You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by di...@apache.org on 2005/09/14 00:43:36 UTC
svn commit: r280700 [1/2] - in /webservices/wss4j/trunk:
src/org/apache/ws/security/ src/org/apache/ws/security/action/
src/org/apache/ws/security/handler/ src/org/apache/ws/security/message/
src/org/apache/ws/security/processor/ src/org/apache/ws/secu...
Author: dims
Date: Tue Sep 13 15:43:27 2005
New Revision: 280700
URL: http://svn.apache.org/viewcvs?rev=280700&view=rev
Log:
Lot's of Refactoring fir pluggability
- Moved some SAML stuff to the saml package
- Added a Processor and Action interface.
- Load the required processor (say SAMLTokenProcess) or Action (TimestampAction) at runtime.
- Basically the code works even if opensaml.jar is absent :)
TODO:
- Need to convert more code into processor(s) like TimestampProcessor.
Added:
webservices/wss4j/trunk/src/org/apache/ws/security/action/
webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenUnsignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/
webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLUtil.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSignSAMLEnvelope.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityST2.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityST3.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Tue Sep 13 15:43:27 2005
@@ -21,8 +21,12 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.action.Action;
+import org.apache.ws.security.processor.Processor;
import org.apache.xml.security.transforms.Transform;
+import javax.xml.namespace.QName;
+
/**
* WSSConfig
* <p/>
@@ -52,7 +56,7 @@
* the default is to include the milliseconds.
*/
protected boolean precisionInMilliSeconds = true;
-
+
protected boolean enableSignatureConfirmation = true;
protected WSSConfig() {
@@ -145,5 +149,70 @@
*/
public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
this.enableSignatureConfirmation = enableSignatureConfirmation;
+ }
+
+ /**
+ * Lookup action
+ * @param action
+ * @return
+ * @throws WSSecurityException
+ */
+ public Action getAction(int action) throws WSSecurityException {
+ String name = null;
+ switch(action) {
+ case WSConstants.UT:
+ name = "org.apache.ws.security.action.UsernameTokenAction";
+ break;
+
+ case WSConstants.ENCR:
+ name = "org.apache.ws.security.action.EncryptionAction";
+ break;
+
+ case WSConstants.SIGN:
+ name = "org.apache.ws.security.action.SignatureAction";
+ break;
+
+ case WSConstants.ST_SIGNED:
+ name = "org.apache.ws.security.action.SAMLTokenSignedAction";
+ break;
+
+ case WSConstants.ST_UNSIGNED:
+ name = "org.apache.ws.security.action.SAMLTokenUnsignedAction";
+ break;
+
+ case WSConstants.TS:
+ name = "org.apache.ws.security.action.TimestampAction";
+ break;
+
+ case WSConstants.UT_SIGN:
+ name = "org.apache.ws.security.action.UsernameTokenSignedAction";
+ break;
+ case WSConstants.SC:
+ name = "org.apache.ws.security.action.SignatureConfirmationAction";
+ break;
+ }
+ if(name == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "unknownAction", new Object[]{new Integer(action)});
+ }
+ try {
+ return (Action)Loader.loadClass(name).newInstance();
+ } catch (Throwable t) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "unableToLoadClass", new Object[]{name});
+ }
+ }
+
+ public Processor getProcessor(QName el) throws WSSecurityException {
+ String name = null;
+ if(el.equals(WSSecurityEngine.SAML_TOKEN)){
+ name = "org.apache.ws.security.processor.SAMLTokenProcessor";
+ }
+ if(name != null){
+ try {
+ return (Processor)Loader.loadClass(name).newInstance();
+ } catch (Throwable t) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "unableToLoadClass", new Object[]{name});
+ }
+ }
+ return null;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java Tue Sep 13 15:43:27 2005
@@ -19,34 +19,28 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.message.token.SignatureConfirmation;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.message.token.X509Security;
-import org.apache.ws.security.message.token.SignatureConfirmation;
+import org.apache.ws.security.processor.Processor;
+import org.apache.ws.security.saml.SAMLUtil;
+import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.ws.security.util.Base64;
-import org.opensaml.SAMLAssertion;
-import org.opensaml.SAMLException;
-import org.opensaml.SAMLObject;
-import org.opensaml.SAMLSubject;
-import org.opensaml.SAMLSubjectStatement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -69,7 +63,6 @@
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Calendar;
-import java.util.Iterator;
import java.util.Vector;
/**
@@ -350,14 +343,6 @@
lastPrincipalFound = handleUsernameToken((Element) elem, cb);
returnResults.add(0, new WSSecurityEngineResult(WSConstants.UT,
lastPrincipalFound, null, null, null));
- } else if (el.equals(SAML_TOKEN)) {
- if (doDebug) {
- log.debug("Found SAML Assertion element");
- }
- SAMLAssertion assertion = handleSAMLToken((Element) elem);
- wsDocInfo.setAssertion((Element) elem);
- returnResults.add(0,
- new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion));
} else if (el.equals(timeStamp)) {
if (doDebug) {
log.debug("Found Timestamp list element");
@@ -382,13 +367,18 @@
returnResults.add(0, new WSSecurityEngineResult(WSConstants.SC,
sigConf));
} else {
- /*
- * Add check for a BinarySecurityToken, add info to WSDocInfo. If BST is
- * found before a Signature token this would speed up (at least a little
- * bit) the processing of STR Transform.
- */
- if (doDebug) {
- log.debug("Unknown Element: " + elem.getLocalName() + " " + elem.getNamespaceURI());
+ Processor p = wssConfig.getProcessor(el);
+ if(p != null){
+ p.handleToken((Element)elem, wsDocInfo, returnResults);
+ } else {
+ /*
+ * Add check for a BinarySecurityToken, add info to WSDocInfo. If BST is
+ * found before a Signature token this would speed up (at least a little
+ * bit) the processing of STR Transform.
+ */
+ if (doDebug) {
+ log.debug("Unknown Element: " + elem.getLocalName() + " " + elem.getNamespaceURI());
+ }
}
}
}
@@ -508,7 +498,7 @@
certs = getCertificatesTokenReference((Element) token,
crypto);
} else if (el.equals(SAML_TOKEN)) {
- certs = getCertificatesFromSAML((Element) token, crypto);
+ certs = SAMLUtil.getCertificatesFromSAML((Element) token);
} else {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
@@ -647,83 +637,6 @@
}
/**
- * Extracts the certificate(s) from the SAML token reference.
- * <p/>
- *
- * @param elem The element containing the SAML token.
- * @return an array of X509 certificates
- * @throws WSSecurityException
- */
- protected X509Certificate[] getCertificatesFromSAML(Element elem,
- Crypto crypto)
- throws WSSecurityException {
-
- /*
- * Get some information about the SAML token content. This controls how
- * to deal with the whole stuff. First get the Authentication statement
- * (includes Subject), then get the _first_ confirmation method only.
- */
- SAMLAssertion assertion;
- try {
- assertion = new SAMLAssertion(elem);
- } catch (SAMLException e) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLToken", new Object[]{"for Signature (cannot parse)"});
- }
- SAMLSubjectStatement samlSubjS = null;
- Iterator it = assertion.getStatements();
- while (it.hasNext()) {
- SAMLObject so = (SAMLObject) it.next();
- if (so instanceof SAMLSubjectStatement) {
- samlSubjS = (SAMLSubjectStatement) so;
- break;
- }
- }
- SAMLSubject samlSubj = null;
- if (samlSubjS != null) {
- samlSubj = samlSubjS.getSubject();
- }
- if (samlSubj == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLToken", new Object[]{"for Signature (no Subject)"});
- }
-
-// String confirmMethod = null;
-// it = samlSubj.getConfirmationMethods();
-// if (it.hasNext()) {
-// confirmMethod = (String) it.next();
-// }
-// boolean senderVouches = false;
-// if (SAMLSubject.CONF_SENDER_VOUCHES.equals(confirmMethod)) {
-// senderVouches = true;
-// }
- Element e = samlSubj.getKeyInfo();
- X509Certificate[] certs = null;
- try {
- KeyInfo ki = new KeyInfo(e, null);
-
- if (ki.containsX509Data()) {
- X509Data data = ki.itemX509Data(0);
- XMLX509Certificate certElem = null;
- if (data != null && data.containsCertificate()) {
- certElem = data.itemCertificate(0);
- }
- if (certElem != null) {
- X509Certificate cert = certElem.getX509Certificate();
- certs = new X509Certificate[1];
- certs[0] = cert;
- }
- }
- // TODO: get alias name for cert, check against username set by caller
- } catch (XMLSecurityException e3) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[]{"cannot get certificate (key holder)"});
- }
- return certs;
- }
-
- /**
* Checks the <code>element</code> and creates appropriate binary security object.
*
* @param element The XML element that contains either a <code>BinarySecurityToken
@@ -841,25 +754,6 @@
principal.setPasswordType(pwType);
return principal;
- }
-
- public SAMLAssertion handleSAMLToken(Element token) throws WSSecurityException {
- boolean result = false;
- SAMLAssertion assertion = null;
- try {
- assertion = new SAMLAssertion(token);
- result = true;
- if (doDebug) {
- log.debug("SAML Assertion issuer " + assertion.getIssuer());
- }
- } catch (SAMLException e) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity", null, e);
- }
- if (!result) {
- throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
- }
- return assertion;
}
public void handleTimestamp(Timestamp timestamp) throws WSSecurityException {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java Tue Sep 13 15:43:27 2005
@@ -17,8 +17,8 @@
package org.apache.ws.security;
-import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.SignatureConfirmation;
+import org.apache.ws.security.message.token.Timestamp;
import org.opensaml.SAMLAssertion;
import java.security.Principal;
@@ -39,14 +39,14 @@
private byte[] signatureValue = null;
private SignatureConfirmation sigConf = null;
- WSSecurityEngineResult(int act, SAMLAssertion ass) {
+ public WSSecurityEngineResult(int act, SAMLAssertion ass) {
principal = null;
cert = null;
action = act;
assertion = ass;
}
- WSSecurityEngineResult(int act, Principal princ,
+ public WSSecurityEngineResult(int act, Principal princ,
X509Certificate certificate, Vector elemQnames, byte[] sv) {
principal = princ;
action = act;
@@ -55,12 +55,12 @@
signatureValue = sv;
}
- WSSecurityEngineResult(int act, Timestamp tstamp) {
+ public WSSecurityEngineResult(int act, Timestamp tstamp) {
action = act;
timestamp = tstamp;
}
- WSSecurityEngineResult(int act, SignatureConfirmation sc) {
+ public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
action = act;
sigConf = sc;
}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/Action.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,13 @@
+package org.apache.ws.security.action;
+
+import org.w3c.dom.Document;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * Interface for all actions
+ */
+public interface Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData) throws WSSecurityException;
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/EncryptionAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,55 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSEncryptBody;
+import org.w3c.dom.Document;
+
+public class EncryptionAction implements Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ WSEncryptBody wsEncrypt = new WSEncryptBody(reqData.getActor(), mu);
+ wsEncrypt.setWsConfig(reqData.getWssConfig());
+
+ if (reqData.getEncKeyId() != 0) {
+ wsEncrypt.setKeyIdentifierType(reqData.getEncKeyId());
+ }
+ if (reqData.getEncKeyId() == WSConstants.EMBEDDED_KEYNAME) {
+ String encKeyName = null;
+ if ((encKeyName =
+ (String) handler.getOption(WSHandlerConstants.ENC_KEY_NAME))
+ == null) {
+ encKeyName =
+ (String) handler.getProperty(reqData.getMsgContext(), WSHandlerConstants.ENC_KEY_NAME);
+ }
+ wsEncrypt.setEmbeddedKeyName(encKeyName);
+ byte[] embeddedKey =
+ handler.getPassword(reqData.getEncUser(),
+ actionToDo,
+ WSHandlerConstants.ENC_CALLBACK_CLASS,
+ WSHandlerConstants.ENC_CALLBACK_REF, reqData)
+ .getKey();
+ wsEncrypt.setKey(embeddedKey);
+ }
+ if (reqData.getEncSymmAlgo() != null) {
+ wsEncrypt.setSymmetricEncAlgorithm(reqData.getEncSymmAlgo());
+ }
+ if (reqData.getEncKeyTransport() != null) {
+ wsEncrypt.setKeyEnc(reqData.getEncKeyTransport());
+ }
+ wsEncrypt.setUserInfo(reqData.getEncUser());
+ wsEncrypt.setUseThisCert(reqData.getEncCert());
+ if (reqData.getEncryptParts().size() > 0) {
+ wsEncrypt.setParts(reqData.getEncryptParts());
+ }
+ try {
+ wsEncrypt.build(doc, reqData.getEncCrypto());
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException("WSHandler: Encryption: error during message processing"
+ + e);
+ }
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,95 @@
+package org.apache.ws.security.action;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.saml.SAMLIssuer;
+import org.apache.ws.security.saml.SAMLIssuerFactory;
+import org.apache.ws.security.saml.WSSignSAMLEnvelope;
+import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Document;
+
+public class SAMLTokenSignedAction implements Action {
+ private static Log log = LogFactory.getLog(SAMLTokenSignedAction.class.getName());
+ private static Log tlog =
+ LogFactory.getLog("org.apache.ws.security.TIME");
+
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ Crypto crypto = null;
+ /*
+ * it is possible and legal that we do not have a signature
+ * crypto here - thus ignore the exception. This is usually
+ * the case for the SAML option "sender vouches". In this case
+ * no user crypto is required.
+ */
+ try {
+ crypto = handler.loadSignatureCrypto(reqData);
+ } catch (Throwable t){
+ }
+
+ SAMLIssuer saml = loadSamlIssuer(handler, reqData);
+ saml.setUsername(reqData.getUsername());
+ saml.setUserCrypto(crypto);
+ saml.setInstanceDoc(doc);
+
+ SAMLAssertion assertion = saml.newAssertion();
+ if (assertion == null) {
+ throw new WSSecurityException("WSHandler: Signed SAML: no SAML token received");
+ }
+ String issuerKeyName = null;
+ String issuerKeyPW = null;
+ Crypto issuerCrypto = null;
+
+ WSSignSAMLEnvelope wsSign = new WSSignSAMLEnvelope(reqData.getActor(), mu);
+ wsSign.setWsConfig(reqData.getWssConfig());
+
+ String password = null;
+ if (saml.isSenderVouches()) {
+ issuerKeyName = saml.getIssuerKeyName();
+ issuerKeyPW = saml.getIssuerKeyPassword();
+ issuerCrypto = saml.getIssuerCrypto();
+ } else {
+ password =
+ handler.getPassword(reqData.getUsername(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData)
+ .getPassword();
+ wsSign.setUserInfo(reqData.getUsername(), password);
+ }
+ if (reqData.getSigKeyId() != 0) {
+ wsSign.setKeyIdentifierType(reqData.getSigKeyId());
+ }
+ try {
+ wsSign.build(
+ doc,
+ crypto,
+ assertion,
+ issuerCrypto,
+ issuerKeyName,
+ issuerKeyPW);
+ reqData.getSignatureValues().add(wsSign.getSignatureValue());
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException("WSHandler: Signed SAML: error during message processing"
+ + e);
+ }
+ }
+
+ protected SAMLIssuer loadSamlIssuer(WSHandler handler, RequestData reqData) {
+ String samlPropFile = null;
+
+ if ((samlPropFile =
+ (String) handler.getOption(WSHandlerConstants.SAML_PROP_FILE))
+ == null) {
+ samlPropFile =
+ (String) handler.getProperty(reqData.getMsgContext(), WSHandlerConstants.SAML_PROP_FILE);
+ }
+ return SAMLIssuerFactory.getInstance(samlPropFile);
+ }
+
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenUnsignedAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenUnsignedAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenUnsignedAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenUnsignedAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,25 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.message.WSSAddSAMLToken;
+import org.apache.ws.security.saml.SAMLIssuer;
+import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Document;
+
+public class SAMLTokenUnsignedAction extends SAMLTokenSignedAction implements Action {
+
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ WSSAddSAMLToken builder = new WSSAddSAMLToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
+
+ SAMLIssuer saml = loadSamlIssuer(handler, reqData);
+ saml.setUsername(reqData.getUsername());
+ SAMLAssertion assertion = saml.newAssertion();
+
+ // add the SAMLAssertion Token to the SOAP Enevelope
+ builder.build(doc, assertion);
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,44 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSignEnvelope;
+import org.w3c.dom.Document;
+
+public class SignatureAction implements Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ String password;
+ password =
+ handler.getPassword(reqData.getUsername(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData)
+ .getPassword();
+
+ WSSignEnvelope wsSign = new WSSignEnvelope(reqData.getActor(), mu);
+ wsSign.setWsConfig(reqData.getWssConfig());
+
+ if (reqData.getSigKeyId() != 0) {
+ wsSign.setKeyIdentifierType(reqData.getSigKeyId());
+ }
+ if (reqData.getSigAlgorithm() != null) {
+ wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm());
+ }
+
+ wsSign.setUserInfo(reqData.getUsername(), password);
+ if (reqData.getSignatureParts().size() > 0) {
+ wsSign.setParts(reqData.getSignatureParts());
+ }
+
+ try {
+ wsSign.build(doc, reqData.getSigCrypto());
+ reqData.getSignatureValues().add(wsSign.getSignatureValue());
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException("WSHandler: Signature: error during message procesing" + e);
+ }
+ }
+
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/SignatureConfirmationAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,74 @@
+package org.apache.ws.security.action;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSAddSignatureConfirmation;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import java.util.Vector;
+
+public class SignatureConfirmationAction implements Action {
+ protected static Log log = LogFactory.getLog(WSHandler.class.getName());
+
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ if (log.isDebugEnabled()) {
+ log.debug("Perform Signature confirmation");
+ }
+
+ Vector results = (Vector) handler.getProperty(reqData.getMsgContext(),
+ WSHandlerConstants.RECV_RESULTS);
+ /*
+ * loop over all results gathered by all handlers in the chain. For each
+ * handler result get the various actions. After that loop we have all
+ * signature results in the signatureActions vector
+ */
+ Vector signatureActions = new Vector();
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.ST_SIGNED, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.UT_SIGN, signatureActions);
+ }
+ Vector signatureParts = reqData.getSignatureParts();
+ // prepare a SignatureConfirmation token
+ WSAddSignatureConfirmation wsc = new WSAddSignatureConfirmation(reqData
+ .getActor(), mu);
+ int idHash = wsc.hashCode();
+ if (signatureActions.size() > 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signature Confirmation: number of Signature results: "
+ + signatureActions.size());
+ }
+ for (int i = 0; i < signatureActions.size(); i++) {
+ WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+ .get(i);
+ byte[] sigVal = wsr.getSignatureValue();
+ String id = "sigcon-" + (idHash + i);
+ wsc.setId(id);
+ wsc.build(doc, sigVal);
+ signatureParts.add(new WSEncryptionPart(id));
+ }
+ } else {
+ String id = "sigcon-" + idHash;
+ wsc.setId(id);
+ wsc.build(doc, null);
+ signatureParts.add(new WSEncryptionPart(id));
+ }
+ handler.setProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE,
+ handler.DONE);
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,22 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.message.WSAddTimestamp;
+import org.w3c.dom.Document;
+
+public class TimestampAction implements Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ WSAddTimestamp timeStampBuilder =
+ new WSAddTimestamp(reqData.getActor(), mu);
+ timeStampBuilder.setWsConfig(reqData.getWssConfig());
+
+
+ timeStampBuilder.setId("Timestamp-" + System.currentTimeMillis());
+
+ // add the Timestamp to the SOAP Enevelope
+ timeStampBuilder.build(doc, handler.decodeTimeToLive(reqData));
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,44 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSAddUsernameToken;
+import org.w3c.dom.Document;
+
+public class UsernameTokenAction implements Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ String password;
+ password =
+ handler.getPassword(reqData.getUsername(),
+ actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData)
+ .getPassword();
+
+ WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
+ builder.setPasswordType(reqData.getPwType());
+
+ //Set the wsu:Id of the UNT
+ builder.setId("UsernameToken-" + System.currentTimeMillis());
+
+ // add the UsernameToken to the SOAP Enevelope
+ builder.build(doc, reqData.getUsername(), password);
+
+ if (reqData.getUtElements() != null && reqData.getUtElements().length > 0) {
+ for (int j = 0; j < reqData.getUtElements().length; j++) {
+ reqData.getUtElements()[j].trim();
+ if (reqData.getUtElements()[j].equals("Nonce")) {
+ builder.addNonce(doc);
+ }
+ if (reqData.getUtElements()[j].equals("Created")) {
+ builder.addCreated(doc);
+ }
+ reqData.getUtElements()[j] = null;
+ }
+ }
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,47 @@
+package org.apache.ws.security.action;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSAddUsernameToken;
+import org.apache.ws.security.message.WSSignEnvelope;
+import org.apache.xml.security.signature.XMLSignature;
+import org.w3c.dom.Document;
+
+public class UsernameTokenSignedAction implements Action {
+ public void execute(WSHandler handler, int actionToDo, boolean mu, Document doc, RequestData reqData)
+ throws WSSecurityException {
+ String password;
+ password = handler.getPassword(reqData.getUsername(), actionToDo,
+ WSHandlerConstants.PW_CALLBACK_CLASS,
+ WSHandlerConstants.PW_CALLBACK_REF, reqData).getPassword();
+
+ WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
+
+ builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+ builder.preSetUsernameToken(doc, reqData.getUsername(), password);
+ builder.addCreated(doc);
+ builder.addNonce(doc);
+
+ WSSignEnvelope sign = new WSSignEnvelope(reqData.getActor(), mu);
+ sign.setWsConfig(reqData.getWssConfig());
+
+ if (reqData.getSignatureParts().size() > 0) {
+ sign.setParts(reqData.getSignatureParts());
+ }
+ sign.setUsernameToken(builder);
+ sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
+ sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+ try {
+ sign.build(doc, null);
+ reqData.getSignatureValues().add(sign.getSignatureValue());
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException("WSHandler: Error during Signatur with UsernameToken secret"
+ + e);
+ }
+ builder.build(doc, null, null);
+ }
+}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/errors.properties Tue Sep 13 15:43:27 2005
@@ -69,3 +69,5 @@
decoding.divisible.four = It should be divisible by four
decoding.general = Error while decoding
+unknownAction=Unknown Action {0}
+unableToLoadClass=Unable to load class {0}
\ No newline at end of file
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Tue Sep 13 15:43:27 2005
@@ -19,29 +19,27 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.action.EncryptionAction;
+import org.apache.ws.security.action.SAMLTokenSignedAction;
+import org.apache.ws.security.action.SAMLTokenUnsignedAction;
+import org.apache.ws.security.action.SignatureAction;
+import org.apache.ws.security.action.SignatureConfirmationAction;
+import org.apache.ws.security.action.TimestampAction;
+import org.apache.ws.security.action.UsernameTokenAction;
+import org.apache.ws.security.action.UsernameTokenSignedAction;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.message.WSAddTimestamp;
-import org.apache.ws.security.message.WSEncryptBody;
-import org.apache.ws.security.message.WSSAddSAMLToken;
-import org.apache.ws.security.message.WSSAddUsernameToken;
-import org.apache.ws.security.message.WSSignEnvelope;
-import org.apache.ws.security.message.WSAddSignatureConfirmation;
import org.apache.ws.security.message.token.Timestamp;
-import org.apache.ws.security.saml.SAMLIssuer;
-import org.apache.ws.security.saml.SAMLIssuerFactory;
+import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.ws.security.util.Loader;
-import org.apache.xml.security.signature.XMLSignature;
-import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
import javax.security.auth.callback.Callback;
@@ -49,10 +47,10 @@
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
+import java.util.Arrays;
import java.util.Calendar;
import java.util.Hashtable;
import java.util.Vector;
-import java.util.Arrays;
/**
@@ -63,14 +61,14 @@
* @author Werner Dittmann (Werner.Dittmann@t-online.de).
*/
public abstract class WSHandler {
- protected static String DONE = "done";
+ public static String DONE = "done";
protected static Log log = LogFactory.getLog(WSHandler.class.getName());
protected static final WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
protected static Hashtable cryptos = new Hashtable(5);
private boolean doDebug = log.isDebugEnabled();
- /**
+ /** ut
* Performs all defined security actions to set-up the SOAP request.
*
*
@@ -165,7 +163,7 @@
Vector results = null;
if ((results = (Vector) getProperty(reqData.getMsgContext(),
WSHandlerConstants.RECV_RESULTS)) != null) {
- performSIGNConfirmation(mu, doc, reqData, results);
+ wssConfig.getAction(WSConstants.SC).execute(this, WSConstants.SC, mu, doc, reqData);
}
}
}
@@ -181,37 +179,18 @@
}
switch (actionToDo) {
- case WSConstants.UT:
- performUTAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.ENCR:
- performENCRAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.SIGN:
- performSIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.ST_SIGNED:
- performST_SIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.ST_UNSIGNED:
- performSTAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.TS:
- performTSAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.UT_SIGN:
- performUT_SIGNAction(actionToDo, mu, doc, reqData);
- break;
-
- case WSConstants.NO_SERIALIZE:
- reqData.setNoSerialization(true);
- break;
+ case WSConstants.UT:
+ case WSConstants.ENCR:
+ case WSConstants.SIGN:
+ case WSConstants.ST_SIGNED:
+ case WSConstants.ST_UNSIGNED:
+ case WSConstants.TS:
+ case WSConstants.UT_SIGN:
+ wssConfig.getAction(actionToDo).execute(this, actionToDo, mu, doc, reqData);
+ break;
+ case WSConstants.NO_SERIALIZE:
+ reqData.setNoSerialization(true);
+ break;
}
}
/*
@@ -276,288 +255,6 @@
return true;
}
-
- protected void performSIGNAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- String password;
- password =
- getPassword(reqData.getUsername(),
- actionToDo,
- WSHandlerConstants.PW_CALLBACK_CLASS,
- WSHandlerConstants.PW_CALLBACK_REF, reqData)
- .getPassword();
-
- WSSignEnvelope wsSign = new WSSignEnvelope(reqData.getActor(), mu);
- wsSign.setWsConfig(reqData.getWssConfig());
-
- if (reqData.getSigKeyId() != 0) {
- wsSign.setKeyIdentifierType(reqData.getSigKeyId());
- }
- if (reqData.getSigAlgorithm() != null) {
- wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm());
- }
-
- wsSign.setUserInfo(reqData.getUsername(), password);
- if (reqData.getSignatureParts().size() > 0) {
- wsSign.setParts(reqData.getSignatureParts());
- }
-
- try {
- wsSign.build(doc, reqData.getSigCrypto());
- reqData.getSignatureValues().add(wsSign.getSignatureValue());
- } catch (WSSecurityException e) {
- throw new WSSecurityException("WSHandler: Signature: error during message procesing" + e);
- }
- }
-
- protected void performENCRAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- WSEncryptBody wsEncrypt = new WSEncryptBody(reqData.getActor(), mu);
- wsEncrypt.setWsConfig(reqData.getWssConfig());
-
- if (reqData.getEncKeyId() != 0) {
- wsEncrypt.setKeyIdentifierType(reqData.getEncKeyId());
- }
- if (reqData.getEncKeyId() == WSConstants.EMBEDDED_KEYNAME) {
- String encKeyName = null;
- if ((encKeyName =
- (String) getOption(WSHandlerConstants.ENC_KEY_NAME))
- == null) {
- encKeyName =
- (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.ENC_KEY_NAME);
- }
- wsEncrypt.setEmbeddedKeyName(encKeyName);
- byte[] embeddedKey =
- getPassword(reqData.getEncUser(),
- actionToDo,
- WSHandlerConstants.ENC_CALLBACK_CLASS,
- WSHandlerConstants.ENC_CALLBACK_REF, reqData)
- .getKey();
- wsEncrypt.setKey(embeddedKey);
- }
- if (reqData.getEncSymmAlgo() != null) {
- wsEncrypt.setSymmetricEncAlgorithm(reqData.getEncSymmAlgo());
- }
- if (reqData.getEncKeyTransport() != null) {
- wsEncrypt.setKeyEnc(reqData.getEncKeyTransport());
- }
- wsEncrypt.setUserInfo(reqData.getEncUser());
- wsEncrypt.setUseThisCert(reqData.getEncCert());
- if (reqData.getEncryptParts().size() > 0) {
- wsEncrypt.setParts(reqData.getEncryptParts());
- }
- try {
- wsEncrypt.build(doc, reqData.getEncCrypto());
- } catch (WSSecurityException e) {
- throw new WSSecurityException("WSHandler: Encryption: error during message processing"
- + e);
- }
- }
-
- protected void performUTAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- String password;
- password =
- getPassword(reqData.getUsername(),
- actionToDo,
- WSHandlerConstants.PW_CALLBACK_CLASS,
- WSHandlerConstants.PW_CALLBACK_REF, reqData)
- .getPassword();
-
- WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
- builder.setWsConfig(reqData.getWssConfig());
- builder.setPasswordType(reqData.getPwType());
-
- //Set the wsu:Id of the UNT
- builder.setId("UsernameToken-" + System.currentTimeMillis());
-
- // add the UsernameToken to the SOAP Enevelope
- builder.build(doc, reqData.getUsername(), password);
-
- if (reqData.getUtElements() != null && reqData.getUtElements().length > 0) {
- for (int j = 0; j < reqData.getUtElements().length; j++) {
- reqData.getUtElements()[j].trim();
- if (reqData.getUtElements()[j].equals("Nonce")) {
- builder.addNonce(doc);
- }
- if (reqData.getUtElements()[j].equals("Created")) {
- builder.addCreated(doc);
- }
- reqData.getUtElements()[j] = null;
- }
- }
- }
-
- protected void performUT_SIGNAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- String password;
- password = getPassword(reqData.getUsername(), actionToDo,
- WSHandlerConstants.PW_CALLBACK_CLASS,
- WSHandlerConstants.PW_CALLBACK_REF, reqData).getPassword();
-
- WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
- builder.setWsConfig(reqData.getWssConfig());
-
- builder.setPasswordType(WSConstants.PASSWORD_TEXT);
- builder.preSetUsernameToken(doc, reqData.getUsername(), password);
- builder.addCreated(doc);
- builder.addNonce(doc);
-
- WSSignEnvelope sign = new WSSignEnvelope(reqData.getActor(), mu);
- sign.setWsConfig(reqData.getWssConfig());
-
- if (reqData.getSignatureParts().size() > 0) {
- sign.setParts(reqData.getSignatureParts());
- }
- sign.setUsernameToken(builder);
- sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
- sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
- try {
- sign.build(doc, null);
- reqData.getSignatureValues().add(sign.getSignatureValue());
- } catch (WSSecurityException e) {
- throw new WSSecurityException("WSHandler: Error during Signatur with UsernameToken secret"
- + e);
- }
- builder.build(doc, null, null);
- }
-
- protected void performSTAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- WSSAddSAMLToken builder = new WSSAddSAMLToken(reqData.getActor(), mu);
- builder.setWsConfig(reqData.getWssConfig());
-
- SAMLIssuer saml = loadSamlIssuer(reqData);
- saml.setUsername(reqData.getUsername());
- SAMLAssertion assertion = saml.newAssertion();
-
- // add the SAMLAssertion Token to the SOAP Enevelope
- builder.build(doc, assertion);
- }
-
- protected void performST_SIGNAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
- throws WSSecurityException {
- Crypto crypto = null;
- /*
- * it is possible and legal that we do not have a signature
- * crypto here - thus ignore the exception. This is usually
- * the case for the SAML option "sender vouches". In this case
- * no user crypto is required.
- */
- try {
- crypto = loadSignatureCrypto(reqData);
- } catch (WSSecurityException ex) {}
-
- SAMLIssuer saml = loadSamlIssuer(reqData);
- saml.setUsername(reqData.getUsername());
- saml.setUserCrypto(crypto);
- saml.setInstanceDoc(doc);
-
- SAMLAssertion assertion = saml.newAssertion();
- if (assertion == null) {
- throw new WSSecurityException("WSHandler: Signed SAML: no SAML token received");
- }
- String issuerKeyName = null;
- String issuerKeyPW = null;
- Crypto issuerCrypto = null;
-
- WSSignEnvelope wsSign = new WSSignEnvelope(reqData.getActor(), mu);
- wsSign.setWsConfig(reqData.getWssConfig());
-
- String password = null;
- if (saml.isSenderVouches()) {
- issuerKeyName = saml.getIssuerKeyName();
- issuerKeyPW = saml.getIssuerKeyPassword();
- issuerCrypto = saml.getIssuerCrypto();
- } else {
- password =
- getPassword(reqData.getUsername(),
- actionToDo,
- WSHandlerConstants.PW_CALLBACK_CLASS,
- WSHandlerConstants.PW_CALLBACK_REF, reqData)
- .getPassword();
- wsSign.setUserInfo(reqData.getUsername(), password);
- }
- if (reqData.getSigKeyId() != 0) {
- wsSign.setKeyIdentifierType(reqData.getSigKeyId());
- }
- try {
- wsSign.build(doc,
- crypto,
- assertion,
- issuerCrypto,
- issuerKeyName,
- issuerKeyPW);
- reqData.getSignatureValues().add(wsSign.getSignatureValue());
- } catch (WSSecurityException e) {
- throw new WSSecurityException("WSHandler: Signed SAML: error during message processing"
- + e);
- }
- }
-
- protected void performTSAction(int actionToDo, boolean mu, Document doc, RequestData reqData) throws WSSecurityException {
- WSAddTimestamp timeStampBuilder =
- new WSAddTimestamp(reqData.getActor(), mu);
- timeStampBuilder.setWsConfig(reqData.getWssConfig());
-
-
- timeStampBuilder.setId("Timestamp-" + System.currentTimeMillis());
-
- // add the Timestamp to the SOAP Enevelope
- timeStampBuilder.build(doc, decodeTimeToLive(reqData));
- }
-
- protected void performSIGNConfirmation(boolean mu, Document doc,
- RequestData reqData, Vector results) {
- if (doDebug) {
- log.debug("Perform Signature confirmation");
- }
- /*
- * loop over all results gathered by all handlers in the chain. For each
- * handler result get the various actions. After that loop we have all
- * signature results in the signatureActions vector
- */
- Vector signatureActions = new Vector();
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
-
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.SIGN, signatureActions);
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.ST_SIGNED, signatureActions);
- WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
- WSConstants.UT_SIGN, signatureActions);
- }
- Vector signatureParts = reqData.getSignatureParts();
- // prepare a SignatureConfirmation token
- WSAddSignatureConfirmation wsc = new WSAddSignatureConfirmation(reqData
- .getActor(), mu);
- int idHash = wsc.hashCode();
- if (signatureActions.size() > 0) {
- if (doDebug) {
- log
- .debug("Signature Confirmation: number of Signature results: "
- + signatureActions.size());
- }
- for (int i = 0; i < signatureActions.size(); i++) {
- WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
- .get(i);
- byte[] sigVal = wsr.getSignatureValue();
- String id = "sigcon-" + (idHash + i);
- wsc.setId(id);
- wsc.build(doc, sigVal);
- signatureParts.add(new WSEncryptionPart(id));
- }
- } else {
- String id = "sigcon-" + idHash;
- wsc.setId(id);
- wsc.build(doc, null);
- signatureParts.add(new WSEncryptionPart(id));
- }
- setProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE,
- DONE);
- }
-
protected void checkSignatureConfirmation(RequestData reqData,
Vector wsResult) throws WSSecurityException{
if (doDebug) {
@@ -619,7 +316,7 @@
* Hook to allow subclasses to load their Signature Crypto however they see
* fit.
*/
- protected Crypto loadSignatureCrypto(RequestData reqData) throws WSSecurityException {
+ public Crypto loadSignatureCrypto(RequestData reqData) throws WSSecurityException {
Crypto crypto = null;
/*
* Get crypto property file for signature. If none specified throw
@@ -669,18 +366,6 @@
return crypto;
}
- protected SAMLIssuer loadSamlIssuer(RequestData reqData) {
- String samlPropFile = null;
-
- if ((samlPropFile =
- (String) getOption(WSHandlerConstants.SAML_PROP_FILE))
- == null) {
- samlPropFile =
- (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.SAML_PROP_FILE);
- }
- return SAMLIssuerFactory.getInstance(samlPropFile);
- }
-
protected void decodeUTParameter(RequestData reqData) throws WSSecurityException {
reqData.setPwType((String) getOption(WSHandlerConstants.PASSWORD_TYPE));
if (reqData.getPwType() == null) {
@@ -818,7 +503,7 @@
return mu;
}
- protected int decodeTimeToLive(RequestData reqData) {
+ public int decodeTimeToLive(RequestData reqData) {
String ttl = null;
if ((ttl =
(String) getOption(WSHandlerConstants.TTL_TIMESTAMP))
@@ -867,7 +552,7 @@
* <p/>
* Try all possible sources to get a password.
*/
- private WSPasswordCallback getPassword(String username,
+ public WSPasswordCallback getPassword(String username,
int doAction,
String clsProp,
String refProp,
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java Tue Sep 13 15:43:27 2005
@@ -20,8 +20,9 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -44,9 +45,9 @@
protected int keyIdentifierType = WSConstants.ISSUER_SERIAL;
protected Vector parts = null;
protected int timeToLive = 300; // time between Created and Expires
-
+
protected boolean doDebug = false;
-
+
protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
@@ -256,5 +257,4 @@
}
return securityHeader;
}
-
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java?rev=280700&r1=280699&r2=280700&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java Tue Sep 13 15:43:27 2005
@@ -31,39 +31,31 @@
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
-import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
-
-import org.opensaml.SAMLAssertion;
-import org.opensaml.SAMLException;
-import org.opensaml.SAMLObject;
-import org.opensaml.SAMLSubject;
-import org.opensaml.SAMLSubjectStatement;
+import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
import java.security.cert.X509Certificate;
-import java.util.Iterator;
-import java.util.Vector;
-import java.util.Set;
import java.util.HashSet;
+import java.util.Set;
+import java.util.Vector;
/**
* Signs a SOAP envelope according to WS Specification, X509 profile, and adds
@@ -133,10 +125,10 @@
/**
* Set the name of the signature encryption algorithm to use.
- *
+ *
* If the algorithm is not set then Triple RSA is used. Refer to WSConstants
* which algorithms are supported.
- *
+ *
* @param algo
* Is the name of the signature algorithm
* @see WSConstants#RSA
@@ -148,7 +140,7 @@
/**
* Get the name of the signature algorithm that is being used.
- *
+ *
* If the algorithm is not set then RSA is default.
*
* @return the identifier URI of the signature algorithm
@@ -159,11 +151,11 @@
/**
* Set the canonicalization method to use.
- *
+ *
* If the canonicalization method is not set then the recommended Exclusive
* XML Canonicalization is used by default Refer to WSConstants which
* algorithms are supported.
- *
+ *
* @param algo
* Is the name of the signature algorithm
* @see WSConstants#C14N_OMIT_COMMENTS
@@ -177,10 +169,10 @@
/**
* Get the canonicalization method.
- *
+ *
* If the canonicalization method was not set then Exclusive XML
* Canonicalization is used by default.
- *
+ *
* @return TODO
*/
public String getSigCanonicalization() {
@@ -202,8 +194,8 @@
}
/**
- * Builds a signed soap envelope.
- *
+ * Builds a signed soap envelope.
+ *
* The method first gets an appropriate
* security header. According to the defined parameters for certificate
* handling the signature elements are constructed and inserted into the
@@ -332,12 +324,12 @@
for (int part = 0; part < parts.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
-
+
String idToSign = encPart.getId();
-
+
String elemName = encPart.getName();
String nmSpace = encPart.getNamespace();
-
+
/*
* Set up the elements to sign. There are two resevered element
* names: "Token" and "STRTransform" "Token": Setup the Signature to
@@ -394,20 +386,9 @@
STRTransform.implementedTransformURI, ctx);
sig.addDocument("#" + strUri, transforms);
} else if (elemName.equals("Assertion")) { // Assertion
- // Make the AssertionID the wsu:Id and the signature reference the same
- SAMLAssertion assertion;
-
- Element assertionElement = (Element) WSSecurityUtil
- .findElement(envelope, elemName, nmSpace);
- try {
- assertion = new SAMLAssertion(assertionElement);
- } catch (Exception e1) {
- log.error(e1);
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig", null, e1);
- }
+ String id = null;
+ id = SAMLUtil.getAssertionId(envelope, elemName, nmSpace);
Element body = (Element) WSSecurityUtil.findElement(
envelope, elemName, nmSpace);
@@ -428,8 +409,8 @@
String prefix = WSSecurityUtil.setNamespace(body,
WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id",
- assertion.getId());
- sig.addDocument("#" + assertion.getId(), transforms);
+ id);
+ sig.addDocument("#" + id, transforms);
} else {
Element body = (Element) WSSecurityUtil.findElement(
@@ -493,7 +474,7 @@
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, certs[0]);
- X509Data x509Data = new X509Data(doc);
+ X509Data x509Data = new X509Data(doc);
x509Data.add(data);
secRef.setX509IssuerSerial(x509Data);
break;
@@ -561,362 +542,7 @@
return (doc);
}
- /**
- * Builds a signed soap envelope with SAML token. <p/>The method first
- * gets an appropriate security header. According to the defined parameters
- * for certificate handling the signature elements are constructed and
- * inserted into the <code>wsse:Signature</code>
- *
- * @param doc The unsigned SOAP envelope as <code>Document</code>
- * @param assertion the complete SAML assertion
- * @param issuerCrypto An instance of the Crypto API to handle keystore SAML token
- * issuer and to generate certificates
- * @param issuerKeyName Private key to use in case of "sender-Vouches"
- * @param issuerKeyPW Password for issuer private key
- * @return A signed SOAP envelope as <code>Document</code>
- * @throws WSSecurityException
- */
- public Document build(Document doc, Crypto userCrypto,
- SAMLAssertion assertion, Crypto issuerCrypto, String issuerKeyName,
- String issuerKeyPW) throws WSSecurityException {
-
- doDebug = log.isDebugEnabled();
-
- long t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;
- if (tlog.isDebugEnabled()) {
- t0 = System.currentTimeMillis();
- }
- if (doDebug) {
- log.debug("Beginning ST signing...");
- }
- /*
- * Get some information about the SAML token content. This controls how
- * to deal with the whole stuff. First get the Authentication statement
- * (includes Subject), then get the _first_ confirmation method only.
- */
- SAMLSubjectStatement samlSubjS = null;
- Iterator it = assertion.getStatements();
- while (it.hasNext()) {
- SAMLObject so = (SAMLObject) it.next();
- if (so instanceof SAMLSubjectStatement) {
- samlSubjS = (SAMLSubjectStatement) so;
- break;
- }
- }
- SAMLSubject samlSubj = null;
- if (samlSubjS != null) {
- samlSubj = samlSubjS.getSubject();
- }
- if (samlSubj == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLToken", new Object[] { "for Signature" });
- }
-
- String confirmMethod = null;
- it = samlSubj.getConfirmationMethods();
- if (it.hasNext()) {
- confirmMethod = (String) it.next();
- }
- boolean senderVouches = false;
- if (SAMLSubject.CONF_SENDER_VOUCHES.equals(confirmMethod)) {
- senderVouches = true;
- }
- /*
- * Gather some info about the document to process and store it for
- * retrival
- */
- WSDocInfo wsDocInfo = new WSDocInfo(doc.hashCode());
-
- Element envelope = doc.getDocumentElement();
- SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
-
- Element securityHeader = insertSecurityHeader(doc);
- X509Certificate[] certs = null;
-
- if (senderVouches) {
- certs = issuerCrypto.getCertificates(issuerKeyName);
- wsDocInfo.setCrypto(issuerCrypto);
- }
- /*
- * in case of key holder:
- * - get the user's certificate that _must_ be included in the SAML
- * token. To ensure the cert integrity the SAML token must be signed
- * (by the issuer). Just check if its signed, but
- * don't verify this SAML token's signature here (maybe later).
- */
- else {
- if (userCrypto == null || assertion.isSigned() == false) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[] { "for SAML Signature (Key Holder)" });
- }
- Element e = samlSubj.getKeyInfo();
- try {
- KeyInfo ki = new KeyInfo(e, null);
-
- if (ki.containsX509Data()) {
- X509Data data = ki.itemX509Data(0);
- XMLX509Certificate certElem = null;
- if (data != null && data.containsCertificate()) {
- certElem = data.itemCertificate(0);
- }
- if (certElem != null) {
- X509Certificate cert = certElem.getX509Certificate();
- certs = new X509Certificate[1];
- certs[0] = cert;
- }
- }
- // TODO: get alias name for cert, check against username set by caller
- } catch (XMLSecurityException e3) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[] { "cannot get certificate (key holder)" },
- e3);
- }
- wsDocInfo.setCrypto(userCrypto);
- }
- // Set the id of the elements to be used as digest source
- // String id = setBodyID(doc);
- if (certs == null || certs.length <= 0) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidX509Data", new Object[] { "for Signature" });
- }
- if (sigAlgo == null) {
- String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
- log.debug("automatic sig algo detection: " + pubKeyAlgo);
- if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
- sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
- } else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
- sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
- } else {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "invalidX509Data",
- new Object[] { "for Signature - unkown public key Algo" });
- }
- }
- XMLSignature sig = null;
- try {
- sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig");
- }
-
- KeyInfo info = sig.getKeyInfo();
- String keyInfoUri = "KeyId-" + info.hashCode();
- info.setId(keyInfoUri);
-
- SecurityTokenReference secRef = new SecurityTokenReference(doc);
- String strUri = "STRId-" + secRef.hashCode();
- secRef.setID(strUri);
-
- String certUri = "CertId-" + certs[0].hashCode();
-
- if (tlog.isDebugEnabled()) {
- t1 = System.currentTimeMillis();
- }
-
- if (parts == null) {
- parts = new Vector();
- WSEncryptionPart encP = new WSEncryptionPart(soapConstants
- .getBodyQName().getLocalPart(), soapConstants
- .getEnvelopeURI(), "Content");
- parts.add(encP);
- }
-
- /*
- * If the sender vouches, then we must sign the SAML token _and_ at
- * least one part of the message (usually the SOAP body). To do so we
- * need to
- * - put in a reference to the SAML token. Thus we create a STR
- * and insert it into the wsse:Security header
- * - set a reference of the created STR to the signature and use STR
- * Transfrom during the signature
- */
- Transforms transforms = null;
- SecurityTokenReference secRefSaml = null;
-
- try {
- if (senderVouches) {
- secRefSaml = new SecurityTokenReference(doc);
- String strSamlUri = "STRSAMLId-" + secRefSaml.hashCode();
- secRefSaml.setID(strSamlUri);
- // Decouple Refernce/KeyInfo setup - quick shot here
- Reference ref = new Reference(doc);
- ref.setURI("#" + assertion.getId());
- ref.setValueType(WSConstants.WSS_SAML_NS
- + WSConstants.WSS_SAML_ASSERTION);
- secRefSaml.setReference(ref);
- // up to here
- Element ctx = createSTRParameter(doc);
- transforms = new Transforms(doc);
- transforms.addTransform(STRTransform.implementedTransformURI,
- ctx);
- sig.addDocument("#" + strSamlUri, transforms);
- }
- for (int part = 0; part < parts.size(); part++) {
- WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
- String elemName = encPart.getName();
- String nmSpace = encPart.getNamespace();
-
- /*
- * Set up the elements to sign. There are two resevered element
- * names: "Token" and "STRTransform" "Token": Setup the
- * Signature to either sign the information that points to the
- * security token or the token itself. If its a direct
- * reference sign the token, otherwise sign the KeyInfo
- * Element. "STRTransform": Setup the ds:Reference to use STR
- * Transform
- *
- */
- if (elemName.equals("Token")) {
- transforms = new Transforms(doc);
- transforms
- .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
- sig.addDocument("#" + certUri, transforms);
- } else {
- sig.addDocument("#" + keyInfoUri, transforms);
- }
- } else if (elemName.equals("STRTransform")) { // STRTransform
- Element ctx = createSTRParameter(doc);
- transforms = new Transforms(doc);
- transforms.addTransform(
- STRTransform.implementedTransformURI, ctx);
- sig.addDocument("#" + strUri, transforms);
- } else {
- Element body = (Element) WSSecurityUtil.findElement(
- envelope, elemName, nmSpace);
- if (body == null) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE, "noEncElement",
- new Object[] { nmSpace + ", " + elemName });
- }
- transforms = new Transforms(doc);
- transforms
- .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- sig.addDocument("#" + setWsuId(body), transforms);
- }
- }
- } catch (TransformationException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig", null, e1);
- } catch (XMLSignatureException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig", null, e1);
- }
-
- sig.addResourceResolver(EnvelopeIdResolver.getInstance());
-
- /*
- * The order to prepend is:
- * - signature
- * - BinarySecurityToken (depends on mode)
- * - SecurityTokenRefrence (depends on mode)
- * - SAML token
- */
-
- WSSecurityUtil.prependChildElement(doc, securityHeader, sig
- .getElement(), false);
-
- if (tlog.isDebugEnabled()) {
- t2 = System.currentTimeMillis();
- }
- switch (keyIdentifierType) {
- case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(doc);
- if (senderVouches) {
- ref.setURI("#" + certUri);
- BinarySecurity bstToken = null;
- bstToken = new X509Security(doc);
- ((X509Security) bstToken).setX509Certificate(certs[0]);
- bstToken.setID(certUri);
- WSSecurityUtil.prependChildElement(doc, securityHeader,
- bstToken.getElement(), false);
- wsDocInfo.setBst(bstToken.getElement());
- ref.setValueType(bstToken.getValueType());
- } else {
- ref.setURI("#" + assertion.getId());
- ref.setValueType(WSConstants.WSS_SAML_NS
- + WSConstants.WSS_SAML_ASSERTION);
- }
- secRef.setReference(ref);
- break;
- //
- // case WSConstants.ISSUER_SERIAL :
- // XMLX509IssuerSerial data =
- // new XMLX509IssuerSerial(doc, certs[0]);
- // secRef.setX509IssuerSerial(data);
- // break;
- //
- // case WSConstants.X509_KEY_IDENTIFIER :
- // secRef.setKeyIdentifier(certs[0]);
- // break;
- //
- // case WSConstants.SKI_KEY_IDENTIFIER :
- // secRef.setKeyIdentifierSKI(certs[0], crypto);
- // break;
- //
- default:
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "unsupportedKeyId");
- }
-
- if (tlog.isDebugEnabled()) {
- t3 = System.currentTimeMillis();
- }
- info.addUnknownElement(secRef.getElement());
-
- Element samlToken = null;
- try {
- samlToken = (Element) assertion.toDOM(doc);
- } catch (SAMLException e2) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noSAMLdoc", null, e2);
- }
- if (senderVouches) {
- WSSecurityUtil.prependChildElement(doc, securityHeader, secRefSaml
- .getElement(), true);
- }
-
- wsDocInfo.setAssertion(samlToken);
- WSSecurityUtil
- .prependChildElement(doc, securityHeader, samlToken, true);
-
- WSDocInfoStore.store(wsDocInfo);
- try {
- if (senderVouches) {
- sig
- .sign(issuerCrypto.getPrivateKey(issuerKeyName,
- issuerKeyPW));
- } else {
- sig.sign(userCrypto.getPrivateKey(user, password));
- }
- signatureValue = sig.getSignatureValue();
- } catch (XMLSignatureException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- null, null, e1);
- } catch (Exception e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- null, null, e1);
- } finally {
- WSDocInfoStore.delete(wsDocInfo);
- }
- if (tlog.isDebugEnabled()) {
- t4 = System.currentTimeMillis();
- tlog.debug("SignEnvelope: cre-Sig= " + (t1 - t0)
- + " set transform= " + (t2 - t1) + " sec-ref= " + (t3 - t2)
- + " signature= " + (t4 - t3));
- }
- if (doDebug) {
- log.debug("Signing complete.");
- }
- return (doc);
-
- }
-
- private Element createSTRParameter(Document doc) {
+ protected Element createSTRParameter(Document doc) {
Element transformParam = doc.createElementNS(WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX + ":TransformationParameters");
Added: webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,11 @@
+package org.apache.ws.security.processor;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSDocInfo;
+import org.w3c.dom.Element;
+
+import java.util.Vector;
+
+public interface Processor {
+ public void handleToken(Element elem, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException;
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=280700&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java Tue Sep 13 15:43:27 2005
@@ -0,0 +1,47 @@
+package org.apache.ws.security.processor;
+
+import org.w3c.dom.Element;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+
+import java.util.Vector;
+
+public class SAMLTokenProcessor implements Processor {
+ private static Log log = LogFactory.getLog(SAMLTokenProcessor.class.getName());
+ public void handleToken(Element elem, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ if (log.isDebugEnabled()) {
+ log.debug("Found SAML Assertion element");
+ }
+ SAMLAssertion assertion = handleSAMLToken((Element) elem);
+ wsDocInfo.setAssertion((Element) elem);
+ returnResults.add(0,
+ new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion));
+
+ }
+
+ public SAMLAssertion handleSAMLToken(Element token) throws WSSecurityException {
+ boolean result = false;
+ SAMLAssertion assertion = null;
+ try {
+ assertion = new SAMLAssertion(token);
+ result = true;
+ if (log.isDebugEnabled()) {
+ log.debug("SAML Assertion issuer " + assertion.getIssuer());
+ }
+ } catch (SAMLException e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAMLsecurity", null, e);
+ }
+ if (!result) {
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+ return assertion;
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org