You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2005/09/08 15:14:01 UTC
svn commit: r279564 - in /webservices/wss4j/trunk/src/org/apache/ws:
sandbox/security/trust/message/token/ security/ security/message/
security/message/token/ security/transform/
Author: werner
Date: Thu Sep 8 06:13:49 2005
New Revision: 279564
URL: http://svn.apache.org/viewcvs?rev=279564&view=rev
Log:
Fix a problem with IssuerSerial. Should be wrapped by a X509Data element
according to WSS spec. Work with at receiver side with old version (without
X509Data) too. The sender now wraps it into a X509Data element.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java Thu Sep 8 06:13:49 2005
@@ -36,6 +36,7 @@
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -325,7 +326,10 @@
break;
case WSConstants.ISSUER_SERIAL:
- secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
+ XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
+ X509Data x509Data = new X509Data(doc);
+ x509Data.add(data);
+ secToken.setX509IssuerSerial(x509Data);
WSSecurityUtil.setNamespace(secToken.getElement(), WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
break;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java Thu Sep 8 06:13:49 2005
@@ -518,7 +518,7 @@
.toString() });
}
}
- } else if (secRef.containsX509IssuerSerial()) {
+ } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
certs = secRef.getX509IssuerSerial(crypto);
} else if (secRef.containsKeyIdentifier()) {
certs = secRef.getKeyIdentifier(crypto);
@@ -986,7 +986,7 @@
* to issuer name and serial number.
* This method is recommended by OASIS WS-S specification, X509 profile
*/
- if (secRef.containsX509IssuerSerial()) {
+ if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
alias = secRef.getX509IssuerSerialAlias(crypto);
if (doDebug) {
log.debug("X509IssuerSerial alias: " + alias);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java Thu Sep 8 06:13:49 2005
@@ -33,6 +33,7 @@
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -394,7 +395,10 @@
break;
case WSConstants.ISSUER_SERIAL:
- secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
+ XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
+ X509Data x509Data = new X509Data(doc);
+ x509Data.add(data);
+ secToken.setX509IssuerSerial(x509Data);
break;
case WSConstants.BST_DIRECT_REFERENCE:
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java Thu Sep 8 06:13:49 2005
@@ -39,6 +39,7 @@
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
@@ -492,7 +493,9 @@
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, certs[0]);
- secRef.setX509IssuerSerial(data);
+ X509Data x509Data = new X509Data(doc);
+ x509Data.add(data);
+ secRef.setX509IssuerSerial(x509Data);
break;
case WSConstants.X509_KEY_IDENTIFIER:
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java Thu Sep 8 06:13:49 2005
@@ -27,7 +27,9 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.Constants;
import org.w3c.dom.*;
import java.security.cert.CertificateEncodingException;
@@ -335,7 +337,7 @@
* @param ref the {@link XMLX509IssuerSerial} to put into this
* SecurityTokenReference
*/
- public void setX509IssuerSerial(XMLX509IssuerSerial ref) {
+ public void setX509IssuerSerial(X509Data ref) {
Element elem = getFirstElement();
if (elem != null) {
this.element.replaceChild(ref.getElement(), elem);
@@ -394,6 +396,9 @@
return null;
}
try {
+ if (Constants._TAG_X509DATA.equals(elem.getLocalName())) {
+ elem = (Element)WSSecurityUtil.findElement(elem, Constants._TAG_X509ISSUERSERIAL, Constants.SignatureSpecNS);
+ }
issuerSerial = new XMLX509IssuerSerial(elem, "");
} catch (XMLSecurityException e) {
throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
@@ -468,15 +473,33 @@
}
/**
+ * Method containsX509Data
+ *
+ * @return true if the <code>SecurtityTokenReference</code> contains
+ * a <code>ds:X509Data</code> element
+ */
+ public boolean containsX509Data() {
+ return this.lengthX509Data() > 0;
+ }
+ /**
* Method lengthX509IssuerSerial.
*
* @return number of <code>ds:IssuerSerial</code> elements in
* the <code>SecurtityTokenReference</code>
*/
public int lengthX509IssuerSerial() {
- return this.length(WSConstants.SIG_NS, "X509IssuerSerial");
+ return this.length(WSConstants.SIG_NS, Constants._TAG_X509ISSUERSERIAL);
}
+ /**
+ * Method lengthX509Data.
+ *
+ * @return number of <code>ds:IssuerSerial</code> elements in
+ * the <code>SecurtityTokenReference</code>
+ */
+ public int lengthX509Data() {
+ return this.length(WSConstants.SIG_NS, Constants._TAG_X509DATA);
+ }
/**
* Method containsKeyIdentifier.
*
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Thu Sep 8 06:13:49 2005
@@ -210,8 +210,7 @@
str = (Element) doc.importNode(str, true);
Node parent = tmpEl.getParentNode(); // point to document node
-// parent.replaceChild(str, tmpEl); // replace STR with new node
-//
+
/*
* Alert: Hacks ahead
@@ -229,10 +228,11 @@
* have to remove the fake element. See string buffer operation
* below.
*/
+// parent.replaceChild(str, tmpEl); // replace STR with new node
+
Element tmpEl1 = doc.createElement("temp");
tmpEl1.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "urn:X");
parent.replaceChild(tmpEl1, tmpEl); // replace STR with new node
-
tmpEl1.appendChild(str);
// End of HACK 1
@@ -244,18 +244,18 @@
buf = canon.canonicalizeSubtree(doc, "#default");
// If the problem with c14n method is solved then just do:
-
- /* return new XMLSignatureInput(buf); */
-
- /*
- * HACK 2
- */
bos = new ByteArrayOutputStream(buf.length);
bos.write(buf, 0, buf.length);
if (doDebug) {
log.debug("after c14n: " + bos.toString());
}
+
+// return new XMLSignatureInput(buf);
+
+ /*
+ * HACK 2
+ */
/*
* Here we delete the previously inserted fake element from the
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org