You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/14 12:23:32 UTC
svn commit: r774722 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
processor/DerivedKeyTokenProcessor.java
processor/EncryptedDataProcessor.java processor/EncryptedKeyProcessor.java
processor/ReferenceListProcessor.java util/WSSecurityUtil.java
Author: coheigea
Date: Thu May 14 10:23:32 2009
New Revision: 774722
URL: http://svn.apache.org/viewvc?rev=774722&view=rev
Log:
[WSS-192] - Improved the logic for finding the decrypted node in ReferenceListProcessor.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=774722&r1=774721&r2=774722&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java Thu May 14 10:23:32 2009
@@ -97,7 +97,7 @@
private void deriveKey() throws WSSecurityException{
try {
- DerivationAlgorithm algo = AlgoFactory.getInstance(this.algorithm);
+ DerivationAlgorithm algo = AlgoFactory.getInstance(algorithm);
byte[] labelBytes = null;
if (label == null || label.length() == 0) {
labelBytes =
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=774722&r1=774721&r2=774722&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedDataProcessor.java Thu May 14 10:23:32 2009
@@ -86,9 +86,9 @@
try {
xmlCipher = XMLCipher.getInstance(encAlgo);
xmlCipher.init(XMLCipher.DECRYPT_MODE, key);
- } catch (XMLEncryptionException e1) {
+ } catch (XMLEncryptionException ex) {
throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e1
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
);
}
Node previousSibling = elem.getPreviousSibling();
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=774722&r1=774721&r2=774722&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java Thu May 14 10:23:32 2009
@@ -125,17 +125,15 @@
if (tlog.isDebugEnabled()) {
t0 = System.currentTimeMillis();
}
- // need to have it to find the encrypted data elements in the envelope
Document doc = xencEncryptedKey.getOwnerDocument();
-
+ //
// lookup xenc:EncryptionMethod, get the Algorithm attribute to determine
// how the key was encrypted. Then check if we support the algorithm
+ //
String keyEncAlgo = X509Util.getEncAlgo(xencEncryptedKey);
Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
//
- // Well, we can decrypt the session (symmetric) key. Now lookup CipherValue, this is the
- // value of the encrypted session key (session key usually is a symmetrical key that encrypts
- // the referenced content). This is a 2-step lookup
+ // Now lookup CipherValue.
//
Element tmpE =
WSSecurityUtil.getDirectChildElement(
@@ -264,7 +262,6 @@
if (alias == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK, "noPrivateKey");
}
-
//
// At this point we have all information necessary to decrypt the session
// key:
@@ -277,8 +274,7 @@
//
WSPasswordCallback pwCb = new WSPasswordCallback(alias, WSPasswordCallback.DECRYPT);
try {
- Callback[] callbacks = new Callback[]{pwCb};
- cb.handle(callbacks);
+ cb.handle(new Callback[]{pwCb});
} catch (IOException e) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
@@ -394,8 +390,7 @@
new Object[] {"for decryption (BST)"}
);
}
- certs = new X509Certificate[1];
- certs[0] = token.getX509Certificate(crypto);
+ certs = new X509Certificate[]{token.getX509Certificate(crypto)};
if (certs[0] == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
@@ -477,7 +472,6 @@
return encryptedKeyId;
}
-
/**
* Get the decrypted key.
*
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=774722&r1=774721&r2=774722&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java Thu May 14 10:23:32 2009
@@ -222,13 +222,11 @@
WSDataRef dataRef = new WSDataRef();
dataRef.setWsuId(dataRefURI);
boolean content = X509Util.isContent(encData);
- List beforePeers = null;
Node parent = encData.getParentNode();
+ Node previousSibling = encData.getPreviousSibling();
if (content) {
encData = (Element) encData.getParentNode();
parent = encData.getParentNode();
- } else {
- beforePeers = WSSecurityUtil.listChildren(parent);
}
try {
@@ -248,8 +246,12 @@
} else if (content) {
dataRef.setProtectedElement(encData);
} else {
- final List afterPeers = WSSecurityUtil.listChildren(parent);
- Node decryptedNode = WSSecurityUtil.newNode(beforePeers, afterPeers);
+ Node decryptedNode;
+ if (previousSibling == null) {
+ decryptedNode = parent.getFirstChild();
+ } else {
+ decryptedNode = previousSibling.getNextSibling();
+ }
if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType()) {
dataRef.setProtectedElement((Element)decryptedNode);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=774722&r1=774721&r2=774722&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Thu May 14 10:23:32 2009
@@ -1091,53 +1091,4 @@
return ret;
}
-
- /**
- * @return the first node in b that is not in a
- */
- public static Node
- newNode(
- final java.util.List a,
- final java.util.List b
- ) {
- if (a.size() == 0 && b.size() > 0) {
- return (Node)b.get(0);
- }
- if (b.size() == 0) {
- return null;
- }
- for (
- final java.util.Iterator bpos = b.iterator();
- bpos.hasNext();
- ) {
- final Node bnode = (Node) bpos.next();
- final java.lang.String bns = bnode.getNamespaceURI();
- final java.lang.String bln = bnode.getLocalName();
- boolean found = false;
- for (
- final java.util.Iterator apos = a.iterator();
- apos.hasNext() && !found;
- ) {
- final Node anode = (Node) apos.next();
- final java.lang.String ans = anode.getNamespaceURI();
- final java.lang.String aln = anode.getLocalName();
- final boolean nsmatch =
- ans == null
- ? ((bns == null) ? true : false)
- : ((bns == null) ? false : ans.equals(bns));
- final boolean lnmatch =
- aln == null
- ? ((bln == null) ? true : false)
- : ((bln == null) ? false : aln.equals(bln));
- if (nsmatch && lnmatch) {
- found = true;
- }
- }
- if (!found) {
- return bnode;
- }
- }
- return null;
- }
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org