List of usage examples for javax.xml.crypto.dsig SignatureMethod HMAC_SHA1
String HMAC_SHA1
To view the source code for javax.xml.crypto.dsig SignatureMethod HMAC_SHA1.
Click Source Link
From source file:org.apache.ws.security.message.token.BSTKerberosTest.java
/** * A test for signing using a direct reference to a Kerberos token *//*ww w . j ava 2 s.c o m*/ @org.junit.Test public void testKerberosSignatureDRCreation() throws Exception { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); BinarySecurity bst = new BinarySecurity(doc); bst.setValueType(AP_REQ); bst.setEncodingType(BASE64_NS); KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(128); SecretKey key = keyGen.generateKey(); byte[] keyData = key.getEncoded(); bst.setToken(keyData); bst.setID("Id-" + bst.hashCode()); WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement()); WSSecSignature sign = new WSSecSignature(); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sign.setCustomTokenValueType(AP_REQ); sign.setCustomTokenId(bst.getID()); sign.setSecretKey(keyData); Document signedDoc = sign.build(doc, crypto, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } }
From source file:org.apache.ws.security.message.token.BSTKerberosTest.java
/** * A test for signing using a KeyIdentifier to a Kerberos token *///from www .ja v a 2s . co m @org.junit.Test public void testKerberosSignatureKICreation() throws Exception { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); BinarySecurity bst = new BinarySecurity(doc); bst.setValueType(AP_REQ); bst.setEncodingType(BASE64_NS); KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(128); SecretKey key = keyGen.generateKey(); byte[] keyData = key.getEncoded(); bst.setToken(keyData); bst.setID("Id-" + bst.hashCode()); WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement()); WSSecSignature sign = new WSSecSignature(); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE); byte[] digestBytes = WSSecurityUtil.generateDigest(keyData); sign.setCustomTokenId(Base64.encode(digestBytes)); sign.setSecretKey(keyData); Document signedDoc = sign.build(doc, crypto, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } }
From source file:org.apache.ws.security.message.token.KerberosTest.java
/** * Test using the KerberosSecurity class to retrieve a service ticket from a KDC, wrap it * in a BinarySecurityToken, and use the session key to sign the SOAP Body. *///from ww w.j a v a 2 s . c o m @org.junit.Test @org.junit.Ignore public void testKerberosSignature() throws Exception { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); KerberosSecurity bst = new KerberosSecurity(doc); bst.retrieveServiceTicket("alice", null, "bob@service.ws.apache.org"); bst.setID("Id-" + bst.hashCode()); WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement()); WSSecSignature sign = new WSSecSignature(); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sign.setCustomTokenId(bst.getID()); sign.setCustomTokenValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); SecretKey secretKey = bst.getSecretKey(); sign.setSecretKey(secretKey.getEncoded()); Document signedDoc = sign.build(doc, null, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } // Configure the Validator WSSConfig wssConfig = WSSConfig.getNewInstance(); KerberosTokenValidator validator = new KerberosTokenValidator(); validator.setContextName("bob"); validator.setServiceName("bob@service.ws.apache.org"); // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl()); wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator); WSSecurityEngine secEngine = new WSSecurityEngine(); secEngine.setWssConfig(wssConfig); List<WSSecurityEngineResult> results = secEngine.processSecurityHeader(doc, null, null, null); WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.BST); BinarySecurity token = (BinarySecurity) actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); assertTrue(token != null); Principal principal = (Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL); assertTrue(principal instanceof KerberosPrincipal); assertTrue(principal.getName().contains("alice")); }
From source file:org.apache.ws.security.message.token.KerberosTest.java
/** * Test using the KerberosSecurity class to retrieve a service ticket from a KDC, wrap it * in a BinarySecurityToken, and use the session key to sign the SOAP Body. *//*from w w w. j a v a2 s. co m*/ @org.junit.Test @org.junit.Ignore public void testKerberosSignatureKI() throws Exception { Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); KerberosSecurity bst = new KerberosSecurity(doc); bst.retrieveServiceTicket("alice", null, "bob@service.ws.apache.org"); bst.setID("Id-" + bst.hashCode()); WSSecSignature sign = new WSSecSignature(); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE); SecretKey secretKey = bst.getSecretKey(); byte[] keyData = secretKey.getEncoded(); sign.setSecretKey(keyData); byte[] digestBytes = WSSecurityUtil.generateDigest(bst.getToken()); sign.setCustomTokenId(Base64.encode(digestBytes)); Document signedDoc = sign.build(doc, null, secHeader); WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement()); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc); LOG.debug(outputString); } // Configure the Validator WSSConfig wssConfig = WSSConfig.getNewInstance(); KerberosTokenValidator validator = new KerberosTokenValidator(); validator.setContextName("bob"); validator.setServiceName("bob@service.ws.apache.org"); // validator.setKerberosTokenDecoder(new KerberosTokenDecoderImpl()); wssConfig.setValidator(WSSecurityEngine.BINARY_TOKEN, validator); WSSecurityEngine secEngine = new WSSecurityEngine(); secEngine.setWssConfig(wssConfig); List<WSSecurityEngineResult> results = secEngine.processSecurityHeader(doc, null, null, null); WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.BST); BinarySecurity token = (BinarySecurity) actionResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); assertTrue(token != null); Principal principal = (Principal) actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL); assertTrue(principal instanceof KerberosPrincipal); assertTrue(principal.getName().contains("alice")); }
From source file:org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.java
static SignatureMethod unmarshal(Element smElem) throws MarshalException { String alg = DOMUtils.getAttributeValue(smElem, "Algorithm"); if (alg.equals(SignatureMethod.RSA_SHA1)) { return new SHA1withRSA(smElem); } else if (alg.equals(RSA_SHA256)) { return new SHA256withRSA(smElem); } else if (alg.equals(RSA_SHA384)) { return new SHA384withRSA(smElem); } else if (alg.equals(RSA_SHA512)) { return new SHA512withRSA(smElem); } else if (alg.equals(SignatureMethod.DSA_SHA1)) { return new SHA1withDSA(smElem); } else if (alg.equals(ECDSA_SHA1)) { return new SHA1withECDSA(smElem); } else if (alg.equals(ECDSA_SHA256)) { return new SHA256withECDSA(smElem); } else if (alg.equals(ECDSA_SHA384)) { return new SHA384withECDSA(smElem); } else if (alg.equals(ECDSA_SHA512)) { return new SHA512withECDSA(smElem); } else if (alg.equals(SignatureMethod.HMAC_SHA1)) { return new DOMHMACSignatureMethod.SHA1(smElem); } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA256)) { return new DOMHMACSignatureMethod.SHA256(smElem); } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA384)) { return new DOMHMACSignatureMethod.SHA384(smElem); } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA512)) { return new DOMHMACSignatureMethod.SHA512(smElem); } else {/*from www . jav a 2 s . c om*/ throw new MarshalException("unsupported SignatureMethod algorithm: " + alg); } }
From source file:test.unit.be.agiv.security.client.RSTSClientTest.java
private void checkSignature(String ipStsRequestResource, String ipStsResponseResource, String rStsRequestResource) throws Exception { Init.init();//from w w w .j a va 2 s .c om DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); InputStream ipStsRequestInputStream = RSTSClientTest.class.getResourceAsStream(ipStsRequestResource); Document ipStsRequest = documentBuilder.parse(ipStsRequestInputStream); InputStream ipStsResponseInputStream = RSTSClientTest.class.getResourceAsStream(ipStsResponseResource); Document ipStsResponse = documentBuilder.parse(ipStsResponseInputStream); InputStream rStsRequestInputStream = RSTSClientTest.class.getResourceAsStream(rStsRequestResource); Document rStsRequest = documentBuilder.parse(rStsRequestInputStream); TestUtils.markAllIdAttributesAsId(rStsRequest); Node clientEntropyNode = XPathAPI.selectSingleNode(ipStsRequest, "soap12:Envelope/soap12:Body/trust:RequestSecurityToken/trust:Entropy/trust:BinarySecret/text()", getNSElement(ipStsRequest)); byte[] clientEntropy = Base64.decode(clientEntropyNode.getTextContent()); LOG.debug("client entropy size: " + clientEntropy.length); Node serverEntropyNode = XPathAPI.selectSingleNode(ipStsResponse, "soap12:Envelope/soap12:Body/trust:RequestSecurityTokenResponseCollection/trust:RequestSecurityTokenResponse/trust:Entropy/trust:BinarySecret/text()", getNSElement(ipStsResponse)); byte[] serverEntropy = Base64.decode(serverEntropyNode.getTextContent()); LOG.debug("server entropy size: " + serverEntropy.length); NodeList signatureNodeList = rStsRequest.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Element signatureElement = (Element) signatureNodeList.item(0); XMLSignature xmlSignature = new XMLSignature(signatureElement, null); P_SHA1 p_SHA1 = new P_SHA1(); byte[] secretKey = p_SHA1.createKey(clientEntropy, serverEntropy, 0, 256 / 8); LOG.debug("secret key size: " + secretKey.length); Key key = WSSecurityUtil.prepareSecretKey(SignatureMethod.HMAC_SHA1, secretKey); boolean result = xmlSignature.checkSignatureValue(key); SignedInfo signedInfo = xmlSignature.getSignedInfo(); boolean refsResult = signedInfo.verifyReferences(); assertTrue(refsResult); assertTrue(result); }
From source file:test.unit.be.agiv.security.client.SecureConversationClientTest.java
@Test public void testCheckSignature() throws Exception { Init.init();/*from w w w .ja va 2 s. c o m*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); InputStream rStsResponseInputStream = SecureConversationClientTest.class .getResourceAsStream("/r-sts-response.xml"); Document rStsResponse = documentBuilder.parse(rStsResponseInputStream); InputStream secConvRequestInputStream = SecureConversationClientTest.class .getResourceAsStream("/secure-conversation-request.xml"); Document secConvRequest = documentBuilder.parse(secConvRequestInputStream); TestUtils.markAllIdAttributesAsId(secConvRequest); Node requestedProofTokenNode = XPathAPI.selectSingleNode(rStsResponse, "soap12:Envelope/soap12:Body/trust:RequestSecurityTokenResponseCollection/trust:RequestSecurityTokenResponse/trust:RequestedProofToken/trust:BinarySecret/text()", getNSElement(rStsResponse)); byte[] requestedProofToken = Base64.decode(requestedProofTokenNode.getTextContent()); LOG.debug("requested proof token size: " + requestedProofToken.length); NodeList signatureNodeList = secConvRequest.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Element signatureElement = (Element) signatureNodeList.item(0); XMLSignature xmlSignature = new XMLSignature(signatureElement, null); Key key = WSSecurityUtil.prepareSecretKey(SignatureMethod.HMAC_SHA1, requestedProofToken); boolean result = xmlSignature.checkSignatureValue(key); SignedInfo signedInfo = xmlSignature.getSignedInfo(); boolean refsResult = signedInfo.verifyReferences(); assertTrue(refsResult); assertTrue(result); }
From source file:test.unit.be.agiv.security.client.SecureConversationClientTest.java
@Test public void testCheckClaimsAwareServiceSignature() throws Exception { Init.init();/*from w w w. j a v a 2 s . com*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); InputStream secConvRequestInputStream = SecureConversationClientTest.class .getResourceAsStream("/secure-conversation-request.xml"); Document secConvRequest = documentBuilder.parse(secConvRequestInputStream); InputStream secConvResponseInputStream = SecureConversationClientTest.class .getResourceAsStream("/secure-conversation-response.xml"); Document secConvResponse = documentBuilder.parse(secConvResponseInputStream); InputStream requestInputStream = SecureConversationClientTest.class .getResourceAsStream("/claims-aware-service-request.xml"); Document request = documentBuilder.parse(requestInputStream); TestUtils.markAllIdAttributesAsId(request); Node clientEntropyNode = XPathAPI.selectSingleNode(secConvRequest, "soap12:Envelope/soap12:Body/trust:RequestSecurityToken/trust:Entropy/trust:BinarySecret/text()", getNSElement(secConvRequest)); byte[] clientEntropy = Base64.decode(clientEntropyNode.getTextContent()); LOG.debug("client entropy size: " + clientEntropy.length); Node serverEntropyNode = XPathAPI.selectSingleNode(secConvResponse, "soap12:Envelope/soap12:Body/trust:RequestSecurityTokenResponseCollection/trust:RequestSecurityTokenResponse/trust:Entropy/trust:BinarySecret/text()", getNSElement(secConvResponse)); byte[] serverEntropy = Base64.decode(serverEntropyNode.getTextContent()); LOG.debug("server entropy size: " + serverEntropy.length); NodeList signatureNodeList = request.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Element signatureElement = (Element) signatureNodeList.item(0); XMLSignature xmlSignature = new XMLSignature(signatureElement, null); P_SHA1 p_SHA1 = new P_SHA1(); byte[] secretKey = p_SHA1.createKey(clientEntropy, serverEntropy, 0, 256 / 8); LOG.debug("secret key size: " + secretKey.length); Key key = WSSecurityUtil.prepareSecretKey(SignatureMethod.HMAC_SHA1, secretKey); boolean result = xmlSignature.checkSignatureValue(key); SignedInfo signedInfo = xmlSignature.getSignedInfo(); boolean refsResult = signedInfo.verifyReferences(); assertTrue(refsResult); assertTrue(result); }
From source file:test.unit.be.agiv.security.handler.WSSecurityHandlerTest.java
@Test public void testSignature() throws Exception { // setup//from w ww . ja v a 2 s .com SOAPMessageContext mockContext = EasyMock.createMock(SOAPMessageContext.class); EasyMock.expect(mockContext.get("javax.xml.ws.handler.message.outbound")).andStubReturn(Boolean.TRUE); byte[] secret = new byte[256 / 8]; SecureRandom secureRandom = new SecureRandom(); secureRandom.nextBytes(secret); String tokenIdentifier = "#saml-token-test"; this.testedInstance.setKey(secret, tokenIdentifier, null, false); InputStream requestInputStream = WSSecurityHandlerTest.class .getResourceAsStream("/r-sts-request-before-signing.xml"); SOAPMessage soapMessage = MessageFactory.newInstance(SOAPConstants.SOAP_1_2_PROTOCOL).createMessage(null, requestInputStream); EasyMock.expect(mockContext.getMessage()).andStubReturn(soapMessage); // prepare EasyMock.replay(mockContext); // operate boolean result = this.testedInstance.handleMessage(mockContext); // verify EasyMock.verify(mockContext); assertTrue(result); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); soapMessage.writeTo(outputStream); LOG.debug("SOAP message: " + new String(outputStream.toByteArray())); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(outputStream.toByteArray()); Document resultDocument = documentBuilder.parse(byteArrayInputStream); TestUtils.markAllIdAttributesAsId(resultDocument); NodeList signatureNodeList = resultDocument.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Element signatureElement = (Element) signatureNodeList.item(0); XMLSignature xmlSignature = new XMLSignature(signatureElement, null); Key key = WSSecurityUtil.prepareSecretKey(SignatureMethod.HMAC_SHA1, secret); boolean signatureResult = xmlSignature.checkSignatureValue(key); assertTrue(signatureResult); LOG.debug("signed SOAP: " + toString(resultDocument)); }
From source file:wssec.TestWSSecurityNew16.java
/** * Test that first signs, then encrypts a WS-Security envelope. * <p/>/*w w w . j a va2 s .c o m*/ * * @throws Exception Thrown when there is any problem in signing, encryption, * decryption, or verification */ public void testEncryptedKeySignature() throws Exception { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); LOG.info("Before Sign/Encryption...."); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); encrKey.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security"); encrKey.setKeySize(192); encrKey.prepare(doc, crypto); WSSecEncrypt encrypt = new WSSecEncrypt(); encrypt.setEncKeyId(encrKey.getId()); encrypt.setEphemeralKey(encrKey.getEphemeralKey()); encrypt.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES); encrypt.setEncryptSymmKey(false); encrypt.setEncryptedKeyElement(encrKey.getEncryptedKeyElement()); WSSecSignature sign = new WSSecSignature(); sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sign.setCustomTokenId(encrKey.getId()); sign.setSecretKey(encrKey.getEphemeralKey()); sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); Document signedDoc = sign.build(doc, crypto, secHeader); Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader); if (LOG.isDebugEnabled()) { LOG.debug("Signed and encrypted message with IssuerSerial key identifier (both), 3DES:"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc); LOG.debug(outputString); } LOG.info("After Sign/Encryption...."); verify(encryptedSignedDoc); }