security.processor;
 
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSDocInfo;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -37,6 +38,7 @@ import javax.crypto.SecretKey;
 import javax.xml.namespace.QName;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -133,7 +135,28 @@ public class EncryptedDataProcessor impl
             );
         }
         
+        WSDataRef dataRef = new WSDataRef();
+        dataRef.setWsuId(elem.getAttributeNS(null, "Id"));
+        dataRef.setAlgorithm(symEncAlgo);
+        dataRef.setContent(false);
+        
+        Node decryptedNode;
+        if (previousSibling == null) {
+            decryptedNode = parent.getFirstChild();
+        } else {
+            decryptedNode = previousSibling.getNextSibling();
+        }
+        if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType())
{
+            dataRef.setProtectedElement((Element)decryptedNode);
+        }
+        dataRef.setXpath(ReferenceListProcessor.getXPath(decryptedNode));
+        
+        WSSecurityEngineResult result = 
+                new WSSecurityEngineResult(WSConstants.ENCR, Collections.singletonList(dataRef));
+        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null, "Id"));
+        wsDocInfo.addResult(result);
         wsDocInfo.addTokenElement(elem);
+        
         WSSConfig wssConfig = request.getWssConfig();
         if (wssConfig != null) {
             // Get hold of the plain text element
@@ -156,10 +179,12 @@ public class EncryptedDataProcessor impl
                 if (encrKeyResults != null) {
                     completeResults.addAll(encrKeyResults);
                 }
+                completeResults.add(result);
                 completeResults.addAll(0, results);
                 return completeResults;
             }
         }
+        encrKeyResults.add(result);
         return encrKeyResults;
     }
     
@@ -180,7 +205,9 @@ public class EncryptedDataProcessor impl
         // EncryptionAlgorithm must be 3DES, or AES128, or AES256
         if (!WSConstants.TRIPLE_DES.equals(encAlgo)
             && !WSConstants.AES_128.equals(encAlgo)
-            && !WSConstants.AES_256.equals(encAlgo)) {
+            && !WSConstants.AES_128_GCM.equals(encAlgo)
+            && !WSConstants.AES_256.equals(encAlgo)
+            && !WSConstants.AES_256_GCM.equals(encAlgo)) {
             throw new WSSecurityException(
                 WSSecurityException.INVALID_SECURITY, "badEncAlgo", new Object[]{encAlgo}
             );

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1294114&r1=1294113&r2=1294114&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Feb 27 11:23:30 2012
@@ -147,7 +147,7 @@ public class EncryptedKeyProcessor imple
             WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD, 
             encryptedKeyTransportMethod
         );
-        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
+        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null, "Id"));
         wsDocInfo.addResult(result);
         wsDocInfo.addTokenElement(elem);
         return java.util.Collections.singletonList(result);

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1294114&r1=1294113&r2=1294114&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
Mon Feb 27 11:23:30 2012
@@ -60,6 +60,7 @@ public class ReferenceListProcessor impl
         List<WSDataRef> dataRefs = handleReferenceList(elem, data, wsDocInfo);
         WSSecurityEngineResult result = 
             new WSSecurityEngineResult(WSConstants.ENCR, dataRefs);
+        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null, "Id"));
         wsDocInfo.addTokenElement(elem);
         wsDocInfo.addResult(result);
         return java.util.Collections.singletonList(result);
@@ -94,10 +95,13 @@ public class ReferenceListProcessor impl
                 if (dataRefURI.charAt(0) == '#') {
                     dataRefURI = dataRefURI.substring(1);
                 }
-                WSDataRef dataRef = 
-                    decryptDataRefEmbedded(
-                        elem.getOwnerDocument(), dataRefURI, data, wsDocInfo, asymBinding);
-                dataRefs.add(dataRef);
+                
+                if (wsDocInfo.getResultByTag(WSConstants.ENCR, dataRefURI) == null) {
+                    WSDataRef dataRef = 
+                        decryptDataRefEmbedded(
+                            elem.getOwnerDocument(), dataRefURI, data, wsDocInfo, asymBinding);
+                    dataRefs.add(dataRef);
+                }
             }
         }
         

Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptedDataInHeaderTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptedDataInHeaderTest.java?rev=1294114&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptedDataInHeaderTest.java
(added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptedDataInHeaderTest.java
Mon Feb 27 11:23:30 2012
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.common.KeystoreCallbackHandler;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * This test encrypts a Timestamp and the SOAP Body, and appends the ReferenceList Element
after the
+ * EncryptedData Element that is the Timestamp. When processing, the EncryptedData Element
gets decrypted,
+ * and then the ReferenceListProcessor must check to see whether the Data Reference pointing
to the 
+ * encrypted Timestamp needs to be decrypted or not.
+ */
+public class EncryptedDataInHeaderTest extends org.junit.Assert {
+    private static final org.apache.commons.logging.Log LOG = 
+        org.apache.commons.logging.LogFactory.getLog(EncryptedDataInHeaderTest.class);
+
+    private WSSecurityEngine secEngine = new WSSecurityEngine();
+    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
+    private Crypto crypto = null;
+    
+    public EncryptedDataInHeaderTest() throws Exception {
+        crypto = CryptoFactory.getInstance();
+        WSSConfig.init();
+    }
+
+    @org.junit.Test
+    public void testEncryptedDataInHeader() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        WSSecTimestamp timestamp = new WSSecTimestamp();
+        timestamp.setTimeToLive(300);
+        timestamp.build(doc, secHeader);
+        
+        // Encrypt the Timestamp and SOAP Body
+        List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "Timestamp", WSConstants.WSU_NS, "");
+        parts.add(encP);
+        String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+        encP = 
+            new WSEncryptionPart(
+                WSConstants.ELEM_BODY, soapNamespace, "Content"
+            );
+        parts.add(encP);
+        
+        WSSecEncrypt encrypt = new WSSecEncrypt();
+        encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        encrypt.setParts(parts);
+        
+        encrypt.prepare(doc, crypto);
+        encrypt.prependToHeader(secHeader);
+        
+        // Append Reference List to security header
+        Element refs = encrypt.encryptForRef(null, parts);
+        secHeader.getSecurityHeader().appendChild(refs);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        
+        List<WSSecurityEngineResult> results = verify(doc);
+        WSSecurityEngineResult actionResult = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+    }
+    
+    
+    /**
+     * Verifies the soap envelope
+     * <p/>
+     * 
+     * @param doc 
+     * @throws Exception Thrown when there is a problem in verification
+     */
+    private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+        List<WSSecurityEngineResult> results = 
+            secEngine.processSecurityHeader(doc, null, callbackHandler, null, crypto);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Verified and decrypted message:");
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        return results;
+    }
+
+}



Mime
View raw message