You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/09/28 17:29:40 UTC
svn commit: r450898 - in /webservices/axis2/trunk/java/modules: integration/
integration/test-resources/rampart/
integration/test-resources/rampart/policy/
integration/test/org/apache/rampart/ security/src/org/apache/rampart/
security/src/org/apache/ra...
Author: ruchithf
Date: Thu Sep 28 08:29:39 2006
New Revision: 450898
URL: http://svn.apache.org/viewvc?view=rev&rev=450898
Log:
1.) Updated RampartPolicyBuilder to set Wss10 and Wss11 assertions in RampartPolicyData
2.) Added setEncryptionUser method in RampartUtil where it looks to check the "useReqSigCert" case and sets the cert
3.) Updated the handlers and builders to get "useReqSigCert" working
4.) Added a test scenario (#8) into RampartTest to test the above case
Added:
webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/8.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-8.xml
Modified:
webservices/axis2/trunk/java/modules/integration/maven.xml
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartReceiver.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartSender.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
Modified: webservices/axis2/trunk/java/modules/integration/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/maven.xml?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/maven.xml Thu Sep 28 08:29:39 2006
@@ -261,6 +261,13 @@
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
basedir="target/temp-ramp"/>
+
+ <!-- Service 8 -->
+ <copy overwrite="yes" file="test-resources/rampart/services-8.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar"
+ basedir="target/temp-ramp"/>
<!-- Service SC-1 -->
<copy overwrite="yes" file="test-resources/rampart/issuer.properties"
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/8.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/8.xml?view=auto&rev=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/8.xml (added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/8.xml Thu Sep 28 08:29:39 2006
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-8.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-8.xml?view=auto&rev=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-8.xml (added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-8.xml Thu Sep 28 08:29:39 2006
@@ -0,0 +1,89 @@
+<service name="SecureService">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java Thu Sep 28 08:29:39 2006
@@ -69,11 +69,12 @@
//TODO : figure this out !!
boolean basic256Supported = false;
- for (int i = 1; i <= 7; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 8; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
//Skip the Basic256 tests
continue;
}
+ System.out.println("Testing WS-Sec: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureService" + i));
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("test-resources/rampart/policy/" + i + ".xml"));
@@ -89,6 +90,7 @@
//Skip the Basic256 tests
continue;
}
+ System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("test-resources/rampart/policy/sc-" + i + ".xml"));
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java Thu Sep 28 08:29:39 2006
@@ -19,6 +19,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
@@ -32,6 +34,7 @@
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -50,6 +53,17 @@
RampartPolicyData rpd = rmd.getPolicyData();
if(rpd == null) {
return;
+ }
+
+ //Copy the RECV_RESULTS if available
+ if(!rmd.isClientSide()) {
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
}
String action = msgCtx.getOptions().getAction();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java Thu Sep 28 08:29:39 2006
@@ -27,6 +27,7 @@
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
@@ -144,7 +145,7 @@
encr.setParts(encrParts);
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
- encr.setUserInfo(config.getEncryptionUser());
+ RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
@@ -361,10 +362,21 @@
WSSecEncrypt encr = new WSSecEncrypt();
+
+ if(encrToken.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ if(rpd.getWss10() != null && rpd.getWss10().isMustSupportRefKeyIdentifier()) {
+ encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(rpd.getWss11() != null && rpd.getWss11().isMustSupportRefThumbprint()) {
+ encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encr.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
- encr.setUserInfo(rpd.getRampartConfig().getEncryptionUser());
+ RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java Thu Sep 28 08:29:39 2006
@@ -176,7 +176,7 @@
encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
try {
- encrKey.setUserInfo(rpd.getRampartConfig().getEncryptionUser());
+ RampartUtil.setEncryptionUser(rmd, encrKey);
encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartReceiver.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartReceiver.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartReceiver.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartReceiver.java Thu Sep 28 08:29:39 2006
@@ -30,8 +30,6 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
import javax.xml.namespace.QName;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartSender.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartSender.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartSender.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/handler/RampartSender.java Thu Sep 28 08:29:39 2006
@@ -21,11 +21,8 @@
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
-import org.apache.rahas.RahasConstants;
-import org.apache.rahas.TrustUtil;
import org.apache.rampart.MessageBuilder;
import org.apache.rampart.RampartException;
-import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.WSSecurityException;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyBuilder.java Thu Sep 28 08:29:39 2006
@@ -151,10 +151,7 @@
}
private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
- System.out
- .println("Top level PED found: " + wss10.getClass().getName());
- // TODO
- // throw new UnsupportedOperationException("TODO");
+ rpd.setWss10(wss10);
}
/**
@@ -177,6 +174,7 @@
private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());
+ rpd.setWss11(wss11);
}
/**
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/RampartPolicyData.java Thu Sep 28 08:29:39 2006
@@ -24,6 +24,8 @@
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
import org.apache.ws.security.WSEncryptionPart;
import java.util.HashMap;
@@ -109,6 +111,9 @@
private HashMap endorsingSupportingTokensIdMap;
private HashMap signedEndorsingSupportingTokensIdMap;
+ private Wss10 wss10;
+ private Wss11 wss11;
+
/**
* @return Returns the symmetricBinding.
*/
@@ -592,6 +597,22 @@
throw new RampartException("invalidSupportingVersionType",
new String[] { Integer.toString(type) });
}
+ }
+
+ public Wss10 getWss10() {
+ return wss10;
+ }
+
+ public void setWss10(Wss10 wss10) {
+ this.wss10 = wss10;
+ }
+
+ public Wss11 getWss11() {
+ return wss11;
+ }
+
+ public void setWss11(Wss11 wss11) {
+ this.wss11 = wss11;
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=450898&r1=450897&r2=450898
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Thu Sep 28 08:29:39 2006
@@ -44,12 +44,15 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Loader;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -58,7 +61,9 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
+
import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Properties;
@@ -609,4 +614,48 @@
throw new RampartException("errorExtractingToken");
}
}
+
+ public static void setEncryptionUser(RampartMessageData rmd, WSSecEncryptedKey encrKeyBuilder) throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ String encrUser = rpd.getRampartConfig().getEncryptionUser();
+ if(encrUser == null || "".equals(encrUser)) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ }
+ } else {
+ encrKeyBuilder.setUserInfo(encrUser);
+ }
+ }
+
+ private static X509Certificate getReqSigCert(Vector results) {
+ /*
+ * Scan the results for a matching actor. Use results only if the
+ * receiving Actor and the sending Actor match.
+ */
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() == WSConstants.SIGN) {
+ return wser.getCertificate();
+ }
+ }
+ }
+
+ return null;
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org