You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2004/02/26 13:59:43 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/security/util WSSecurityUtil.java
werner 2004/02/26 04:59:43
Modified: wss4j/src/org/apache/ws/security WSConstants.java
WSSecurityEngine.java errors.properties
wss4j/src/org/apache/ws/axis/security WSDoAllConstants.java
WSDoAllSender.java
wss4j/src/org/apache/ws/security/transform STRTransform.java
wss4j/src/org/apache/ws/security/message WSSignEnvelope.java
wss4j/src/org/apache/ws/security/message/token
X509Security.java SecurityTokenReference.java
wss4j/src/org/apache/ws/security/components/crypto
Merlin.java
wss4j/src/org/apache/ws/security/util WSSecurityUtil.java
Log:
New functions to support STRTransform, IssuerSerial with embedded
BinarySecurityToken, some code cleanup. All tests work without
failure.
Revision Changes Path
1.2 +17 -3 ws-fx/wss4j/src/org/apache/ws/security/WSConstants.java
Index: WSConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSConstants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSConstants.java 13 Feb 2004 20:43:07 -0000 1.1
+++ WSConstants.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -183,7 +183,21 @@
*/
public static final int ISSUER_SERIAL = 2;
- /**
+ /**
+ * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signing}
+ * or the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+ * method to send the issuer name and the serial number of a
+ * certificate to the receiver.
+ * <p/>
+ * In contrast to {@link #ISSUER_SERIAL} this operation also stores the
+ * refreneced certificate as a BinarySecurityToken in the message.
+ *
+ * <p/>
+ * Please refer to WS Security specification X509 profile, chapter 3.3.3
+ *
+ */
+ public static final int ISSUER_SERIAL_DIRECT = 7;
+ /**
* Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
* method to send the certificate used to encrypt the symmetric key.
* <p/>
@@ -206,7 +220,7 @@
* the signing certificate.
* <p/>
* Refer to WS Security specification X509 profile, chapter 3.3.1
- * This identification token is not yet supported by WSS4J. The
+ * This identification token is not yet fully tested by WSS4J. The
* WsDoAllSender does not include the X.509 certificate as
* <code>BinarySecurityToken</code> in the request message.
*/
@@ -219,7 +233,7 @@
* the signing certificate.
* <p/>
* Refer to WS Security specification X509 profile, chapter 3.3.1
- * This identification token is not yet supported by WSS4J.
+ * This identification token is not yet fully tested by WSS4J.
* This option orders the WsDoAllSender to include the X.509
* certificate as a <code>BinarySecurityToken</code>
* in the request message.
1.2 +11 -91 ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
Index: WSSecurityEngine.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSSecurityEngine.java 13 Feb 2004 20:43:07 -0000 1.1
+++ WSSecurityEngine.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -23,7 +23,6 @@
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
-import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.message.token.X509Security;
@@ -429,7 +428,7 @@
}
SecurityTokenReference secRef = new SecurityTokenReference((Element) node);
if (secRef.containsReference()) {
- Element token = getTokenElement(secRef);
+ Element token = secRef.getTokenElement(secRef, secRef.getElement().getOwnerDocument());
// at this point ... check token type: Binary
QName el = new QName(token.getNamespaceURI(), token.getLocalName());
@@ -440,30 +439,15 @@
"unsupportedToken", null);
}
} else if (secRef.containsX509IssuerSerial()) {
- XMLX509IssuerSerial issuerSerial = secRef.getX509IssuerSerial();
- String alias = crypto.getAliasForX509Cert(issuerSerial.getIssuerName(),
- issuerSerial.getSerialNumber());
- if (doDebug) {
- log.info("Verify X509IssuerSerial alias: " + alias);
- }
- certs = crypto.getCertificates(alias);
- } else if (secRef.containsKeyIdentifier()) {
- BinarySecurity token = secRef.getKeyIdentifier(crypto);
- if (!(token instanceof X509Security)) {
- throw new
- WSSecurityException(
- WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "unsupportedBinaryTokenType", new Object[]{"for verify"});
- }
- X509Certificate cert = ((X509Security) token).getX509Certificate(crypto);
- certs = new X509Certificate[1];
- certs[0] = cert;
+ certs = secRef.getX509IssuerSerial(crypto);
+ } else if (secRef.containsKeyIdentifier()) {
+ certs = secRef.getKeyIdentifier(crypto);
}
}
if( tlog.isDebugEnabled() ) {
t1=System.currentTimeMillis();
}
- if (certs.length > 0 && certs[0] != null) {
+ if (certs != null && certs.length > 0 && certs[0] != null) {
certs[0].checkValidity();
if (sigCheck && sig.checkSignatureValue(certs[0])) {
if( tlog.isDebugEnabled() ) {
@@ -529,39 +513,7 @@
return certs;
}
- /**
- * Gets the signing token element, which usually is a <code>BinarySecurityToken
- * </code>.
- * The method gets the URI attribute of the {@link Reference} contained in
- * the {@link SecurityTokenReference} and tries to find the referenced
- * Element in the document.
- *
- * @param secRef <code>SecurityTokenReference</code> that contains a <code>Reference
- * </code> to a binary security token
- * @return Element containing the signing token, must be a BinarySecurityToken
- * @throws Exception When either no <code>Reference</code> element, or the found
- * reference contains no URI, or the referenced signing not found.
- */
- public Element getTokenElement(SecurityTokenReference secRef) throws Exception {
- Reference ref = secRef.getReference();
- if (ref == null) {
- throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noReference");
- }
- String uri = ref.getURI();
- if (doDebug) {
- log.debug("Token reference uri: " + uri);
- }
- if (uri == null) {
- throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "badReferenceURI");
- }
- Element tokElement = WSSecurityUtil.getElementByWsuId(secRef.getElement().getOwnerDocument(), uri);
- if (tokElement == null) {
- throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
- "noToken", new Object[]{uri});
- }
- return tokElement;
- }
-
+
/**
* Extracts the certificate(s) from the token reference.
* <p/>
@@ -589,31 +541,6 @@
"unhandledToken", new Object[]{token.getClass().getName()});
}
}
-
- /*
- * Replaces all Text nodes that start with "\n " or "\n\n" with
- * "\n" This is only used by signature callback.
- * There is a bug somewhere in serliazation/deserialization code
- * that appends spaces to \n Text nodes for no reason breaking
- * the signature stuff.
- * <p/>
- *
- * Not used anymore
- *
- * @param node
-
- private static void normalize(Node node) {
- if (node.getNodeType() == Node.TEXT_NODE) {
- String data = ((Text) node).getData();
- if ((data.length() > 1) && (data.charAt(0) == 10) && ((data.charAt(1) == 10) || (data.charAt(1) == 32))) {
- ((Text) node).setData("\n");
- }
- }
- for (Node currentChild = node.getFirstChild(); currentChild != null; currentChild = currentChild.getNextSibling()) {
- normalize(currentChild);
- }
- }
- */
/**
* Checks the <code>element</code> and creates an appropriate binary security object.
@@ -774,9 +701,7 @@
* This method is recommended by OASIS WS-S specification, X509 profile
*/
if (secRef.containsX509IssuerSerial()) {
- XMLX509IssuerSerial issuerSerial = secRef.getX509IssuerSerial();
- alias = crypto.getAliasForX509Cert(issuerSerial.getIssuerName(),
- issuerSerial.getSerialNumber());
+ alias = secRef.getX509IssuerSerialAlias(crypto);
if (doDebug) {
log.debug("X509IssuerSerial alias: " + alias);
}
@@ -788,13 +713,8 @@
* This method is _not_recommended by OASIS WS-S specification, X509 profile
*/
else if (secRef.containsKeyIdentifier()) {
- BinarySecurity token = secRef.getKeyIdentifier(crypto);
- if (!(token instanceof X509Security)) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "unsupportedBinaryTokenType", new Object[]{"for decryption"});
- }
- X509Certificate cert = ((X509Security) token).getX509Certificate(crypto);
- if (cert == null) {
+ X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
+ if (certs == null || certs.length == 0 || certs[0] == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidX509Data", new Object[]{"for decryption (KeyId)"});
}
@@ -802,12 +722,12 @@
* Here we have the certificate. Now find the alias for it. Needed to identify
* the private key associated with this certificate
*/
- alias = crypto.getAliasForX509Cert(cert);
+ alias = crypto.getAliasForX509Cert(certs[0]);
if (doDebug) {
log.debug("KeyIdentifier Alias: " + alias);
}
} else if (secRef.containsReference()) {
- Element bstElement = getTokenElement(secRef);
+ Element bstElement = secRef.getTokenElement(secRef, secRef.getElement().getOwnerDocument());
// at this point ... check token type: Binary
QName el =
1.2 +1 -0 ws-fx/wss4j/src/org/apache/ws/security/errors.properties
Index: errors.properties
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/errors.properties,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- errors.properties 13 Feb 2004 20:43:07 -0000 1.1
+++ errors.properties 26 Feb 2004 12:59:42 -0000 1.2
@@ -19,6 +19,7 @@
unsupportedKeyInfo = Unsupported KeyInfo type
invalidX509Data = Unexpected number of X509Data: {0}
invalidCertData = Unexpected number of certificates: {0}
+noSKIHandling = Error during processing of SKI data: {0}
invalidDataRef = Cannot handle multiple data references
noEncryptedData = Referenced encrypted data could not be retrieved. Reference \"{0}\"
badElement = Bad element, expected \"{0}\" while got \"{1}\"
1.2 +7 -0 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java
Index: WSDoAllConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSDoAllConstants.java 13 Feb 2004 20:43:07 -0000 1.1
+++ WSDoAllConstants.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -607,10 +607,14 @@
* </li>
* <li><code>IssuerSerial</code> for {@link WSConstants#ISSUER_SERIAL}
* </li>
+ * <li><code>IssuerSerialDirect</code> for {@link WSConstants#ISSUER_SERIAL_DIRECT}
+ * </li>
* <li><code>X509KeyIdentifier</code> for {@link WSConstants#X509_KEY_IDENTIFIER}
* </li>
* <li><code>SKIKeyIdentifier</code> for {@link WSConstants#SKI_KEY_IDENTIFIER}
* </li>
+ * <li><code>SKIKeyIdentifierDirect</code> for {@link WSConstants#SKI_KEY_IDENTIFIER_DIRECT}
+ * </li>
* <li><code>EmbeddedKeyName</code> for {@link WSConstants#EMBEDDED_KEYNAME}
* </li>
* </ul
@@ -625,6 +629,9 @@
keyIdentifier.put(
"IssuerSerial",
new Integer(WSConstants.ISSUER_SERIAL));
+ keyIdentifier.put(
+ "IssuerSerialDirect",
+ new Integer(WSConstants.ISSUER_SERIAL_DIRECT));
keyIdentifier.put(
"X509KeyIdentifier",
new Integer(WSConstants.X509_KEY_IDENTIFIER));
1.2 +1 -0 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java
Index: WSDoAllSender.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSDoAllSender.java 13 Feb 2004 20:43:07 -0000 1.1
+++ WSDoAllSender.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -443,6 +443,7 @@
}
sigKeyId = I.intValue();
if (!(sigKeyId == WSConstants.ISSUER_SERIAL
+ || sigKeyId == WSConstants.ISSUER_SERIAL_DIRECT
|| sigKeyId == WSConstants.BST_DIRECT_REFERENCE
|| sigKeyId == WSConstants.X509_KEY_IDENTIFIER
|| sigKeyId == WSConstants.SKI_KEY_IDENTIFIER
1.2 +39 -18 ws-fx/wss4j/src/org/apache/ws/security/transform/STRTransform.java
Index: STRTransform.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/transform/STRTransform.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- STRTransform.java 13 Feb 2004 20:43:08 -0000 1.1
+++ STRTransform.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -21,9 +21,8 @@
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
-
+import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -258,11 +257,13 @@
throw new CanonicalizationException("empty", ex);
} catch (TransformerException ex) {
throw new CanonicalizationException("empty", ex);
+ } catch (Exception ex) {
+ throw new CanonicalizationException("empty", ex);
}
}
private Element dereferenceSTR(Document doc, Element tmpE)
- throws WSSecurityException {
+ throws Exception {
/*
* Third step: locate the security token referenced by the STR
@@ -298,23 +299,43 @@
* WS specification (main document)
*/
if (secRef.containsReference()) {
- log.debug("Found str reference");
- Reference ref = secRef.getReference();
- String uri = ref.getURI();
if (doDebug) {
- log.debug("Token reference uri: " + uri);
+ log.debug("Found str reference");
+ }
+ tokElement = secRef.getTokenElement(secRef, doc);
+ /*
+ * second case: IssuerSerial, first try to get embedded
+ * certificate, if that fails, lookup in keystore, wrap
+ * in BST according to specification
+ */
+ } else if (secRef.containsX509IssuerSerial()) {
+ if (doDebug) {
+ log.debug("STR issuerSerial embedded");
+ }
+ X509Security x509token = secRef.getEmbeddedTokenFromIS(doc, wsDocInfo.getCrypto());
+ if (x509token != null) {
+ tokElement = x509token.getElement();
+ }
+ else {
+ return null; //TODO: handle certificate from keystore, binary
+ }
+ }
+ /*
+ * third case: IKeyIdentifier, must be SKI, first try to get embedded
+ * certificate, if that fails, lookup in keystore, wrap
+ * in BST according to specification. No other KeyIdentifier
+ * type handled here - just SKI
+ */
+ else if (secRef.containsKeyIdentifier()) {
+ if (doDebug) {
+ log.debug("KeyIdentifier issuerSerial embedded");
+ }
+ X509Security x509token = secRef.getEmbeddedTokenFromSKI(doc, wsDocInfo.getCrypto());
+ if (x509token != null) {
+ tokElement = x509token.getElement();
}
- if (uri == null) {
- throw new WSSecurityException(
- WSSecurityException.INVALID_SECURITY,
- "badReferenceURI");
- }
- tokElement = WSSecurityUtil.getElementByWsuId(doc, uri);
- if (tokElement == null) {
- throw new WSSecurityException(
- WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
- "noToken",
- new Object[] { uri });
+ else {
+ return null; //TODO: handle certificate from keystore, binary
}
}
return (Element) tokElement;
1.2 +66 -40 ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java
Index: WSSignEnvelope.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSSignEnvelope.java 13 Feb 2004 20:43:08 -0000 1.1
+++ WSSignEnvelope.java 26 Feb 2004 12:59:42 -0000 1.2
@@ -245,46 +245,72 @@
if (tlog.isDebugEnabled() ) {
t2=System.currentTimeMillis();
}
- if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
- Reference ref = new Reference(doc);
- ref.setURI("#" + certUri);
- secRef.setReference(ref);
- BinarySecurity token = null;
- if (!useSingleCert) {
- token = new PKIPathSecurity(doc);
- ((PKIPathSecurity) token).setX509Certificates(certs, true);
- } else {
- token = new X509Security(doc);
- ((X509Security) token).setX509Certificate(certs[0]);
- }
- token.setID(certUri);
- WSSecurityUtil.prependChildElement(doc, securityHeader, token.getElement(), false);
- wsDocInfo.setBst(token.getElement());
- } else if (keyIdentifierType == WSConstants.ISSUER_SERIAL) {
- XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc,
- certs[0].getIssuerDN().getName(),
- certs[0].getSerialNumber());
- secRef.setX509IssuerSerial(data);
- } else if (keyIdentifierType == WSConstants.X509_KEY_IDENTIFIER) {
- secRef.setKeyIdentifier(certs[0]);
- } else if (keyIdentifierType == WSConstants.SKI_KEY_IDENTIFIER_DIRECT) {
- secRef.setKeyIdentifierSKI(certs[0]);
- X509Security token = new X509Security(doc);
- token.setX509Certificate(certs[0]);
- token.setID(certUri);
- WSSecurityUtil.prependChildElement(
- doc,
- securityHeader,
- token.getElement(),
- false);
- wsDocInfo.setBst(token.getElement());
- } else if (keyIdentifierType == WSConstants.SKI_KEY_IDENTIFIER) {
- secRef.setKeyIdentifierSKI(certs[0]);
- } else {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "unsupportedKeyId");
- }
+ switch (keyIdentifierType) {
+ case WSConstants.BST_DIRECT_REFERENCE :
+ Reference ref = new Reference(doc);
+ ref.setURI("#" + certUri);
+ secRef.setReference(ref);
+ BinarySecurity bstToken = null;
+ if (!useSingleCert) {
+ bstToken = new PKIPathSecurity(doc);
+ ((PKIPathSecurity) bstToken).setX509Certificates(
+ certs,
+ true);
+ } else {
+ bstToken = new X509Security(doc);
+ ((X509Security) bstToken).setX509Certificate(certs[0]);
+ }
+ bstToken.setID(certUri);
+ WSSecurityUtil.prependChildElement(
+ doc,
+ securityHeader,
+ bstToken.getElement(),
+ false);
+ wsDocInfo.setBst(bstToken.getElement());
+ break;
+ case WSConstants.ISSUER_SERIAL_DIRECT : {
+ X509Security x509token = new X509Security(doc);
+ x509token.setX509Certificate(certs[0]);
+ x509token.setID(certUri);
+ WSSecurityUtil.prependChildElement(
+ doc,
+ securityHeader,
+ x509token.getElement(),
+ false);
+ wsDocInfo.setBst(x509token.getElement());
+ // fall thru
+ }
+ case WSConstants.ISSUER_SERIAL :
+ XMLX509IssuerSerial data =
+ new XMLX509IssuerSerial(
+ doc,
+ certs[0].getIssuerDN().getName(),
+ certs[0].getSerialNumber());
+ secRef.setX509IssuerSerial(data);
+ break;
+ case WSConstants.X509_KEY_IDENTIFIER :
+ secRef.setKeyIdentifier(certs[0]);
+ break;
+ case WSConstants.SKI_KEY_IDENTIFIER_DIRECT : {
+ X509Security x509token = new X509Security(doc);
+ x509token.setX509Certificate(certs[0]);
+ x509token.setID(certUri);
+ WSSecurityUtil.prependChildElement(
+ doc,
+ securityHeader,
+ x509token.getElement(),
+ false);
+ wsDocInfo.setBst(x509token.getElement());
+ // fall thru
+ }
+ case WSConstants.SKI_KEY_IDENTIFIER :
+ secRef.setKeyIdentifierSKI(certs[0]);
+ break;
+ default :
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "unsupportedKeyId");
+ }
if (tlog.isDebugEnabled() ) {
t3=System.currentTimeMillis();
}
1.2 +12 -1 ws-fx/wss4j/src/org/apache/ws/security/message/token/X509Security.java
Index: X509Security.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/token/X509Security.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- X509Security.java 13 Feb 2004 20:43:08 -0000 1.1
+++ X509Security.java 26 Feb 2004 12:59:43 -0000 1.2
@@ -37,6 +37,12 @@
*/
public class X509Security extends BinarySecurity {
public static final QName TYPE = new QName(WSConstants.WSSE_NS, "X509v3");
+
+ /*
+ * Stores the associated X.509 Certificate. This saves numerous
+ * crypto loadCertificate operations
+ */
+ private X509Certificate cachedCert = null;
/**
* This constructor creates a new X509 certificate object and initializes
@@ -71,12 +77,16 @@
* @throws GeneralSecurityException
*/
public X509Certificate getX509Certificate(Crypto crypto) throws GeneralSecurityException {
+ if (cachedCert != null) {
+ return cachedCert;
+ }
byte[] data = getToken();
if (data == null) {
return null;
}
ByteArrayInputStream in = new ByteArrayInputStream(data);
- return crypto.loadCertificate(in);
+ cachedCert = crypto.loadCertificate(in);
+ return cachedCert;
}
/**
@@ -92,6 +102,7 @@
if (cert == null) {
throw new IllegalArgumentException("data == null");
}
+ cachedCert = cert;
setToken(cert.getEncoded());
}
}
1.3 +487 -293 ws-fx/wss4j/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Index: SecurityTokenReference.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/token/SecurityTokenReference.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecurityTokenReference.java 24 Feb 2004 12:49:03 -0000 1.2
+++ SecurityTokenReference.java 26 Feb 2004 12:59:43 -0000 1.3
@@ -22,10 +22,10 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
-import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -35,10 +35,10 @@
import javax.xml.namespace.QName;
import java.security.cert.X509Certificate;
+import java.io.IOException;
import sun.security.util.DerValue;
-
/**
* Security Token Reference.
* <p/>
@@ -46,93 +46,154 @@
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class SecurityTokenReference {
- private static Log log = LogFactory.getLog(SecurityTokenReference.class.getName());
- private static Log tlog =
- LogFactory.getLog("org.apache.ws.security.TIME");
+ private static Log log =
+ LogFactory.getLog(SecurityTokenReference.class.getName());
+ private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
+
+ public static final QName TOKEN =
+ new QName(WSConstants.WSSE_NS, "SecurityTokenReference");
+ protected Element element = null;
+ private XMLX509IssuerSerial issuerSerial = null;
-
- public static final QName TOKEN = new QName(WSConstants.WSSE_NS, "SecurityTokenReference");
- protected Element element = null;
-
- private boolean doDebug = false;
-
- /**
- * Constructor.
- * <p/>
- *
- * @param elem
- * @throws WSSecurityException
- */
- public SecurityTokenReference(Element elem) throws WSSecurityException {
+ private static boolean doDebug = false;
+
+ /**
+ * Constructor.
+ * <p/>
+ *
+ * @param elem
+ * @throws WSSecurityException
+ */
+ public SecurityTokenReference(Element elem) throws WSSecurityException {
doDebug = log.isDebugEnabled();
- this.element = elem;
- QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
- if (!el.equals(TOKEN)) {
- throw new WSSecurityException(WSSecurityException.FAILURE, "badElement", new Object[]{TOKEN, el});
- }
- }
-
- /**
- * Constructor.
- * <p/>
- *
- * @param doc
- */
- public SecurityTokenReference(Document doc) {
+ this.element = elem;
+ QName el =
+ new QName(
+ this.element.getNamespaceURI(),
+ this.element.getLocalName());
+ if (!el.equals(TOKEN)) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "badElement",
+ new Object[] { TOKEN, el });
+ }
+ }
+
+ /**
+ * Constructor.
+ * <p/>
+ *
+ * @param doc
+ */
+ public SecurityTokenReference(Document doc) {
doDebug = log.isDebugEnabled();
- this.element = doc.createElementNS(WSConstants.WSSE_NS, "wsse:SecurityTokenReference");
- }
+ this.element =
+ doc.createElementNS(
+ WSConstants.WSSE_NS,
+ "wsse:SecurityTokenReference");
+ }
- /**
- * set the reference.
- * <p/>
- *
- * @param ref
- */
- public void setReference(Reference ref) {
- Element elem = getFirstElement();
- if (elem != null) {
- this.element.replaceChild(ref.getElement(), elem);
- } else {
- this.element.appendChild(ref.getElement());
- }
- }
-
- /**
- * Gets the Reference.
- *
- * @return the <code>Reference</code> element contained in this
- * SecurityTokeneReference
- * @throws WSSecurityException
- */
- public Reference getReference() throws WSSecurityException {
- Element elem = getFirstElement();
- return (elem == null) ? null : new Reference(elem);
- }
-
- /**
- * Sets the KeyIdentifer Element as a X509 certificate.
- * Takes a X509 certificate, converts its data into base 64 and inserts
- * it into a <code>wsse:KeyIdentifier</code> element, which is placed
- * in the <code>wsse:SecurityTokenReference</code> element.
- *
- * @param cert is the X509 certficate to be inserted as key identifier
- */
- public void setKeyIdentifier(X509Certificate cert) throws Exception {
- Document doc = this.element.getOwnerDocument();
- byte data[] = cert.getEncoded();
- Text certText = doc.createTextNode(Base64.encode(data));
- Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+ /*
+ * Here the methods that handle the direct reference inside
+ * a SecurityTokenReference
+ */
+
+ /**
+ * set the reference.
+ * <p/>
+ *
+ * @param ref
+ */
+ public void setReference(Reference ref) {
+ Element elem = getFirstElement();
+ if (elem != null) {
+ this.element.replaceChild(ref.getElement(), elem);
+ } else {
+ this.element.appendChild(ref.getElement());
+ }
+ }
+
+ /**
+ * Gets the Reference.
+ *
+ * @return the <code>Reference</code> element contained in this
+ * SecurityTokeneReference
+ * @throws WSSecurityException
+ */
+ public Reference getReference() throws WSSecurityException {
+ Element elem = getFirstElement();
+ return (elem == null) ? null : new Reference(elem);
+ }
+
+ /**
+ * Gets the signing token element, which usually is a <code>BinarySecurityToken
+ * </code>.
+ * The method gets the URI attribute of the {@link Reference} contained in
+ * the {@link SecurityTokenReference} and tries to find the referenced
+ * Element in the document.
+ *
+ * @param secRef <code>SecurityTokenReference</code> that contains a <code>Reference
+ * </code> to a binary security token
+ * @return Element containing the signing token, must be a BinarySecurityToken
+ * @throws Exception When either no <code>Reference</code> element, or the found
+ * reference contains no URI, or the referenced signing not found.
+ */
+ public Element getTokenElement(SecurityTokenReference secRef, Document doc)
+ throws WSSecurityException {
+ Reference ref = secRef.getReference();
+ if (ref == null) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
+ "noReference");
+ }
+ String uri = ref.getURI();
+ if (doDebug) {
+ log.debug("Token reference uri: " + uri);
+ }
+ if (uri == null) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
+ "badReferenceURI");
+ }
+ Element tokElement = WSSecurityUtil.getElementByWsuId(doc, uri);
+ if (tokElement == null) {
+ throw new WSSecurityException(
+ WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+ "noToken",
+ new Object[] { uri });
+ }
+ return tokElement;
+ }
+
+ /*
+ * Here the methods that handle the various key identifer types
+ * such as KeyIdentifier, SubjectKeyIdentifier (SKI)
+ */
+
+ /**
+ * Sets the KeyIdentifer Element as a X509 certificate.
+ * Takes a X509 certificate, converts its data into base 64 and inserts
+ * it into a <code>wsse:KeyIdentifier</code> element, which is placed
+ * in the <code>wsse:SecurityTokenReference</code> element.
+ *
+ * @param cert is the X509 certficate to be inserted as key identifier
+ */
+ public void setKeyIdentifier(X509Certificate cert) throws Exception {
+ Document doc = this.element.getOwnerDocument();
+ byte data[] = cert.getEncoded();
+ Text certText = doc.createTextNode(Base64.encode(data));
+ Element keyId =
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
keyId.setAttributeNS(null, "ValueType", "wsse:X509v3");
keyId.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
- keyId.appendChild(certText);
- Element elem = getFirstElement();
- if (elem != null) {
- this.element.replaceChild(keyId, elem);
- } else {
- this.element.appendChild(keyId);
- }
- }
+ keyId.appendChild(certText);
+ Element elem = getFirstElement();
+ if (elem != null) {
+ this.element.replaceChild(keyId, elem);
+ } else {
+ this.element.appendChild(keyId);
+ }
+ }
/**
* Sets the KeyIdentifer Element as a X509 Subject-Key-Identifier (SKI).
* Takes a X509 certificate, gets it SKI data, converts into base 64 and
@@ -143,7 +204,122 @@
*/
public void setKeyIdentifierSKI(X509Certificate cert) throws Exception {
Document doc = this.element.getOwnerDocument();
- String SKI_OID = "2.5.29.14";
+ byte data[] = getSKIBytesFromCert(cert);
+ org.w3c.dom.Text skiText = doc.createTextNode(Base64.encode(data));
+ Element keyId =
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+ keyId.setAttributeNS(
+ null,
+ "ValueType",
+ "wsse:X509SubjectKeyIdentifier");
+ keyId.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
+ keyId.appendChild(skiText);
+ Element elem = getFirstElement();
+ if (elem != null) {
+ this.element.replaceChild(keyId, elem);
+ } else {
+ this.element.appendChild(keyId);
+ }
+ }
+
+ /**
+ * Gets the KeyIdentifer.
+ *
+ * @return the {@link BinarySecurity} containing the X509
+ * certificate or zero if a unknown key identifier
+ * type was detected.
+ */
+ public X509Certificate[] getKeyIdentifier(Crypto crypto) throws Exception {
+ X509Security token = null;
+ Element elem = getFirstElement();
+ String value = elem.getAttribute("ValueType");
+ if (value.equals("wsse:X509v3")) {
+ token = new X509Security(elem);
+ } else if (value.equals("wsse:X509SubjectKeyIdentifier")) {
+ token = getEmbeddedTokenFromSKI(element.getOwnerDocument(), crypto);
+ if (token == null) { // TODO: get cert from key store using SKI
+ }
+ }
+ if (token != null) {
+ X509Certificate cert = token.getX509Certificate(crypto);
+ X509Certificate[] certs = new X509Certificate[1];
+ certs[0] = cert;
+ return certs;
+ }
+ return null;
+ }
+
+ public X509Security getEmbeddedTokenFromSKI(Document doc, Crypto crypto)
+ throws Exception {
+
+ if (doDebug) {
+ log.debug("getCertFromSKI: enter");
+ }
+ X509Security found = null;
+
+ byte[] skiBytes = null;
+ Node node = getFirstElement().getFirstChild();
+ if (node == null) {
+ return null;
+ }
+ if (node.getNodeType() == Node.TEXT_NODE) {
+ try {
+ skiBytes = Base64.decode(((Text) node).getData());
+ } catch (Exception e) {
+ return null;
+ }
+ }
+ if (doDebug) {
+ log.debug("Cert SKI: got SKI bytes");
+ }
+ NodeList nl =
+ doc.getElementsByTagNameNS(
+ WSConstants.WSSE_NS,
+ "BinarySecurityToken");
+
+ int nlLength = nl.getLength();
+ for (int i = 0; i < nlLength && found == null; i++) {
+ if (doDebug) {
+ log.debug("Cert SKI: processing BST " + i);
+ }
+ Element bstElement = (Element) nl.item(i);
+ String value = bstElement.getAttribute("ValueType");
+ if (!value.equals("wsse:X509v3")) {
+ continue;
+ }
+ X509Security token = new X509Security(bstElement);
+ X509Certificate cert = token.getX509Certificate(crypto);
+ if (cert == null) {
+ continue;
+ }
+ if (doDebug) {
+ log.debug("Cert SKI: got cert from BST");
+ }
+ byte data[] = getSKIBytesFromCert(cert);
+ if (data.length != skiBytes.length) {
+ continue;
+ }
+ if (doDebug) {
+ log.debug("Cert SKI: got SKI bytes from embedded cert");
+ }
+ for (int ii = 0; ii < data.length; ii++) {
+ if (data[ii] != skiBytes[ii]) {
+ token = null;
+ break;
+ }
+ }
+ if (doDebug) {
+ log.debug("Cert SKI: found embedded BST: " + token);
+ }
+ found = token;
+ }
+ return found;
+ }
+
+
+ static String SKI_OID = "2.5.29.14";
+ public byte[] getSKIBytesFromCert(X509Certificate cert)
+ throws WSSecurityException, IOException {
byte data[] = null;
byte abyte0[] = null;
@@ -198,191 +374,207 @@
if (doDebug) {
log.debug("Base64 of SKI is " + Base64.encode(abyte0));
}
+ return abyte0;
+ }
- // byte data[] = XMLX509SKI.getSKIBytesFromCert(cert);
- org.w3c.dom.Text skiText = doc.createTextNode(Base64.encode(abyte0));
- Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
- keyId.setAttributeNS(null, "ValueType", "wsse:X509SubjectKeyIdentifier");
- keyId.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
- keyId.appendChild(skiText);
+ /*
+ * Here the methods that handle the IssuerSerial key identifiaton
+ */
+
+ /**
+ * Sets the X509 IssuerSerial data.
+ *
+ * @param ref the {@link XMLX509IssuerSerial} to put into this
+ * SecurityTokenReference
+ */
+ public void setX509IssuerSerial(XMLX509IssuerSerial ref) {
Element elem = getFirstElement();
if (elem != null) {
- this.element.replaceChild(keyId, elem);
+ this.element.replaceChild(ref.getElement(), elem);
} else {
- this.element.appendChild(keyId);
+ this.element.appendChild(ref.getElement());
}
}
/**
- * Gets the KeyIdentifer.
- * Only supports X509 certificates as key identifiers. Other
- * types may follow, for example SKI (Subject Key Identifier)
+ * Gets the certificate identified with X509 issuerSerial data.
+ * This method first tries to get the certificate from the keystore.
+ * If this fails it checks if the certificate is embedded in the
+ * message.
*
- * @return the {@link BinarySecurity} containing the X509
- * certificate or zero if a unknown key identifier
- * type was detected.
+ * @return a certificate array or null if nothing found
*/
- public BinarySecurity getKeyIdentifier(Crypto crypto) throws Exception {
- X509Security cert = null;
- Element elem = getFirstElement();
- String value = elem.getAttribute("ValueType");
- if (value.equals("wsse:X509v3")) {
- cert = new X509Security(elem);
- }
- else if (value.equals("wsse:X509SubjectKeyIdentifier")) {
- cert = getCertFromSKI(elem, crypto);
+ public X509Certificate[] getX509IssuerSerial(Crypto crypto)
+ throws Exception {
+ String alias = getX509IssuerSerialAlias(crypto);
+ if (alias != null) {
+ return crypto.getCertificates(alias);
+ }
+ X509Security token =
+ getEmbeddedTokenFromIS(element.getOwnerDocument(), crypto);
+ if (token != null) {
+ X509Certificate cert = token.getX509Certificate(crypto);
+ X509Certificate[] certs = new X509Certificate[1];
+ certs[0] = cert;
+ return certs;
}
- return cert;
+ return null;
}
-
- private X509Security getCertFromSKI(Element elem, Crypto crypto) throws Exception {
-
+
+ /**
+ * Gets the alias name of the certificate identified with X509 issuerSerial data.
+ * The keystore identifies the certificate and the key with this alias name.
+ *
+ * @return the alias name for the certificate or null if nothing found
+ */
+ public String getX509IssuerSerialAlias(Crypto crypto) throws Exception {
+ if (issuerSerial == null) {
+ issuerSerial = getIssuerSerial();
+ if (issuerSerial == null) {
+ return null;
+ }
+ }
+ String alias =
+ crypto.getAliasForX509Cert(
+ issuerSerial.getIssuerName(),
+ issuerSerial.getSerialNumber());
if (doDebug) {
- log.debug("getCertFromSKI: enter");
+ log.info("Verify X509IssuerSerial alias: " + alias);
}
- X509Security found = null;
-
- byte[] skiBytes = null;
- Node node = elem.getFirstChild();
- if (node == null) {
- return null;
+ return alias;
+ }
+
+ public X509Security getEmbeddedTokenFromIS(
+ Document doc,
+ Crypto crypto)
+ throws Exception {
+
+ if (doDebug) {
+ log.debug("getEmbeddedCertFromIS: enter");
}
- if (node.getNodeType() == Node.TEXT_NODE) {
- try {
- skiBytes = Base64.decode(((Text) node).getData());
- } catch (Exception e) {
+
+ if (issuerSerial == null) {
+ issuerSerial = getIssuerSerial();
+ if (issuerSerial == null) {
return null;
}
}
- if (doDebug) {
- log.debug("Cert SKI: got SKI bytes");
- }
NodeList nl =
- elem.getOwnerDocument().getElementsByTagNameNS(
+ doc.getElementsByTagNameNS(
WSConstants.WSSE_NS,
"BinarySecurityToken");
int nlLength = nl.getLength();
for (int i = 0; i < nlLength; i++) {
if (doDebug) {
- log.debug("Cert SKI: processing BST " + i);
+ log.debug("Cert IS: processing BST " + i);
}
- X509Security token = null;
- Element bstElement = (Element)nl.item(i);
+ Element bstElement = (Element) nl.item(i);
String value = bstElement.getAttribute("ValueType");
- if (!value.equals("wsse:X509v3")
- || ((token = new X509Security(bstElement)) == null)) {
+ if (!value.equals("wsse:X509v3")) {
continue;
}
+
+ X509Security token = new X509Security(bstElement);
X509Certificate cert = token.getX509Certificate(crypto);
if (cert == null) {
continue;
}
if (doDebug) {
- log.debug("Cert SKI: got cert from BST");
- }
- byte data[] = XMLX509SKI.getSKIBytesFromCert(cert);
- if (data.length != skiBytes.length) {
- continue;
+ log.debug("Cert IS: got cert from BST");
}
- if (doDebug) {
- log.debug("Cert SKI: got SKI bytes from embedded cert");
- }
- for (int ii = 0; ii < data.length; ii++) {
- if (data[ii] != skiBytes[ii]) {
- continue;
+ /*
+ * Note: the direct compar of IssuerName/Name may fail because
+ * of different name formats (addittional blanks). may be replaced
+ * with soultion in Merlin.java (getAliasForX509Cert(...) )
+ */
+ if ((cert
+ .getSerialNumber()
+ .compareTo(issuerSerial.getSerialNumber())
+ == 0)
+ && (cert
+ .getIssuerDN()
+ .getName()
+ .equals(issuerSerial.getIssuerName()))) {
+ if (doDebug) {
+ log.debug("Cert IS: found embedded BST");
}
+ return token;
}
- if (doDebug) {
- log.debug("Cert SKI: found embedded BST");
- }
- found = token;
}
- return found;
+ return null;
+ }
+
+ private XMLX509IssuerSerial getIssuerSerial() throws Exception {
+ if (issuerSerial != null) {
+ return issuerSerial;
+ }
+ Element elem = getFirstElement();
+ if (elem == null) {
+ return null;
+ }
+ return new XMLX509IssuerSerial(elem, "");
}
- /**
- * Sets the X509 IssuerSerial data.
- *
- * @param ref the {@link XMLX509IssuerSerial} to put into this
- * SecurityTokenReference
- */
- public void setX509IssuerSerial(XMLX509IssuerSerial ref) {
- Element elem = getFirstElement();
- if (elem != null) {
- this.element.replaceChild(ref.getElement(), elem);
- } else {
- this.element.appendChild(ref.getElement());
- }
- }
-
- /**
- * Gets the X509 issuerSerial data.
- *
- * @return a new {@link XMLX509IssuerSerial} initialized with serian number
- * and issuer name of the element
- * @throws WSSecurityException
- */
- public XMLX509IssuerSerial getX509IssuerSerial() throws Exception {
- Element elem = getFirstElement();
- return (elem == null) ? null : new XMLX509IssuerSerial(elem, "");
- }
-
- /**
- * get the first child element.
- *
- * @return the first <code>Element</code> child node
- */
- private Element getFirstElement() {
- for (Node currentChild = this.element.getFirstChild();
- currentChild != null;
- currentChild = currentChild.getNextSibling()) {
- if (currentChild instanceof Element) {
- return (Element) currentChild;
- }
- }
- return null;
- }
-
- /**
- * Method containsReference
- *
- * @return true if the <code>SecurtityTokenReference</code> contains
- * a <code>wsse:Reference</code> element
- */
- public boolean containsReference() {
- return this.lengthReference() > 0;
- }
-
- /**
- * Method lengthReference.
- *
- * @return number of <code>wsse:Reference</code> elements in
+ /*
+ * Several helper and utility mehtods.
+ */
+
+ /**
+ * get the first child element.
+ *
+ * @return the first <code>Element</code> child node
+ */
+ private Element getFirstElement() {
+ for (Node currentChild = this.element.getFirstChild();
+ currentChild != null;
+ currentChild = currentChild.getNextSibling()) {
+ if (currentChild instanceof Element) {
+ return (Element) currentChild;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Method containsReference
+ *
+ * @return true if the <code>SecurtityTokenReference</code> contains
+ * a <code>wsse:Reference</code> element
+ */
+ public boolean containsReference() {
+ return this.lengthReference() > 0;
+ }
+
+ /**
+ * Method lengthReference.
+ *
+ * @return number of <code>wsse:Reference</code> elements in
* the <code>SecurtityTokenReference</code>
- */
- public int lengthReference() {
- return this.length(WSConstants.WSSE_NS, "Reference");
- }
-
- /**
- * Method containsX509IssuerSerial
- *
- * @return true if the <code>SecurtityTokenReference</code> contains
- * a <code>ds:IssuerSerial</code> element
- */
- public boolean containsX509IssuerSerial() {
- return this.lengthX509IssuerSerial() > 0;
- }
-
- /**
- * Method lengthX509IssuerSerial.
- *
- * @return number of <code>ds:IssuerSerial</code> elements in
+ */
+ public int lengthReference() {
+ return this.length(WSConstants.WSSE_NS, "Reference");
+ }
+
+ /**
+ * Method containsX509IssuerSerial
+ *
+ * @return true if the <code>SecurtityTokenReference</code> contains
+ * a <code>ds:IssuerSerial</code> element
+ */
+ public boolean containsX509IssuerSerial() {
+ return this.lengthX509IssuerSerial() > 0;
+ }
+
+ /**
+ * Method lengthX509IssuerSerial.
+ *
+ * @return number of <code>ds:IssuerSerial</code> elements in
* the <code>SecurtityTokenReference</code>
- */
- public int lengthX509IssuerSerial() {
- return this.length(WSConstants.SIG_NS, "X509IssuerSerial");
- }
+ */
+ public int lengthX509IssuerSerial() {
+ return this.length(WSConstants.SIG_NS, "X509IssuerSerial");
+ }
/**
* Method containsKeyIdentifier.
@@ -404,70 +596,72 @@
return this.length(WSConstants.WSSE_NS, "KeyIdentifier");
}
- /**
- * Method length.
- *
- * @param namespace
- * @param localname
- * @return number of elements with matching localname and namespace
- */
- public int length(String namespace, String localname) {
- NodeList childNodes = this.element.getChildNodes();
- int maxLength = childNodes.getLength();
- int result = 0;
- for (int i = 0; i < maxLength; i++) {
- Node n = childNodes.item(i);
- if (n.getNodeType() == Node.ELEMENT_NODE) {
- String ns = n.getNamespaceURI();
- String name = n.getLocalName();
- if (((namespace != null) && (ns != null) && namespace.equals(ns))
- || ((namespace == null) && (ns == null))) {
- if (localname.equals(name)) {
- result++;
- }
- }
- }
- }
- return result;
- }
-
- /**
- * get the dom element.
- * <p/>
- *
- * @return
- */
- public Element getElement() {
- return this.element;
- }
-
- /**
- * get the id.
- * <p/>
- *
- * @return
- */
- public String getID() {
- return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
- }
-
- /**
- * set the id.
- * <p/>
- *
- * @param id
- */
- public void setID(String id) {
- this.element.setAttributeNS(WSConstants.WSU_NS, "wsu:Id", id);
- }
-
- /**
- * return the string representation.
- * <p/>
- *
- * @return
- */
- public String toString() {
- return DOM2Writer.nodeToString((Node) this.element);
- }
+ /**
+ * Method length.
+ *
+ * @param namespace
+ * @param localname
+ * @return number of elements with matching localname and namespace
+ */
+ public int length(String namespace, String localname) {
+ NodeList childNodes = this.element.getChildNodes();
+ int maxLength = childNodes.getLength();
+ int result = 0;
+ for (int i = 0; i < maxLength; i++) {
+ Node n = childNodes.item(i);
+ if (n.getNodeType() == Node.ELEMENT_NODE) {
+ String ns = n.getNamespaceURI();
+ String name = n.getLocalName();
+ if (((namespace != null)
+ && (ns != null)
+ && namespace.equals(ns))
+ || ((namespace == null) && (ns == null))) {
+ if (localname.equals(name)) {
+ result++;
+ }
+ }
+ }
+ }
+ return result;
+ }
+
+ /**
+ * get the dom element.
+ * <p/>
+ *
+ * @return
+ */
+ public Element getElement() {
+ return this.element;
+ }
+
+ /**
+ * get the id.
+ * <p/>
+ *
+ * @return
+ */
+ public String getID() {
+ return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
+ }
+
+ /**
+ * set the id.
+ * <p/>
+ *
+ * @param id
+ */
+ public void setID(String id) {
+ this.element.setAttributeNS(WSConstants.WSU_NS, "wsu:Id", id);
+ }
+
+ /**
+ * return the string representation.
+ * <p/>
+ *
+ * @return
+ */
+ public String toString() {
+ return DOM2Writer.nodeToString((Node) this.element);
+ }
}
1.2 +6 -6 ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java
Index: Merlin.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Merlin.java 13 Feb 2004 20:43:08 -0000 1.1
+++ Merlin.java 26 Feb 2004 12:59:43 -0000 1.2
@@ -185,13 +185,13 @@
}
- private String[] splitAndTrim(String inString) {
- String result[] = inString.split(",");
- for (int i = 0; i < result.length; i++) {
- result[i] = result[i].trim();
+ private String[] splitAndTrim(String inString) {
+ String result[] = inString.split(",");
+ for (int i = 0; i < result.length; i++) {
+ result[i] = result[i].trim();
+ }
+ return result;
}
- return result;
- }
private boolean equalsStringArray(String[] in1, String[] in2) {
if (in1.length != in2.length) {
1.2 +6 -1 ws-fx/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java
Index: WSSecurityUtil.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSSecurityUtil.java 13 Feb 2004 20:43:08 -0000 1.1
+++ WSSecurityUtil.java 26 Feb 2004 12:59:43 -0000 1.2
@@ -48,6 +48,11 @@
*/
public class WSSecurityUtil {
private static Log log = LogFactory.getLog(WSSecurityUtil.class);
+ private static boolean doDebug = false;
+
+ static {
+ doDebug = log.isDebugEnabled();
+ }
/**
* Returns the first WS-Security header element for a given actor.
@@ -588,5 +593,5 @@
return new SOAP11Constants();
}
}
-
+
}