You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by co...@apache.org on 2010/11/04 19:19:15 UTC
svn commit: r1031122 - in
/webservices/wss4j/trunk/src/org/apache/ws/security: ./ action/ message/
transform/
Author: coheigea
Date: Thu Nov 4 18:19:14 2010
New Revision: 1031122
URL: http://svn.apache.org/viewvc?rev=1031122&view=rev
Log:
Committing some fixes to get CXF working with WSS4J 1.6
- This merge breaks checkstyle...I'll fix this asap.
- The STR Transform requires some work as well.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java Thu Nov 4 18:19:14 2010
@@ -27,6 +27,7 @@ public class WSEncryptionPart {
private String name;
private String namespace;
private String encModifier;
+ private String encId;
private String id;
/**
@@ -130,6 +131,14 @@ public class WSEncryptionPart {
public void setId(String id) {
this.id = id;
}
+
+ public void setEncId(String id) {
+ encId = id;
+ }
+
+ public String getEncId() {
+ return encId;
+ }
/**
* @return the xpath
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Thu Nov 4 18:19:14 2010
@@ -124,7 +124,7 @@ public class UsernameTokenSignedAction i
List referenceList = sign.addReferencesToSign(parts, reqData.getSecHeader());
try {
- sign.computeSignature(referenceList, reqData.getSecHeader());
+ sign.computeSignature(referenceList);
reqData.getSignatureValues().add(sign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException(
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java Thu Nov 4 18:19:14 2010
@@ -142,7 +142,7 @@ public class EnvelopeIdResolver extends
}
if (cId == null) {
throw new ResourceResolverException("generic.EmptyMessage",
- new Object[]{"Id not found"},
+ new Object[]{"Id: " + id + " not found"},
uri,
BaseURI);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Thu Nov 4 18:19:14 2010
@@ -32,6 +32,8 @@ import org.apache.ws.security.message.to
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
import java.util.List;
import java.util.Vector;
@@ -75,6 +77,7 @@ public class WSSecDKSign extends WSSecDe
private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
private KeyInfo keyInfo;
private CanonicalizationMethod c14nMethod;
+ private Element securityHeader = null;
public Document build(Document doc, WSSecHeader secHeader)
@@ -101,7 +104,7 @@ public class WSSecDKSign extends WSSecDe
}
List referenceList = addReferencesToSign(parts, secHeader);
- computeSignature(referenceList, secHeader);
+ computeSignature(referenceList);
//
// prepend elements in the right order to the security header
@@ -115,6 +118,7 @@ public class WSSecDKSign extends WSSecDe
throws WSSecurityException, ConversationException {
super.prepare(doc);
wsDocInfo = new WSDocInfo(doc);
+ securityHeader = secHeader.getSecurityHeader();
try {
C14NMethodParameterSpec c14nSpec = null;
@@ -149,6 +153,19 @@ public class WSSecDKSign extends WSSecDe
}
+ /**
+ * Returns the SignatureElement.
+ * The method can be called any time after <code>prepare()</code>.
+ * @return The DOM Element of the signature.
+ */
+ public Element getSignatureElement() {
+ return
+ WSSecurityUtil.getDirectChildElement(
+ securityHeader,
+ WSConstants.SIG_LN,
+ WSConstants.SIG_NS
+ );
+ }
/**
* This method adds references to the Signature.
@@ -170,6 +187,20 @@ public class WSSecDKSign extends WSSecDe
);
}
+ /**
+ * Compute the Signature over the references.
+ *
+ * After references are set this method computes the Signature for them.
+ * This method can be called any time after the references were set. See
+ * <code>addReferencesToSign()</code>.
+ *
+ * @throws WSSecurityException
+ */
+ public void computeSignature(
+ List referenceList
+ ) throws WSSecurityException {
+ computeSignature(referenceList, true, null);
+ }
/**
* Compute the Signature over the references.
@@ -180,7 +211,11 @@ public class WSSecDKSign extends WSSecDe
*
* @throws WSSecurityException
*/
- public void computeSignature(List referenceList, WSSecHeader secHeader) throws WSSecurityException {
+ public void computeSignature(
+ List referenceList,
+ boolean prepend,
+ Element siblingElement
+ ) throws WSSecurityException {
boolean remove = WSDocInfoStore.store(wsDocInfo);
try {
java.security.Key key =
@@ -198,17 +233,23 @@ public class WSSecDKSign extends WSSecDe
wssConfig.getIdAllocator().createId("SIG-", null),
null);
- org.w3c.dom.Element securityHeaderElement = secHeader.getSecurityHeader();
//
- // Prepend the signature element to the security header
+ // Figure out where to insert the signature element
//
XMLSignContext signContext = null;
- if (securityHeaderElement.hasChildNodes()) {
- org.w3c.dom.Node firstChild = securityHeaderElement.getFirstChild();
- signContext = new DOMSignContext(key, securityHeaderElement, firstChild);
+ if (prepend) {
+ if (siblingElement == null) {
+ siblingElement = (Element)securityHeader.getFirstChild();
+ }
+ if (siblingElement == null) {
+ signContext = new DOMSignContext(key, securityHeader);
+ } else {
+ signContext = new DOMSignContext(key, securityHeader, siblingElement);
+ }
} else {
- signContext = new DOMSignContext(key, securityHeaderElement);
+ signContext = new DOMSignContext(key, securityHeader);
}
+
signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
signContext.putNamespacePrefix(
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Thu Nov 4 18:19:14 2010
@@ -456,6 +456,7 @@ public class WSSecEncrypt extends WSSecE
//
String xencEncryptedDataId =
config.getIdAllocator().createId("ED-", elementToEncrypt);
+ encPart.setEncId(xencEncryptedDataId);
try {
if (modifier.equals("Header")) {
Element elem =
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Thu Nov 4 18:19:14 2010
@@ -105,6 +105,7 @@ public class WSSecSignature extends WSSe
private String customTokenId;
private String digestAlgo = WSConstants.SHA1;
private X509Certificate useThisCert = null;
+ private Element securityHeader = null;
/**
@@ -133,6 +134,7 @@ public class WSSecSignature extends WSSe
document = doc;
wsDocInfo = new WSDocInfo(doc);
wsDocInfo.setCrypto(cr);
+ securityHeader = secHeader.getSecurityHeader();
//
// At first get the security token (certificate) according to the parameters.
@@ -160,6 +162,10 @@ public class WSSecSignature extends WSSe
secRef.setID(strUri);
//
+ // Get an initialized XMLSignature element.
+ //
+
+ //
// Prepare and setup the token references for this Signature
//
switch (keyIdentifierType) {
@@ -301,7 +307,7 @@ public class WSSecSignature extends WSSe
List referenceList = addReferencesToSign(parts, secHeader);
- computeSignature(referenceList, secHeader);
+ computeSignature(referenceList);
//
// if we have a BST prepend it in front of the Signature according to
@@ -334,6 +340,19 @@ public class WSSecSignature extends WSSe
);
}
+ /**
+ * Returns the SignatureElement.
+ * The method can be called any time after <code>prepare()</code>.
+ * @return The DOM Element of the signature.
+ */
+ public Element getSignatureElement() {
+ return
+ WSSecurityUtil.getDirectChildElement(
+ securityHeader,
+ WSConstants.SIG_LN,
+ WSConstants.SIG_NS
+ );
+ }
/**
* Prepend the BinarySecurityToken to the elements already in the Security
@@ -364,6 +383,20 @@ public class WSSecSignature extends WSSe
bstToken = null;
}
+ /**
+ * Compute the Signature over the references.
+ *
+ * After references are set this method computes the Signature for them.
+ * This method can be called any time after the references were set. See
+ * <code>addReferencesToSign()</code>.
+ *
+ * @throws WSSecurityException
+ */
+ public void computeSignature(
+ List referenceList
+ ) throws WSSecurityException {
+ computeSignature(referenceList, true, null);
+ }
/**
* Compute the Signature over the references.
@@ -374,8 +407,11 @@ public class WSSecSignature extends WSSe
*
* @throws WSSecurityException
*/
- public void computeSignature(List referenceList, WSSecHeader secHeader)
- throws WSSecurityException {
+ public void computeSignature(
+ List referenceList,
+ boolean prepend,
+ Element siblingElement
+ ) throws WSSecurityException {
boolean remove = WSDocInfoStore.store(wsDocInfo);
try {
java.security.Key key;
@@ -396,17 +432,23 @@ public class WSSecSignature extends WSSe
wssConfig.getIdAllocator().createId("SIG-", null),
null);
- org.w3c.dom.Element securityHeaderElement = secHeader.getSecurityHeader();
//
- // Prepend the signature element to the security header
+ // Figure out where to insert the signature element
//
XMLSignContext signContext = null;
- if (securityHeaderElement.hasChildNodes()) {
- org.w3c.dom.Node firstChild = securityHeaderElement.getFirstChild();
- signContext = new DOMSignContext(key, securityHeaderElement, firstChild);
+ if (prepend) {
+ if (siblingElement == null) {
+ siblingElement = (Element)securityHeader.getFirstChild();
+ }
+ if (siblingElement == null) {
+ signContext = new DOMSignContext(key, securityHeader);
+ } else {
+ signContext = new DOMSignContext(key, securityHeader, siblingElement);
+ }
} else {
- signContext = new DOMSignContext(key, securityHeaderElement);
+ signContext = new DOMSignContext(key, securityHeader);
}
+
signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
signContext.putNamespacePrefix(
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Thu Nov 4 18:19:14 2010
@@ -19,13 +19,17 @@
package org.apache.ws.security.transform;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.XMLUtils;
import org.jcp.xml.dsig.internal.dom.ApacheData;
import org.jcp.xml.dsig.internal.dom.DOMSubTreeData;
@@ -34,6 +38,7 @@ import org.jcp.xml.dsig.internal.dom.DOM
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.AlgorithmParameterSpec;
@@ -66,6 +71,10 @@ public class STRTransform extends Transf
private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
+ private static Log log = LogFactory.getLog(STRTransform.class.getName());
+
+ private static boolean doDebug = false;
+
public final AlgorithmParameterSpec getParameterSpec() {
return params;
}
@@ -120,6 +129,7 @@ public class STRTransform extends Transf
private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os)
throws TransformException {
+ doDebug = log.isDebugEnabled();
//
// First step: Get the required c14n argument and get the specified
// Canonicalizer
@@ -174,8 +184,14 @@ public class STRTransform extends Transf
// element.
//
SecurityTokenReference secRef = new SecurityTokenReference(str);
+
+ Canonicalizer canon = Canonicalizer.getInstance(canonAlgo);
+
+ ByteArrayOutputStream bos = null;
+ byte[] buf = null;
+
//
- // Third and fourth step are performed by derefenceSTR()
+ // Third and fourth step are performed by dereferenceSTR()
//
Document doc = str.getOwnerDocument();
WSDocInfo wsDocInfo = WSDocInfoStore.lookup(doc);
@@ -185,6 +201,63 @@ public class STRTransform extends Transf
Element dereferencedToken =
STRTransformUtil.dereferenceSTR(doc, secRef, wsDocInfo);
+
+ //
+ // C14n with specified algorithm. According to WSS Specification.
+ //
+ buf = canon.canonicalizeSubtree(dereferencedToken, "#default");
+ if (doDebug) {
+ bos = new ByteArrayOutputStream(buf.length);
+ bos.write(buf, 0, buf.length);
+ log.debug("after c14n: " + bos.toString());
+ }
+
+ //
+ // Alert: Hacks ahead According to WSS spec an Apex node must
+ // contain a default namespace. If none is availabe in the first
+ // node of the c14n output (this is the apex element) then we do
+ // some editing to insert an empty default namespace
+ //
+ // TODO: Rework theses hacks after c14n was updated and can be
+ // instructed to insert empty default namespace if required
+ //
+ // If the problem with c14n method is solved then just do:
+ // return new XMLSignatureInput(buf);
+
+ // start of HACK
+ StringBuffer bf = new StringBuffer(new String(buf));
+ String bf1 = bf.toString();
+
+ //
+ // Find start and end of first element <....>, this is the Apex node
+ //
+ int gt = bf1.indexOf(">");
+ //
+ // Lookup the default namespace
+ //
+ int idx = bf1.indexOf("xmlns=");
+ //
+ // If none found or if it is outside of this (Apex) element look for
+ // first blank in, insert default namespace there (this is the
+ // correct place according to c14n specification)
+ //
+ if (idx < 0 || idx > gt) {
+ idx = bf1.indexOf(" ");
+ bf.insert(idx + 1, "xmlns=\"\" ");
+ bf1 = bf.toString();
+ }
+ if (doDebug) {
+ log.debug("last result: ");
+ log.debug(bf1);
+ }
+ XMLSignatureInput output = new XMLSignatureInput(bf1.getBytes());
+ if (os != null) {
+ output.updateOutputStream(os);
+ return null;
+ }
+ return new OctetStreamData(output.getOctetStream());
+
+ /*
//
// According to WSS spec an Apex node must contain a default namespace.
//
@@ -219,6 +292,7 @@ public class STRTransform extends Transf
return null;
}
return new OctetStreamData(output.getOctetStream());
+ */
} catch (Exception ex) {
throw new TransformException(ex);
}