You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/03/17 18:26:21 UTC
svn commit: r1457492 - in /webservices/wss4j/trunk/ws-security-stax/src:
main/java/org/apache/wss4j/stax/ext/ main/java/org/apache/wss4j/stax/impl/
main/java/org/apache/wss4j/stax/impl/processor/input/
test/java/org/apache/wss4j/stax/test/
Author: giger
Date: Sun Mar 17 17:26:20 2013
New Revision: 1457492
URL: http://svn.apache.org/r1457492
Log:
WSS-408 / WSS-412
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java (with props)
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java Sun Mar 17 17:26:20 2013
@@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.impl.InboundWSSecurityContextImpl;
+import org.apache.wss4j.stax.impl.WSSecurityStreamReader;
import org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor;
import org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor;
import org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputProcessor;
@@ -32,7 +33,6 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.SecurityTokenProvider;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
import org.apache.xml.security.stax.impl.InputProcessorChainImpl;
-import org.apache.xml.security.stax.impl.XMLSecurityStreamReader;
import org.apache.xml.security.stax.impl.processor.input.LogInputProcessor;
import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
@@ -199,6 +199,6 @@ public class InboundWSSec {
}
}
- return new XMLSecurityStreamReader(inputProcessorChain, securityProperties);
+ return new WSSecurityStreamReader(inputProcessorChain, securityProperties);
}
}
Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java?rev=1457492&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java Sun Mar 17 17:26:20 2013
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.impl;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.ext.InputProcessorChain;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.impl.XMLSecurityStreamReader;
+
+import javax.xml.stream.XMLStreamException;
+
+public class WSSecurityStreamReader extends XMLSecurityStreamReader {
+
+ public WSSecurityStreamReader(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties) {
+ super(inputProcessorChain, securityProperties);
+ }
+
+ @Override
+ public int next() throws XMLStreamException {
+ try {
+ return super.next();
+ } catch (XMLStreamException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof WSSecurityException) {
+ throw e;
+ }
+ if (cause instanceof XMLSecurityException) {
+ throw new XMLStreamException(
+ new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_CHECK, (XMLSecurityException)cause));
+ }
+ throw e;
+ }
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/WSSecurityStreamReader.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java Sun Mar 17 17:26:20 2013
@@ -26,7 +26,6 @@ import java.util.List;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.bsp.BSPRule;
@@ -41,7 +40,6 @@ import org.apache.xml.security.exception
import org.apache.xml.security.stax.config.ConfigurationProperties;
import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor;
import org.apache.xml.security.stax.impl.util.LimitingInputStream;
@@ -96,30 +94,6 @@ public class DecryptInputProcessor exten
}
@Override
- public XMLSecEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain)
- throws XMLStreamException, XMLSecurityException {
- try {
- return super.processNextHeaderEvent(inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
- @Override
- public XMLSecEvent processNextEvent(InputProcessorChain inputProcessorChain)
- throws XMLStreamException, XMLSecurityException {
- try {
- return super.processNextEvent(inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
- @Override
protected InputStream applyTransforms(ReferenceType referenceType, InputStream inputStream) throws XMLSecurityException {
if (referenceType != null) {
TransformsType transformsType =
@@ -240,30 +214,6 @@ public class DecryptInputProcessor exten
}
@Override
- public XMLSecEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain)
- throws XMLStreamException, WSSecurityException {
- try {
- return super.processNextHeaderEvent(inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
- @Override
- public XMLSecEvent processNextEvent(InputProcessorChain inputProcessorChain)
- throws XMLStreamException, WSSecurityException {
- try {
- return super.processNextEvent(inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
- @Override
protected void handleEncryptedElement(
InputProcessorChain inputProcessorChain, XMLSecStartElement xmlSecStartElement,
SecurityToken securityToken, EncryptedDataType encryptedDataType) throws XMLSecurityException {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Sun Mar 17 17:26:20 2013
@@ -700,7 +700,7 @@ public class SAMLTokenInputHandler exten
}
}
} catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
"empty", "SAML proof-of-possession of the private/secret key failed");
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureInputHandler.java Sun Mar 17 17:26:20 2013
@@ -34,7 +34,6 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.processor.input.AbstractSignatureInputHandler;
import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
@@ -42,25 +41,12 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import java.math.BigInteger;
-import java.util.Deque;
import java.util.Iterator;
import java.util.List;
public class WSSSignatureInputHandler extends AbstractSignatureInputHandler {
@Override
- public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
- Deque<XMLSecEvent> eventQueue, Integer index) throws XMLSecurityException {
- try {
- super.handle(inputProcessorChain, securityProperties, eventQueue, index);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
- @Override
protected SignatureVerifier newSignatureVerifier(
final InputProcessorChain inputProcessorChain, final XMLSecurityProperties securityProperties,
final SignatureType signatureType) throws XMLSecurityException {
@@ -137,16 +123,10 @@ public class WSSSignatureInputHandler ex
InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
SignatureType signatureType, SecurityToken securityToken) throws XMLSecurityException {
- try {
- //add processors to verify references
- inputProcessorChain.addProcessor(
- new WSSSignatureReferenceVerifyInputProcessor(inputProcessorChain, signatureType,
- securityToken, securityProperties));
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
+ //add processors to verify references
+ inputProcessorChain.addProcessor(
+ new WSSSignatureReferenceVerifyInputProcessor(inputProcessorChain, signatureType,
+ securityToken, securityProperties));
}
public class WSSSignatureVerifier extends SignatureVerifier {
@@ -178,7 +158,6 @@ public class WSSSignatureInputHandler ex
securityContext.registerSecurityEvent(tokenSecurityEvent);
return securityToken;
-
}
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java Sun Mar 17 17:26:20 2013
@@ -140,13 +140,7 @@ public class WSSSignatureReferenceVerify
replayChecked = true;
detectReplayAttack(inputProcessorChain);
}
- try {
- return super.processNextEvent(inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
+ return super.processNextEvent(inputProcessorChain);
}
@Override
@@ -301,18 +295,5 @@ public class WSSSignatureReferenceVerify
super(securityProperties, inputProcessorChain, referenceType, startElement);
this.addAfterProcessor(WSSSignatureReferenceVerifyInputProcessor.class.getName());
}
-
- @Override
- public void processEvent(XMLSecEvent xmlSecEvent, InputProcessorChain inputProcessorChain)
- throws XMLStreamException, XMLSecurityException {
-
- try {
- super.processEvent(xmlSecEvent, inputProcessorChain);
- } catch (WSSecurityException e) {
- throw e;
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Sun Mar 17 17:26:20 2013
@@ -1117,7 +1117,7 @@ public class SignatureTest extends Abstr
} catch (XMLStreamException e) {
Assert.assertTrue(e.getCause() instanceof WSSecurityException);
Assert.assertEquals(e.getCause().getMessage(), "cvc-datatype-valid.1.2.1: 'abc' is not a valid value for 'integer'.");
- Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.FAILED_CHECK);
+ Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
}
}
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java?rev=1457492&r1=1457491&r2=1457492&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.java Sun Mar 17 17:26:20 2013
@@ -336,7 +336,7 @@ public class VulnerabliltyVectorsTest ex
Assert.assertEquals(e.getCause().getMessage(),
"43 references are contained in the Manifest, maximum 30 are allowed. You can raise the " +
"maximum via the \"MaximumAllowedReferencesPerManifest\" property in the configuration.");
- Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.FAILED_CHECK);
+ Assert.assertEquals(((WSSecurityException) e.getCause()).getFaultCode(), WSSecurityException.INVALID_SECURITY);
}
}