Author: ruchithf
Date: Fri Apr 1 06:52:26 2011
New Revision: 1087600
URL: http://svn.apache.org/viewvc?rev=1087600&view=rev
Log:
Adding support for digest methods != SHA1.
Enabled one policy(scenario 3) with Basic256 algo suit (Also set
basic256Supported in RampartTest so builds without unlimitted strength key
policy won't fail.
When wss4j version is updated we can fix derived key signatures to set the
correct digest algo
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
Fri Apr 1 06:52:26 2011
@@ -624,6 +624,7 @@ public class AsymmetricBindingBuilder ex
}
try {
+
supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());
supportingSig.addReferencesToSign(supportingSigParts,
rmd.getSecHeader());
supportingSig.computeSignature();
@@ -728,6 +729,7 @@ public class AsymmetricBindingBuilder ex
}
try {
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Fri Apr 1 06:52:26 2011
@@ -30,6 +30,7 @@ import org.apache.rampart.policy.Support
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
@@ -331,8 +332,10 @@ public abstract class BindingBuilder {
}
sig.setUserInfo(user, password);
-
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
try {
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
@@ -542,7 +545,8 @@ public abstract class BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
- if(policyToken.isDerivedKeys()) {
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(policyToken.isDerivedKeys()) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
@@ -588,8 +592,9 @@ public abstract class BindingBuilder {
}
//Set the algo info
-
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8);
+// dkSign.setDigestAlgorithm(algorithmSuite.getDigest());
//uncomment when wss4j version is updated
if(tok instanceof EncryptedKeyToken) {
//Set the value type of the reference
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 +
"#"
@@ -702,8 +707,9 @@ public abstract class BindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
-
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
-
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
sig.prepare(rmd.getDocument(),
RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
Fri Apr 1 06:52:26 2011
@@ -76,7 +76,7 @@ public class RampartTest extends TestCas
ServiceClient serviceClient = getServiceClientInstance();
//TODO : figure this out !!
- boolean basic256Supported = true;
+ boolean basic256Supported = false;
if(basic256Supported) {
System.out.println("\nWARNING: We are using key sizes from JCE
" +
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
Fri Apr 1 06:52:26 2011
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+ <sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-3.xml
Fri Apr 1 06:52:26 2011
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+
<sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
Fri Apr 1 06:52:26 2011
@@ -240,6 +240,12 @@ public class SPConstants {
public final static String HMAC_SHA1 =
"http://www.w3.org/2000/09/xmldsig#hmac-sha1";;
public final static String RSA_SHA1 =
"http://www.w3.org/2000/09/xmldsig#rsa-sha1";;
+
+ public final static String RSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";;
+
+ public final static String RSA_SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";;
+
+ public final static String RSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";;
public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";;
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java?rev=1087600&r1=1087599&r2=1087600&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
Fri Apr 1 06:52:26 2011
@@ -289,6 +289,11 @@ public class AlgorithmSuite extends Abst
* @return Returns the asymmetricSignature.
*/
public String getAsymmetricSignature() {
+ if(this.digest == SPConstants.SHA256) {
+ return SPConstants.RSA_SHA256;
+ } else if(this.digest == SPConstants.SHA512) {
+ return SPConstants.RSA_SHA512;
+ }
return asymmetricSignature;
}
