You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/09/20 13:00:07 UTC
svn commit: r448156 - in /webservices/axis2/trunk/java/modules/security:
src/org/apache/rampart/ src/org/apache/rampart/builder/
src/org/apache/rampart/conversation/ src/org/apache/rampart/policy/
src/org/apache/rampart/util/ test-resources/policy/ tes...
Author: ruchithf
Date: Wed Sep 20 04:00:06 2006
New Revision: 448156
URL: http://svn.apache.org/viewvc?view=rev&rev=448156
Log:
Added the SymmetricBindingBuilder
Added a test scenario into the MessageBuilderTest
Added:
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-1.xml
webservices/axis2/trunk/java/modules/security/test-resources/policy/soapmessage.xml
Modified:
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/Rampart.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/MessageBuilderTest.java
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java Wed Sep 20 04:00:06 2006
@@ -20,6 +20,7 @@
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.builder.AsymmetricBindingBuilder;
import org.apache.rampart.builder.SymmetricBindingBuilder;
import org.apache.rampart.builder.TransportBindingBuilder;
import org.apache.rampart.policy.RampartPolicyData;
@@ -47,7 +48,8 @@
SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
builder.build(rmd);
} else {
- //TODO Handle AsymmtricBinding
+ AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
+ builder.build(rmd);
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/Rampart.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/Rampart.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/Rampart.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/Rampart.java Wed Sep 20 04:00:06 2006
@@ -26,11 +26,9 @@
import org.apache.ws.security.policy1.extension.WSSCodegenPolicyExtension;
public class Rampart implements Module, ModulePolicyExtension {
- private AxisModule module;
public void init(ConfigurationContext configContext, AxisModule module)
throws AxisFault {
- this.module = module;
}
public void engageNotify(AxisDescription axisDescription) throws AxisFault {
Added: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=auto&rev=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java (added)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java Wed Sep 20 04:00:06 2006
@@ -0,0 +1,506 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class AsymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
+
+ private Token sigToken;
+
+ private WSSecSignature sig;
+
+ private WSSecEncryptedKey encrKey;
+
+ private Vector signatureValues = new Vector();
+
+ private Element encrTokenElement;
+
+ private Vector sigParts = new Vector();
+
+ private Element signatureElement;
+
+ public void build(RampartMessageData rmd) throws RampartException {
+ log.debug("AsymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if (rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+ log.debug("AsymmetricBindingBuilder build invoked : DONE");
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd)
+ throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+ RampartConfig config = rpd.getRampartConfig();
+
+ /*
+ * We need to hold on to these two element to use them as refence in the
+ * case of encypting the signature
+ */
+ Element encrDKTokenElem = null;
+ WSSecEncrypt encr = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+
+ /*
+ * We MUST use keys derived from the same token
+ */
+ Token encryptionToken = rpd.getRecipientToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if (encryptionToken != null) {
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ // Set up the encrypted key to use
+ encrKey = this.getEncryptedKeyBuilder(rmd, encryptionToken);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ if (Constants.INCLUDE_ALWAYS.equals(encryptionToken
+ .getInclusion())
+ || Constants.INCLUDE_ONCE.equals(encryptionToken
+ .getInclusion())) {
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ }
+
+ // Create the DK encryption builder
+ dkEncr = new WSSecDKEncrypt();
+ dkEncr.setParts(encrParts);
+ dkEncr.setExternalKey(encrKey.getEphemeralKey(), encrKey
+ .getId());
+ dkEncr.prepare(doc);
+
+ // Get and add the DKT element
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+ encr = new WSSecEncrypt();
+ encr.setParts(encrParts);
+ encr.setWsConfig(rmd.getConfig());
+ encr.setDocument(doc);
+ encr.setUserInfo(config.getEncryptionUser());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(config));
+
+ Element bstElem = encr.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+ if (Constants.INCLUDE_ALWAYS.equals(encryptionToken
+ .getInclusion())
+ || Constants.INCLUDE_ONCE.equals(encryptionToken
+ .getInclusion())) {
+ encrTokenElement = encr.getEncryptedKeyElement();
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ }
+
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ this.sigParts = RampartUtil.getSignedParts(rmd);
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+
+ if (rmd.isClientSide()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd
+ .getSignedSupportingTokens();
+
+ sigSuppTokMap = this
+ .handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd
+ .getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ // TODO: Add sig confirmation
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ this.doSignature(rmd);
+ }
+
+ if (rmd.isClientSide()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ // Check for signature protection
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
+ "Element"));
+
+ Element secondRefList = null;
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
+ secondRefList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey",
+ e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd, encrTokenElement,
+ secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+ } else {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ }
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd)
+ throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ sigParts = RampartUtil.getSignedParts(rmd);
+
+ //Add timestamp
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+
+ if (rmd.isClientSide()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, rpd.getSignedParts());
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ // TODO: Add sig confirmation
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ // Do signature
+ this.doSignature(rmd);
+ }
+
+ //Do endorsed signature
+
+ if (rmd.isClientSide()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ //Do encryption
+ Token encrToken = rpd.getEncryptionToken();
+ if(encrToken != null) {
+ Element refList = null;
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(this.encrKey == null) {
+ this.setupEncryptedKey(rmd);
+ }
+
+ dkEncr.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.insertSiblingAfter(rmd, this.encrTokenElement, encrDKTokenElem);
+ dkEncr.prepare(doc);
+
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ refList = dkEncr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig()));
+
+ if(encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingBefore(rmd,
+ this.timestampElement,
+ encr.getBinarySecurityTokenElement()));
+ }
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ }
+
+ private void doSignature(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ sigToken = rpd.getInitiatorToken();
+
+ if (sigToken.isDerivedKeys()) {
+ // Set up the encrypted key to use
+ setupEncryptedKey(rmd);
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ // Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
+ .getSymmetricSignature());
+
+ try {
+ dkSign.prepare(doc);
+
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+
+ if (rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ dkSign.computeSignature();
+
+ // Add elements to header
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign
+ .getSignatureElement()));
+
+ this.mainSigId = RampartUtil
+ .addWsuIdToElement((OMElement) dkSign
+ .getSignatureElement());
+
+ signatureValues.add(dkSign.getSignatureValue());
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ sig = this.getSignatureBuider(rmd, sigToken);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if (Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion())
+ || Constants.INCLUDE_ONCE.equals(sigToken.getInclusion())) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+ if (rmd.getPolicyData().isTokenProtection()
+ && sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ signatureElement = sig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd, this.getInsertionLocation(), signatureElement));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ signatureValues.add(sig.getSignatureValue());
+ }
+
+ }
+
+ /**
+ * @param rmd
+ * @throws RampartException
+ */
+ private void setupEncryptedKey(RampartMessageData rmd) throws RampartException {
+ encrKey = this.getEncryptedKeyBuilder(rmd, sigToken);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem));
+ }
+
+ if (Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion())
+ || Constants.INCLUDE_ONCE.equals(sigToken.getInclusion())) {
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), encrTokenElement));
+ }
+ }
+}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java Wed Sep 20 04:00:06 2006
@@ -61,6 +61,8 @@
protected String mainSigId = null;
+ protected Element timestampElement;
+
/**
* @param rmd
* @param doc
@@ -68,20 +70,21 @@
protected void addTimestamp(RampartMessageData rmd) {
log.debug("Adding timestamp");
- WSSecTimestamp timeStampBuilder = new WSSecTimestamp();
- timeStampBuilder.setWsConfig(rmd.getConfig());
+ WSSecTimestamp timestampBuilder = new WSSecTimestamp();
+ timestampBuilder.setWsConfig(rmd.getConfig());
- timeStampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+ timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
// add the Timestamp to the SOAP Enevelope
- timeStampBuilder.build(rmd.getDocument(), rmd
+ timestampBuilder.build(rmd.getDocument(), rmd
.getSecHeader());
- log.debug("Timestamp id: " + timeStampBuilder.getId());
+ log.debug("Timestamp id: " + timestampBuilder.getId());
- rmd.setTimestampId(timeStampBuilder.getId());
+ rmd.setTimestampId(timestampBuilder.getId());
+ this.timestampElement = timestampBuilder.getElement();
log.debug("Adding timestamp: DONE");
}
@@ -160,7 +163,7 @@
* @throws WSSecurityException
* @throws RampartException
*/
- protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws WSSecurityException, RampartException {
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
@@ -172,13 +175,17 @@
} else {
encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
- encrKey.setUserInfo(rpd.getRampartConfig().getEncryptionUser());
- encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
- encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
-
- encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig()));
-
- return encrKey;
+ try {
+ encrKey.setUserInfo(rpd.getRampartConfig().getEncryptionUser());
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig()));
+
+ return encrKey;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
}
@@ -325,8 +332,6 @@
endSuppTokMap.put(token, endSuppTok);
- } catch (WSSecurityException e) {
- throw new RampartException("errorCreatingEncryptedKey", e);
} catch (TrustException e) {
throw new RampartException("errorCreatingRahasToken", e);
}
@@ -428,7 +433,7 @@
sigParts.add(new WSEncryptionPart(tok.getId()));
}
- this.doSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
} else if (tempTok instanceof WSSecSignature) {
WSSecSignature sig = (WSSecSignature)tempTok;
@@ -452,7 +457,7 @@
}
- protected byte[] doSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
Document doc = rmd.getDocument();
RampartPolicyData rpd = rmd.getPolicyData();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java Wed Sep 20 04:00:06 2006
@@ -33,7 +33,6 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecDKEncrypt;
-import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -136,9 +135,10 @@
true));
}
try {
+ dkEncr.prepare(doc);
encrDKTokenElem = dkEncr.getdktElement();
RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
- dkEncr.prepare(doc);
+
refList = dkEncr.encryptForExternalRef(null, encrParts);
} catch (WSSecurityException e) {
@@ -165,13 +165,15 @@
RampartUtil.appendChildToSecHeader(rmd, refList);
- this.setInsertionLocation(refList);
+ this.setInsertionLocation(encrTokenElement);
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
Vector sigParts = RampartUtil.getSignedParts(rmd);
-
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+
if(rmd.isClientSide()) {
// Now add the supporting tokens
@@ -196,64 +198,10 @@
//Sign the message
//We should use the same key in the case of EncryptBeforeSig
- if(encryptionToken.isDerivedKeys()) {
- try {
- WSSecDKSign dkSign = new WSSecDKSign();
-
- OMElement ref = tok.getAttachedReference();
- if(ref == null) {
- ref = tok.getUnattachedReference();
- }
- if(ref != null) {
- dkSign.setExternalKey(tok.getSecret(), (Element)
- doc.importNode((Element) ref, true));
- } else {
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
- }
+ signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));
- //Set the algo info
- dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
-
- dkSign.prepare(doc);
-
- sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
-
- if(rpd.isTokenProtection() && attached) {
- sigParts.add(new WSEncryptionPart(tokenId));
- }
-
- dkSign.setParts(sigParts);
-
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
-
- //Do signature
- dkSign.computeSignature();
-
- signatureValues.add(dkSign.getSignatureValue());
-
- //Add elements to header
- this.setInsertionLocation(RampartUtil
- .insertSiblingAfter(rmd,
- this.getInsertionLocation(),
- dkSign.getdktElement()));
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- dkSign.getSignatureElement()));
- this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)dkSign.getSignatureElement());
-
- } catch (ConversationException e) {
- throw new RampartException(
- "errorInDerivedKeyTokenSignature", e);
- } catch (WSSecurityException e) {
- throw new RampartException(
- "errorInDerivedKeyTokenSignature", e);
- }
- } else {
- //TODO : Example SAMLTOken Signature
- }
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
if(rmd.isClientSide()) {
//Do endorsed signatures
@@ -269,46 +217,49 @@
}
}
- Vector secondEncrParts = new Vector();
-
//Check for signature protection
if(rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
//Now encrypt the signature using the above token
secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
- }
- Element secondRefList = null;
-
- if(encryptionToken.isDerivedKeys()) {
- try {
- secondRefList = dkEncr.encryptForExternalRef(null,
- secondEncrParts);
- RampartUtil.insertSiblingAfter(
- rmd,
- encrDKTokenElem,
- secondRefList);
- } catch (WSSecurityException e) {
- throw new RampartException("errorInDKEncr");
+
+ Element secondRefList = null;
+
+ if(encryptionToken.isDerivedKeys()) {
+ try {
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrDKTokenElem,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrTokenElement,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
}
- } else {
- try {
- //Encrypt, get hold of the ref list and add it
- secondRefList = encr.encryptForExternalRef(null,
- encrParts);
- RampartUtil.insertSiblingAfter(
- rmd,
- encrTokenElement,
- secondRefList);
- } catch (WSSecurityException e) {
- throw new RampartException("errorInEncryption", e);
- }
}
+
} else {
throw new RampartException("encryptionTokenMissing");
}
}
- public void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
+ private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
@@ -349,7 +300,9 @@
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
Vector sigParts = RampartUtil.getSignedParts(rmd);
-
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+
if(rmd.isClientSide()) {
// Now add the supporting tokens
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
@@ -371,67 +324,9 @@
//TODO: Add sig confirmation
}
//Sign the message
- //We should use the same key in the case of EncryptBeforeSig
- if(sigToken.isDerivedKeys()) {
- try {
- WSSecDKSign dkSign = new WSSecDKSign();
-
- OMElement ref = sigTok.getAttachedReference();
- if(ref == null) {
- ref = sigTok.getUnattachedReference();
- }
- if(ref != null) {
- dkSign.setExternalKey(sigTok.getSecret(), (Element)
- doc.importNode((Element) ref, true));
- } else {
-
- dkSign.setExternalKey(sigTok.getSecret(), sigTok.getId());
- }
+ signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));
- //Set the algo info
- dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
-
-
- dkSign.prepare(doc);
-
- sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
-
- if(rpd.isTokenProtection() && sigTokElem != null) {
- sigParts.add(new WSEncryptionPart(sigTokId));
- }
-
- dkSign.setParts(sigParts);
-
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
-
- //Do signature
- dkSign.computeSignature();
-
- signatureValues.add(dkSign.getSignatureValue());
-
- //Add elements to header
- this.setInsertionLocation(RampartUtil
- .insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- dkSign.getdktElement()));
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- dkSign.getSignatureElement()));
- this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)dkSign.getSignatureElement());
-
- } catch (ConversationException e) {
- throw new RampartException(
- "errorInDerivedKeyTokenSignature", e);
- } catch (WSSecurityException e) {
- throw new RampartException(
- "errorInDerivedKeyTokenSignature", e);
- }
- } else {
- //TODO : Example SAMLTOken Signature
- }
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
if(rmd.isClientSide()) {
//Do endorsed signatures
@@ -460,7 +355,7 @@
if(Constants.INCLUDE_ALWAYS.equals(encrToken.getInclusion()) ||
Constants.INCLUDE_ONCE.equals(encrToken.getInclusion())) {
- encrTokElem = (Element)sigTok.getToken();
+ encrTokElem = (Element)encrTok.getToken();
//Add the encrToken element before the sigToken element
RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);
@@ -495,18 +390,11 @@
}
Element encrDKTokenElem = null;
- try {
- encrDKTokenElem = dkEncr.getdktElement();
- RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
- dkEncr.prepare(doc);
-
- refList = dkEncr.encryptForExternalRef(null, encrParts);
-
- } catch (WSSecurityException e) {
- throw new RampartException("errorInDKEncr");
- } catch (ConversationException e) {
- throw new RampartException("errorInDKEncr");
- }
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ dkEncr.prepare(doc);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
refList = dkEncr.encryptForExternalRef(null,
encrParts);
@@ -516,6 +404,8 @@
} catch (WSSecurityException e) {
throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
}
} else {
try {
@@ -526,13 +416,10 @@
encr.setEphemeralKey(encrTok.getSecret());
encr.setDocument(doc);
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig()));
- try {
- //Encrypt, get hold of the ref list and add it
- refList = encr.encryptForExternalRef(null, encrParts);
- } catch (WSSecurityException e) {
- throw new RampartException("errorInEncryption", e);
- }
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
//Encrypt, get hold of the ref list and add it
refList = encr.encryptForExternalRef(null, encrParts);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/TransportBindingBuilder.java Wed Sep 20 04:00:06 2006
@@ -191,9 +191,9 @@
return dkSig.getSignatureValue();
} catch (WSSecurityException e) {
- throw new RampartException("errorCreatingEncryptedKey", e);
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
} catch (ConversationException e) {
- throw new RampartException("errorCreatingEncryptedKey", e);
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
}
} else {
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/conversation/STSRequester.java Wed Sep 20 04:00:06 2006
@@ -83,7 +83,7 @@
try {
OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(config.getWstVersion());
- OMElement reqTypeElem = TrustUtil.createRequestTypeElement(config.getWstVersion(), rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ TrustUtil.createRequestTypeElement(config.getWstVersion(), rstElem, RahasConstants.REQ_TYPE_ISSUE);
OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(config.getWstVersion(), rstElem);
tokenTypeElem.setText(ConversationConstants.getWSCNs(ConversationConstants.DEFAULT_VERSION) + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN);
@@ -104,8 +104,6 @@
TrustUtil.createKeySizeElement(config.getWstVersion(), rstElem, nonceLength * 8);
}
- String str = rstElem.toString();
-
OMElement tempResult = client.sendReceive(rstQn, rstElem);
Axis2Util.useDOOM(true);
OMElement tempelem = Axis2Util.toDOOM(DOOMAbstractFactory.getOMFactory(), tempResult);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties Wed Sep 20 04:00:06 2006
@@ -35,7 +35,7 @@
UnsupportedTokenInSupportingToken = Unsupprted token in supporting tokens
encryptionTokenMissing = Encryption token missing
signatureTokenMissing = Signature token missging
-
+errorInEncryption = Error during encryption
#Errors in processors
errorProcessingUT = Error in processing UsernameToken
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java Wed Sep 20 04:00:06 2006
@@ -70,7 +70,7 @@
if (assertion instanceof Binding) {
if (assertion instanceof SymmetricBinding) {
processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
- } else if(assertion instanceof SymmetricBinding) {
+ } else if(assertion instanceof AsymmetricBinding) {
processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);
} else {
processTransportBinding((TransportBinding) assertion, rpd);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java Wed Sep 20 04:00:06 2006
@@ -79,13 +79,13 @@
private boolean encryptBody;
- private Vector signedParts;
+ private Vector signedParts = new Vector();
- private Vector signedElements;
+ private Vector signedElements = new Vector();
- private Vector encryptedParts;
+ private Vector encryptedParts = new Vector();
- private Vector encryptedElements;
+ private Vector encryptedElements = new Vector();
/*
* Holds the supporting tokens elements
@@ -242,9 +242,7 @@
* The encrypted Element (XPath) to set.
*/
public void setEncryptedElements(String encElement) {
- if (encryptedElements == null) {
- encryptedElements = new Vector();
- }
+
encryptedElements.add(encElement);
}
@@ -262,9 +260,6 @@
* The part's element name.
*/
public void setEncryptedParts(String namespace, String element) {
- if (encryptedParts == null) {
- encryptedParts = new Vector();
- }
WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
"Element");
encryptedParts.add(wep);
@@ -312,9 +307,7 @@
* The signed Element (XPath) to set.
*/
public void setSignedElements(String sigElement) {
- if (signedElements == null) {
- signedElements = new Vector();
- }
+
signedElements.add(sigElement);
}
@@ -332,9 +325,7 @@
* The part's element name.
*/
public void setSignedParts(String namespace, String element) {
- if (signedParts == null) {
- signedParts = new Vector();
- }
+
WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
"Content");
signedParts.add(wep);
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Wed Sep 20 04:00:06 2006
@@ -55,6 +55,7 @@
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import java.security.NoSuchAlgorithmException;
+import java.util.Iterator;
import java.util.Properties;
import java.util.Vector;
@@ -62,32 +63,7 @@
private static Log log = LogFactory.getLog(RampartUtil.class);
-// public static CallbackHandler getPasswordCB(ClassLoader classLoader,
-// String cbHandlerClass) throws RampartException {
-//
-// log.debug("loading class : " + cbHandlerClass);
-//
-// CallbackHandler cbHandler = null;
-//
-// if (cbHandlerClass != null) {
-// Class cbClass;
-// try {
-// cbClass = Loader.loadClass(classLoader, cbHandlerClass);
-// } catch (ClassNotFoundException e) {
-// throw new RampartException("cannotLoadPWCBClass",
-// new String[]{cbHandlerClass}, e);
-// }
-// try {
-// cbHandler = (CallbackHandler) cbClass.newInstance();
-// } catch (java.lang.Exception e) {
-// throw new RampartException("cannotCreatePWCBInstance",
-// new String[]{cbHandlerClass}, e);
-// }
-// }
-//
-// return cbHandler;
-// }
-
+
public static CallbackHandler getPasswordCB(RampartMessageData rmd) throws RampartException {
ClassLoader classLoader = rmd.getMsgContext().getAxisService().getClassLoader();
@@ -477,30 +453,31 @@
public static Element insertSiblingAfter(RampartMessageData rmd, Element child, Element sibling) {
if(child == null) {
- appendChildToSecHeader(rmd, sibling);
- }
- if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
- ((OMElement)child).insertSiblingAfter((OMElement)sibling);
- return sibling;
+ return appendChildToSecHeader(rmd, sibling);
} else {
- Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
- ((OMElement)child).insertSiblingAfter((OMElement)newSib);
- return newSib;
+ if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+ ((OMElement)child).insertSiblingAfter((OMElement)sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
+ ((OMElement)child).insertSiblingAfter((OMElement)newSib);
+ return newSib;
+ }
}
-
}
public static Element insertSiblingBefore(RampartMessageData rmd, Element child, Element sibling) {
if(child == null) {
- appendChildToSecHeader(rmd, sibling);
- }
- if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
- ((OMElement)child).insertSiblingBefore((OMElement)sibling);
- return sibling;
+ return appendChildToSecHeader(rmd, sibling);
} else {
- Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
- ((OMElement)child).insertSiblingBefore((OMElement)newSib);
- return newSib;
+ if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+ ((OMElement)child).insertSiblingBefore((OMElement)sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
+ ((OMElement)child).insertSiblingBefore((OMElement)newSib);
+ return newSib;
+ }
}
}
@@ -519,15 +496,21 @@
public static Vector getSignedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
Vector parts = rpd.getSignedParts();
+ SOAPEnvelope envelope = rmd
+ .getMsgContext().getEnvelope();
if(rpd.isEntireHeadersAndBodySignatures()) {
- //TODO: Handle the headers when wsse11:EncryptedHeader is
- //implemented
- parts.add(new WSEncryptionPart(addWsuIdToElement(rmd
- .getMsgContext().getEnvelope().getBody())));
+ Iterator childElems = envelope.getHeader().getChildElements();
+ while (childElems.hasNext()) {
+ OMElement element = (OMElement) childElems.next();
+ if(!element.getQName().equals(new QName(WSConstants.WSSE_NS, WSConstants.WSSE_LN)) &&
+ !element.getQName().equals(new QName(WSConstants.WSSE11_NS, WSConstants.WSSE_LN))) {
+ parts.add(new WSEncryptionPart(addWsuIdToElement(element)));
+ }
+ }
+ parts.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
} else if(rpd.isEncryptBody()) {
- parts.add(new WSEncryptionPart(addWsuIdToElement(rmd
- .getMsgContext().getEnvelope().getBody())));
+ parts.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
}
return parts;
Added: webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-1.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-1.xml?view=auto&rev=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-1.xml (added)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/rampart-asymm-binding-1.xml Wed Sep 20 04:00:06 2006
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/security/test-resources/policy/soapmessage.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test-resources/policy/soapmessage.xml?view=auto&rev=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test-resources/policy/soapmessage.xml (added)
+++ webservices/axis2/trunk/java/modules/security/test-resources/policy/soapmessage.xml Wed Sep 20 04:00:06 2006
@@ -0,0 +1,57 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:axis2="http://ws.apache.org/namespaces/axis2">
+ <soapenv:Header xmlns:fabrikam="http://example.com/fabrikam">
+ <wsa:MessageID soapenv:mustUnderstand="0">
+ uuid:920C5190-0B8F-11D9-8CED-F22EDEEBF7E5</wsa:MessageID>
+ <wsa:To soapenv:mustUnderstand="0">http://localhost:8081/axis/services/BankPort</wsa:To>
+ <wsa:From axis2:AttrExt="123456789" soapenv:mustUnderstand="0" >
+ <wsa:Address>
+ http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:From>
+ <wsa:Action>http://ws.apache.org/tests/action</wsa:Action>
+ <wsa:ReplyTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:ReplyTo>
+
+ <wsa:FaultTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/fault</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:FaultTo>
+ <wsa:RelatesTo>http://some.previous.message</wsa:RelatesTo>
+ <wsa:RelatesTo RelationshipType="axis2:some.custom.relationship">http://identifier.of.other.message/</wsa:RelatesTo>
+
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:getBalance soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:ns1="http://localhost:8081/axis/services/BankPort">
+ <accountNo href="#id0"/>
+ </ns1:getBalance>
+ <multiRef id="id0" soapenc:root="0"
+ soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xsi:type="xsd:int" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
+ 1001</multiRef>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
Modified: webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/MessageBuilderTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/MessageBuilderTest.java?view=diff&rev=448156&r1=448155&r2=448156
==============================================================================
--- webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/MessageBuilderTest.java (original)
+++ webservices/axis2/trunk/java/modules/security/test/org/apache/rampart/MessageBuilderTest.java Wed Sep 20 04:00:06 2006
@@ -31,7 +31,7 @@
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
-import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
import junit.framework.TestCase;
@@ -41,8 +41,6 @@
*/
public class MessageBuilderTest extends TestCase {
- static final String soapMsg = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" + "<SOAP-ENV:Body>" + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">" + "<value xmlns=\"\">15</value>" + "</add>" + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
-
public MessageBuilderTest() {
super();
}
@@ -132,18 +130,38 @@
}
}
+
+ public void testAsymmBinding() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ System.out.println(ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
/**
* @throws XMLStreamException
* @throws FactoryConfigurationError
* @throws AxisFault
*/
- private MessageContext getMsgCtx() throws XMLStreamException, FactoryConfigurationError, AxisFault {
+ private MessageContext getMsgCtx() throws Exception {
MessageContext ctx = new MessageContext();
ctx.setAxisService(new AxisService("TestService"));
ctx.setAxisOperation(new OutInAxisOperation(new QName("http://rampart.org", "test")));
- XMLStreamReader reader = XMLInputFactory.newInstance().createXMLStreamReader(new ByteArrayInputStream(soapMsg.getBytes()));
+ XMLStreamReader reader = XMLInputFactory.newInstance().createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
return ctx;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org