You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/07/26 12:00:56 UTC
svn commit: r1507246 - in /webservices/wss4j/branches/1_6_x-fixes/src:
main/java/org/apache/ws/security/action/SignatureAction.java
test/java/org/apache/ws/security/message/SignedBSTTest.java
Author: coheigea
Date: Fri Jul 26 10:00:56 2013
New Revision: 1507246
URL: http://svn.apache.org/r1507246
Log:
[WSS-473] - Make it possible to sign the signing BST in SignatureAction
Conflicts:
src/main/java/org/apache/ws/security/action/SignatureAction.java
src/test/java/org/apache/ws/security/message/SignedBSTTest.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignedBSTTest.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java?rev=1507246&r1=1507245&r2=1507246&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java Fri Jul 26 10:00:56 2013
@@ -68,6 +68,7 @@ public class SignatureAction implements
wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
Element siblingElementToPrepend = null;
+ boolean signBST = false;
for (WSEncryptionPart part : reqData.getSignatureParts()) {
if ("STRTransform".equals(part.getName()) && part.getId() == null) {
part.setId(wsSign.getSecurityTokenReferenceURI());
@@ -91,19 +92,28 @@ public class SignatureAction implements
siblingElementToPrepend = (Element)lastChild;
}
}
+ } else if (WSConstants.WSSE_NS.equals(part.getNamespace())
+ && WSConstants.BINARY_TOKEN_LN.equals(part.getName())) {
+ signBST = true;
}
}
- List<javax.xml.crypto.dsig.Reference> referenceList =
+ if (signBST) {
+ wsSign.prependBSTElementToHeader(reqData.getSecHeader());
+ }
+ List<javax.xml.crypto.dsig.Reference> referenceList =
wsSign.addReferencesToSign(reqData.getSignatureParts(), reqData.getSecHeader());
- if (reqData.isAppendSignatureAfterTimestamp() && siblingElementToPrepend == null) {
+ if (signBST ||
+ (reqData.isAppendSignatureAfterTimestamp() && siblingElementToPrepend == null)) {
wsSign.computeSignature(referenceList, false, null);
} else {
wsSign.computeSignature(referenceList, true, siblingElementToPrepend);
}
- wsSign.prependBSTElementToHeader(reqData.getSecHeader());
+ if (!signBST) {
+ wsSign.prependBSTElementToHeader(reqData.getSecHeader());
+ }
reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("Error during Signature: ", e);
Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignedBSTTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignedBSTTest.java?rev=1507246&r1=1507245&r2=1507246&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignedBSTTest.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignedBSTTest.java Fri Jul 26 10:00:56 2013
@@ -28,12 +28,16 @@ import org.apache.ws.security.WSEncrypti
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.common.CustomHandler;
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XMLUtils;
import org.w3c.dom.Document;
/**
@@ -112,6 +116,45 @@ public class SignedBSTTest extends org.j
verify(doc);
}
+ @org.junit.Test
+ public void testSignedBSTAction() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("wss40");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
+ config.put("password", "security");
+ config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS,
+ "{}{" + WSConstants.WSSE_NS + "}BinarySecurityToken"
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
+ actions.add(WSConstants.SIGN);
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(doc);
+ assertTrue(handler.checkResults(results, actions));
+ }
/**
* Verifies the soap envelope