You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/07/08 18:28:19 UTC
svn commit: r1689915 - in /webservices/wss4j/branches/2_0_x-fixes:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/
Author: coheigea
Date: Wed Jul 8 16:28:19 2015
New Revision: 1689915
URL: http://svn.apache.org/r1689915
Log:
[WSS-544] - Adding a new configuration switch to disable expanding xop:Includes when verifying signatures
Conflicts:
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Wed Jul 8 16:28:19 2015
@@ -548,6 +548,13 @@ public class ConfigurationConstants {
*/
public static final String STORE_BYTES_IN_ATTACHMENT = "storeBytesInAttachment";
+ /**
+ * Whether to expand xop:Include Elements encountered when verifying a Signature. The default is true,
+ * meaning that the relevant attachment bytes are BASE-64 encoded and inserted into the Element. This
+ * ensures that the actual bytes are signed, and not just the reference.
+ */
+ public static final String EXPAND_XOP_INCLUDE_FOR_SIGNATURE = "expandXOPIncludeForSignature";
+
//
// (Non-boolean) Configuration parameters for the actions/processors
//
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Wed Jul 8 16:28:19 2015
@@ -96,6 +96,7 @@ public class RequestData {
private final List<String> audienceRestrictions = new ArrayList<String>();
private boolean requireTimestampExpires;
private boolean storeBytesInAttachment;
+ private boolean expandXopIncludeForSignature = true;
public void clear() {
soapConstants = null;
@@ -133,6 +134,7 @@ public class RequestData {
audienceRestrictions.clear();
requireTimestampExpires = false;
storeBytesInAttachment = false;
+ expandXopIncludeForSignature = true;
}
public boolean isEnableTimestampReplayCache() {
@@ -600,4 +602,12 @@ public class RequestData {
public void setStoreBytesInAttachment(boolean storeBytesInAttachment) {
this.storeBytesInAttachment = storeBytesInAttachment;
}
+
+ public boolean isExpandXopIncludeForSignature() {
+ return expandXopIncludeForSignature;
+ }
+
+ public void setExpandXopIncludeForSignature(boolean expandXopIncludeForSignature) {
+ this.expandXopIncludeForSignature = expandXopIncludeForSignature;
+ }
}
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Wed Jul 8 16:28:19 2015
@@ -1453,6 +1453,12 @@ public abstract class WSHandler {
reqData.setSubjectCertConstraints(subjectCertConstraints);
}
}
+
+ boolean expandXOP =
+ decodeBooleanConfigValue(
+ reqData, WSHandlerConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, true
+ );
+ reqData.setExpandXopIncludeForSignature(expandXOP);
}
/*
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Wed Jul 8 16:28:19 2015
@@ -480,7 +480,7 @@ public class SignatureProcessor implemen
WSSecurityUtil.storeElementInContext(context, element);
}
}
- if (element != null) {
+ if (element != null && data.isExpandXopIncludeForSignature()) {
// Look for xop:Include Nodes
List<Element> includeElements =
WSSecurityUtil.findElements(element, "Include", WSConstants.XOP_NS);