You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/02/20 12:48:13 UTC
svn commit: r1570157 - in
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax:
ext/OutboundXMLSec.java ext/SecurePart.java impl/XMLSecurityStreamWriter.java
Author: coheigea
Date: Thu Feb 20 11:48:13 2014
New Revision: 1570157
URL: http://svn.apache.org/r1570157
Log:
Adding functionality to sign/encrypt the root element of the request without knowing the QName in advance
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java?rev=1570157&r1=1570156&r2=1570157&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java Thu Feb 20 11:48:13 2014
@@ -86,6 +86,9 @@ public class OutboundXMLSec {
OutputProcessorChainImpl outputProcessorChain = new OutputProcessorChainImpl(outboundSecurityContext, documentContext);
+ SecurePart signEntireRequestPart = null;
+ SecurePart encryptEntireRequestPart = null;
+
for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
if (XMLSecurityConstants.SIGNATURE.equals(action)) {
XMLSignatureOutputProcessor signatureOutputProcessor = new XMLSignatureOutputProcessor();
@@ -95,18 +98,21 @@ public class OutboundXMLSec {
List<SecurePart> signatureParts = securityProperties.getSignatureSecureParts();
for (int j = 0; j < signatureParts.size(); j++) {
SecurePart securePart = signatureParts.get(j);
- if (securePart.getIdToSign() == null) {
+ if (securePart.getIdToSign() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
securePart.getName(),
securePart
);
- } else {
+ } else if (securePart.getIdToSign() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
securePart.getIdToSign(),
securePart
);
+ } else if (securePart.isSecureEntireRequest()) {
+ // Special functionality to sign the first element in the request
+ signEntireRequestPart = securePart;
}
}
} else if (XMLSecurityConstants.ENCRYPT.equals(action)) {
@@ -117,18 +123,21 @@ public class OutboundXMLSec {
List<SecurePart> encryptionParts = securityProperties.getEncryptionSecureParts();
for (int j = 0; j < encryptionParts.size(); j++) {
SecurePart securePart = encryptionParts.get(j);
- if (securePart.getIdToSign() == null) {
+ if (securePart.getIdToSign() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
securePart.getName(),
securePart
);
- } else {
+ } else if (securePart.getIdToSign() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
securePart.getIdToSign(),
securePart
);
+ } else if (securePart.isSecureEntireRequest()) {
+ // Special functionality to encrypt the first element in the request
+ encryptEntireRequestPart = securePart;
}
}
}
@@ -145,7 +154,11 @@ public class OutboundXMLSec {
throw new IllegalArgumentException(output + " is not supported as output");
}
- return new XMLSecurityStreamWriter(outputProcessorChain);
+ XMLSecurityStreamWriter streamWriter = new XMLSecurityStreamWriter(outputProcessorChain);
+ streamWriter.setSignEntireRequestPart(signEntireRequestPart);
+ streamWriter.setEncryptEntireRequestPart(encryptEntireRequestPart);
+
+ return streamWriter;
}
private void initializeOutputProcessor(OutputProcessorChainImpl outputProcessorChain, OutputProcessor outputProcessor, XMLSecurityConstants.Action action) throws XMLSecurityException {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java?rev=1570157&r1=1570156&r2=1570157&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java Thu Feb 20 11:48:13 2014
@@ -67,6 +67,7 @@ public class SecurePart {
private String[] transforms;
private String digestMethod;
private boolean required = true;
+ private boolean secureEntireRequest;
public SecurePart(QName name, Modifier modifier) {
this(name, false, modifier);
@@ -193,4 +194,12 @@ public class SecurePart {
public void setRequired(boolean required) {
this.required = required;
}
+
+ public boolean isSecureEntireRequest() {
+ return secureEntireRequest;
+ }
+
+ public void setSecureEntireRequest(boolean secureEntireRequest) {
+ this.secureEntireRequest = secureEntireRequest;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java?rev=1570157&r1=1570156&r2=1570157&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java Thu Feb 20 11:48:13 2014
@@ -20,6 +20,8 @@ package org.apache.xml.security.stax.imp
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
@@ -47,6 +49,8 @@ public class XMLSecurityStreamWriter imp
private NSContext namespaceContext = new NSContext(null);
private boolean endDocumentWritten = false;
private boolean haveToWriteEndElement = false;
+ private SecurePart signEntireRequestPart;
+ private SecurePart encryptEntireRequestPart;
public XMLSecurityStreamWriter(OutputProcessorChain outputProcessorChain) {
this.outputProcessorChain = outputProcessorChain;
@@ -97,6 +101,22 @@ public class XMLSecurityStreamWriter imp
if (elementStack == null) {
element = new Element(elementStack, namespaceContext,
XMLConstants.NULL_NS_URI, localName, XMLConstants.DEFAULT_NS_PREFIX);
+ if (signEntireRequestPart != null) {
+ signEntireRequestPart.setName(new QName("", localName));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.SIGNATURE_PARTS,
+ signEntireRequestPart.getName(),
+ signEntireRequestPart
+ );
+ }
+ if (encryptEntireRequestPart != null) {
+ encryptEntireRequestPart.setName(new QName("", localName));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.ENCRYPTION_PARTS,
+ encryptEntireRequestPart.getName(),
+ encryptEntireRequestPart
+ );
+ }
} else {
element = new Element(elementStack, XMLConstants.NULL_NS_URI, localName, XMLConstants.DEFAULT_NS_PREFIX);
}
@@ -113,6 +133,22 @@ public class XMLSecurityStreamWriter imp
if (elementStack == null) {
element = new Element(elementStack, namespaceContext,
namespaceURI, localName, namespaceContext.getPrefix(namespaceURI));
+ if (signEntireRequestPart != null) {
+ signEntireRequestPart.setName(new QName(namespaceURI, localName));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.SIGNATURE_PARTS,
+ signEntireRequestPart.getName(),
+ signEntireRequestPart
+ );
+ }
+ if (encryptEntireRequestPart != null) {
+ encryptEntireRequestPart.setName(new QName(namespaceURI, localName));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.ENCRYPTION_PARTS,
+ encryptEntireRequestPart.getName(),
+ encryptEntireRequestPart
+ );
+ }
} else {
element = new Element(elementStack,
namespaceURI, localName, elementStack.getNamespaceContext().getPrefix(namespaceURI));
@@ -129,6 +165,22 @@ public class XMLSecurityStreamWriter imp
Element element;
if (elementStack == null) {
element = new Element(elementStack, namespaceContext, namespaceURI, localName, prefix);
+ if (signEntireRequestPart != null) {
+ signEntireRequestPart.setName(new QName(namespaceURI, localName, prefix));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.SIGNATURE_PARTS,
+ signEntireRequestPart.getName(),
+ signEntireRequestPart
+ );
+ }
+ if (encryptEntireRequestPart != null) {
+ encryptEntireRequestPart.setName(new QName(namespaceURI, localName, prefix));
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.ENCRYPTION_PARTS,
+ encryptEntireRequestPart.getName(),
+ encryptEntireRequestPart
+ );
+ }
} else {
element = new Element(elementStack, namespaceURI, localName, prefix);
}
@@ -366,6 +418,22 @@ public class XMLSecurityStreamWriter imp
throw new IllegalArgumentException("Properties not supported");
}
+ public SecurePart getSignEntireRequestPart() {
+ return signEntireRequestPart;
+ }
+
+ public void setSignEntireRequestPart(SecurePart signEntireRequestPart) {
+ this.signEntireRequestPart = signEntireRequestPart;
+ }
+
+ public SecurePart getEncryptEntireRequestPart() {
+ return encryptEntireRequestPart;
+ }
+
+ public void setEncryptEntireRequestPart(SecurePart encryptEntireRequestPart) {
+ this.encryptEntireRequestPart = encryptEntireRequestPart;
+ }
+
private class Element {
private Element parentElement;