ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1297953 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/ main/java/org/apache/ws/security/processor/ main/java/org/apache/ws/security/str/ test/java/org/apache/ws/security/message/
Date Wed, 07 Mar 2012 12:29:43 GMT
Author: coheigea
Date: Wed Mar  7 12:29:42 2012
New Revision: 1297953

URL: http://svn.apache.org/viewvc?rev=1297953&view=rev
Log:
[WSS-358] - Record how a certificate was referenced for signature or encryption

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
Wed Mar  7 12:29:42 2012
@@ -146,6 +146,13 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type java.security.cert.X509Certificate[].
      */
     public static final String TAG_X509_CERTIFICATES = "x509-certificates";
+    
+    /**
+     * Tag denoting how the X.509 certificate (chain) was referenced, if applicable.
+     * 
+     * The value under this tag is of type STRParser.REFERENCE_TYPE.
+     */
+    public static final String TAG_X509_REFERENCE_TYPE  = "x509-reference-type";
 
     /**
      * Tag denoting the encrypted key bytes

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Wed Mar  7 12:29:42 2012
@@ -99,8 +99,9 @@ public class EncryptedKeyProcessor imple
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
         }
         
+        STRParser strParser = new EncryptedKeySTRParser();
         X509Certificate[] certs = 
-            getCertificatesFromEncryptedKey(elem, data, data.getDecCrypto(), wsDocInfo);
+            getCertificatesFromEncryptedKey(elem, data, data.getDecCrypto(), wsDocInfo, strParser);
 
         try {
             PrivateKey privateKey = data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
@@ -148,6 +149,7 @@ public class EncryptedKeyProcessor imple
             encryptedKeyTransportMethod
         );
         result.put(WSSecurityEngineResult.TAG_ID, elem.getAttributeNS(null, "Id"));
+        result.put(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE, strParser.getCertificatesReferenceType());
         wsDocInfo.addResult(result);
         wsDocInfo.addTokenElement(elem);
         return java.util.Collections.singletonList(result);
@@ -211,7 +213,8 @@ public class EncryptedKeyProcessor imple
         Element xencEncryptedKey,
         RequestData data,
         Crypto crypto,
-        WSDocInfo wsDocInfo
+        WSDocInfo wsDocInfo,
+        STRParser strParser
     ) throws WSSecurityException {
         Element keyInfo = 
             WSSecurityUtil.getDirectChildElement(
@@ -242,12 +245,11 @@ public class EncryptedKeyProcessor imple
                         WSConstants.WSSE_NS
                     );
             }
-            if (strElement == null) {
+            if (strElement == null || strParser == null) {
                 throw new WSSecurityException(
                     WSSecurityException.INVALID_SECURITY, "noSecTokRef"
                 );
             }
-            STRParser strParser = new EncryptedKeySTRParser();
             strParser.parseSecurityTokenReference(strElement, data, wsDocInfo, null);
             
             X509Certificate[] certs = strParser.getCertificates();

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
Wed Mar  7 12:29:42 2012
@@ -37,6 +37,7 @@ import org.apache.ws.security.message.Ca
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.str.STRParser;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
 import org.apache.ws.security.str.SignatureSTRParser;
 import org.apache.ws.security.transform.STRTransform;
 import org.apache.ws.security.transform.STRTransformUtil;
@@ -119,6 +120,7 @@ public class SignatureProcessor implemen
         PublicKey publicKey = null;
         byte[] secretKey = null;
         String signatureMethod = getSignatureMethod(elem);
+        REFERENCE_TYPE referenceType = null;
 
         Validator validator = data.getValidator(WSSecurityEngine.SIGNATURE);
         if (keyInfoElement == null) {
@@ -166,6 +168,7 @@ public class SignatureProcessor implemen
                 certs = strParser.getCertificates();
                 publicKey = strParser.getPublicKey();
                 secretKey = strParser.getSecretKey();
+                referenceType = strParser.getCertificatesReferenceType();
                 
                 boolean trusted = strParser.isTrustedCredential();
                 if (trusted && LOG.isDebugEnabled()) {
@@ -223,6 +226,7 @@ public class SignatureProcessor implemen
         result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
         result.put(WSSecurityEngineResult.TAG_SECRET, secretKey);
         result.put(WSSecurityEngineResult.TAG_PUBLIC_KEY, publicKey);
+        result.put(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE, referenceType);
         if (validator != null) {
             result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
         }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
Wed Mar  7 12:29:42 2012
@@ -196,6 +196,14 @@ public class DerivedKeyTokenSTRParser im
     public boolean isTrustedCredential() {
         return false;
     }
+    
+    /**
+     * Get how the certificates were referenced
+     * @return how the certificates were referenced
+     */
+    public REFERENCE_TYPE getCertificatesReferenceType() {
+        return null;
+    }
 
     /**
      * Get the Secret Key from a CallbackHandler

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
Wed Mar  7 12:29:42 2012
@@ -53,6 +53,8 @@ public class EncryptedKeySTRParser imple
     
     private X509Certificate[] certs;
     
+    private REFERENCE_TYPE referenceType;
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -83,8 +85,14 @@ public class EncryptedKeySTRParser imple
             if (uri.charAt(0) == '#') {
                 uri = uri.substring(1);
             }
+            referenceType = REFERENCE_TYPE.DIRECT_REF;
         } else if (secRef.containsKeyIdentifier()) {
             uri = secRef.getKeyIdentifierValue();
+            if (SecurityTokenReference.THUMB_URI.equals(secRef.getKeyIdentifierValueType()))
{
+                referenceType = REFERENCE_TYPE.THUMBPRINT_SHA1;
+            } else {
+                referenceType = REFERENCE_TYPE.KEY_IDENTIFIER;
+            }
         }
         
         WSSecurityEngineResult result = wsDocInfo.getResult(uri);
@@ -111,6 +119,7 @@ public class EncryptedKeySTRParser imple
                 certs = secRef.getKeyIdentifier(crypto);
             }
         } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
+            referenceType = REFERENCE_TYPE.ISSUER_SERIAL;
             certs = secRef.getX509IssuerSerial(crypto);
         } else if (secRef.containsReference()) {
             Element bstElement = 
@@ -182,6 +191,14 @@ public class EncryptedKeySTRParser imple
     }
     
     /**
+     * Get how the certificates were referenced
+     * @return how the certificates were referenced
+     */
+    public REFERENCE_TYPE getCertificatesReferenceType() {
+        return referenceType;
+    }
+    
+    /**
      * Process a previous security result
      */
     private void processPreviousResult(

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java Wed Mar
 7 12:29:42 2012
@@ -37,6 +37,18 @@ import java.util.Map;
 public interface STRParser {
     
     /**
+     * ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number
of the 
+     * (root) cert
+     * THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 thumbprint of the (root)
cert
+     * KEY_IDENTIFIER - A certificate (chain) is located via a Key Identifier Element
+     * DIRECT_REF - A certificate (chain) is located directly via an Id to another security
token
+     * Note that a Thumbprint reference is also a KeyIdentifier, but takes precedence over
it.
+     */
+    public enum REFERENCE_TYPE {
+        ISSUER_SERIAL, THUMBPRINT_SHA1, KEY_IDENTIFIER, DIRECT_REF
+    };
+    
+    /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
      * @param strElement The SecurityTokenReference element
@@ -84,5 +96,11 @@ public interface STRParser {
      * @return true if trust has already been verified on the returned Credential
      */
     public boolean isTrustedCredential();
+
+    /**
+     * Get how the certificates were referenced
+     * @return how the certificates were referenced
+     */
+    public REFERENCE_TYPE getCertificatesReferenceType();
     
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
Wed Mar  7 12:29:42 2012
@@ -214,6 +214,14 @@ public class SecurityTokenRefSTRParser i
     }
     
     /**
+     * Get how the certificates were referenced
+     * @return how the certificates were referenced
+     */
+    public REFERENCE_TYPE getCertificatesReferenceType() {
+        return null;
+    }
+    
+    /**
      * Get whether the returned credential is already trusted or not. This is currently
      * applicable in the case of a credential extracted from a trusted HOK SAML Assertion,
      * and a BinarySecurityToken that has been processed by a Validator. In these cases,

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
Wed Mar  7 12:29:42 2012
@@ -83,6 +83,8 @@ public class SignatureSTRParser implemen
     
     private boolean trustedCredential;
     
+    private REFERENCE_TYPE referenceType;
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -115,8 +117,14 @@ public class SignatureSTRParser implemen
             if (uri.charAt(0) == '#') {
                 uri = uri.substring(1);
             }
+            referenceType = REFERENCE_TYPE.DIRECT_REF;
         } else if (secRef.containsKeyIdentifier()) {
             uri = secRef.getKeyIdentifierValue();
+            if (SecurityTokenReference.THUMB_URI.equals(secRef.getKeyIdentifierValueType()))
{
+                referenceType = REFERENCE_TYPE.THUMBPRINT_SHA1;
+            } else {
+                referenceType = REFERENCE_TYPE.KEY_IDENTIFIER;
+            }
         }
         
         WSSecurityEngineResult result = wsDocInfo.getResult(uri);
@@ -190,6 +198,7 @@ public class SignatureSTRParser implemen
                 }
             }
         } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
+            referenceType = REFERENCE_TYPE.ISSUER_SERIAL;
             X509Certificate[] foundCerts = secRef.getX509IssuerSerial(crypto);
             if (foundCerts != null && foundCerts.length > 0) {
                 certs = new X509Certificate[]{foundCerts[0]};
@@ -282,6 +291,14 @@ public class SignatureSTRParser implemen
     }
     
     /**
+     * Get how the certificates were referenced
+     * @return how the certificates were referenced
+     */
+    public REFERENCE_TYPE getCertificatesReferenceType() {
+        return referenceType;
+    }
+    
+    /**
      * A method to create a Principal from a SAML Assertion
      * @param assertion An AssertionWrapper object
      * @return A principal

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/EncryptionTest.java
Wed Mar  7 12:29:42 2012
@@ -35,6 +35,7 @@ import org.apache.ws.security.components
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
@@ -45,6 +46,7 @@ import javax.crypto.SecretKey;
 import javax.security.auth.callback.CallbackHandler;
 
 import java.util.ArrayList;
+import java.util.List;
 
 /**
  * A set of test-cases for encrypting and decrypting SOAP requests.
@@ -147,7 +149,7 @@ public class EncryptionTest extends org.
             LOG.debug(outputString);
         }
         assertTrue(outputString.indexOf("counter_port_type") == -1 ? true : false);
-        verify(
+        List<WSSecurityEngineResult> results = verify(
             encryptedDoc,
             keystoreCallbackHandler,
             new javax.xml.namespace.QName(
@@ -155,6 +157,14 @@ public class EncryptionTest extends org.
                 "add"
             )
         );
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
     }
 
     /**
@@ -191,7 +201,16 @@ public class EncryptionTest extends org.
         WSSConfig config = WSSConfig.getNewInstance();
         config.setWsiBSPCompliant(false);
         newEngine.setWssConfig(config);
-        newEngine.processSecurityHeader(encryptedDoc, null, keystoreCallbackHandler, crypto);
+        List<WSSecurityEngineResult> results = 
+            newEngine.processSecurityHeader(encryptedDoc, null, keystoreCallbackHandler,
crypto);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
         
         // Now turn on BSP spec compliance
         config.setWsiBSPCompliant(true);
@@ -274,7 +293,15 @@ public class EncryptionTest extends org.
         assertTrue(outputString.indexOf("#ThumbprintSHA1") != -1);
     
         LOG.info("After Encrypting ThumbprintSHA1....");
-        verify(encryptedDoc, encCrypto, keystoreCallbackHandler);
+        List<WSSecurityEngineResult> results = verify(encryptedDoc, encCrypto, keystoreCallbackHandler);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
     }
     
     /**
@@ -487,12 +514,20 @@ public class EncryptionTest extends org.
         }
         assertTrue(outputString.indexOf("counter_port_type") == -1 ? true
                 : false);
-        verify(encryptedDoc, crypto, keystoreCallbackHandler);
+        List<WSSecurityEngineResult> results = verify(encryptedDoc, crypto, keystoreCallbackHandler);
         
         outputString = 
             org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
         assertTrue(outputString.indexOf("counter_port_type") > 0 ? true
                 : false);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF);
     }
     
     
@@ -609,15 +644,17 @@ public class EncryptionTest extends org.
      * @throws Exception
      *             Thrown when there is a problem in verification
      */
-    private void verify(
+    private List<WSSecurityEngineResult> verify(
         Document doc, Crypto decCrypto, CallbackHandler handler
     ) throws Exception {
-        secEngine.processSecurityHeader(doc, null, handler, decCrypto);
+        List<WSSecurityEngineResult> results = 
+            secEngine.processSecurityHeader(doc, null, handler, decCrypto);
         if (LOG.isDebugEnabled()) {
             String outputString = 
                 org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
             LOG.debug(outputString);
         }
+        return results;
     }
     
     /**
@@ -628,7 +665,7 @@ public class EncryptionTest extends org.
      * @throws Exception Thrown when there is a problem in verification
      */
     @SuppressWarnings("unchecked")
-    private void verify(
+    private List<WSSecurityEngineResult> verify(
         Document doc,
         CallbackHandler handler,
         javax.xml.namespace.QName expectedEncryptedElement
@@ -678,6 +715,7 @@ public class EncryptionTest extends org.
             }
         }
         assertTrue(encrypted);
+        return results;
     }
 
 }

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
Wed Mar  7 12:29:42 2012
@@ -19,12 +19,17 @@
 
 package org.apache.ws.security.message;
 
+import java.util.List;
+
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.common.SOAPUtil;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
+import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 
 /**
@@ -75,7 +80,16 @@ public class SKISignatureTest extends or
         }
 
         LOG.info("After SigningDSA_SKIDirect....");
-        verify(signedDoc);
+        
+        List<WSSecurityEngineResult> results = verify(signedDoc);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
     }
 
     /**
@@ -152,7 +166,7 @@ public class SKISignatureTest extends or
      * @param env soap envelope
      * @throws java.lang.Exception Thrown when there is a problem in verification
      */
-    private void verify(Document doc) throws Exception {
-        secEngine.processSecurityHeader(doc, null, null, crypto);
+    private  List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+        return secEngine.processSecurityHeader(doc, null, null, crypto);
     }
 }

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1297953&r1=1297952&r2=1297953&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
Wed Mar  7 12:29:42 2012
@@ -28,6 +28,7 @@ import org.apache.ws.security.WSEncrypti
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.common.CustomHandler;
 import org.apache.ws.security.common.KeystoreCallbackHandler;
@@ -38,6 +39,8 @@ import org.apache.ws.security.handler.Re
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.str.STRParser.REFERENCE_TYPE;
+import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -86,7 +89,15 @@ public class SignatureTest extends org.j
             LOG.debug(outputString);
         }
         LOG.info("After Signing IS....");
-        verify(signedDoc);
+        List<WSSecurityEngineResult> results = verify(signedDoc);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
     }
     
 
@@ -229,7 +240,15 @@ public class SignatureTest extends org.j
             LOG.debug(outputString);
         }
         
-        verify(signedDoc);
+        List<WSSecurityEngineResult> results = verify(signedDoc);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.DIRECT_REF);
     }
     
     /**
@@ -291,7 +310,15 @@ public class SignatureTest extends org.j
         WSSConfig config = WSSConfig.getNewInstance();
         config.setWsiBSPCompliant(false);
         newEngine.setWssConfig(config);
-        newEngine.processSecurityHeader(doc, null, null, crypto);
+        List<WSSecurityEngineResult> results = newEngine.processSecurityHeader(doc,
null, null, crypto);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.KEY_IDENTIFIER);
         
         // Now turn on BSP spec compliance
         config.setWsiBSPCompliant(true);
@@ -331,7 +358,16 @@ public class SignatureTest extends org.j
             LOG.debug(outputString);
         }
         LOG.info("After Signing ThumbprintSHA1....");
-        verify(signedDoc);
+        
+        List<WSSecurityEngineResult> results = verify(signedDoc);
+        
+        WSSecurityEngineResult actionResult =
+                WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
+        assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
+        REFERENCE_TYPE referenceType = 
+            (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
+        assertTrue(referenceType == REFERENCE_TYPE.THUMBPRINT_SHA1);
     }
 
     
@@ -654,8 +690,8 @@ public class SignatureTest extends org.j
      * @param env soap envelope
      * @throws java.lang.Exception Thrown when there is a problem in verification
      */
-    private void verify(Document doc) throws Exception {
-        secEngine.processSecurityHeader(doc, null, null, crypto);
+    private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+        return secEngine.processSecurityHeader(doc, null, null, crypto);
     }
 
 }



Mime
View raw message