You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/10/11 20:03:15 UTC
svn commit: r1181995 [19/26] - in /webservices/wss4j/branches/swssf: ./
cxf-integration/ cxf-integration/src/main/java/org/swssf/cxfIntegration/
cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/
cxf-integration/src/main/java/org/swssf...
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/pom.xml)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml?p2=webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml&p1=webservices/wss4j/branches/swssf/streaming-ws-security/pom.xml&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/pom.xml (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml Tue Oct 11 18:03:00 2011
@@ -10,13 +10,12 @@
<version>1.0.0</version>
</parent>
<groupId>org.swssf</groupId>
- <artifactId>streaming-ws-security</artifactId>
+ <artifactId>streaming-xml-security</artifactId>
<version>1.0.0</version>
- <name>Streaming WebService Security</name>
+ <name>Streaming XML Security</name>
<properties>
<bcprov.version>1.45</bcprov.version>
- <opensaml.version>2.4.1</opensaml.version>
</properties>
<dependencies>
@@ -36,94 +35,6 @@
<version>1.4</version>
</dependency>
<dependency>
- <groupId>org.apache.neethi</groupId>
- <artifactId>neethi</artifactId>
- <version>2.0.4</version>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.woodstox</groupId>
- <artifactId>wstx-asl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.santuario</groupId>
- <artifactId>xmlsec</artifactId>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>${opensaml.version}</version>
- <scope>compile</scope>
- <exclusions>
- <exclusion>
- <groupId>velocity</groupId>
- <artifactId>velocity</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jul-to-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-ext-jdk15</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
- </exclusion>
- <exclusion>
- <groupId>ca.juliusdavies</groupId>
- <artifactId>not-yet-commons-ssl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>net.jcip</groupId>
- <artifactId>jcip-annotations</artifactId>
- </exclusion>
- <exclusion>
- <groupId>xml-resolver</groupId>
- <artifactId>xml-resolver</artifactId>
- </exclusion>
- <exclusion>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-httpclient</groupId>
- <artifactId>commons-httpclient</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-lang</groupId>
- <artifactId>commons-lang</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.apache.santuario</groupId>
- <artifactId>xmlsec</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>jcs</groupId>
<artifactId>jcs</artifactId>
<version>1.3</version>
@@ -200,18 +111,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.apache.ws.security</groupId>
- <artifactId>wss4j</artifactId>
- <version>1.6.0</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>javax.xml</groupId>
- <artifactId>jaxrpc-api</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
@@ -246,19 +145,6 @@
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <groups>${test.groups}</groups>
- <argLine>-Xmx2000m</argLine>
- <excludes>
- <exclude>**/ProfilingTest.java</exclude>
- <exclude>**/PerformanceMemoryTest.java</exclude>
- <exclude>**/PerformanceTimingTest.java</exclude>
- </excludes>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/ConfigurationProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/ConfigurationProperties.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/ConfigurationProperties.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/ConfigurationProperties.java Tue Oct 11 18:03:00 2011
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.config;
+package org.swssf.xmlsec.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -42,7 +42,7 @@ public class ConfigurationProperties {
super();
}
- protected static void init(PropertiesType propertiesType) throws Exception {
+ protected synchronized static void init(PropertiesType propertiesType) throws Exception {
properties = new Properties();
List<PropertyType> handlerList = propertiesType.getProperty();
for (int i = 0; i < handlerList.size(); i++) {
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/Init.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/Init.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/Init.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/Init.java Tue Oct 11 18:03:00 2011
@@ -16,10 +16,10 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.config;
+package org.swssf.xmlsec.config;
-import org.swssf.ext.WSSConfigurationException;
-import org.swssf.ext.WSSecurityException;
+import org.swssf.xmlsec.ext.XMLSecurityConfigurationException;
+import org.swssf.xmlsec.ext.XMLSecurityException;
import org.xmlsecurity.ns.configuration.ConfigurationType;
import javax.xml.XMLConstants;
@@ -42,7 +42,7 @@ public class Init {
private static String initialized = null;
@SuppressWarnings("unchecked")
- public synchronized static void init(URL url) throws WSSecurityException {
+ public synchronized static void init(URL url) throws XMLSecurityException {
if (initialized == null || (url != null && !url.toExternalForm().equals(initialized))) {
try {
JAXBContext jaxbContext = JAXBContext.newInstance("org.xmlsecurity.ns.configuration");
@@ -63,7 +63,7 @@ public class Init {
TransformerAlgorithmMapper.init(configurationTypeJAXBElement.getValue().getTransformAlgorithms());
} catch (Exception e) {
- throw new WSSConfigurationException(WSSecurityException.ErrorCode.FAILURE, null, e);
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, null, e);
}
initialized = "security-config.xml";
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/JCEAlgorithmMapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/JCEAlgorithmMapper.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/JCEAlgorithmMapper.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/JCEAlgorithmMapper.java Tue Oct 11 18:03:00 2011
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.config;
+package org.swssf.xmlsec.config;
import org.xmlsecurity.ns.configuration.AlgorithmType;
import org.xmlsecurity.ns.configuration.JCEAlgorithmMappingsType;
@@ -41,7 +41,7 @@ public class JCEAlgorithmMapper {
private JCEAlgorithmMapper() {
}
- protected static void init(JCEAlgorithmMappingsType jceAlgorithmMappingsType) throws Exception {
+ protected synchronized static void init(JCEAlgorithmMappingsType jceAlgorithmMappingsType) throws Exception {
List<AlgorithmType> algorithms = jceAlgorithmMappingsType.getAlgorithms().getAlgorithm();
uriToJCEName = new HashMap<String, String>(algorithms.size());
algorithmsMap = new HashMap<String, AlgorithmType>(algorithms.size());
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/SecurityHeaderHandlerMapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/SecurityHeaderHandlerMapper.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/SecurityHeaderHandlerMapper.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/SecurityHeaderHandlerMapper.java Tue Oct 11 18:03:00 2011
@@ -16,11 +16,11 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.config;
+package org.swssf.xmlsec.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.swssf.ext.Utils;
+import org.swssf.xmlsec.ext.XMLSecurityUtils;
import org.xmlsecurity.ns.configuration.HandlerType;
import org.xmlsecurity.ns.configuration.SecurityHeaderHandlersType;
@@ -45,7 +45,7 @@ public class SecurityHeaderHandlerMapper
private SecurityHeaderHandlerMapper() {
}
- protected static void init(SecurityHeaderHandlersType securityHeaderHandlersType) throws Exception {
+ protected synchronized static void init(SecurityHeaderHandlersType securityHeaderHandlersType) throws Exception {
handlerMap = new HashMap<QName, HandlerType>();
handlerClassMap = new HashMap<QName, Class>();
List<HandlerType> handlerList = securityHeaderHandlersType.getHandler();
@@ -53,7 +53,7 @@ public class SecurityHeaderHandlerMapper
HandlerType handlerType = handlerList.get(i);
QName qName = new QName(handlerType.getURI(), handlerType.getNAME());
handlerMap.put(qName, handlerType);
- handlerClassMap.put(qName, Utils.loadClass(handlerType.getJAVACLASS()));
+ handlerClassMap.put(qName, XMLSecurityUtils.loadClass(handlerType.getJAVACLASS()));
}
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/TransformerAlgorithmMapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/TransformerAlgorithmMapper.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/TransformerAlgorithmMapper.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/config/TransformerAlgorithmMapper.java Tue Oct 11 18:03:00 2011
@@ -16,13 +16,13 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.config;
+package org.swssf.xmlsec.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.swssf.ext.Transformer;
-import org.swssf.ext.Utils;
-import org.swssf.ext.WSSecurityException;
+import org.swssf.xmlsec.ext.Transformer;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.ext.XMLSecurityUtils;
import org.xmlsecurity.ns.configuration.TransformAlgorithmType;
import org.xmlsecurity.ns.configuration.TransformAlgorithmsType;
@@ -48,7 +48,7 @@ public class TransformerAlgorithmMapper
}
@SuppressWarnings("unchecked")
- protected static void init(TransformAlgorithmsType transformAlgorithms) throws Exception {
+ protected synchronized static void init(TransformAlgorithmsType transformAlgorithms) throws Exception {
List<TransformAlgorithmType> algorithms = transformAlgorithms.getTransformAlgorithm();
algorithmsMap = new HashMap<String, TransformAlgorithmType>(algorithms.size());
algorithmsClassMap = new HashMap<String, Class<Transformer>>();
@@ -56,14 +56,14 @@ public class TransformerAlgorithmMapper
for (int i = 0; i < algorithms.size(); i++) {
TransformAlgorithmType algorithmType = algorithms.get(i);
algorithmsMap.put(algorithmType.getURI(), algorithmType);
- algorithmsClassMap.put(algorithmType.getURI(), Utils.loadClass(algorithmType.getJAVACLASS()));
+ algorithmsClassMap.put(algorithmType.getURI(), XMLSecurityUtils.loadClass(algorithmType.getJAVACLASS()));
}
}
- public static Class<Transformer> getTransformerClass(String algoURI) throws WSSecurityException {
+ public static Class<Transformer> getTransformerClass(String algoURI) throws XMLSecurityException {
Class<Transformer> clazz = algorithmsClassMap.get(algoURI);
if (clazz == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
return clazz;
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java Tue Oct 11 18:03:00 2011
@@ -17,9 +17,9 @@
* under the License.
*/
-package org.swssf.crypto;
+package org.swssf.xmlsec.crypto;
-import org.swssf.ext.WSSecurityException;
+import org.swssf.xmlsec.ext.XMLSecurityException;
import java.io.InputStream;
import java.math.BigInteger;
@@ -46,9 +46,10 @@ public interface Crypto {
*
* @param in The <code>InputStream</code> array containing the X509 data
* @return An X509 certificate
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- X509Certificate loadCertificate(InputStream in) throws WSSecurityException;
+ X509Certificate loadCertificate(InputStream in) throws XMLSecurityException;
/**
* Construct an array of X509Certificate's from the byte array.
@@ -59,9 +60,10 @@ public interface Crypto {
* the last in the array
* @return An array of X509 certificates, ordered according to
* the reverse flag
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException;
+ X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws XMLSecurityException;
/**
* Gets the private key identified by <code>alias</> and <code>password</code>.
@@ -72,7 +74,7 @@ public interface Crypto {
* @return The private key
* @throws Exception
*/
- public PrivateKey getPrivateKey(String alias, String password) throws WSSecurityException;
+ public PrivateKey getPrivateKey(String alias, String password) throws XMLSecurityException;
/**
* get the list of certificates for a given alias. This method
@@ -84,7 +86,7 @@ public interface Crypto {
* @return Array of X509 certificates for this alias name, or
* null if this alias does not exist in the keystore
*/
- public X509Certificate[] getCertificates(String alias) throws WSSecurityException;
+ public X509Certificate[] getCertificates(String alias) throws XMLSecurityException;
/**
* Return a X509 Certificate alias in the keystore according to a given Certificate
@@ -101,7 +103,7 @@ public interface Crypto {
/*
* See comment above
*/
- public String getAliasForX509Cert(Certificate cert) throws WSSecurityException;
+ public String getAliasForX509Cert(Certificate cert) throws XMLSecurityException;
/**
* Search a X509 Certificate in the keystore according to a given serial number and
@@ -116,7 +118,7 @@ public interface Crypto {
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
- public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException;
+ public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws XMLSecurityException;
/**
* Search a X509 Certificate in the keystore according to a given serial number and
@@ -131,7 +133,7 @@ public interface Crypto {
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
- public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws WSSecurityException;
+ public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws XMLSecurityException;
/**
* Lookup a X509 Certificate in the keystore according to a given
@@ -145,7 +147,7 @@ public interface Crypto {
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
- public String getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException;
+ public String getAliasForX509Cert(byte[] skiBytes) throws XMLSecurityException;
/**
* Retrieves the alias name of the default certificate which has been
@@ -165,7 +167,7 @@ public interface Crypto {
* @param cert The certificate to read SKI
* @return The byte array containing the binary SKI data
*/
- public byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException;
+ public byte[] getSKIBytesFromCert(X509Certificate cert) throws XMLSecurityException;
/**
* Lookup a X509 Certificate in the keystore according to a given
@@ -178,27 +180,30 @@ public interface Crypto {
* @param thumb The SHA1 thumbprint info bytes
* @return alias name of the certificate that matches the thumbprint
* or null if no such certificate was found.
- * @throws WSSecurityException if problems during keystore handling or wrong certificate
+ * @throws org.swssf.ext.XMLSecurityException
+ * if problems during keystore handling or wrong certificate
*/
- public String getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException;
+ public String getAliasForX509CertThumb(byte[] thumb) throws XMLSecurityException;
/**
* Gets the CertificateFactory instantiated by the underlying implementation
*
* @return the CertificateFactory
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- public CertificateFactory getCertificateFactory() throws WSSecurityException;
+ public CertificateFactory getCertificateFactory() throws XMLSecurityException;
/**
* Evaluate whether a given certificate chain should be trusted.
*
* @param certs Certificate chain to validate
* @return true if the certificate chain is valid, false otherwise
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- public boolean verifyTrust(X509Certificate[] certs) throws WSSecurityException;
+ public boolean verifyTrust(X509Certificate[] certs) throws XMLSecurityException;
/**
* Evaluate whether a given public key should be trusted.
@@ -206,5 +211,5 @@ public interface Crypto {
* @param publicKey The PublicKey to be evaluated
* @return whether the PublicKey parameter is trusted or not
*/
- public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException;
+ public boolean verifyTrust(PublicKey publicKey) throws XMLSecurityException;
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java Tue Oct 11 18:03:00 2011
@@ -16,12 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.crypto;
+package org.swssf.xmlsec.crypto;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.swssf.config.ConfigurationProperties;
-import org.swssf.ext.WSSecurityException;
+import org.swssf.xmlsec.config.ConfigurationProperties;
+import org.swssf.xmlsec.ext.XMLSecurityException;
import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayInputStream;
@@ -140,9 +140,10 @@ public abstract class CryptoBase impleme
*
* @return Returns a <code>CertificateFactory</code> to construct
* X509 certificates
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- public CertificateFactory getCertificateFactory() throws WSSecurityException {
+ public CertificateFactory getCertificateFactory() throws XMLSecurityException {
String provider = getCryptoProvider();
String keyStoreProvider = null;
if (keystore != null) {
@@ -196,9 +197,9 @@ public abstract class CryptoBase impleme
}
certFactMap.put(factory.getProvider().getName(), factory);
} catch (CertificateException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e);
} catch (NoSuchProviderException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSecProvider", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "noSecProvider", e);
}
}
}
@@ -211,13 +212,14 @@ public abstract class CryptoBase impleme
*
* @param in The <code>InputStream</code> array containing the X509 data
* @return Returns a X509 certificate
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- public X509Certificate loadCertificate(InputStream in) throws WSSecurityException {
+ public X509Certificate loadCertificate(InputStream in) throws XMLSecurityException {
try {
return (X509Certificate) getCertificateFactory().generateCertificate(in);
} catch (CertificateException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
}
}
@@ -230,19 +232,19 @@ public abstract class CryptoBase impleme
* @return The private key
* @throws Exception
*/
- public PrivateKey getPrivateKey(String alias, String password) throws WSSecurityException {
+ public PrivateKey getPrivateKey(String alias, String password) throws XMLSecurityException {
if (alias == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "aliasIsNull");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "aliasIsNull");
}
try {
boolean b = keystore.isKeyEntry(alias);
if (!b) {
String msg = "Cannot find key for alias: [" + alias + "]";
String logMsg = createKeyStoreErrorMessage(keystore);
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "keyError", msg + logMsg);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "keyError", msg + logMsg);
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, null, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, null, e);
}
Key keyTmp;
@@ -252,14 +254,14 @@ public abstract class CryptoBase impleme
String msg = "Key is not a private key, alias: [" + alias + "]";
String logMsg = null;
logMsg = createKeyStoreErrorMessage(keystore);
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "keyError", msg + logMsg);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "keyError", msg + logMsg);
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (UnrecoverableKeyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
return (PrivateKey) keyTmp;
}
@@ -292,7 +294,7 @@ public abstract class CryptoBase impleme
return new X500Principal(s);
}
- public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException {
+ public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws XMLSecurityException {
Object issuerName;
Certificate[] certificates;
@@ -337,7 +339,7 @@ public abstract class CryptoBase impleme
}
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
return null;
}
@@ -355,7 +357,7 @@ public abstract class CryptoBase impleme
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
- public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws WSSecurityException {
+ public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws XMLSecurityException {
Object issuerName;
Certificate[] certificates;
@@ -404,7 +406,7 @@ public abstract class CryptoBase impleme
}
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
return null;
}
@@ -420,9 +422,10 @@ public abstract class CryptoBase impleme
* @param skiBytes The SKI info bytes
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
- * @throws WSSecurityException if problems during keystore handling or wrong certificate (no SKI data)
+ * @throws org.swssf.ext.XMLSecurityException
+ * if problems during keystore handling or wrong certificate (no SKI data)
*/
- public String getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException {
+ public String getAliasForX509Cert(byte[] skiBytes) throws XMLSecurityException {
Certificate cert = null;
try {
@@ -450,7 +453,7 @@ public abstract class CryptoBase impleme
}
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
return null;
}
@@ -463,7 +466,7 @@ public abstract class CryptoBase impleme
* @return alias name of the certificate that matches the given certificate
* or null if no such certificate was found.
*/
- public String getAliasForX509Cert(Certificate cert) throws WSSecurityException {
+ public String getAliasForX509Cert(Certificate cert) throws XMLSecurityException {
try {
if (keystore == null) {
return null;
@@ -485,7 +488,7 @@ public abstract class CryptoBase impleme
}
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
return null;
}
@@ -499,7 +502,7 @@ public abstract class CryptoBase impleme
* @return Array of X509 certificates for this alias name, or
* null if this alias does not exist in the keystore
*/
- public X509Certificate[] getCertificates(String alias) throws WSSecurityException {
+ public X509Certificate[] getCertificates(String alias) throws XMLSecurityException {
Certificate[] certs = null;
Certificate cert = null;
try {
@@ -528,7 +531,7 @@ public abstract class CryptoBase impleme
return null;
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
X509Certificate[] x509certs = new X509Certificate[certs.length];
@@ -549,9 +552,10 @@ public abstract class CryptoBase impleme
* @param thumb The SHA1 thumbprint info bytes
* @return alias name of the certificate that matches the thumbprint
* or null if no such certificate was found.
- * @throws WSSecurityException if problems during keystore handling or wrong certificate
+ * @throws org.swssf.ext.XMLSecurityException
+ * if problems during keystore handling or wrong certificate
*/
- public String getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException {
+ public String getAliasForX509CertThumb(byte[] thumb) throws XMLSecurityException {
Certificate cert = null;
MessageDigest sha = null;
@@ -559,7 +563,7 @@ public abstract class CryptoBase impleme
sha = MessageDigest.getInstance("SHA-1");
sha.reset();
} catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSHA1availabe", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "noSHA1availabe", e);
}
try {
for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) {
@@ -580,7 +584,7 @@ public abstract class CryptoBase impleme
try {
sha.update(cert.getEncoded());
} catch (CertificateEncodingException ex) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "encodeError", ex);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "encodeError", ex);
}
byte[] data = sha.digest();
@@ -589,7 +593,7 @@ public abstract class CryptoBase impleme
}
}
} catch (KeyStoreException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "keystore", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILURE, "keystore", e);
}
return null;
}
@@ -601,12 +605,12 @@ public abstract class CryptoBase impleme
* try to compute the SKI according to RFC3280 using the
* SHA-1 hash value of the public key. The second method described
* in RFC3280 is not support. Also only RSA public keys are supported.
- * If we cannot compute the SKI throw a WSSecurityException.
+ * If we cannot compute the SKI throw a XMLSecurityException.
*
* @param cert The certificate to read SKI
* @return The byte array containing the binary SKI data
*/
- public byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException {
+ public byte[] getSKIBytesFromCert(X509Certificate cert) throws XMLSecurityException {
//
// Gets the DER-encoded OCTET string for the extension value (extnValue)
// identified by the passed-in oid String. The oid string is represented
@@ -617,7 +621,7 @@ public abstract class CryptoBase impleme
if (cert.getVersion() < 3 || derEncodedValue == null) {
PublicKey key = cert.getPublicKey();
if (!(key instanceof RSAPublicKey)) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling", "Support for RSA key only");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling", "Support for RSA key only");
}
byte[] encoded = key.getEncoded();
// remove 22-byte algorithm ID and header
@@ -627,8 +631,8 @@ public abstract class CryptoBase impleme
try {
sha = MessageDigest.getInstance("SHA-1");
} catch (NoSuchAlgorithmException ex) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling",
ex, "Wrong certificate version (<3) and no SHA1 message digest availabe"
);
}
@@ -656,16 +660,16 @@ public abstract class CryptoBase impleme
* the last in the array
* @return An array of X509 certificates, ordered according to
* the reverse flag
- * @throws org.swssf.ext.WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
*
*/
- public X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException {
+ public X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws XMLSecurityException {
InputStream in = new ByteArrayInputStream(data);
CertPath path = null;
try {
path = getCertificateFactory().generateCertPath(in);
} catch (CertificateException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
}
List<? extends Certificate> l = path.getCertificates();
X509Certificate[] certs = new X509Certificate[l.size()];
@@ -682,9 +686,10 @@ public abstract class CryptoBase impleme
*
* @param certs Certificate chain to validate
* @return true if the certificate chain is valid, false otherwise
- * @throws WSSecurityException
+ * @throws org.swssf.ext.XMLSecurityException
+ *
*/
- public boolean verifyTrust(X509Certificate[] certs) throws WSSecurityException {
+ public boolean verifyTrust(X509Certificate[] certs) throws XMLSecurityException {
try {
// Generate cert path
List<X509Certificate> certList = Arrays.asList(certs);
@@ -736,33 +741,33 @@ public abstract class CryptoBase impleme
validator.validate(path, param);
return true;
} catch (java.security.NoSuchProviderException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "certpath",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE, "certpath",
e, e.getMessage()
);
} catch (java.security.NoSuchAlgorithmException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE,
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE,
"certpath", e, e.getMessage()
);
} catch (java.security.cert.CertificateException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "certpath",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE, "certpath",
e, e.getMessage()
);
} catch (java.security.InvalidAlgorithmParameterException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "certpath",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE, "certpath",
e, e.getMessage()
);
} catch (java.security.cert.CertPathValidatorException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "certpath",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE, "certpath",
e, e.getMessage()
);
} catch (java.security.KeyStoreException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "certpath",
+ throw new XMLSecurityException(
+ XMLSecurityException.ErrorCode.FAILURE, "certpath",
e, e.getMessage()
);
}
@@ -774,7 +779,7 @@ public abstract class CryptoBase impleme
* @param publicKey The PublicKey to be evaluated
* @return whether the PublicKey parameter is trusted or not
*/
- public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException {
+ public boolean verifyTrust(PublicKey publicKey) throws XMLSecurityException {
//
// If the public key is null, do not trust the signature
//
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java?rev=1181995&r1=1179730&r2=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java Tue Oct 11 18:03:00 2011
@@ -16,11 +16,11 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.crypto;
+package org.swssf.xmlsec.crypto;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.swssf.config.ConfigurationProperties;
+import org.swssf.xmlsec.config.ConfigurationProperties;
/**
* class lent from apache wss4j
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractBufferingOutputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractBufferingOutputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractBufferingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,16 +16,11 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.ext;
+package org.swssf.xmlsec.ext;
-import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.EndElement;
-import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.util.ArrayDeque;
-import java.util.Iterator;
/**
* An abstract OutputProcessor class for reusabilty
@@ -38,10 +33,14 @@ public abstract class AbstractBufferingO
private ArrayDeque<XMLEvent> xmlEventBuffer = new ArrayDeque<XMLEvent>();
private String appendAfterThisTokenId;
- protected AbstractBufferingOutputProcessor(SecurityProperties securityProperties, Constants.Action action) throws WSSecurityException {
+ protected AbstractBufferingOutputProcessor(XMLSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
super(securityProperties, action);
}
+ public ArrayDeque<XMLEvent> getXmlEventBuffer() {
+ return xmlEventBuffer;
+ }
+
protected String getAppendAfterThisTokenId() {
return appendAfterThisTokenId;
}
@@ -51,116 +50,12 @@ public abstract class AbstractBufferingO
}
@Override
- public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
xmlEventBuffer.push(xmlEvent);
}
@Override
- public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
- OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-
- //loop until we reach our security header and set flag
- Iterator<XMLEvent> xmlEventIterator = xmlEventBuffer.descendingIterator();
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- if (startElement.getName().equals(Constants.TAG_wsse_Security)
- && Utils.isResponsibleActorOrRole(
- startElement,
- subOutputProcessorChain.getDocumentContext().getSOAPMessageVersionNamespace(),
- getSecurityProperties().getActor())) {
- subOutputProcessorChain.getDocumentContext().setInSecurityHeader(true);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
-
- //append current header
- if (getAppendAfterThisTokenId() == null) {
- processHeaderEvent(subOutputProcessorChain);
- } else {
- //we have a dependent token. so we have to append the current header after the token
- boolean found = false;
- while (xmlEventIterator.hasNext() && !found) {
- XMLEvent xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //search for an element with a matching wsu:Id. this is our token
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- QName matchingElementName;
-
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = startElement.getAttributes();
- while (attributeIterator.hasNext() && !found) {
- Attribute attribute = attributeIterator.next();
- final QName attributeName = attribute.getName();
- final String attributeValue = attribute.getValue();
- if ((Constants.ATT_wsu_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (Constants.ATT_NULL_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (Constants.ATT_NULL_AssertionID.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (Constants.ATT_NULL_ID.equals(attributeName) && getAppendAfterThisTokenId().endsWith(attributeValue))) {
- matchingElementName = startElement.getName();
- //we found the token and...
- int level = 0;
- while (xmlEventIterator.hasNext() && !found) {
- xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //loop until we reach the token end element
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (level == 0 && endElement.getName().equals(matchingElementName)) {
- found = true;
- //output now the current header
- processHeaderEvent(subOutputProcessorChain);
- }
- level--;
- } else if (xmlEvent.isStartElement()) {
- level++;
- }
- }
- }
- }
- }
- }
- }
- //loop until our security header end element and unset the flag
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (endElement.getName().equals(Constants.TAG_wsse_Security)) {
- subOutputProcessorChain.getDocumentContext().setInSecurityHeader(false);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- //loop throug the rest of the document
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- subOutputProcessorChain.reset();
- //call final on the rest of the chain
- subOutputProcessorChain.doFinal();
- //this processor is now finished and we can remove it now
- subOutputProcessorChain.removeProcessor(this);
- }
+ public abstract void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
- protected abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException;
+ protected abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
}
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,12 +16,14 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.ext;
+package org.swssf.xmlsec.ext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.util.HashSet;
import java.util.Set;
@@ -36,21 +38,21 @@ public abstract class AbstractInputProce
protected final transient Log logger = LogFactory.getLog(this.getClass());
- private SecurityProperties securityProperties;
+ private XMLSecurityProperties securityProperties;
- private Constants.Phase phase = Constants.Phase.PROCESSING;
+ private XMLSecurityConstants.Phase phase = XMLSecurityConstants.Phase.PROCESSING;
private Set<Object> beforeProcessors = new HashSet<Object>();
private Set<Object> afterProcessors = new HashSet<Object>();
- public AbstractInputProcessor(SecurityProperties securityProperties) {
+ public AbstractInputProcessor(XMLSecurityProperties securityProperties) {
this.securityProperties = securityProperties;
}
- public Constants.Phase getPhase() {
+ public XMLSecurityConstants.Phase getPhase() {
return phase;
}
- public void setPhase(Constants.Phase phase) {
+ public void setPhase(XMLSecurityConstants.Phase phase) {
this.phase = phase;
}
@@ -62,15 +64,19 @@ public abstract class AbstractInputProce
return afterProcessors;
}
- public abstract XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException;
+ public abstract XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException;
- public abstract XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException;
+ public abstract XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException;
- public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
inputProcessorChain.doFinal();
}
- public SecurityProperties getSecurityProperties() {
+ public XMLSecurityProperties getSecurityProperties() {
return securityProperties;
}
+
+ public Attribute getReferenceIDAttribute(StartElement startElement) {
+ return startElement.getAttributeByName(XMLSecurityConstants.ATT_NULL_Id);
+ }
}
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputSecurityHeaderHandler.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputSecurityHeaderHandler.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractInputSecurityHeaderHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java Tue Oct 11 18:03:00 2011
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.ext;
+package org.swssf.xmlsec.ext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -38,7 +38,7 @@ public abstract class AbstractInputSecur
protected abstract Parseable getParseable(StartElement startElement);
- protected Parseable parseStructure(Deque<XMLEvent> eventDeque, int index) throws WSSecurityException {
+ protected Parseable parseStructure(Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException {
Iterator<XMLEvent> iterator = eventDeque.descendingIterator();
//skip to <XY> Element
int i = 0;
@@ -48,11 +48,11 @@ public abstract class AbstractInputSecur
}
if (!iterator.hasNext()) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "unexpectedEndOfXML");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "unexpectedEndOfXML");
}
XMLEvent xmlEvent = iterator.next();
if (!xmlEvent.isStartElement()) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "notAStartElement");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "notAStartElement");
}
Parseable parseable = getParseable(xmlEvent.asStartElement());
@@ -63,7 +63,7 @@ public abstract class AbstractInputSecur
}
parseable.validate();
} catch (ParseException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, e);
}
return parseable;
}
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,25 +16,17 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.ext;
+package org.swssf.xmlsec.ext;
-import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.swssf.crypto.Merlin;
-import org.swssf.impl.EncryptionPartDef;
-import org.swssf.impl.util.RFC2253Parser;
+import org.swssf.xmlsec.impl.EncryptionPartDef;
+import org.swssf.xmlsec.impl.util.RFC2253Parser;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.*;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.*;
@@ -49,23 +41,23 @@ public abstract class AbstractOutputProc
protected final transient Log logger = LogFactory.getLog(this.getClass());
protected static final XMLEventFactory xmlEventFactory = XMLEventFactory.newFactory();
- protected SecurityProperties securityProperties;
- protected Constants.Action action;
+ protected XMLSecurityProperties securityProperties;
+ protected XMLSecurityConstants.Action action;
- private Constants.Phase phase = Constants.Phase.PROCESSING;
+ private XMLSecurityConstants.Phase phase = XMLSecurityConstants.Phase.PROCESSING;
private Set<Object> beforeProcessors = new HashSet<Object>();
private Set<Object> afterProcessors = new HashSet<Object>();
- protected AbstractOutputProcessor(SecurityProperties securityProperties, Constants.Action action) throws WSSecurityException {
+ protected AbstractOutputProcessor(XMLSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
this.securityProperties = securityProperties;
this.action = action;
}
- public Constants.Phase getPhase() {
+ public XMLSecurityConstants.Phase getPhase() {
return phase;
}
- public void setPhase(Constants.Phase phase) {
+ public void setPhase(XMLSecurityConstants.Phase phase) {
this.phase = phase;
}
@@ -77,21 +69,21 @@ public abstract class AbstractOutputProc
return afterProcessors;
}
- public SecurityProperties getSecurityProperties() {
+ public XMLSecurityProperties getSecurityProperties() {
return securityProperties;
}
- public Constants.Action getAction() {
+ public XMLSecurityConstants.Action getAction() {
return action;
}
- public abstract void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException;
+ public abstract void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
- public void processNextEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void processNextEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
processEvent(xmlEvent, outputProcessorChain);
}
- public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
outputProcessorChain.doFinal();
}
@@ -137,7 +129,7 @@ public abstract class AbstractOutputProc
return new XMLEventNS(startElement, xmlEventNSNamespaces, xmlEventNsAttributes);
}
- protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> namespaces, Map<QName, String> attributes) throws XMLStreamException, WSSecurityException {
+ protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> namespaces, Map<QName, String> attributes) throws XMLStreamException, XMLSecurityException {
List<Attribute> attributeList = new LinkedList<Attribute>();
if (attributes != null) {
Iterator<Map.Entry<QName, String>> attributeIterator = attributes.entrySet().iterator();
@@ -159,7 +151,7 @@ public abstract class AbstractOutputProc
outputAsEvent(outputProcessorChain, startElement);
}
- protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> attributes) throws XMLStreamException, WSSecurityException {
+ protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> attributes) throws XMLStreamException, XMLSecurityException {
List<Namespace> namespaceList = new LinkedList<Namespace>();
namespaceList.add(xmlEventFactory.createNamespace(element.getPrefix(), element.getNamespaceURI()));
@@ -199,11 +191,11 @@ public abstract class AbstractOutputProc
return xmlEventFactory.createEndElement(element, namespaceList.iterator());
}
- protected void createEndElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element) throws XMLStreamException, WSSecurityException {
+ protected void createEndElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element) throws XMLStreamException, XMLSecurityException {
outputAsEvent(outputProcessorChain, createEndElement(element));
}
- protected void createCharactersAndOutputAsEvent(OutputProcessorChain outputProcessorChain, String characters) throws XMLStreamException, WSSecurityException {
+ protected void createCharactersAndOutputAsEvent(OutputProcessorChain outputProcessorChain, String characters) throws XMLStreamException, XMLSecurityException {
outputAsEvent(outputProcessorChain, createCharacters(characters));
}
@@ -219,294 +211,41 @@ public abstract class AbstractOutputProc
return xmlEventFactory.createNamespace(prefix, uri);
}
- protected void outputAsEvent(OutputProcessorChain outputProcessorChain, XMLEvent xmlEvent) throws XMLStreamException, WSSecurityException {
+ protected void outputAsEvent(OutputProcessorChain outputProcessorChain, XMLEvent xmlEvent) throws XMLStreamException, XMLSecurityException {
outputProcessorChain.reset();
outputProcessorChain.processEvent(xmlEvent);
}
- protected void createSecurityTokenReferenceStructureForSignature(
- OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
- Constants.KeyIdentifierType keyIdentifierType,
- boolean useSingleCertificate)
- throws XMLStreamException, WSSecurityException {
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
- if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
- || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
- && !useSingleCertificate) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
- } else if (securityToken.getTokenType() == Constants.TokenType.Saml10Token || securityToken.getTokenType() == Constants.TokenType.Saml11Token) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_SAML11_TOKEN_PROFILE_TYPE);
- } else if (securityToken.getTokenType() == Constants.TokenType.Saml20Token) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_SAML20_TOKEN_PROFILE_TYPE);
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
-
- X509Certificate[] x509Certificates = securityToken.getX509Certificates();
- String tokenId = securityToken.getId();
-
- if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
- createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.EMEDDED_KEYIDENTIFIER_REF) {
- createEmbeddedKeyIdentifierStructure(outputProcessorChain, securityToken.getTokenType(), tokenId);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.USERNAMETOKEN_REFERENCE) {
- createUsernameTokenReferenceStructure(outputProcessorChain, tokenId);
- } else {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedSecurityToken", keyIdentifierType.name());
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
- }
-
- protected void createSecurityTokenReferenceStructureForEncryptedKey(
- OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
- Constants.KeyIdentifierType keyIdentifierType,
- boolean useSingleCertificate)
- throws XMLStreamException, WSSecurityException {
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
- if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
- || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
- && !useSingleCertificate) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
-
- X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
- String tokenId = securityToken.getKeyWrappingToken().getId();
-
- if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
- createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
- } else {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
- }
-
- protected void createSecurityTokenReferenceStructureForDerivedKey(
- OutputProcessorChain outputProcessorChain,
- SecurityToken securityToken,
- Constants.KeyIdentifierType keyIdentifierType,
- Constants.DerivedKeyTokenReference derivedKeyTokenReference,
- boolean useSingleCertificate)
- throws XMLStreamException, WSSecurityException {
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
- if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
- || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
- && !useSingleCertificate) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
- } else if (derivedKeyTokenReference == Constants.DerivedKeyTokenReference.EncryptedKey) {
- attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_WSS_ENC_KEY_VALUE_TYPE);
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
-
- X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
- String tokenId = securityToken.getKeyWrappingToken().getId();
-
- if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
- createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
- } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
- } else {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
- }
-
- protected void createUsernameTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_URI, "#" + tokenId);
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
- }
-
- protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_URI, "#" + referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
- }
-
- protected void createEmbeddedKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, Constants.TokenType tokenType, String referenceId) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- if (tokenType == Constants.TokenType.Saml10Token || tokenType == Constants.TokenType.Saml11Token) {
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_SAML10_TYPE);
- } else if (tokenType == Constants.TokenType.Saml20Token) {
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_SAML20_TYPE);
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
- createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
- }
-
- protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = Constants.NS_X509_V3_TYPE;
- } else {
- valueType = Constants.NS_X509PKIPathv1;
- }
- attributes.put(Constants.ATT_NULL_URI, "#" + referenceId);
- attributes.put(Constants.ATT_NULL_ValueType, valueType);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
- if (embed) {
- createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
- }
-
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = Constants.NS_X509_V3_TYPE;
- } else {
- valueType = Constants.NS_X509PKIPathv1;
- }
- attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(Constants.ATT_NULL_ValueType, valueType);
- attributes.put(Constants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_BinarySecurityToken);
- }
-
- protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_THUMBPRINT);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
- try {
- MessageDigest sha;
- sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(x509Certificates[0].getEncoded());
- byte[] data = sha.digest();
-
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- } catch (CertificateEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
- }
-
- protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_X509_V3_TYPE);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
- try {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } catch (CertificateEncodingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
- }
-
- protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws WSSecurityException, XMLStreamException {
- // As per the 1.1 specification, SKI can only be used for a V3 certificate
- if (x509Certificates[0].getVersion() != 3) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
- }
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_X509SubjectKeyIdentifier);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
- byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
- }
-
- protected void createX509IssuerSerialStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509Data, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerSerial, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerName, null);
+ protected void createX509IssuerSerialStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509Data, null);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509IssuerSerial, null);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509IssuerName, null);
createCharactersAndOutputAsEvent(outputProcessorChain, RFC2253Parser.normalize(x509Certificates[0].getIssuerDN().getName(), true));
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerName);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509SerialNumber, null);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509IssuerName);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509SerialNumber, null);
createCharactersAndOutputAsEvent(outputProcessorChain, x509Certificates[0].getSerialNumber().toString());
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509SerialNumber);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerSerial);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509Data);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509SerialNumber);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509IssuerSerial);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509Data);
}
- protected void createReferenceListStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ protected void createReferenceListStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
List<EncryptionPartDef> encryptionPartDefs = outputProcessorChain.getSecurityContext().getAsList(EncryptionPartDef.class);
if (encryptionPartDefs == null) {
return;
}
Map<QName, String> attributes;
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_ReferenceList, null);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_ReferenceList, null);
//output the references to the encrypted data:
Iterator<EncryptionPartDef> encryptionPartDefIterator = encryptionPartDefs.iterator();
while (encryptionPartDefIterator.hasNext()) {
EncryptionPartDef encryptionPartDef = encryptionPartDefIterator.next();
attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_URI, "#" + encryptionPartDef.getEncRefId());
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_DataReference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_DataReference);
+ attributes.put(XMLSecurityConstants.ATT_NULL_URI, "#" + encryptionPartDef.getEncRefId());
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_DataReference, attributes);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_DataReference);
}
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_ReferenceList);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_ReferenceList);
}
}