You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2010/11/26 18:19:20 UTC
svn commit: r1039471 - in
/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/ tokenstore/ wss4j/ wss4j/policyhandlers/
Author: coheigea
Date: Fri Nov 26 17:19:19 2010
New Revision: 1039471
URL: http://svn.apache.org/viewvc?rev=1039471&view=rev
Log:
Removed ExternalSTRTransform stuff and a lot of the crypto loading stuff
- Both are supported via some minor changes to WSS4J 1.6-SNAPSHOT
- Lots of small refactoring changes.
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Fri Nov 26 17:19:19 2010
@@ -82,8 +82,8 @@ import org.apache.ws.security.handler.WS
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
static final Logger LOG = LogUtils.getL7dLogger(SecureConversationInInterceptor.class);
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Fri Nov 26 17:19:19 2010
@@ -66,8 +66,8 @@ import org.apache.ws.security.conversati
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
/**
*
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Fri Nov 26 17:19:19 2010
@@ -20,9 +20,9 @@
package org.apache.cxf.ws.security.tokenstore;
import java.security.cert.X509Certificate;
-import java.util.Date;
import java.text.DateFormat;
import java.text.ParseException;
+import java.util.Date;
import java.util.Properties;
import org.w3c.dom.Element;
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Fri Nov 26 17:19:19 2010
@@ -22,9 +22,7 @@ import java.net.URI;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
-import java.util.Properties;
import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
@@ -35,12 +33,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptor;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
-import org.apache.ws.security.handler.WSHandlerConstants;
public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor,
PhaseInterceptor<SoapMessage> {
@@ -57,7 +50,6 @@ public abstract class AbstractWSS4JInter
private Set<String> after = new HashSet<String>();
private String phase;
private String id;
- private Map<String, Crypto> cryptoTable = new ConcurrentHashMap<String, Crypto>();
public AbstractWSS4JInterceptor() {
super();
@@ -150,131 +142,4 @@ public abstract class AbstractWSS4JInter
return MessageUtils.isRequestor(message);
}
- protected boolean decodeEnableSignatureConfirmation(RequestData reqData) throws WSSecurityException {
-
- String value = getString(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
- reqData.getMsgContext());
-
- //we need the default to be false to not break older applications and such
- if (value == null) {
- return false;
- }
- return super.decodeEnableSignatureConfirmation(reqData);
- }
-
- public Crypto loadSignatureCrypto(RequestData reqData)
- throws WSSecurityException {
- Crypto crypto = null;
- /*
- *Get crypto property file for signature. If none specified throw
- * fault, otherwise get a crypto instance.
- */
- String sigPropFile = getString(WSHandlerConstants.SIG_PROP_FILE,
- reqData.getMsgContext());
- String refId = null;
- if (sigPropFile != null) {
- crypto = cryptoTable.get(sigPropFile);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance(sigPropFile, this
- .getClassLoader(reqData.getMsgContext()));
- cryptoTable.put(sigPropFile, crypto);
- }
- } else if (getString(WSHandlerConstants.SIG_PROP_REF_ID, reqData
- .getMsgContext()) != null) {
- /*
- * If the property file is missing then
- * look for the Properties object
- */
- refId = getString(WSHandlerConstants.SIG_PROP_REF_ID,
- reqData.getMsgContext());
- if (refId != null) {
- Object propObj = getProperty(reqData.getMsgContext(), refId);
- if (propObj instanceof Properties) {
- crypto = cryptoTable.get(refId);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance((Properties)propObj);
- cryptoTable.put(refId, crypto);
- }
- }
- }
- }
- return crypto;
- }
-
- protected Crypto loadDecryptionCrypto(RequestData reqData)
- throws WSSecurityException {
- Crypto crypto = null;
- String decPropFile = getString(WSHandlerConstants.DEC_PROP_FILE,
- reqData.getMsgContext());
- String refId = null;
- if (decPropFile != null) {
- crypto = cryptoTable.get(decPropFile);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance(decPropFile, this
- .getClassLoader(reqData.getMsgContext()));
- cryptoTable.put(decPropFile, crypto);
- }
- } else if (getString(WSHandlerConstants.DEC_PROP_REF_ID, reqData
- .getMsgContext()) != null) {
- /*
- * If the property file is missing then
- * look for the Properties object
- */
- refId = getString(WSHandlerConstants.DEC_PROP_REF_ID,
- reqData.getMsgContext());
- if (refId != null) {
- Object propObj = getProperty(reqData.getMsgContext(), refId);
- if (propObj instanceof Properties) {
- crypto = cryptoTable.get(refId);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance((Properties)propObj);
- cryptoTable.put(refId, crypto);
- }
- }
- }
- }
- return crypto;
- }
-
- protected Crypto loadEncryptionCrypto(RequestData reqData)
- throws WSSecurityException {
- Crypto crypto = null;
- /*
- * Get encryption crypto property file. If non specified take crypto
- * instance from signature, if that fails: throw fault
- */
- String encPropFile = getString(WSHandlerConstants.ENC_PROP_FILE,
- reqData.getMsgContext());
- String refId = null;
- if (encPropFile != null) {
- crypto = cryptoTable.get(encPropFile);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance(encPropFile, this
- .getClassLoader(reqData.getMsgContext()));
- cryptoTable.put(encPropFile, crypto);
- }
- } else if (getString(WSHandlerConstants.ENC_PROP_REF_ID, reqData
- .getMsgContext()) != null) {
- /*
- * If the property file is missing then
- * look for the Properties object
- */
- refId = getString(WSHandlerConstants.ENC_PROP_REF_ID,
- reqData.getMsgContext());
- if (refId != null) {
- Object propObj = getProperty(reqData.getMsgContext(), refId);
- if (propObj instanceof Properties) {
- crypto = cryptoTable.get(refId);
- if (crypto == null) {
- crypto = CryptoFactory.getInstance((Properties)propObj);
- cryptoTable.put(refId, crypto);
- }
- }
- }
- } else if (reqData.getSigCrypto() == null) {
- return crypto;
- }
- return crypto;
- }
-
}
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Nov 26 17:19:19 2010
@@ -110,6 +110,7 @@ public class WSS4JInInterceptor extends
ignoreActions = ignore;
}
+ @SuppressWarnings("unchecked")
public WSS4JInInterceptor(Map<String, Object> properties) {
this();
setProperties(properties);
@@ -191,7 +192,7 @@ public class WSS4JInInterceptor extends
try {
reqData.setMsgContext(msg);
computeAction(msg, reqData);
- List actions = new Vector();
+ List<Integer> actions = new Vector<Integer>();
String action = getAction(msg, version);
int doAction = WSSecurityUtil.decodeAction(action, actions);
@@ -206,7 +207,7 @@ public class WSS4JInInterceptor extends
*/
doReceiverAction(doAction, reqData);
- List wsResult = null;
+ List<WSSecurityEngineResult> wsResult = null;
if (doTimeLog) {
t1 = System.currentTimeMillis();
}
@@ -235,7 +236,7 @@ public class WSS4JInInterceptor extends
} else { // no security header found
// Create an empty result vector to pass into the required validation
// methods.
- wsResult = new Vector<Object>();
+ wsResult = new Vector<WSSecurityEngineResult>();
if (doc.getSOAPPart().getEnvelope().getBody().hasFault()) {
LOG.warning("Request does not contain Security header, "
@@ -283,8 +284,12 @@ public class WSS4JInInterceptor extends
}
}
- private void checkActions(SoapMessage msg, RequestData reqData, List wsResult, List actions)
- throws WSSecurityException {
+ private void checkActions(
+ SoapMessage msg,
+ RequestData reqData,
+ List<WSSecurityEngineResult> wsResult,
+ List<Integer> actions
+ ) throws WSSecurityException {
/*
* now check the security actions: do they match, in any order?
*/
@@ -293,6 +298,7 @@ public class WSS4JInInterceptor extends
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
+
private void checkSignatures(SoapMessage msg, RequestData reqData, List wsResult)
throws WSSecurityException {
/*
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java Fri Nov 26 17:19:19 2010
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j;
import java.util.Collections;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
@@ -182,7 +183,7 @@ public class WSS4JOutInterceptor extends
/*
* Get the action first.
*/
- Vector actions = new Vector();
+ List<Integer> actions = new Vector<Integer>();
String action = getString(WSHandlerConstants.ACTION, mc);
if (action == null) {
throw new SoapFault(new Message("NO_ACTION", LOG), version
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Nov 26 17:19:19 2010
@@ -22,13 +22,10 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
@@ -43,10 +40,7 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
@@ -126,7 +120,6 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
/**
@@ -136,8 +129,8 @@ public abstract class AbstractBindingBui
public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
-
- protected SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
+ protected SPConstants.ProtectionOrder protectionOrder =
+ SPConstants.ProtectionOrder.SignBeforeEncrypting;
protected SOAPMessage saaj;
protected WSSecHeader secHeader;
@@ -154,7 +147,7 @@ public abstract class AbstractBindingBui
protected Map<Token, WSSecBase> sgndEndEncSuppTokMap;
protected Map<Token, WSSecBase> sgndEndSuppTokMap;
- protected Vector<byte[]> signatures = new Vector<byte[]>();
+ protected List<byte[]> signatures = new Vector<byte[]>();
Element lastSupportingTokenElement;
Element lastEncryptedKeyElement;
@@ -182,6 +175,7 @@ public abstract class AbstractBindingBui
secHeader.getSecurityHeader().insertBefore(child, sib.getNextSibling());
}
}
+
protected void addDerivedKeyElement(Element el) {
if (lastDerivedKeyElement != null) {
insertAfter(el, lastDerivedKeyElement);
@@ -190,12 +184,15 @@ public abstract class AbstractBindingBui
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
} else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
} else {
secHeader.getSecurityHeader().appendChild(el);
}
lastEncryptedKeyElement = el;
- }
+ }
+
protected void addEncyptedKeyElement(Element el) {
if (lastEncryptedKeyElement != null) {
insertAfter(el, lastEncryptedKeyElement);
@@ -204,12 +201,15 @@ public abstract class AbstractBindingBui
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
} else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
} else {
secHeader.getSecurityHeader().appendChild(el);
}
lastEncryptedKeyElement = el;
}
+
protected void addSupportingElement(Element el) {
if (lastSupportingTokenElement != null) {
insertAfter(el, lastSupportingTokenElement);
@@ -226,6 +226,7 @@ public abstract class AbstractBindingBui
}
lastSupportingTokenElement = el;
}
+
protected void insertBeforeBottomUp(Element el) {
if (bottomUpElement == null) {
secHeader.getSecurityHeader().appendChild(el);
@@ -234,14 +235,15 @@ public abstract class AbstractBindingBui
}
bottomUpElement = el;
}
+
protected void addTopDownElement(Element el) {
if (topDownElement == null) {
if (secHeader.getSecurityHeader().getFirstChild() == null) {
secHeader.getSecurityHeader().appendChild(el);
} else {
- secHeader.getSecurityHeader().insertBefore(el, secHeader
- .getSecurityHeader()
- .getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
}
} else {
insertAfter(el, topDownElement);
@@ -269,6 +271,7 @@ public abstract class AbstractBindingBui
}
throw new PolicyException(reason);
}
+
protected void policyNotAsserted(PolicyAssertion assertion, String reason) {
if (assertion == null) {
return;
@@ -287,6 +290,7 @@ public abstract class AbstractBindingBui
throw new PolicyException(new Message(reason, LOG));
}
}
+
protected void policyAsserted(PolicyAssertion assertion) {
if (assertion == null) {
return;
@@ -302,6 +306,7 @@ public abstract class AbstractBindingBui
}
}
}
+
protected void policyAsserted(QName n) {
Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
if (ais != null && !ais.isEmpty()) {
@@ -327,7 +332,8 @@ public abstract class AbstractBindingBui
protected final Map<Object, Crypto> getCryptoCache() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
- Map<Object, Crypto> o = CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
+ Map<Object, Crypto> o =
+ CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
if (o == null) {
o = new ConcurrentHashMap<Object, Crypto>();
info.setProperty(CRYPTO_CACHE, o);
@@ -335,10 +341,12 @@ public abstract class AbstractBindingBui
return o;
}
}
+
protected final TokenStore getTokenStore() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
- TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+ TokenStore tokenStore =
+ (TokenStore)message.getContextualProperty(TokenStore.class.getName());
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
}
@@ -349,6 +357,7 @@ public abstract class AbstractBindingBui
return tokenStore;
}
}
+
protected WSSecTimestamp createTimestamp() {
Collection<AssertionInfo> ais;
ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
@@ -406,6 +415,7 @@ public abstract class AbstractBindingBui
}
return timestamp;
}
+
protected void assertSupportingTokens(Collection<PolicyAssertion> suppTokens) {
if (suppTokens == null) {
return;
@@ -418,6 +428,7 @@ public abstract class AbstractBindingBui
}
}
}
+
protected Map<Token, WSSecBase> handleSupportingTokens(Collection<PolicyAssertion> tokens,
boolean endorse) {
Map<Token, WSSecBase> ret = new HashMap<Token, WSSecBase>();
@@ -429,10 +440,12 @@ public abstract class AbstractBindingBui
}
}
return ret;
- }
+ }
+
protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens, boolean endorse) {
return handleSupportingTokens(suppTokens, endorse, new HashMap<Token, WSSecBase>());
}
+
protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens,
boolean endorse,
Map<Token, WSSecBase> ret) {
@@ -474,7 +487,7 @@ public abstract class AbstractBindingBui
//Add the extracted token
ret.put(token, new WSSecurityTokenHolder(secToken));
} else {
- WSSecSignatureHelper sig = new WSSecSignatureHelper();
+ WSSecSignature sig = new WSSecSignature();
sig.setX509Certificate(secToken.getX509Certificate());
sig.setCustomTokenId(secToken.getId());
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
@@ -501,9 +514,7 @@ public abstract class AbstractBindingBui
}
sig.setUserInfo(uname, password);
try {
- sig.prepare(saaj.getSOAPPart(),
- secToken.getCrypto(),
- secHeader);
+ sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
} catch (WSSecurityException e) {
throw new Fault(e);
}
@@ -517,7 +528,7 @@ public abstract class AbstractBindingBui
} else if (token instanceof X509Token) {
//We have to use a cert
//Prepare X509 signature
- WSSecSignature sig = getSignatureBuider(suppTokens, token, endorse);
+ WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
Element bstElem = sig.getBinarySecurityTokenElement();
if (bstElem != null) {
sig.prependBSTElementToHeader(secHeader);
@@ -527,7 +538,7 @@ public abstract class AbstractBindingBui
}
ret.put(token, sig);
} else if (token instanceof KeyValueToken) {
- WSSecSignature sig = getSignatureBuider(suppTokens, token, endorse);
+ WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
if (suppTokens.isEncryptedToken()) {
encryptedTokensIdList.add(sig.getBSTTokenId());
}
@@ -559,22 +570,19 @@ public abstract class AbstractBindingBui
for (Map.Entry<Token, WSSecBase> entry : tokenMap.entrySet()) {
- Object tempTok = entry.getValue();
+ Object tempTok = entry.getValue();
WSEncryptionPart part = null;
- if (tempTok instanceof WSSecSignatureHelper) {
- WSSecSignatureHelper tempSig = (WSSecSignatureHelper) tempTok;
+ if (tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ SecurityTokenReference secRef = tempSig.getSecurityTokenReference();
if ((WSConstants.WSS_SAML_NS + WSConstants.SAML_ASSERTION_ID).
- equals(tempSig.getSecRef().getKeyIdentifierValueType())) {
+ equals(secRef.getKeyIdentifierValueType())) {
- addSupportingElement(cloneElement(tempSig.getSecRef().getElement()));
+ addSupportingElement(cloneElement(secRef.getElement()));
- // NOTE: This usage of WSEncryptionPart is a workaroud that is
- // coupled with WSSecSignatureHelper. This approach is used so that
- // we can force WSS4J to sign the assertion through a STR that
- // WSS4J did not create during message signature creation.
- part = new WSEncryptionPart(tempSig.getStrUri(), "ExternalSTRTransform", "Element");
-
+ part = new WSEncryptionPart("STRTransform", null, "Element");
+ part.setId(tempSig.getSecurityTokenReferenceURI());
} else {
if (tempSig.getBSTTokenId() != null) {
part = new WSEncryptionPart(tempSig.getBSTTokenId());
@@ -592,9 +600,7 @@ public abstract class AbstractBindingBui
}
}
-
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
-
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
@@ -608,7 +614,6 @@ public abstract class AbstractBindingBui
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
-
if (!StringUtils.isEmpty(userName)) {
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
@@ -644,8 +649,9 @@ public abstract class AbstractBindingBui
}
return null;
}
+
public String getPassword(String userName, PolicyAssertion info, int type) {
- //Then try to get the password from the given callback handler
+ //Then try to get the password from the given callback handler
Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
CallbackHandler handler = null;
@@ -664,8 +670,7 @@ public abstract class AbstractBindingBui
return null;
}
- WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
- type)};
+ WSPasswordCallback[] cb = {new WSPasswordCallback(userName, type)};
try {
handler.handle(cb);
} catch (Exception e) {
@@ -723,7 +728,7 @@ public abstract class AbstractBindingBui
return id;
}
- public Vector<WSEncryptionPart> getEncryptedParts()
+ public List<WSEncryptionPart> getEncryptedParts()
throws SOAPException {
boolean isBody = false;
@@ -778,7 +783,7 @@ public abstract class AbstractBindingBui
celements == null ? null : celements.getDeclaredNamespaces());
}
- public Vector<WSEncryptionPart> getSignedParts()
+ public List<WSEncryptionPart> getSignedParts()
throws SOAPException {
boolean isSignBody = false;
@@ -846,7 +851,7 @@ public abstract class AbstractBindingBui
* @param cnamespaces
* namespace prefix to namespace mappings for XPath expressions
* in {@code contentXpaths}
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws SOAPException
* if there is an error extracting SOAP content from the SAAJ
@@ -855,7 +860,7 @@ public abstract class AbstractBindingBui
* @deprecated Use {@link #getSignedParts()} and {@link #getEncryptedParts()}
* instead.
*/
- public Vector<WSEncryptionPart> getPartsAndElements(boolean sign,
+ public List<WSEncryptionPart> getPartsAndElements(boolean sign,
boolean includeBody,
List<WSEncryptionPart> parts,
List<String> xpaths,
@@ -864,7 +869,7 @@ public abstract class AbstractBindingBui
Map<String, String> cnamespaces)
throws SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
List<Element> found = new ArrayList<Element>();
@@ -906,30 +911,25 @@ public abstract class AbstractBindingBui
* signing/encryption. Populated with additional matches found by
* this method and used to prevent including the same element
* twice under the same operation.
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws SOAPException
* if there is an error extracting SOAP content from the SAAJ
* model
*/
- private Vector<WSEncryptionPart> getParts(boolean sign,
+ private List<WSEncryptionPart> getParts(boolean sign,
boolean includeBody, List<WSEncryptionPart> parts,
List<Element> found) throws SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
-
+ List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
if (includeBody && !found.contains(this.saaj.getSOAPBody())) {
found.add(saaj.getSOAPBody());
final String id = this.addWsuIdToElement(this.saaj.getSOAPBody());
if (sign) {
- result.add(new WSEncryptionPart(
- id,
- "Element"));
+ result.add(new WSEncryptionPart(id, "Element"));
} else {
- result.add(new WSEncryptionPart(
- id,
- "Content"));
+ result.add(new WSEncryptionPart(id, "Content"));
}
}
@@ -957,9 +957,7 @@ public abstract class AbstractBindingBui
// elemenet with the same name and namespace as that in the
// WSEncryptionPart
final String id = this.addWsuIdToElement(el);
- result.add(new WSEncryptionPart(
- id,
- part.getEncModifier()));
+ result.add(new WSEncryptionPart(id, part.getEncModifier()));
}
}
}
@@ -983,7 +981,7 @@ public abstract class AbstractBindingBui
* signing/encryption. Populated with additional matches found by
* this method and used to prevent including the same element
* twice under the same operation.
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws XPathExpressionException
* if a provided XPath is invalid
@@ -991,11 +989,11 @@ public abstract class AbstractBindingBui
* if there is an error extracting SOAP content from the SAAJ
* model
*/
- private Vector<WSEncryptionPart> getElements(String encryptionModifier,
+ private List<WSEncryptionPart> getElements(String encryptionModifier,
List<String> xpaths, Map<String, String> namespaces,
List<Element> found) throws XPathExpressionException, SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
if (xpaths != null && !xpaths.isEmpty()) {
XPathFactory factory = XPathFactory.newInstance();
@@ -1017,7 +1015,6 @@ public abstract class AbstractBindingBui
// WSEncryptionPart
final String id = this.addWsuIdToElement(el);
-
WSEncryptionPart part = new WSEncryptionPart(
id,
encryptionModifier);
@@ -1066,13 +1063,13 @@ public abstract class AbstractBindingBui
SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
}
+
public Crypto getCrypto(TokenWrapper wrapper, String cryptoKey, String propKey) {
Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
if (crypto != null) {
return crypto;
}
-
Object o = message.getContextualProperty(propKey);
if (o == null) {
return null;
@@ -1158,13 +1155,14 @@ public abstract class AbstractBindingBui
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
}
-
} else {
policyAsserted(token);
policyAsserted(wrapper);
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
+
+ @SuppressWarnings("unchecked")
public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
@@ -1198,11 +1196,11 @@ public abstract class AbstractBindingBui
if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
if (resultsObj != null) {
- encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ encrKeyBuilder.setUseThisCert(getReqSigCert((List<WSHandlerResult>)resultsObj));
//TODO This is a hack, this should not come under USE_REQ_SIG_CERT
if (encrKeyBuilder.isCertSet()) {
- encrKeyBuilder.setUserInfo(getUsername((Vector)resultsObj));
+ encrKeyBuilder.setUserInfo(getUsername((List<WSHandlerResult>)resultsObj));
}
} else {
policyNotAsserted(token, "No security results in incoming message");
@@ -1211,24 +1209,20 @@ public abstract class AbstractBindingBui
encrKeyBuilder.setUserInfo(encrUser);
}
}
- private static X509Certificate getReqSigCert(Vector results) {
+
+ private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- List wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.SIGN) {
return (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
@@ -1245,24 +1239,18 @@ public abstract class AbstractBindingBui
* @param results
* @return
*/
-
- public static String getUsername(Vector results) {
+ public static String getUsername(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- List wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
* Scan the results for a username token. Use the username
* of this token to set the alias for the encryption user
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.UT) {
WSUsernameTokenPrincipal principal
@@ -1274,6 +1262,7 @@ public abstract class AbstractBindingBui
return null;
}
+
protected Wss10 getWss10() {
Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.WSS10);
if (ais != null) {
@@ -1299,8 +1288,9 @@ public abstract class AbstractBindingBui
}
}
}
- protected WSSecSignatureHelper getSignatureBuider(TokenWrapper wrapper, Token token, boolean endorse) {
- WSSecSignatureHelper sig = new WSSecSignatureHelper();
+
+ protected WSSecSignature getSignatureBuilder(TokenWrapper wrapper, Token token, boolean endorse) {
+ WSSecSignature sig = new WSSecSignature();
checkForX509PkiPath(sig, token);
setKeyIdentifierType(sig, wrapper, token);
@@ -1359,9 +1349,7 @@ public abstract class AbstractBindingBui
sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
try {
- sig.prepare(saaj.getSOAPPart(),
- crypto,
- secHeader);
+ sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
} catch (WSSecurityException e) {
policyNotAsserted(token, e);
}
@@ -1376,7 +1364,7 @@ public abstract class AbstractBindingBui
for (Map.Entry<Token, WSSecBase> ent : tokenMap.entrySet()) {
WSSecBase tempTok = ent.getValue();
- Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
sigParts.add(new WSEncryptionPart(mainSigId));
if (tempTok instanceof WSSecSignature) {
@@ -1385,7 +1373,7 @@ public abstract class AbstractBindingBui
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
try {
- List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
@@ -1415,8 +1403,9 @@ public abstract class AbstractBindingBui
}
}
}
+
private void doSymmSignatureDerived(Token policyToken, SecurityToken tok,
- Vector<WSEncryptionPart> sigParts, boolean isTokenProtection)
+ List<WSEncryptionPart> sigParts, boolean isTokenProtection)
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
@@ -1486,7 +1475,7 @@ public abstract class AbstractBindingBui
dkSign.setParts(sigParts);
- List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
//Add elements to header
addSupportingElement(dkSign.getdktElement());
@@ -1496,8 +1485,9 @@ public abstract class AbstractBindingBui
signatures.add(dkSign.getSignatureValue());
}
+
private void doSymmSignature(Token policyToken, SecurityToken tok,
- Vector<WSEncryptionPart> sigParts, boolean isTokenProtection)
+ List<WSEncryptionPart> sigParts, boolean isTokenProtection)
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
@@ -1543,13 +1533,14 @@ public abstract class AbstractBindingBui
sig.prepare(doc, getSignatureCrypto(null), secHeader);
sig.setParts(sigParts);
- List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
}
- protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
+
+ protected void assertSupportingTokens(List<WSEncryptionPart> sigs) {
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
@@ -1559,8 +1550,9 @@ public abstract class AbstractBindingBui
.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS));
- }
- protected void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+ }
+
+ protected void addSupportingTokens(List<WSEncryptionPart> sigs) {
Collection<PolicyAssertion> sgndSuppTokens =
findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
@@ -1604,10 +1596,8 @@ public abstract class AbstractBindingBui
addSignatureParts(sgndEncSuppTokMap, sigs);
addSignatureParts(sgndEndSuppTokMap, sigs);
addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
}
-
protected void doEndorse() {
boolean tokenProtect = false;
boolean sigProtect = false;
@@ -1629,7 +1619,8 @@ public abstract class AbstractBindingBui
doEndorsedSignatures(sgndEndSuppTokMap, tokenProtect, sigProtect);
}
- protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) {
+ @SuppressWarnings("unchecked")
+ protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11)
@@ -1638,16 +1629,15 @@ public abstract class AbstractBindingBui
return;
}
- Vector results = (Vector)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
+ List<WSHandlerResult> results =
+ (List<WSHandlerResult>)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
* signature results in the signatureActions vector
*/
- Vector signatureActions = new Vector();
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
-
+ List<WSSecurityEngineResult> signatureActions = new Vector<WSSecurityEngineResult>();
+ for (WSHandlerResult wshResult : results) {
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
WSConstants.SIGN, signatureActions);
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
@@ -1659,9 +1649,7 @@ public abstract class AbstractBindingBui
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
if (signatureActions.size() > 0) {
- for (int i = 0; i < signatureActions.size(); i++) {
- WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
- .get(i);
+ for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare(saaj.getSOAPPart());
@@ -1695,10 +1683,10 @@ public abstract class AbstractBindingBui
* and the {@code WSEncryptionPart} {@code name} value is not
* "Token"
*/
- public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> encryptedParts,
- Vector<WSEncryptionPart> signedParts) {
+ public void handleEncryptedSignedHeaders(List<WSEncryptionPart> encryptedParts,
+ List<WSEncryptionPart> signedParts) {
- final Vector<WSEncryptionPart> signedEncryptedParts = new Vector<WSEncryptionPart>();
+ final List<WSEncryptionPart> signedEncryptedParts = new Vector<WSEncryptionPart>();
for (WSEncryptionPart encryptedPart : encryptedParts) {
final Iterator<WSEncryptionPart> signedPartsIt = signedParts.iterator();
@@ -1731,73 +1719,4 @@ public abstract class AbstractBindingBui
signedParts.addAll(signedEncryptedParts);
}
- private static final class WSSecSignatureHelper extends WSSecSignature {
- public SecurityTokenReference getSecRef() {
- return this.secRef;
- }
-
- public String getStrUri() {
- return this.strUri;
- }
-
- @Override
- public List addReferencesToSign(List references,
- WSSecHeader secHeader) throws WSSecurityException {
- final List<WSEncryptionPart> unalteredReferences = new Vector<WSEncryptionPart>();
-
- List uberReferences = new Vector();
- try {
- DigestMethod digestMethod;
- try {
- digestMethod = signatureFactory.newDigestMethod(this.getDigestAlgo(), null);
- } catch (Exception ex) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
- );
- }
-
- for (int part = 0; part < references.size(); part++) {
- final WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
-
- final String elemName = encPart.getName();
-
- if (elemName != null && "ExternalSTRTransform".equals(encPart.getNamespace())) {
- final Element ctx = this.createSTRParameter(document);
-
- XMLStructure structure = new DOMStructure(ctx);
- Transform transform =
- signatureFactory.newTransform(
- STRTransform.TRANSFORM_URI,
- structure
- );
-
- javax.xml.crypto.dsig.Reference reference =
- signatureFactory.newReference(
- "#" + elemName,
- digestMethod,
- Collections.singletonList(transform),
- null,
- null
- );
- uberReferences.add(reference);
- } else {
- unalteredReferences.add(encPart);
- }
- }
- } catch (NoSuchAlgorithmException e1) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
- );
- } catch (InvalidAlgorithmParameterException e1) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
- );
- }
-
- List newReferences = super.addReferencesToSign(unalteredReferences, secHeader);
- uberReferences.addAll(newReferences);
- return uberReferences;
- }
- }
-
}
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Nov 26 17:19:19 2010
@@ -26,6 +26,7 @@ import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
@@ -92,11 +93,9 @@ public class AsymmetricBindingHandler ex
}
}
-
-
private void doSignBeforeEncrypt() {
try {
- Vector<WSEncryptionPart> sigs = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigs = new Vector<WSEncryptionPart>();
if (isRequestor()) {
//Add timestamp
if (timestampEl != null) {
@@ -111,7 +110,6 @@ public class AsymmetricBindingHandler ex
//confirm sig
assertSupportingTokens(sigs);
-
//Add timestamp
if (timestampEl != null) {
Element el = timestampEl.getElement();
@@ -122,7 +120,7 @@ public class AsymmetricBindingHandler ex
doSignature(sigs);
}
- Vector<WSEncryptionPart> enc = getEncryptedParts();
+ List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
@@ -137,7 +135,6 @@ public class AsymmetricBindingHandler ex
//Do encryption
RecipientToken recToken = abinding.getRecipientToken();
-
doEncryption(recToken, enc, false);
} catch (Exception e) {
@@ -156,8 +153,8 @@ public class AsymmetricBindingHandler ex
wrapper = abinding.getInitiatorToken();
}
encryptionToken = wrapper.getToken();
- Vector<WSEncryptionPart> encrParts = null;
- Vector<WSEncryptionPart> sigParts = null;
+ List<WSEncryptionPart> encrParts = null;
+ List<WSEncryptionPart> sigParts = null;
try {
encrParts = getEncryptedParts();
//Signed parts are determined before encryption because encrypted signed headers
@@ -168,17 +165,14 @@ public class AsymmetricBindingHandler ex
e1.printStackTrace();
}
-
if (encryptionToken == null && encrParts.size() > 0) {
//REVISIT - no token to encrypt with
}
-
if (encryptionToken != null && encrParts.size() > 0) {
WSSecBase encrBase = doEncryption(wrapper, encrParts, true);
handleEncryptedSignedHeaders(encrParts, sigParts);
-
if (timestampEl != null) {
sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
}
@@ -210,7 +204,7 @@ public class AsymmetricBindingHandler ex
// Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
- Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
// Now encrypt the signature using the above token
secondEncrParts.add(new WSEncryptionPart(mainSigId, "Element"));
@@ -238,7 +232,7 @@ public class AsymmetricBindingHandler ex
.createElementNS(WSConstants.ENC_NS,
WSConstants.ENC_PREFIX + ":ReferenceList");
this.insertBeforeBottomUp(secondRefList);
- ((WSSecEncrypt)encrBase).encryptForExternalRef(secondRefList, secondEncrParts);
+ ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
} catch (WSSecurityException e) {
//REVISIT - exception
@@ -249,9 +243,8 @@ public class AsymmetricBindingHandler ex
}
}
-
private WSSecBase doEncryption(TokenWrapper recToken,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean externalRef) {
//Do encryption
if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
@@ -301,15 +294,14 @@ public class AsymmetricBindingHandler ex
encr.prependBSTElementToHeader(secHeader);
}
-
Element encryptedKeyElement = encr.getEncryptedKeyElement();
//Encrypt, get hold of the ref list and add it
if (externalRef) {
- Element refList = encr.encryptForExternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
insertBeforeBottomUp(refList);
} else {
- Element refList = encr.encryptForInternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
// Add internal refs
encryptedKeyElement.appendChild(refList);
@@ -339,7 +331,7 @@ public class AsymmetricBindingHandler ex
}
}
- private void doSignature(Vector<WSEncryptionPart> sigParts) throws WSSecurityException, SOAPException {
+ private void doSignature(List<WSEncryptionPart> sigParts) throws WSSecurityException, SOAPException {
Token sigToken = null;
TokenWrapper wrapper = null;
if (isRequestor()) {
@@ -374,7 +366,7 @@ public class AsymmetricBindingHandler ex
dkSign.setParts(sigParts);
- List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
// Add elements to header
addDerivedKeyElement(dkSign.getdktElement());
@@ -394,7 +386,7 @@ public class AsymmetricBindingHandler ex
e.printStackTrace();
}
} else {
- WSSecSignature sig = getSignatureBuider(wrapper, sigToken, false);
+ WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, false);
// This action must occur before sig.prependBSTElementToHeader
if (abinding.isTokenProtection()
@@ -405,7 +397,7 @@ public class AsymmetricBindingHandler ex
sig.prependBSTElementToHeader(secHeader);
sigParts.addAll(this.getSignedParts());
- List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
if (bottomUpElement == null) {
sig.computeSignature(referenceList, false, null);
@@ -420,6 +412,7 @@ public class AsymmetricBindingHandler ex
}
}
+ @SuppressWarnings("unchecked")
private void setupEncryptedKey(TokenWrapper wrapper, Token token) throws WSSecurityException {
if (!isRequestor() && token.isDerivedKeys()) {
//If we already have them, simply return
@@ -430,8 +423,8 @@ public class AsymmetricBindingHandler ex
//Use the secret from the incoming EncryptedKey element
Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
if (resultsObj != null) {
- encryptedKeyId = getRequestEncryptedKeyId((Vector)resultsObj);
- encryptedKeyValue = getRequestEncryptedKeyValue((Vector)resultsObj);
+ encryptedKeyId = getRequestEncryptedKeyId((List<WSHandlerResult>)resultsObj);
+ encryptedKeyValue = getRequestEncryptedKeyValue((List<WSHandlerResult>)resultsObj);
//In the case where we don't have the EncryptedKey in the
//request, for the control to have reached this state,
@@ -448,25 +441,20 @@ public class AsymmetricBindingHandler ex
createEncryptedKey(wrapper, token);
}
}
- public static String getRequestEncryptedKeyId(Vector results) {
+
+ public static String getRequestEncryptedKeyId(List<WSHandlerResult> results) {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- List wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
- * Scan the results for the first Signature action. Use the
- * certificate of this Signature to set the certificate for the
- * encryption action :-).
- */
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
- if (actInt.intValue() == WSConstants.ENCR
- && encrKeyId != null) {
+ if (actInt.intValue() == WSConstants.ENCR && encrKeyId != null) {
return encrKeyId;
}
}
@@ -475,25 +463,20 @@ public class AsymmetricBindingHandler ex
return null;
}
- public static byte[] getRequestEncryptedKeyValue(Vector results) {
+ public static byte[] getRequestEncryptedKeyValue(List<WSHandlerResult> results) {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
- List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
- if (actInt.intValue() == WSConstants.ENCR
- && decryptedKey != null) {
+ if (actInt.intValue() == WSConstants.ENCR && decryptedKey != null) {
return decryptedKey;
}
}
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Nov 26 17:19:19 2010
@@ -19,14 +19,13 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
-
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.List;
import java.util.Vector;
-import java.util.logging.Level;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
@@ -93,6 +92,7 @@ public class SymmetricBindingHandler ext
}
return sbinding.getSignatureToken();
}
+
private TokenWrapper getEncryptionToken() {
if (sbinding.getProtectionToken() != null) {
return sbinding.getProtectionToken();
@@ -117,10 +117,8 @@ public class SymmetricBindingHandler ext
//REVIST - what to do with these policies?
policyAsserted(SP11Constants.TRUST_10);
policyAsserted(SP12Constants.TRUST_13);
-
}
-
private void initializeTokens() {
//Setting up encryption token and signature token
Token sigTok = getSignatureToken().getToken();
@@ -135,13 +133,12 @@ public class SymmetricBindingHandler ext
}
}
-
private void doEncryptBeforeSign() {
try {
TokenWrapper encryptionWrapper = getEncryptionToken();
Token encryptionToken = encryptionWrapper.getToken();
- Vector<WSEncryptionPart> encrParts = getEncryptedParts();
- Vector<WSEncryptionPart> sigParts = getSignedParts();
+ List<WSEncryptionPart> encrParts = getEncryptedParts();
+ List<WSEncryptionPart> sigParts = getSignedParts();
if (encryptionToken == null && encrParts.size() > 0) {
//REVISIT - nothing to encrypt?
@@ -149,7 +146,7 @@ public class SymmetricBindingHandler ext
if (encryptionToken != null && encrParts.size() > 0) {
//The encryption token can be an IssuedToken or a
- //SecureConversationToken
+ //SecureConversationToken
String tokenId = null;
SecurityToken tok = null;
if (encryptionToken instanceof IssuedToken) {
@@ -198,7 +195,6 @@ public class SymmetricBindingHandler ext
handleEncryptedSignedHeaders(encrParts, sigParts);
-
if (timestampEl != null) {
sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
}
@@ -208,7 +204,6 @@ public class SymmetricBindingHandler ext
} else {
addSignatureConfirmation(sigParts);
}
-
//Sign the message
//We should use the same key in the case of EncryptBeforeSig
@@ -221,11 +216,10 @@ public class SymmetricBindingHandler ext
this.doEndorse();
}
-
//Check for signature protection and encryption of UsernameToken
if (sbinding.isSignatureProtection() && this.mainSigId != null
|| encryptedTokensIdList.size() > 0 && isRequestor()) {
- Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
//Now encrypt the signature using the above token
if (sbinding.isSignatureProtection()) {
@@ -246,8 +240,7 @@ public class SymmetricBindingHandler ext
this.addDerivedKeyElement(secondRefList);
} else {
//Encrypt, get hold of the ref list and add it
- secondRefList = ((WSSecEncrypt)encr).encryptForExternalRef(null,
- encrParts);
+ secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, encrParts);
this.addDerivedKeyElement(secondRefList);
}
}
@@ -258,6 +251,7 @@ public class SymmetricBindingHandler ext
throw new Fault(ex);
}
}
+
private void doSignBeforeEncrypt() {
TokenWrapper sigTokenWrapper = getSignatureToken();
Token sigToken = sigTokenWrapper.getToken();
@@ -316,8 +310,7 @@ public class SymmetricBindingHandler ext
tokIncluded = false;
}
-
- Vector<WSEncryptionPart> sigs = getSignedParts();
+ List<WSEncryptionPart> sigs = getSignedParts();
//Add timestamp
if (timestampEl != null) {
Element el = timestampEl.getElement();
@@ -339,8 +332,6 @@ public class SymmetricBindingHandler ext
}
}
-
-
//Encryption
TokenWrapper encrTokenWrapper = getEncryptionToken();
Token encrToken = encrTokenWrapper.getToken();
@@ -365,7 +356,7 @@ public class SymmetricBindingHandler ext
}
}
- Vector<WSEncryptionPart> enc = getEncryptedParts();
+ List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
if (sbinding.isSignatureProtection() && mainSigId != null) {
@@ -386,11 +377,12 @@ public class SymmetricBindingHandler ext
throw new Fault(e);
}
}
+
private WSSecBase doEncryptionDerived(TokenWrapper recToken,
SecurityToken encrTok,
Token encrToken,
boolean attached,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean atEnd) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
@@ -465,7 +457,7 @@ public class SymmetricBindingHandler ext
private WSSecBase doEncryption(TokenWrapper recToken,
SecurityToken encrTok,
boolean attached,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean atEnd) {
//Do encryption
if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
@@ -531,7 +523,7 @@ public class SymmetricBindingHandler ext
}
- Element refList = encr.encryptForExternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
if (atEnd) {
this.insertBeforeBottomUp(refList);
} else {
@@ -546,7 +538,7 @@ public class SymmetricBindingHandler ext
return null;
}
- private byte[] doSignatureDK(Vector<WSEncryptionPart> sigs,
+ private byte[] doSignatureDK(List<WSEncryptionPart> sigs,
TokenWrapper policyTokenWrapper,
Token policyToken,
SecurityToken tok,
@@ -626,7 +618,7 @@ public class SymmetricBindingHandler ext
}
dkSign.setParts(sigs);
- List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
//Add elements to header
Element el = dkSign.getdktElement();
@@ -644,7 +636,8 @@ public class SymmetricBindingHandler ext
return dkSign.getSignatureValue();
}
- private byte[] doSignature(Vector<WSEncryptionPart> sigs,
+
+ private byte[] doSignature(List<WSEncryptionPart> sigs,
TokenWrapper policyTokenWrapper,
Token policyToken,
SecurityToken tok,
@@ -704,10 +697,8 @@ public class SymmetricBindingHandler ext
}
this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
- String soap = org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart());
- LOG.log(Level.FINE, "SOAP: " + soap);
sig.setParts(sigs);
- List referenceList = sig.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
//Do signature
if (bottomUpElement == null) {
@@ -754,20 +745,16 @@ public class SymmetricBindingHandler ext
return id;
}
+ @SuppressWarnings("unchecked")
private String getEncryptedKey() {
- List results = (List)message.getExchange().getInMessage()
+ List<WSHandlerResult> results = (List<WSHandlerResult>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS);
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- List wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ENCR
&& wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID) != null
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1039471&r1=1039470&r2=1039471&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Fri Nov 26 17:19:19 2010
@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.List;
import java.util.Vector;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
@@ -103,11 +104,13 @@ public class TransportBindingHandler ext
}
}
- private static void addSig(Vector<byte[]> signatureValues, byte[] val) {
+
+ private static void addSig(List<byte[]> signatureValues, byte[] val) {
if (val != null) {
signatureValues.add(val);
}
}
+
public void handleBinding() {
Collection<AssertionInfo> ais;
WSSecTimestamp timestamp = createTimestamp();
@@ -115,7 +118,7 @@ public class TransportBindingHandler ext
try {
if (this.isRequestor()) {
- Vector<byte[]> signatureValues = new Vector<byte[]>();
+ List<byte[]> signatureValues = new Vector<byte[]>();
ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
if (ais != null) {
@@ -220,7 +223,7 @@ public class TransportBindingHandler ext
Document doc = saaj.getSOAPPart();
- Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
if (timestampEl != null) {
sigParts.add(new WSEncryptionPart(timestampEl.getId()));
@@ -263,7 +266,7 @@ public class TransportBindingHandler ext
*/
dkSig.setParts(sigParts);
- List referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
//Do signature
dkSig.appendDKElementToHeader(secHeader);
@@ -271,11 +274,11 @@ public class TransportBindingHandler ext
return dkSig.getSignatureValue();
} else {
- WSSecSignature sig = getSignatureBuider(wrapper, token, false);
+ WSSecSignature sig = getSignatureBuilder(wrapper, token, false);
if (sig != null) {
sig.prependBSTElementToHeader(secHeader);
- List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
if (bottomUpElement == null) {
sig.computeSignature(referenceList, false, null);
@@ -306,7 +309,7 @@ public class TransportBindingHandler ext
SPConstants.IncludeTokenType inclusion = token.getInclusion();
boolean tokenIncluded = false;
- Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
|| ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
|| inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
@@ -367,7 +370,7 @@ public class TransportBindingHandler ext
dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
}
- // Set the algo info
+ // Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
if (token.getSPConstants() == SP12Constants.INSTANCE) {
@@ -378,7 +381,7 @@ public class TransportBindingHandler ext
addDerivedKeyElement(dkSign.getdktElement());
dkSign.setParts(sigParts);
- List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
//Do signature
dkSign.computeSignature(referenceList, false, null);
@@ -426,7 +429,7 @@ public class TransportBindingHandler ext
sig.prepare(doc, crypto, secHeader);
sig.setParts(sigParts);
- List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
if (bottomUpElement == null) {