You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/06/04 16:41:59 UTC
svn commit: r1683563 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Author: coheigea
Date: Thu Jun 4 14:41:59 2015
New Revision: 1683563
URL: http://svn.apache.org/r1683563
Log:
If a BinarySecurityToken is xop:Include + is signed, then expand it
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java?rev=1683563&r1=1683562&r2=1683563&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java Thu Jun 4 14:41:59 2015
@@ -216,6 +216,17 @@ public class BinarySecurity {
public void setRawToken(byte[] data) {
this.data = Arrays.copyOf(data, data.length);
}
+
+ /**
+ * BASE64-Encode the raw token bytes + store them in a text child node.
+ */
+ public void encodeRawToken() {
+ if (data == null) {
+ throw new IllegalArgumentException("data == null");
+ }
+ Text node = getFirstNode();
+ node.setData(Base64.encode(data));
+ }
/**
* return the first text node.
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1683563&r1=1683562&r2=1683563&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Thu Jun 4 14:41:59 2015
@@ -30,6 +30,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import javax.xml.crypto.Data;
import javax.xml.crypto.MarshalException;
@@ -63,6 +64,7 @@ import org.apache.wss4j.common.ext.WSSec
import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
@@ -472,6 +474,39 @@ public class SignatureProcessor implemen
Element element = callbackLookup.getAndRegisterElement(uri, null, true, context);
if (element == null) {
wsDocInfo.setTokenOnContext(uri, context);
+ } else if ("BinarySecurityToken".equals(element.getLocalName())
+ && WSConstants.WSSE_NS.equals(element.getNamespaceURI())
+ && isXopInclude(element)) {
+ // We don't write out the xop:Include bytes into the BinarySecurityToken by default
+ // But if the BST is signed, then we have to, or else Signature validation fails...
+ handleXopInclude(element, wsDocInfo);
+ }
+ }
+ }
+
+ private boolean isXopInclude(Element element) {
+ Element elementChild =
+ XMLUtils.getDirectChildElement(element, "Include", WSConstants.XOP_NS);
+ if (elementChild != null && elementChild.hasAttributeNS(null, "href")) {
+ String xopUri = elementChild.getAttributeNS(null, "href");
+ if (xopUri != null && xopUri.startsWith("cid:")) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void handleXopInclude(Element element, WSDocInfo wsDocInfo) {
+ Map<Integer, List<WSSecurityEngineResult>> actionResults = wsDocInfo.getActionResults();
+ if (actionResults != null && actionResults.containsKey(WSConstants.BST)) {
+ for (WSSecurityEngineResult result : actionResults.get(WSConstants.BST)) {
+ Element token = (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+ if (element.equals(token)) {
+ BinarySecurity binarySecurity =
+ (BinarySecurity)result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ binarySecurity.encodeRawToken();
+ return;
+ }
}
}
}