[jbossws-commits] JBossWS SVN: r4923 - in stack/native/branches/asoldano/trunk/src/main: java/org/jboss/ws/extensions/security/element and 2 other directories.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Mon Oct 29 12:52:50 EDT 2007
Author: alessio.soldano at jboss.com
Date: 2007-10-29 12:52:50 -0400 (Mon, 29 Oct 2007)
New Revision: 4923
Modified:
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java
stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd
Log:
[JBWS-1874] Allow configuration of secret key wrap algorithm
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -36,5 +36,5 @@
*/
public interface EncodingOperation extends Operation
{
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm) throws WSSecurityException;
+ public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap) throws WSSecurityException;
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -128,7 +128,7 @@
}
}
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm) throws WSSecurityException
+ public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap) throws WSSecurityException
{
if (! algorithms.containsKey(algorithm))
algorithm = DEFAULT_ALGORITHM;
@@ -169,7 +169,7 @@
header.addToken(token);
}
- EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list);
+ EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list, wrap);
header.addSecurityProcess(eKey);
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -39,14 +39,17 @@
private String credential;
private String algorithm;
+
+ private String keyWrapAlgorithm;
- public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm)
+ public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm, String keyWrapAlgorithm)
{
this.operation = operation;
this.targets = targets;
this.certificateAlias = certicateAlias;
this.credential = credential;
this.algorithm = algorithm;
+ this.keyWrapAlgorithm = keyWrapAlgorithm;
}
public Class<? extends T> getOperation()
@@ -102,4 +105,14 @@
this.algorithm = algorithm;
}
+ public String getKeyWrapAlgorithm()
+ {
+ return keyWrapAlgorithm;
+ }
+
+ public void setKeyWrapAlgorithm(String keyWrapAlgorithm)
+ {
+ this.keyWrapAlgorithm = keyWrapAlgorithm;
+ }
+
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -80,7 +80,7 @@
throw new WSSecurityException("Error constructing operation: " + op.getOperation());
}
- operation.process(message, op.getTargets(), op.getCertificateAlias(), op.getCredential(), op.getAlgorithm());
+ operation.process(message, op.getTargets(), op.getCertificateAlias(), op.getCredential(), op.getAlgorithm(), op.getKeyWrapAlgorithm());
}
attachHeader(header, message);
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -40,7 +40,7 @@
this.store = store;
}
- public void process(Document message, List<Target> targets, String username, String credential, String algorithm) throws WSSecurityException
+ public void process(Document message, List<Target> targets, String username, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException
{
header.addToken(new UsernameToken(username, credential, message));
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -120,7 +120,7 @@
}
}
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm) throws WSSecurityException
+ public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException
{
Element envelope = message.getDocumentElement();
XMLSignature sig;
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -40,7 +40,7 @@
this.store = store;
}
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm) throws WSSecurityException
+ public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException
{
Integer ttl = null;
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -208,20 +208,20 @@
ArrayList<OperationDescription<RequireOperation>> operations = new ArrayList<OperationDescription<RequireOperation>>();
RequireTimestamp requireTimestamp = requires.getRequireTimestamp();
if (requireTimestamp != null)
- operations.add(new OperationDescription<RequireOperation>(RequireTimestampOperation.class, null, requireTimestamp.getMaxAge(), null, null));
+ operations.add(new OperationDescription<RequireOperation>(RequireTimestampOperation.class, null, requireTimestamp.getMaxAge(), null, null, null));
RequireSignature requireSignature = requires.getRequireSignature();
if (requireSignature != null)
{
List<Target> targets = convertTargets(requireSignature.getTargets());
- operations.add(new OperationDescription<RequireOperation>(RequireSignatureOperation.class, targets, null, null, null));
+ operations.add(new OperationDescription<RequireOperation>(RequireSignatureOperation.class, targets, null, null, null, null));
}
RequireEncryption requireEncryption = requires.getRequireEncryption();
if (requireEncryption != null)
{
List<Target> targets = convertTargets(requireEncryption.getTargets());
- operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null));
+ operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null, null));
}
return operations;
@@ -251,7 +251,7 @@
Timestamp timestamp = opConfig.getTimestamp();
if (timestamp != null)
{
- operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null));
+ operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null, null));
}
if (opConfig.getUsername() != null)
@@ -267,7 +267,7 @@
if (user != null && pass != null)
{
- operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null));
+ operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null, null));
ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
}
}
@@ -279,20 +279,20 @@
if (sign.isIncludeTimestamp())
{
if (timestamp == null)
- operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, null, null));
+ operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, null, null, null));
if (targets != null && targets.size() > 0)
targets.add(new WsuIdTarget("timestamp"));
}
- operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null));
+ operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null, null));
}
Encrypt encrypt = opConfig.getEncrypt();
if (encrypt != null)
{
List<Target> targets = convertTargets(encrypt.getTargets());
- operations.add(new OperationDescription<EncodingOperation>(EncryptionOperation.class, targets, encrypt.getAlias(), null, encrypt.getAlgorithm()));
+ operations.add(new OperationDescription<EncodingOperation>(EncryptionOperation.class, targets, encrypt.getAlias(), null, encrypt.getAlgorithm(), encrypt.getWrap()));
}
if (operations.size() == 0)
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -22,6 +22,7 @@
package org.jboss.ws.extensions.security.element;
import java.security.PrivateKey;
+import java.util.HashMap;
import javax.crypto.SecretKey;
@@ -51,20 +52,34 @@
private X509Token token;
private ReferenceList list;
+
+ private String wrapAlgorithm;
private Element cachedElement;
+
+ private static HashMap<String, String> keyWrapAlgorithms;
+ private static final String DEFAULT_ALGORITHM = "rsa_15";
+ static
+ {
+ keyWrapAlgorithms = new HashMap<String, String>(2);
+ keyWrapAlgorithms.put("rsa_15", XMLCipher.RSA_v1dot5);
+ keyWrapAlgorithms.put("rsa_oaep", XMLCipher.RSA_OAEP);
+ }
- public EncryptedKey(Document document, SecretKey secretKey, X509Token token)
+ public EncryptedKey(Document document, SecretKey secretKey, X509Token token, String wrap)
{
- this(document, secretKey, token, new ReferenceList());
+ this(document, secretKey, token, new ReferenceList(), wrap);
}
- public EncryptedKey(Document document, SecretKey secretKey, X509Token token, ReferenceList list)
+ public EncryptedKey(Document document, SecretKey secretKey, X509Token token, ReferenceList list, String wrap)
{
this.document = document;
this.secretKey = secretKey;
this.token = token;
this.list = list;
+ this.wrapAlgorithm = keyWrapAlgorithms.get(wrap);
+ if (wrapAlgorithm ==null)
+ wrapAlgorithm = keyWrapAlgorithms.get(DEFAULT_ALGORITHM);
}
public EncryptedKey(Element element, KeyResolver resolver) throws WSSecurityException
@@ -154,7 +169,7 @@
try
{
- cipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
+ cipher = XMLCipher.getInstance(wrapAlgorithm);
cipher.init(XMLCipher.WRAP_MODE, token.getCert().getPublicKey());
key = cipher.encryptKey(document, secretKey);
}
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -37,12 +37,14 @@
private String type;
private String alias;
private String algorithm;
+ private String keyWrapAlgorithm;
- public Encrypt(String type, String alias, String algorithm)
+ public Encrypt(String type, String alias, String algorithm, String wrap)
{
this.type = type;
this.alias = alias;
this.algorithm = algorithm;
+ this.keyWrapAlgorithm = wrap;
}
public String getAlias()
@@ -74,4 +76,14 @@
{
this.algorithm = algorithm;
}
+
+ public String getWrap()
+ {
+ return keyWrapAlgorithm;
+ }
+
+ public void setWrap(String wrap)
+ {
+ this.keyWrapAlgorithm = wrap;
+ }
}
\ No newline at end of file
Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-10-29 16:52:50 UTC (rev 4923)
@@ -232,7 +232,7 @@
}
else if ("encrypt".equals(localName))
{
- return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"));
+ return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"), attrs.getValue("", "keyWrapAlgorithm"));
}
else if ("timestamp".equals(localName))
{
Modified: stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd
===================================================================
--- stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-10-29 16:40:18 UTC (rev 4922)
+++ stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-10-29 16:52:50 UTC (rev 4923)
@@ -183,6 +183,17 @@
</xs:restriction>
</xs:simpleType>
</xs:attribute>
+ <xs:attribute name="keyWrapAlgorithm">
+ <xs:annotation>
+ <xs:documentation>The algorithm to use to encrypt the symmetric secret key. If not specified rsa_15 will be used.</xs:documentation>
+ </xs:annotation>
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="rsa_15"/>
+ <xs:enumeration value="rsa_oaep"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="signType">
<xs:sequence>
More information about the jbossws-commits
mailing list