Author: alessio.soldano(a)jboss.com
Date: 2013-04-18 04:26:16 -0400 (Thu, 18 Apr 2013)
New Revision: 17508
Added:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml
Log:
[JBPAPP-10455] Configuration option for defining which algorithms are accepted when
decrypting messages
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -35,7 +35,6 @@
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
-import org.jboss.ws.extensions.security.operation.AuthorizeOperation;
import org.jboss.ws.extensions.security.operation.DecryptionOperation;
import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation;
import org.jboss.ws.extensions.security.operation.ReceiveX509Certificate;
@@ -45,7 +44,6 @@
import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation;
import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation;
import org.jboss.ws.metadata.wsse.Authenticate;
-import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.TimestampVerification;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -74,6 +72,10 @@
private HashSet<String> signedIds = new HashSet<String>();
private HashSet<String> encryptedIds = new HashSet<String>();
+
+ private List<String> allowedKeyWrapAlgorithms;
+
+ private List<String> allowedEncAlgorithms;
public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory,
TimestampVerification timestampVerification, Authenticate authenticate)
{
@@ -137,7 +139,7 @@
encryptedIds.clear();
SignatureVerificationOperation signatureVerifier = new
SignatureVerificationOperation(header, store);
- DecryptionOperation decrypter = new DecryptionOperation(header, store);
+ DecryptionOperation decrypter = new DecryptionOperation(header, store,
allowedEncAlgorithms);
for (SecurityProcess process : header.getSecurityProcesses())
{
@@ -160,6 +162,17 @@
}
}
+
+ public void init(List<RequireOperation> requireOperations) {
+ if (requireOperations != null) {
+ for (RequireOperation operation : requireOperations) {
+ if (operation instanceof RequireEncryptionOperation) {
+ ((RequireEncryptionOperation)operation).setupDecoder(this);
+ break;
+ }
+ }
+ }
+ }
public void verify(List<RequireOperation> requireOperations) throws
WSSecurityException
{
@@ -189,7 +202,7 @@
public void decode(Document message, Element headerElement) throws
WSSecurityException
{
this.headerElement = headerElement;
- this.header = new SecurityHeader(this.headerElement, store);
+ this.header = new SecurityHeader(this.headerElement, store,
allowedKeyWrapAlgorithms);
this.message = message;
decode();
@@ -201,4 +214,15 @@
// message (required by the specification)
detachHeader();
}
+
+ public void setAllowedKeyWrapAlgorithms(List<String> allowedKeyWrapAlgorithms)
+ {
+ this.allowedKeyWrapAlgorithms = allowedKeyWrapAlgorithms;
+ }
+
+ public void setAllowedEncAlgorithms(List<String> allowedEncAlgorithms)
+ {
+ this.allowedEncAlgorithms = allowedEncAlgorithms;
+ }
+
}
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -131,14 +131,16 @@
}
SecurityDecoder decoder = new SecurityDecoder(securityStore, factory,
configuration.getTimestampVerification(), authenticate);
+
+ List<RequireOperation> operations = buildRequireOperations(config, fault);
+
+ decoder.init(operations);
decoder.decode(message.getSOAPPart(), secHeaderElement);
if (log.isTraceEnabled())
log.trace("Decoded Message:\n" +
DOMWriter.printNode(message.getSOAPPart(), true));
- List<RequireOperation> operations = buildRequireOperations(config, fault);
-
decoder.verify(operations);
if (log.isDebugEnabled())
log.debug("Verification is successful");
@@ -351,7 +353,7 @@
if (requireEncryption != null && (!fault ||
requireEncryption.isIncludeFaults()))
{
List<Target> targets = convertTargets(requireEncryption.getTargets());
- operations.add(new RequireEncryptionOperation(targets));
+ operations.add(new RequireEncryptionOperation(targets,
requireEncryption.getdKeyWrapAlgorithms(), requireEncryption.getAlgorithms()));
}
return operations;
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -23,6 +23,8 @@
import java.security.PrivateKey;
import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
import javax.crypto.SecretKey;
@@ -64,7 +66,7 @@
private static final String DEFAULT_ALGORITHM = "rsa_15";
static
{
- keyWrapAlgorithms = new HashMap<String, String>(2);
+ keyWrapAlgorithms = new HashMap<String, String>(4);
keyWrapAlgorithms.put("rsa_15", XMLCipher.RSA_v1dot5);
keyWrapAlgorithms.put("rsa_oaep", XMLCipher.RSA_OAEP);
}
@@ -86,7 +88,7 @@
this.tokenRefType = tokenRefType;
}
- public EncryptedKey(Element element, KeyResolver resolver) throws WSSecurityException
+ public EncryptedKey(Element element, KeyResolver resolver, List<String>
allowedAlgorithms) throws WSSecurityException
{
org.apache.xml.security.encryption.EncryptedKey key;
XMLCipher cipher;
@@ -103,6 +105,27 @@
}
KeyInfo info = key.getKeyInfo();
+ boolean supportedKeyWrapAlg = false;
+ final String kwa = key.getEncryptionMethod().getAlgorithm();
+ for (Iterator<String> it = keyWrapAlgorithms.values().iterator();
it.hasNext() && !supportedKeyWrapAlg; ) {
+ String s = it.next();
+ if (s.equals(kwa)) {
+ supportedKeyWrapAlg = true;
+ }
+ }
+ if (!supportedKeyWrapAlg) {
+ throw new WSSecurityException("Unsupported key wrap algorithm in received
message: " + kwa);
+ }
+ if (allowedAlgorithms != null && !allowedAlgorithms.isEmpty()) {
+ boolean found = false;
+ for (Iterator<String> it = allowedAlgorithms.iterator(); it.hasNext()
&& !found; ) {
+ found = kwa.equals(keyWrapAlgorithms.get(it.next()));
+ }
+ if (!found) {
+ throw new WSSecurityException("Unexpected key wrap algorithm in received
message: " + kwa);
+ }
+ }
+
if (info == null)
throw new WSSecurityException("EncryptedKey element did not contain
KeyInfo");
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -23,6 +23,7 @@
import java.util.HashMap;
import java.util.LinkedList;
+import java.util.List;
import org.jboss.ws.extensions.security.BinarySecurityTokenValidator;
import org.jboss.ws.extensions.security.Constants;
@@ -54,13 +55,13 @@
// Looks like this is only for embedded tokens
private LinkedList<SecurityTokenReference> securityTokenReferences = new
LinkedList<SecurityTokenReference>();
-
+
public SecurityHeader(Document document)
{
this.document = document;
}
- public SecurityHeader(Element element, SecurityStore store) throws
WSSecurityException
+ public SecurityHeader(Element element, SecurityStore store, List<String>
allowedKeyWrapAlgorithms) throws WSSecurityException
{
document = element.getOwnerDocument();
KeyResolver resolver = new KeyResolver(store);
@@ -84,7 +85,7 @@
else if (tag.equals("Signature"))
securityProcesses.add(new Signature(child, resolver));
else if (tag.equals("EncryptedKey"))
- securityProcesses.add(new EncryptedKey(child, resolver));
+ securityProcesses.add(new EncryptedKey(child, resolver,
allowedKeyWrapAlgorithms));
else if (tag.equals("ReferenceList"))
throw new UnsupportedSecurityTokenException("ReferenceLists outside of
encrypted keys (shared secrets) are not supported.");
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -23,6 +23,8 @@
import java.util.Collection;
import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
import javax.crypto.SecretKey;
@@ -47,11 +49,14 @@
private SecurityHeader header;
private SecurityStore store;
+
+ private List<String> allowedEncAlgorithms;
- public DecryptionOperation(SecurityHeader header, SecurityStore store) throws
WSSecurityException
+ public DecryptionOperation(SecurityHeader header, SecurityStore store,
List<String> allowedEncAlgorithms) throws WSSecurityException
{
this.header = header;
this.store = store;
+ this.allowedEncAlgorithms = allowedEncAlgorithms;
}
private boolean isContent(Element element)
@@ -99,6 +104,15 @@
}
String alg = getEncryptionAlgorithm(element);
+ if (allowedEncAlgorithms != null && !allowedEncAlgorithms.isEmpty()) {
+ boolean found = false;
+ for (Iterator<String> it = allowedEncAlgorithms.iterator(); it.hasNext()
&& !found; ) {
+ found = alg.equals(EncryptionAlgorithms.getAlgorithm(it.next()));
+ }
+ if (!found) {
+ throw new WSSecurityException("Unexpected encryption algorithm in
received message: " + alg);
+ }
+ }
try
{
XMLCipher cipher = XMLCipher.getInstance(alg);
Added:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java
(rev 0)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.xml.security.encryption.XMLCipher;
+
+final class EncryptionAlgorithms
+{
+ /** --- Keep private for security reasons --- **/
+ private static class Algorithm
+ {
+ Algorithm(String jceName, String xmlName, int size)
+ {
+ this.jceName = jceName;
+ this.xmlName = xmlName;
+ this.size = size;
+ }
+
+ public String jceName;
+ public String xmlName;
+ public int size;
+ }
+ private static Map<String, Algorithm> algorithms;
+ private static Map<String, String> algorithmsID;
+ /** ----------------------------------------- **/
+
+ static final String DEFAULT_ALGORITHM = "aes-128";
+
+ static
+ {
+ algorithms = new HashMap<String, Algorithm>(4);
+ algorithms.put("aes-128", new Algorithm("AES",
XMLCipher.AES_128, 128));
+ algorithms.put("aes-192", new Algorithm("AES",
XMLCipher.AES_192, 192));
+ algorithms.put("aes-256", new Algorithm("AES",
XMLCipher.AES_256, 256));
+ algorithms.put("aes-128-gcm", new Algorithm("AES",
XMLCipher.AES_128_GCM, 128));
+ algorithms.put("aes-192-gcm", new Algorithm("AES",
XMLCipher.AES_192_GCM, 192));
+ algorithms.put("aes-256-gcm", new Algorithm("AES",
XMLCipher.AES_256_GCM, 256));
+ algorithms.put("tripledes", new Algorithm("TripleDes",
XMLCipher.TRIPLEDES, 168));
+ algorithms = Collections.unmodifiableMap(algorithms);
+
+ algorithmsID = new HashMap<String, String>(4);
+ algorithmsID.put(XMLCipher.AES_128, "aes-128");
+ algorithmsID.put(XMLCipher.AES_192, "aes-192");
+ algorithmsID.put(XMLCipher.AES_256, "aes-256");
+ algorithmsID.put(XMLCipher.TRIPLEDES, "tripledes");
+ algorithmsID = Collections.unmodifiableMap(algorithmsID);
+ }
+
+ static boolean hasAlgorithm(String id) {
+ return algorithms.containsKey(id);
+ }
+
+ static String getAlgorithm(String id) {
+ Algorithm alg = algorithms.get(id);
+ return alg == null ? null : alg.xmlName;
+ }
+
+ static String getAlgorithmJceName(String id) {
+ Algorithm alg = algorithms.get(id);
+ return alg == null ? null : alg.jceName;
+ }
+
+ static int getAlgorithmSize(String id) {
+ Algorithm alg = algorithms.get(id);
+ return alg == null ? null : alg.size;
+ }
+
+ static String getAlgorithmID(String xmlName) {
+ return algorithmsID.get(xmlName);
+ }
+}
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -25,7 +25,6 @@
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.HashMap;
import java.util.List;
import javax.crypto.Cipher;
@@ -60,43 +59,6 @@
private String tokenRefType;
private String securityDomainAliasLabel;
- private static class Algorithm
- {
- Algorithm(String jceName, String xmlName, int size)
- {
- this.jceName = jceName;
- this.xmlName = xmlName;
- this.size = size;
- }
-
- public String jceName;
- public String xmlName;
- public int size;
- }
-
- private static HashMap<String, Algorithm> algorithms;
- private static HashMap<String, String> algorithmsID;
-
- private static final String DEFAULT_ALGORITHM = "aes-128";
-
- static
- {
- algorithms = new HashMap<String, Algorithm>(4);
- algorithms.put("aes-128", new Algorithm("AES",
XMLCipher.AES_128, 128));
- algorithms.put("aes-192", new Algorithm("AES",
XMLCipher.AES_192, 192));
- algorithms.put("aes-256", new Algorithm("AES",
XMLCipher.AES_256, 256));
- algorithms.put("aes-128-gcm", new Algorithm("AES",
XMLCipher.AES_128_GCM, 128));
- algorithms.put("aes-192-gcm", new Algorithm("AES",
XMLCipher.AES_192_GCM, 192));
- algorithms.put("aes-256-gcm", new Algorithm("AES",
XMLCipher.AES_256_GCM, 256));
- algorithms.put("tripledes", new Algorithm("TripleDes",
XMLCipher.TRIPLEDES, 168));
-
- algorithmsID = new HashMap<String, String>(4);
- algorithmsID.put(XMLCipher.AES_128, "aes-128");
- algorithmsID.put(XMLCipher.AES_192, "aes-192");
- algorithmsID.put(XMLCipher.AES_256, "aes-256");
- algorithmsID.put(XMLCipher.TRIPLEDES, "tripledes");
- }
-
public EncryptionOperation(List<Target> targets, String alias, String algorithm,
String wrap, String tokenRefType, String securityDomainAliasLabel)
{
super();
@@ -139,12 +101,10 @@
private static SecretKey getSecretKey(String algorithm) throws WSSecurityException
{
- Algorithm alg = algorithms.get(algorithm);
-
try
{
- KeyGenerator kgen = KeyGenerator.getInstance(alg.jceName);
- kgen.init(alg.size);
+ KeyGenerator kgen =
KeyGenerator.getInstance(EncryptionAlgorithms.getAlgorithmJceName(algorithm));
+ kgen.init(EncryptionAlgorithms.getAlgorithmSize(algorithm));
return kgen.generateKey();
}
catch (NoSuchAlgorithmException e)
@@ -155,19 +115,19 @@
public static SecretKey generateSecretKey(String alg) throws WSSecurityException
{
- return getSecretKey(algorithmsID.get(alg));
+ return getSecretKey(EncryptionAlgorithms.getAlgorithmID(alg));
}
public void process(Document message, SecurityHeader header, SecurityStore store)
throws WSSecurityException
{
- if (! algorithms.containsKey(algorithm))
- algorithm = DEFAULT_ALGORITHM;
+ if (! EncryptionAlgorithms.hasAlgorithm(algorithm))
+ algorithm = EncryptionAlgorithms.DEFAULT_ALGORITHM;
SecretKey secretKey = getSecretKey(algorithm);
XMLCipher cipher;
try
{
- cipher = XMLCipher.getInstance(algorithms.get(algorithm).xmlName);
+ cipher = XMLCipher.getInstance(EncryptionAlgorithms.getAlgorithm(algorithm));
cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
}
catch (XMLSecurityException e)
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -21,17 +21,52 @@
*/
package org.jboss.ws.extensions.security.operation;
+import java.util.LinkedList;
import java.util.List;
+import java.util.StringTokenizer;
+import org.jboss.logging.Logger;
+import org.jboss.ws.extensions.security.SecurityDecoder;
import org.jboss.ws.extensions.security.Target;
public class RequireEncryptionOperation extends RequireTargetableOperation
{
+ private List<String> allowedKeyWrapAlgorithms;
+
+ private List<String> allowedEncAlgorithms;
- public RequireEncryptionOperation(List<Target> targets)
+ public RequireEncryptionOperation(List<Target> targets) {
+ super(targets);
+ }
+
+ public RequireEncryptionOperation(List<Target> targets, String
keyWrapAlgorithms, String algorithms)
{
super(targets);
+ this.allowedEncAlgorithms = parseStringList(algorithms);
+ this.allowedKeyWrapAlgorithms = parseStringList(keyWrapAlgorithms);
}
+ public void setupDecoder(SecurityDecoder decoder) {
+ if (allowedEncAlgorithms == null) {
+ Logger.getLogger(RequireEncryptionOperation.class).warn("No
'algorithms' provided for 'encryption' configuration requirement!");
+ }
+ decoder.setAllowedEncAlgorithms(allowedEncAlgorithms);
+ if (allowedKeyWrapAlgorithms == null) {
+ Logger.getLogger(RequireEncryptionOperation.class).warn("No
'keyWrapAlgorithms' provided for 'encryption' configuration
requirement!");
+ }
+ decoder.setAllowedKeyWrapAlgorithms(allowedKeyWrapAlgorithms);
+ }
+
+ private List<String> parseStringList(String s) {
+ List<String> result = null;
+ if (s != null && s.trim().length() > 0) {
+ StringTokenizer st = new StringTokenizer(s, ", ", false);
+ result = new LinkedList<String>();
+ while (st.hasMoreTokens()) {
+ result.add(st.nextToken());
+ }
+ }
+ return result;
+ }
}
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -21,6 +21,7 @@
*/
package org.jboss.ws.metadata.wsse;
+
/**
* <code>Sign</code> represents the sign tag, which declares that a message
* should be signed.
@@ -29,13 +30,19 @@
*/
public class RequireEncryption extends Targetable
{
- private static final long serialVersionUID = 3765798680988205647L;
+ private static final long serialVersionUID = 3765798680988205648L;
private boolean includeFaults;
+
+ private String keyWrapAlgorithms;
+
+ private String algorithms;
- public RequireEncryption(boolean includeFaults)
+ public RequireEncryption(boolean includeFaults, String keyWrapAlgorithms, String
algorithms)
{
this.includeFaults = includeFaults;
+ this.algorithms = algorithms;
+ this.keyWrapAlgorithms = keyWrapAlgorithms;
}
public boolean isIncludeFaults()
@@ -47,4 +54,25 @@
{
this.includeFaults = includeFaults;
}
+
+ public String getdKeyWrapAlgorithms()
+ {
+ return keyWrapAlgorithms;
+ }
+
+ public void setKeyWrapAlgorithms(String keyWrapAlgorithms)
+ {
+ this.keyWrapAlgorithms = keyWrapAlgorithms;
+ }
+
+ public String getAlgorithms()
+ {
+ return algorithms;
+ }
+
+ public void setAlgorithms(String algorithms)
+ {
+ this.algorithms = algorithms;
+ }
+
}
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2013-04-18
08:26:16 UTC (rev 17508)
@@ -499,7 +499,7 @@
if (value != null)
includeFaults = (Boolean)
SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, value, null);
- return new RequireEncryption(includeFaults);
+ return new RequireEncryption(includeFaults, attrs.getValue("",
"keyWrapAlgorithms"), attrs.getValue("", "algorithms"));
}
else if ("timestamp".equals(localName))
{
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-04-18
08:26:16 UTC (rev 17508)
@@ -3,7 +3,7 @@
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
- <encrypt type="x509v3" algorithm="aes-192-gcm"
alias="wsse"/>
+ <encrypt type="x509v3" algorithm="aes-192-gcm"
keyWrapAlgorithm="rsa_oaep" alias="wsse"/>
<requires>
<encryption/>
</requires>
Modified:
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml
===================================================================
---
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-04-17
19:45:05 UTC (rev 17507)
+++
stack/native/branches/jbossws-native-3.1.2/modules/testsuite/native-tests/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-04-18
08:26:16 UTC (rev 17508)
@@ -7,9 +7,9 @@
<trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
<trust-store-password>jbossws</trust-store-password>
<config>
- <encrypt type="x509v3" algorithm="aes-192-gcm"
alias="wsse"/>
+ <encrypt type="x509v3" algorithm="aes-192-gcm"
keyWrapAlgorithm="rsa_oaep" alias="wsse"/>
<requires>
- <encryption/>
+ <encryption algorithms="aes-192-gcm aes-256-gcm"
keyWrapAlgorithms="rsa_oaep"/>
</requires>
</config>
</jboss-ws-security>
\ No newline at end of file