You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/03/10 14:22:36 UTC
svn commit: r1665531 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/
ws-security-stax/src/...
Author: coheigea
Date: Tue Mar 10 13:22:36 2015
New Revision: 1665531
URL: http://svn.apache.org/r1665531
Log:
Refactoring the actions
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java Tue Mar 10 13:22:36 2015
@@ -19,27 +19,25 @@
package org.apache.wss4j.dom.action;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.apache.wss4j.common.SignatureEncryptionActionToken;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.WSSecDerivedKeyBase;
+import org.apache.wss4j.dom.message.WSSecEncryptedKey;
+import org.apache.wss4j.dom.message.token.SecurityContextToken;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
public abstract class AbstractDerivedAction {
protected Node findEncryptedKeySibling(RequestData reqData) {
Element secHeader = reqData.getSecHeader().getSecurityHeader();
- Node firstChild = secHeader.getFirstChild();
- while (firstChild != null) {
- if (firstChild instanceof Element &&
- WSConstants.ENC_NS.equals(((Element)firstChild).getNamespaceURI())
- && "EncryptedKey".equals(((Element)firstChild).getLocalName())
- && firstChild.getNextSibling() != null) {
- return firstChild.getNextSibling();
- }
- firstChild = firstChild.getNextSibling();
- }
- return null;
+ return findSibling(secHeader, WSConstants.ENC_NS, "EncryptedKey");
}
protected Node findSCTSibling(RequestData reqData) {
@@ -48,11 +46,18 @@ public abstract class AbstractDerivedAct
namespace = ConversationConstants.WSC_NS_05_02;
}
Element secHeader = reqData.getSecHeader().getSecurityHeader();
+ return findSibling(secHeader, namespace, "SecurityContextToken");
+ }
+
+ protected Node findSibling(Element secHeader, String namespace, String localName) {
+ if (secHeader == null) {
+ return null;
+ }
Node firstChild = secHeader.getFirstChild();
while (firstChild != null) {
if (firstChild instanceof Element &&
namespace.equals(((Element)firstChild).getNamespaceURI())
- && "SecurityContextToken".equals(((Element)firstChild).getLocalName())
+ && localName.equals(((Element)firstChild).getLocalName())
&& firstChild.getNextSibling() != null) {
return firstChild.getNextSibling();
}
@@ -61,4 +66,88 @@ public abstract class AbstractDerivedAct
return null;
}
+ protected Element setupSCTReference(WSSecDerivedKeyBase derivedKeyBase,
+ WSPasswordCallback passwordCallback,
+ SignatureEncryptionActionToken actionToken,
+ SignatureEncryptionActionToken previousActionToken,
+ boolean use200512Namespace,
+ Document doc) throws WSSecurityException {
+ if (use200512Namespace) {
+ derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT_05_12);
+ } else {
+ derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT);
+ }
+
+ // See if a previous derived action has already set up a SecurityContextToken
+ if (previousActionToken != null && previousActionToken.getKey() != null
+ && previousActionToken.getKeyIdentifier() != null) {
+ byte[] secret = previousActionToken.getKey();
+ String tokenIdentifier = previousActionToken.getKeyIdentifier();
+ derivedKeyBase.setExternalKey(secret, tokenIdentifier);
+ return null;
+ } else {
+ String tokenIdentifier = IDGenerator.generateID("uuid:");
+ derivedKeyBase.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
+
+ actionToken.setKey(passwordCallback.getKey());
+ actionToken.setKeyIdentifier(tokenIdentifier);
+
+ int version = ConversationConstants.VERSION_05_12;
+ if (!use200512Namespace) {
+ version = ConversationConstants.VERSION_05_02;
+ }
+
+ SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
+ return sct.getElement();
+ }
+ }
+
+ protected Element setupEKReference(WSSecDerivedKeyBase derivedKeyBase,
+ WSPasswordCallback passwordCallback,
+ SignatureEncryptionActionToken actionToken,
+ SignatureEncryptionActionToken previousActionToken,
+ boolean use200512Namespace,
+ Document doc,
+ String keyTransportAlgorithm,
+ String mgfAlgorithm) throws WSSecurityException {
+ derivedKeyBase.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+
+ // See if a previous derived action has already set up an EncryptedKey
+ if (previousActionToken != null && previousActionToken.getKey() != null
+ && previousActionToken.getKeyIdentifier() != null) {
+ byte[] ek = previousActionToken.getKey();
+ String tokenIdentifier = previousActionToken.getKeyIdentifier();
+ derivedKeyBase.setExternalKey(ek, tokenIdentifier);
+ return null;
+ } else {
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ encrKeyBuilder.setUserInfo(actionToken.getUser());
+ if (actionToken.getDerivedKeyIdentifier() != 0) {
+ encrKeyBuilder.setKeyIdentifierType(actionToken.getDerivedKeyIdentifier());
+ } else {
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+
+ if (actionToken.getDigestAlgorithm() != null) {
+ encrKeyBuilder.setDigestAlgorithm(actionToken.getDigestAlgorithm());
+ }
+ if (keyTransportAlgorithm != null) {
+ encrKeyBuilder.setKeyEncAlgo(keyTransportAlgorithm);
+ }
+ if (mgfAlgorithm != null) {
+ encrKeyBuilder.setMGFAlgorithm(mgfAlgorithm);
+ }
+
+ encrKeyBuilder.prepare(doc, actionToken.getCrypto());
+
+ byte[] ek = encrKeyBuilder.getEphemeralKey();
+ String tokenIdentifier = encrKeyBuilder.getId();
+
+ actionToken.setKey(ek);
+ actionToken.setKeyIdentifier(tokenIdentifier);
+
+ derivedKeyBase.setExternalKey(ek, tokenIdentifier);
+ return encrKeyBuilder.getEncryptedKeyElement();
+ }
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java Tue Mar 10 13:22:36 2015
@@ -33,10 +33,7 @@ import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecDKEncrypt;
-import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -91,10 +88,7 @@ public class EncryptionDerivedAction ext
if (parts != null && !parts.isEmpty()) {
wsEncrypt.getParts().addAll(parts);
} else {
- WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
- .getBodyQName().getLocalPart(), reqData.getSoapConstants()
- .getEnvelopeURI(), "Content");
- wsEncrypt.getParts().add(encP);
+ wsEncrypt.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
wsEncrypt.prepare(doc);
@@ -138,74 +132,12 @@ public class EncryptionDerivedAction ext
String derivedKeyTokenReference = encryptionToken.getDerivedKeyTokenReference();
if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- if (reqData.isUse200512Namespace()) {
- wsEncrypt.setCustomValueType(WSConstants.WSC_SCT_05_12);
- } else {
- wsEncrypt.setCustomValueType(WSConstants.WSC_SCT);
- }
-
- // See if a SignatureDerivedAction has already set up a SecurityContextToken
- if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey() != null
- && reqData.getSignatureToken().getKeyIdentifier() != null) {
- byte[] secret = reqData.getSignatureToken().getKey();
- String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
- wsEncrypt.setExternalKey(secret, tokenIdentifier);
- return null;
- } else {
- String tokenIdentifier = IDGenerator.generateID("uuid:");
- wsEncrypt.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
-
- encryptionToken.setKey(passwordCallback.getKey());
- encryptionToken.setKeyIdentifier(tokenIdentifier);
-
- int version = ConversationConstants.VERSION_05_12;
- if (!reqData.isUse200512Namespace()) {
- version = ConversationConstants.VERSION_05_02;
- }
-
- SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
- return sct.getElement();
- }
+ return setupSCTReference(wsEncrypt, passwordCallback, encryptionToken, reqData.getSignatureToken(),
+ reqData.isUse200512Namespace(), doc);
} else {
- wsEncrypt.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
- // See if a SignatureDerivedAction has already set up an EncryptedKey
- if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey() != null
- && reqData.getSignatureToken().getKeyIdentifier() != null) {
- byte[] ek = reqData.getSignatureToken().getKey();
- String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
- wsEncrypt.setExternalKey(ek, tokenIdentifier);
- return null;
- } else {
- WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo(encryptionToken.getUser());
- if (encryptionToken.getDerivedKeyIdentifier() != 0) {
- encrKeyBuilder.setKeyIdentifierType(encryptionToken.getDerivedKeyIdentifier());
- } else {
- encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- }
-
- if (encryptionToken.getKeyTransportAlgorithm() != null) {
- encrKeyBuilder.setKeyEncAlgo(encryptionToken.getKeyTransportAlgorithm());
- }
- if (encryptionToken.getDigestAlgorithm() != null) {
- encrKeyBuilder.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
- }
- if (encryptionToken.getMgfAlgorithm() != null) {
- encrKeyBuilder.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
- }
-
- encrKeyBuilder.prepare(doc, encryptionToken.getCrypto());
-
- byte[] ek = encrKeyBuilder.getEphemeralKey();
- String tokenIdentifier = encrKeyBuilder.getId();
- wsEncrypt.setExternalKey(ek, tokenIdentifier);
-
- encryptionToken.setKey(ek);
- encryptionToken.setKeyIdentifier(tokenIdentifier);
-
- return encrKeyBuilder.getEncryptedKeyElement();
- }
-
+ return setupEKReference(wsEncrypt, passwordCallback, encryptionToken, reqData.getSignatureToken(),
+ reqData.isUse200512Namespace(), doc, encryptionToken.getKeyTransportAlgorithm(),
+ encryptionToken.getMgfAlgorithm());
}
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java Tue Mar 10 13:22:36 2015
@@ -45,12 +45,10 @@ public class SAMLTokenSignedAction imple
Document doc, RequestData reqData)
throws WSSecurityException {
Crypto crypto = null;
- /*
- * it is possible and legal that we do not have a signature
- * crypto here - thus ignore the exception. This is usually
- * the case for the SAML option "sender vouches". In this case
- * no user crypto is required.
- */
+
+ // it is possible and legal that we do not have a signature crypto here - thus ignore the exception.
+ // This is usually the case for the SAML option "sender vouches". In this case no user crypto is
+ // required.
try {
crypto = handler.loadSignatureCrypto(reqData);
} catch (Exception ex) {
@@ -115,12 +113,6 @@ public class SAMLTokenSignedAction imple
wsSign.setSigCanonicalization(signatureToken.getC14nAlgorithm());
}
- /*
- * required to add support for the
- * signatureParts parameter.
- * If not set WSSecSignatureSAML
- * defaults to only sign the body.
- */
if (signatureToken.getParts().size() > 0) {
wsSign.getParts().addAll(signatureToken.getParts());
}
@@ -136,7 +128,8 @@ public class SAMLTokenSignedAction imple
reqData.getSecHeader());
reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error when signing the SAML token: ");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e,
+ "Error when signing the SAML token: ");
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Tue Mar 10 13:22:36 2015
@@ -33,6 +33,7 @@ import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -134,11 +135,8 @@ public class SignatureAction implements
List<WSEncryptionPart> parts = signatureToken.getParts();
if (parts == null || parts.isEmpty()) {
- WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
- .getBodyQName().getLocalPart(), reqData.getSoapConstants()
- .getEnvelopeURI(), "Content");
- parts = new ArrayList<>();
- parts.add(encP);
+ parts = new ArrayList<>(1);
+ parts.add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
List<javax.xml.crypto.dsig.Reference> referenceList =
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java Tue Mar 10 13:22:36 2015
@@ -30,10 +30,8 @@ import org.apache.wss4j.dom.handler.WSHa
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecSignatureConfirmation;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
-import java.util.ArrayList;
import java.util.List;
public class SignatureConfirmationAction implements Action {
@@ -52,25 +50,10 @@ public class SignatureConfirmationAction
(List<WSHandlerResult>) handler.getProperty(
reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS
);
- if (results == null) {
+ if (results == null || results.isEmpty()) {
return;
}
- //
- // Loop over all the (signature) results gathered by all the processors, and store
- // them in a list.
- //
- final List<Integer> actions = new ArrayList<>(3);
- actions.add(WSConstants.SIGN);
- actions.add(WSConstants.ST_SIGNED);
- actions.add(WSConstants.UT_SIGN);
- List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
- for (WSHandlerResult wshResult : results) {
- List<WSSecurityEngineResult> resultList = wshResult.getResults();
-
- signatureActions.addAll(
- WSSecurityUtil.fetchAllActionResults(resultList, actions)
- );
- }
+
//
// prepare a SignatureConfirmation token
//
@@ -80,18 +63,29 @@ public class SignatureConfirmationAction
signatureToken = reqData.getSignatureToken();
}
List<WSEncryptionPart> signatureParts = signatureToken.getParts();
- if (signatureActions.size() > 0) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Signature Confirmation: number of Signature results: "
- + signatureActions.size());
- }
- for (int i = 0; i < signatureActions.size(); i++) {
- WSSecurityEngineResult wsr = signatureActions.get(i);
- byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
- wsc.build(doc, sigVal, reqData.getSecHeader());
- signatureParts.add(new WSEncryptionPart(wsc.getId()));
+
+ //
+ // Loop over all the (signature) results gathered by all the processors
+ //
+ boolean signatureAdded = false;
+ for (WSHandlerResult wshResult : results) {
+ List<WSSecurityEngineResult> resultList = wshResult.getResults();
+
+ for (WSSecurityEngineResult result : resultList) {
+ int resultAction = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+
+ // See if it's a signature action
+ if (WSConstants.SIGN == resultAction || WSConstants.ST_SIGNED == resultAction
+ || WSConstants.UT_SIGN == resultAction) {
+ byte[] sigVal = (byte[]) result.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+ wsc.build(doc, sigVal, reqData.getSecHeader());
+ signatureParts.add(new WSEncryptionPart(wsc.getId()));
+ signatureAdded = true;
+ }
}
- } else {
+ }
+
+ if (!signatureAdded) {
wsc.build(doc, null, reqData.getSecHeader());
signatureParts.add(new WSEncryptionPart(wsc.getId()));
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Tue Mar 10 13:22:36 2015
@@ -34,10 +34,7 @@ import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecDKSign;
-import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -94,10 +91,7 @@ public class SignatureDerivedAction exte
if (parts != null && !parts.isEmpty()) {
wsSign.getParts().addAll(parts);
} else {
- WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
- .getBodyQName().getLocalPart(), reqData.getSoapConstants()
- .getEnvelopeURI(), "Content");
- wsSign.getParts().add(encP);
+ wsSign.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
wsSign.prepare(doc, reqData.getSecHeader());
@@ -146,62 +140,11 @@ public class SignatureDerivedAction exte
String derivedKeyTokenReference = signatureToken.getDerivedKeyTokenReference();
if ("EncryptedKey".equals(derivedKeyTokenReference)) {
- wsSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
- // See if an EncryptionAction has already set up an EncryptedKey
- if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey() != null
- && reqData.getEncryptionToken().getKeyIdentifier() != null) {
- byte[] ek = reqData.getEncryptionToken().getKey();
- String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
- wsSign.setExternalKey(ek, tokenIdentifier);
- return null;
- } else {
- WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo(signatureToken.getUser());
- if (signatureToken.getDerivedKeyIdentifier() != 0) {
- encrKeyBuilder.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
- } else {
- encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- }
- encrKeyBuilder.prepare(doc, signatureToken.getCrypto());
-
- byte[] ek = encrKeyBuilder.getEphemeralKey();
- String tokenIdentifier = encrKeyBuilder.getId();
-
- signatureToken.setKey(ek);
- signatureToken.setKeyIdentifier(tokenIdentifier);
-
- wsSign.setExternalKey(ek, tokenIdentifier);
- return encrKeyBuilder.getEncryptedKeyElement();
- }
+ return setupEKReference(wsSign, passwordCallback, signatureToken, reqData.getEncryptionToken(),
+ reqData.isUse200512Namespace(), doc, null, null);
} else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- if (reqData.isUse200512Namespace()) {
- wsSign.setCustomValueType(WSConstants.WSC_SCT_05_12);
- } else {
- wsSign.setCustomValueType(WSConstants.WSC_SCT);
- }
-
- // See if a EncryptionDerivedAction has already set up a SecurityContextToken
- if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey() != null
- && reqData.getEncryptionToken().getKeyIdentifier() != null) {
- byte[] secret = reqData.getEncryptionToken().getKey();
- String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
- wsSign.setExternalKey(secret, tokenIdentifier);
- return null;
- } else {
- String tokenIdentifier = IDGenerator.generateID("uuid:");
- wsSign.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
-
- signatureToken.setKey(passwordCallback.getKey());
- signatureToken.setKeyIdentifier(tokenIdentifier);
-
- int version = ConversationConstants.VERSION_05_12;
- if (!reqData.isUse200512Namespace()) {
- version = ConversationConstants.VERSION_05_02;
- }
-
- SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
- return sct.getElement();
- }
+ return setupSCTReference(wsSign, passwordCallback, signatureToken, reqData.getEncryptionToken(),
+ reqData.isUse200512Namespace(), doc);
} else {
// DirectReference
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java Tue Mar 10 13:22:36 2015
@@ -24,7 +24,6 @@ import java.util.List;
import javax.security.auth.callback.CallbackHandler;
-import org.apache.wss4j.dom.SOAPConstants;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.SignatureActionToken;
@@ -118,14 +117,8 @@ public class UsernameTokenSignedAction i
if (signatureToken.getParts().size() > 0) {
parts = signatureToken.getParts();
} else {
- SOAPConstants soapConstants = reqData.getSoapConstants();
- if (soapConstants == null) {
- soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
- }
- parts = new ArrayList<>();
- WSEncryptionPart encP =
- new WSEncryptionPart(WSConstants.ELEM_BODY, soapConstants.getEnvelopeURI(), "Content");
- parts.add(encP);
+ parts = new ArrayList<>(1);
+ parts.add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
List<javax.xml.crypto.dsig.Reference> referenceList =
sign.addReferencesToSign(parts, reqData.getSecHeader());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Tue Mar 10 13:22:36 2015
@@ -24,9 +24,11 @@ import java.util.Arrays;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
@@ -255,15 +257,17 @@ public abstract class WSHandler {
if (wssConfig.isEnableSignatureConfirmation()
&& isRequest && reqData.getSignatureValues().size() > 0) {
@SuppressWarnings("unchecked")
- List<byte[]> savedSignatures =
- (List<byte[]>)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+ Set<Integer> savedSignatures =
+ (Set<Integer>)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
if (savedSignatures == null) {
- savedSignatures = new ArrayList<>();
+ savedSignatures = new HashSet<>();
setProperty(
reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV, savedSignatures
);
}
- savedSignatures.addAll(reqData.getSignatureValues());
+ for (byte[] signatureValue : reqData.getSignatureValues()) {
+ savedSignatures.add(Arrays.hashCode(signatureValue));
+ }
}
}
@@ -420,8 +424,8 @@ public abstract class WSHandler {
//
// First get all Signature values stored during sending the request
//
- List<byte[]> savedSignatures =
- (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+ Set<Integer> savedSignatures =
+ (Set<Integer>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
//
// Now get all results that hold a SignatureConfirmation element from
// the current run of receiver (we can have more than one run: if we
@@ -456,16 +460,10 @@ public abstract class WSHandler {
);
}
} else {
- boolean found = false;
- for (int j = 0; j < savedSignatures.size(); j++) {
- byte[] storedValue = savedSignatures.get(j);
- if (Arrays.equals(sigVal, storedValue)) {
- found = true;
- savedSignatures.remove(j);
- break;
- }
- }
- if (!found) {
+ Integer hash = Arrays.hashCode(sigVal);
+ if (savedSignatures.contains(hash)) {
+ savedSignatures.remove(hash);
+ } else {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"Received a SignatureConfirmation element, but there are no matching"
+ " stored signature values"
@@ -476,7 +474,7 @@ public abstract class WSHandler {
}
//
- // the list holding the stored Signature values must be empty, otherwise we have an error
+ // the set holding the stored Signature values must be empty, otherwise we have an error
//
if (savedSignatures != null && !savedSignatures.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java Tue Mar 10 13:22:36 2015
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.handler;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import javax.security.auth.callback.CallbackHandler;
@@ -40,7 +41,6 @@ import org.apache.wss4j.dom.common.Secur
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.token.SignatureConfirmation;
import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -95,11 +95,11 @@ public class SignatureConfirmationTest e
}
msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
- List<byte[]> savedSignatures =
- (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ Set<Integer> savedSignatures =
+ (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
assertTrue(savedSignatures != null && savedSignatures.size() == 1);
- byte[] signatureValue = savedSignatures.get(0);
- assertTrue(signatureValue != null && signatureValue.length > 0);
+ Integer signatureValue = savedSignatures.iterator().next();
+ assertTrue(signatureValue != null && signatureValue != 0);
}
@@ -136,8 +136,8 @@ public class SignatureConfirmationTest e
}
msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
- List<byte[]> savedSignatures =
- (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ Set<Integer> savedSignatures =
+ (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
assertTrue(savedSignatures == null);
}
@@ -175,11 +175,11 @@ public class SignatureConfirmationTest e
}
msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
- List<byte[]> savedSignatures =
- (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+ Set<Integer> savedSignatures =
+ (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
assertTrue(savedSignatures != null && savedSignatures.size() == 1);
- byte[] signatureValue = savedSignatures.get(0);
- assertTrue(signatureValue != null && signatureValue.length > 0);
+ Integer signatureValue = savedSignatures.iterator().next();
+ assertTrue(signatureValue != null && signatureValue != 0);
//
// Verify the inbound request, and create a response with a Signature Confirmation
@@ -205,7 +205,6 @@ public class SignatureConfirmationTest e
LOG.debug(outputString);
}
assertTrue(outputString.contains("SignatureConfirmation"));
- assertTrue(outputString.contains(Base64.encode(signatureValue)));
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java Tue Mar 10 13:22:36 2015
@@ -50,6 +50,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
public class HeaderOrderingTest extends AbstractTestBase {
@@ -598,7 +599,7 @@ public class HeaderOrderingTest extends
@Test
public void testSignatureConfirmationUsernameTokenTimestampStrictHeaderOrdering() throws Exception {
- List<byte[]> sigv;
+ Set<Integer> sigv;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -606,7 +607,7 @@ public class HeaderOrderingTest extends
Properties properties = new Properties();
properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
- sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+ sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
//some test that we can really sure we get what we want from WSS4J
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java Tue Mar 10 13:22:36 2015
@@ -47,6 +47,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
public class SignatureConfirmationTest extends AbstractTestBase {
@@ -54,7 +55,7 @@ public class SignatureConfirmationTest e
@Test
public void testDefaultConfigurationInbound() throws Exception {
- List<byte[]> sigv;
+ Set<Integer> sigv;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -62,7 +63,7 @@ public class SignatureConfirmationTest e
Properties properties = new Properties();
properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
- sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+ sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
//some test that we can really sure we get what we want from WSS4J
@@ -150,7 +151,7 @@ public class SignatureConfirmationTest e
@Test
public void testDefaultConfigurationInboundUnsignedConfirmation() throws Exception {
- List<byte[]> sigv;
+ Set<Integer> sigv;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -158,7 +159,7 @@ public class SignatureConfirmationTest e
Properties properties = new Properties();
properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
- sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+ sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
//some test that we can really sure we get what we want from WSS4J