You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by di...@apache.org on 2005/07/08 21:07:59 UTC
cvs commit: ws-wss4j/src/org/apache/ws/security/util WSSecurityUtil.java
dims 2005/07/08 12:07:59
Modified: src/org/apache/ws/security/message WSSignEnvelope.java
src/org/apache/ws/security/util WSSecurityUtil.java
Log:
Fix for WSS-3 - .NET WSE signature validation of SAML Assertion throws exception
Revision Changes Path
1.25 +43 -0 ws-wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java
Index: WSSignEnvelope.java
===================================================================
RCS file: /home/cvs/ws-wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- WSSignEnvelope.java 10 Mar 2005 18:52:09 -0000 1.24
+++ WSSignEnvelope.java 8 Jul 2005 19:07:59 -0000 1.25
@@ -381,6 +381,49 @@
transforms.addTransform(STRTransform.implementedTransformURI,
ctx);
sig.addDocument("#" + strUri, transforms);
+ } else if (elemName.equals("Assertion")) { // Assertion
+ // Make the AssertionID the wsu:Id and the signature reference the same
+ SAMLAssertion assertion;
+
+ Element assertionElement =
+ (Element) WSSecurityUtil.findElement(envelope,
+ elemName,
+ nmSpace);
+
+ try {
+ assertion = new SAMLAssertion(assertionElement);
+ }
+ catch (Exception e1) {
+ log.error(e1);
+ throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
+ "noXMLSig", null, e1);
+ }
+
+ Element body =
+ (Element) WSSecurityUtil.findElement(envelope,
+ elemName,
+ nmSpace);
+ if (body == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "noEncElement",
+ new Object[]{nmSpace + ", " + elemName});
+ }
+ transforms = new Transforms(doc);
+ transforms.addTransform(
+ Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ if (wssConfig.isWsiBSPCompliant()) {
+ transforms.item(0).getElement().appendChild(
+ new InclusiveNamespaces(
+ doc, getInclusivePrefixes(body)).getElement());
+ }
+ String prefix =
+ WSSecurityUtil.setNamespace(body,
+ wssConfig.getWsuNS(),
+ WSConstants.WSU_PREFIX);
+ body.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", assertion.getId());
+ sig.addDocument("#" + assertion.getId(), transforms);
+
+
} else {
Element body =
(Element) WSSecurityUtil.findElement(envelope,
1.28 +105 -0 ws-wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java
Index: WSSecurityUtil.java
===================================================================
RCS file: /home/cvs/ws-wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- WSSecurityUtil.java 5 Jun 2005 18:52:46 -0000 1.27
+++ WSSecurityUtil.java 8 Jul 2005 19:07:59 -0000 1.28
@@ -72,6 +72,23 @@
* @param actor
* @return the <code>wsse:Security</code> element or
* <code>null</code> if not such element found
+ * @deprecated
+ * @see getSecurityHeader(
+ WSSConfig wssConfig, Document doc, String actor, SOAPConstants sc)
+ */
+ public static Element getSecurityHeader(
+ Document doc, String actor, SOAPConstants sc) {
+ return getSecurityHeader(WSSConfig.getDefaultWSConfig(), doc, actor, sc);
+ }
+
+ /**
+ * Returns the first WS-Security header element for a given actor.
+ * Only one WS-Security header is allowed for an actor.
+ *
+ * @param doc
+ * @param actor
+ * @return the <code>wsse:Security</code> element or
+ * <code>null</code> if not such element found
*/
public static Element getSecurityHeader(
WSSConfig wssConfig, Document doc, String actor, SOAPConstants sc) {
@@ -498,8 +515,24 @@
* @param doc the DOM document (SOAP request)
* @param id the Id of the element
* @return the found element or null if no element with the Id exists
+ * @deprecated
+ * @see getElementByWsuId(WSSConfig wssConfig, Document doc, String id)
+ */
+ public static Element getElementByWsuId(Document doc, String id) {
+ return getElementByWsuId(WSSConfig.getDefaultWSConfig(), doc, id);
+ }
+ /**
+ * Search for an element given its wsu:id.
+ * <p/>
+ *
+ * @param wssConfig The WSS configuration data conating namesapce
+ * definitions, etc.
+ * @param doc the DOM document (SOAP request)
+ * @param id the Id of the element
+ * @return the found element or null if no element with the Id exists
*/
public static Element getElementByWsuId(WSSConfig wssConfig, Document doc, String id) {
+
if (id == null) {
return null;
}
@@ -549,6 +582,26 @@
* @param wssConfig The WSS configuration data conating namesapce
* definitions, etc.
* @return then BST element (DOM element)
+ * @deprecated
+ * @see createBinarySecurityToken(Document doc,
+ String wsuIdVal,
+ WSSConfig wssConfig)
+ */
+ public static Element createBinarySecurityToken(Document doc,
+ String wsuIdVal) {
+ return createBinarySecurityToken(doc, wsuIdVal,
+ WSSConfig.getDefaultWSConfig());
+ }
+
+ /**
+ * Create a BinarySecurityToken element
+ * <p/>
+ *
+ * @param doc the DOM document (SOAP request)
+ * @param wsuIdVal the value for the wsu:Id
+ * @param wssConfig The WSS configuration data conating namesapce
+ * definitions, etc.
+ * @return then BST element (DOM element)
*/
public static Element createBinarySecurityToken(Document doc,
String wsuIdVal,
@@ -663,12 +716,52 @@
* @param envelope the SOAP envelope
* @param doCreate if true create a new WSS header block if none exists
* @return the WSS header or null if none found and doCreate is false
+ * @deprecated
+ * @see findWsseSecurityHeaderBlock(WSSConfig wssConfig, Document doc, Element envelope, boolean doCreate)
+ */
+ public static Element findWsseSecurityHeaderBlock(Document doc, Element envelope, boolean doCreate) {
+ return findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(), doc, envelope, doCreate);
+ }
+
+ /**
+ * find the first ws-security header block
+ * <p/>
+ *
+ * @param doc the DOM document (SOAP request)
+ * @param envelope the SOAP envelope
+ * @param doCreate if true create a new WSS header block if none exists
+ * @return the WSS header or null if none found and doCreate is false
*/
public static Element findWsseSecurityHeaderBlock(WSSConfig wssConfig, Document doc, Element envelope, boolean doCreate) {
return findWsseSecurityHeaderBlock(wssConfig, doc, envelope, null, doCreate);
}
/**
+ * find the first ws-security header block
+ * <p/>
+ *
+ * @param doc the DOM document (SOAP request)
+ * @param envelope the SOAP envelope
+ * @param doCreate if true create a new WSS header block if none exists
+ * @return the WSS header or null if none found and doCreate is false
+ * @deprecated
+ * @see findWsseSecurityHeaderBlock(WSSConfig wssConfig,
+ Document doc,
+ Element envelope,
+ String actor,
+ boolean doCreate)
+ */
+ public static Element findWsseSecurityHeaderBlock(Document doc,
+ Element envelope,
+ String actor,
+ boolean doCreate) {
+ return findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(),
+ doc,
+ envelope,
+ actor,
+ doCreate);
+ }
+ /**
* find a ws-security header block for a given actor
* <p/>
*
@@ -740,6 +833,18 @@
*
* @param doc the DOM document (SOAP request)
* @return a conext element usable for xpath requests
+ * @deprecated
+ * @see createNamespaceContext(WSSConfig wssConfig, Document doc)
+ */
+ public static Element createNamespaceContext(Document doc) {
+ return createNamespaceContext(WSSConfig.getDefaultWSConfig(), doc);
+ }
+
+ /**
+ * Create a namespace context with namespaces of interest
+ *
+ * @param doc the DOM document (SOAP request)
+ * @return a conext element usable for xpath requests
*/
public static Element createNamespaceContext(WSSConfig wssConfig, Document doc) {
SOAPConstants sc = getSOAPConstants(doc.getDocumentElement());
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org