You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/11 12:38:35 UTC
svn commit: r1466831 - in /webservices/wss4j/trunk/ws-security-stax/src:
main/java/org/apache/wss4j/stax/ext/ main/java/org/apache/wss4j/stax/impl/
test/java/org/apache/wss4j/stax/test/
Author: coheigea
Date: Thu Apr 11 10:38:34 2013
New Revision: 1466831
URL: http://svn.apache.org/r1466831
Log:
Add a way to disable all BSP rules for the StaX code
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java Thu Apr 11 10:38:34 2013
@@ -127,6 +127,7 @@ public class InboundWSSec {
securityContextImpl.putList(SecurityEvent.class, requestSecurityEvents);
securityContextImpl.addSecurityEventListener(securityEventListener);
securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
+ securityContextImpl.setDisableBSPEnforcement(this.securityProperties.isDisableBSPEnforcement());
if (!requestSecurityEvents.isEmpty()) {
try {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Thu Apr 11 10:38:34 2013
@@ -55,6 +55,7 @@ public class WSSSecurityProperties exten
private String actor;
private CallbackHandler callbackHandler;
private final List<BSPRule> ignoredBSPRules = new LinkedList<BSPRule>();
+ private boolean disableBSPEnforcement;
private final Map<QName, Validator> validators = new HashMap<QName, Validator>();
private Integer timestampTTL = 300;
@@ -104,6 +105,7 @@ public class WSSSecurityProperties exten
this.actor = wssSecurityProperties.actor;
this.callbackHandler = wssSecurityProperties.callbackHandler;
this.ignoredBSPRules.addAll(wssSecurityProperties.ignoredBSPRules);
+ this.disableBSPEnforcement = wssSecurityProperties.disableBSPEnforcement;
this.validators.putAll(wssSecurityProperties.validators);
this.timestampTTL = wssSecurityProperties.timestampTTL;
this.timeStampFutureTTL = wssSecurityProperties.timeStampFutureTTL;
@@ -681,5 +683,13 @@ public class WSSSecurityProperties exten
return nonceReplayCache;
}
+
+ public boolean isDisableBSPEnforcement() {
+ return disableBSPEnforcement;
+ }
+
+ public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+ this.disableBSPEnforcement = disableBSPEnforcement;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Thu Apr 11 10:38:34 2013
@@ -49,6 +49,7 @@ public class InboundWSSecurityContextImp
private final Deque<SecurityEvent> securityEventQueue = new ArrayDeque<SecurityEvent>();
private boolean operationSecurityEventOccured = false;
private boolean messageEncryptionTokenOccured = false;
+ private boolean disableBSPEnforcement;
private List<BSPRule> ignoredBSPRules = Collections.emptyList();
@@ -533,6 +534,9 @@ public class InboundWSSecurityContextImp
@Override
public void handleBSPRule(BSPRule bspRule) throws WSSecurityException {
+ if (disableBSPEnforcement) {
+ return;
+ }
if (!ignoredBSPRules.contains(bspRule)) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY,
@@ -547,4 +551,12 @@ public class InboundWSSecurityContextImp
public void ignoredBSPRules(List<BSPRule> bspRules) {
ignoredBSPRules = new ArrayList<BSPRule>(bspRules);
}
+
+ public boolean isDisableBSPEnforcement() {
+ return disableBSPEnforcement;
+ }
+
+ public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+ this.disableBSPEnforcement = disableBSPEnforcement;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Thu Apr 11 10:38:34 2013
@@ -431,6 +431,53 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
}
}
+
+ /**
+ * Since WSS4J hardcoded the C14N algo for References, we test against our framework
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testSignatureC14NInclusivePartsInbound_DisableAllBSPRules() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema", "complexType"), SecurePart.Modifier.Element));
+ securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document securedDocument = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.setDisableBSPEnforcement(true);
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+ }
@Test
public void testSignatureKeyIdentifierIssuerSerialOutbound() throws Exception {