You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/10/11 20:03:15 UTC
svn commit: r1181995 [22/26] - in /webservices/wss4j/branches/swssf: ./
cxf-integration/ cxf-integration/src/main/java/org/swssf/cxfIntegration/
cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/
cxf-integration/src/main/java/org/swssf...
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureInputHandler.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureInputHandler.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java Tue Oct 11 18:03:00 2011
@@ -16,16 +16,13 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.input;
+package org.swssf.xmlsec.impl.processor.input;
-import org.swssf.ext.*;
-import org.swssf.impl.algorithms.SignatureAlgorithm;
-import org.swssf.impl.algorithms.SignatureAlgorithmFactory;
-import org.swssf.impl.securityToken.SecurityTokenFactory;
-import org.swssf.impl.util.SignerOutputStream;
-import org.swssf.securityEvent.AlgorithmSuiteSecurityEvent;
-import org.swssf.securityEvent.SecurityEvent;
-import org.swssf.securityEvent.SignatureTokenSecurityEvent;
+import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithm;
+import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithmFactory;
+import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
+import org.swssf.xmlsec.impl.util.SignerOutputStream;
import org.w3._2000._09.xmldsig_.KeyInfoType;
import org.w3._2000._09.xmldsig_.SignatureType;
@@ -48,23 +45,24 @@ import java.util.Iterator;
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SignatureInputHandler extends AbstractInputSecurityHeaderHandler {
+public abstract class AbstractSignatureInputHandler extends AbstractInputSecurityHeaderHandler {
- public SignatureInputHandler(InputProcessorChain inputProcessorChain, SecurityProperties securityProperties, Deque<XMLEvent> eventQueue, Integer index) throws WSSecurityException, XMLStreamException {
+ public AbstractSignatureInputHandler(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, Deque<XMLEvent> eventQueue, Integer index) throws XMLSecurityException, XMLStreamException {
final SignatureType signatureType = (SignatureType) parseStructure(eventQueue, index);
verifySignedInfo(inputProcessorChain, securityProperties, signatureType, eventQueue, index);
+ addSignatureReferenceInputProcessorToChain(inputProcessorChain, securityProperties, signatureType);
}
@Override
- protected Parseable getParseable(StartElement startElement) {
- return new SignatureType(startElement);
- }
+ protected abstract Parseable getParseable(StartElement startElement);
+
+ protected abstract void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, SignatureType signatureType);
- private void verifySignedInfo(InputProcessorChain inputProcessorChain, SecurityProperties securityProperties, SignatureType signatureType, Deque<XMLEvent> eventDeque, int index) throws WSSecurityException, XMLStreamException {
+ protected void verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, SignatureType signatureType, Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException, XMLStreamException {
//todo reparse SignedInfo when custom canonicalization method is used
//verify SignedInfo
- SignatureVerifier signatureVerifier = new SignatureVerifier(signatureType, inputProcessorChain.getSecurityContext(), securityProperties);
+ SignatureVerifier signatureVerifier = newSignatureVerifier(inputProcessorChain, securityProperties, signatureType);
Iterator<XMLEvent> iterator = eventDeque.descendingIterator();
//skip to <Signature> Element
@@ -77,9 +75,9 @@ public class SignatureInputHandler exten
boolean verifyElement = false;
while (iterator.hasNext()) {
XMLEvent xmlEvent = iterator.next();
- if (xmlEvent.isStartElement() && xmlEvent.asStartElement().getName().equals(Constants.TAG_dsig_SignedInfo)) {
+ if (xmlEvent.isStartElement() && xmlEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
verifyElement = true;
- } else if (xmlEvent.isEndElement() && xmlEvent.asEndElement().getName().equals(Constants.TAG_dsig_SignedInfo)) {
+ } else if (xmlEvent.isEndElement() && xmlEvent.asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
signatureVerifier.processEvent(xmlEvent);
break;
}
@@ -88,11 +86,12 @@ public class SignatureInputHandler exten
}
}
signatureVerifier.doFinal();
-
- //add processors to verify references
- inputProcessorChain.addProcessor(new SignatureReferenceVerifyInputProcessor(signatureType, securityProperties));
}
+ protected abstract SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain,
+ XMLSecurityProperties securityProperties,
+ final SignatureType signatureType) throws XMLSecurityException;
+
/*
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1022834285">
<ds:SignedInfo>
@@ -129,52 +128,36 @@ public class SignatureInputHandler exten
public static class SignatureVerifier {
private SignatureType signatureType;
- private SecurityContext securityContext;
- private SecurityProperties securityProperties;
private SignerOutputStream signerOutputStream;
private OutputStream bufferedSignerOutputStream;
private Transformer transformer;
- public SignatureVerifier(SignatureType signatureType, SecurityContext securityContext, SecurityProperties securityProperties) throws WSSecurityException {
+ public SignatureVerifier(SignatureType signatureType, SecurityContext securityContext,
+ XMLSecurityProperties securityProperties) throws XMLSecurityException {
this.signatureType = signatureType;
- this.securityContext = securityContext;
- this.securityProperties = securityProperties;
+
+ KeyInfoType keyInfoType = signatureType.getKeyInfo();
+ SecurityToken securityToken = SecurityTokenFactory.newInstance().getSecurityToken(keyInfoType,
+ securityProperties.getSignatureVerificationCrypto(), securityProperties.getCallbackHandler(),
+ securityContext, this);
+ securityToken.verify();
try {
- createSignatureAlgorithm();
+ createSignatureAlgorithm(securityToken);
} catch (Exception e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
- private void createSignatureAlgorithm() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, CertificateException, WSSecurityException {
- KeyInfoType keyInfoType = signatureType.getKeyInfo();
- SecurityToken securityToken = SecurityTokenFactory.newInstance().getSecurityToken(keyInfoType, securityProperties.getSignatureVerificationCrypto(), securityProperties.getCallbackHandler(), securityContext, this);
- securityToken.verify();
-
- SignatureTokenSecurityEvent signatureTokenSecurityEvent = new SignatureTokenSecurityEvent(SecurityEvent.Event.SignatureToken);
- signatureTokenSecurityEvent.setSecurityToken(securityToken);
- signatureTokenSecurityEvent.setSignatureValue(signatureType.getSignatureValue().getValue());
- securityContext.registerSecurityEvent(signatureTokenSecurityEvent);
-
- /*AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
- algorithmSuiteSecurityEvent.setAlgorithmURI(signatureType.getSignedInfo().getSignatureMethod().getAlgorithm());
- algorithmSuiteSecurityEvent.setKeyUsage();
- securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
- */
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
- algorithmSuiteSecurityEvent.setAlgorithmURI(signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm());
- algorithmSuiteSecurityEvent.setKeyUsage(Constants.KeyUsage.C14n);
- securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ protected void createSignatureAlgorithm(SecurityToken securityToken) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, CertificateException, XMLSecurityException {
Key verifyKey;
if (securityToken.isAsymmetric()) {
- verifyKey = securityToken.getPublicKey(Constants.KeyUsage.Asym_Sig);
+ verifyKey = securityToken.getPublicKey(XMLSecurityConstants.Asym_Sig);
} else {
verifyKey = securityToken.getSecretKey(
- signatureType.getSignedInfo().getSignatureMethod().getAlgorithm(), Constants.KeyUsage.Sym_Sig);
+ signatureType.getSignedInfo().getSignatureMethod().getAlgorithm(), XMLSecurityConstants.Sym_Sig);
}
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(signatureType.getSignedInfo().getSignatureMethod().getAlgorithm());
@@ -183,30 +166,30 @@ public class SignatureInputHandler exten
bufferedSignerOutputStream = new BufferedOutputStream(signerOutputStream);
try {
- transformer = Utils.getTransformer(signatureType.getSignedInfo().getCanonicalizationMethod().getInclusiveNamespaces(), this.bufferedSignerOutputStream, signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm());
+ transformer = XMLSecurityUtils.getTransformer(signatureType.getSignedInfo().getCanonicalizationMethod().getInclusiveNamespaces(), this.bufferedSignerOutputStream, signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm());
} catch (NoSuchMethodException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (InstantiationException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (IllegalAccessException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (InvocationTargetException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
- public void processEvent(XMLEvent xmlEvent) throws XMLStreamException {
+ protected void processEvent(XMLEvent xmlEvent) throws XMLStreamException {
transformer.transform(xmlEvent);
}
- public void doFinal() throws WSSecurityException {
+ protected void doFinal() throws XMLSecurityException {
try {
bufferedSignerOutputStream.close();
if (!signerOutputStream.verify(signatureType.getSignatureValue().getValue())) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
}
} catch (IOException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
}
Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureReferenceVerifyInputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureReferenceVerifyInputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/SignatureReferenceVerifyInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,19 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.input;
+package org.swssf.xmlsec.impl.processor.input;
import org.apache.commons.codec.binary.Base64;
-import org.apache.jcs.JCS;
-import org.apache.jcs.access.exception.CacheException;
-import org.apache.jcs.engine.ElementAttributes;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.TransformationParametersType;
-import org.swssf.config.JCEAlgorithmMapper;
-import org.swssf.ext.*;
-import org.swssf.impl.securityToken.SecurityTokenReference;
-import org.swssf.impl.util.DigestOutputStream;
-import org.swssf.securityEvent.*;
-import org.w3._2000._09.xmldsig_.CanonicalizationMethodType;
+import org.swssf.xmlsec.config.JCEAlgorithmMapper;
+import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.util.DigestOutputStream;
import org.w3._2000._09.xmldsig_.ReferenceType;
import org.w3._2000._09.xmldsig_.SignatureType;
import org.w3._2000._09.xmldsig_.TransformType;
@@ -47,130 +40,84 @@ import java.lang.reflect.InvocationTarge
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
-import java.util.Date;
-import java.util.Iterator;
import java.util.List;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SignatureReferenceVerifyInputProcessor extends AbstractInputProcessor {
-
- private static final String cacheRegionName = "timestamp";
-
- private static JCS cache;
-
- static {
- try {
- cache = JCS.getInstance(cacheRegionName);
- } catch (CacheException e) {
- throw new RuntimeException(e);
- }
- }
+public abstract class AbstractSignatureReferenceVerifyInputProcessor extends AbstractInputProcessor {
private SignatureType signatureType;
- private boolean replayChecked = false;
- public SignatureReferenceVerifyInputProcessor(SignatureType signatureType, SecurityProperties securityProperties) {
+ public AbstractSignatureReferenceVerifyInputProcessor(SignatureType signatureType, XMLSecurityProperties securityProperties) {
super(securityProperties);
this.signatureType = signatureType;
- this.getAfterProcessors().add(SignatureInputHandler.class.getName());
- this.getAfterProcessors().add(SignatureReferenceVerifyInputProcessor.class.getName());
+ }
+
+ public SignatureType getSignatureType() {
+ return signatureType;
}
@Override
- public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return inputProcessorChain.processHeaderEvent();
}
@Override
- public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
-
- //this is the earliest possible point to check for an replay attack
- if (!replayChecked) {
- replayChecked = true;
- detectReplayAttack(inputProcessorChain);
- }
+ public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
XMLEvent xmlEvent = inputProcessorChain.processEvent();
if (xmlEvent.isStartElement()) {
StartElement startElement = xmlEvent.asStartElement();
+ ReferenceType referenceType = matchesReferenceId(startElement);
+ if (referenceType != null) {
- Attribute refId = startElement.getAttributeByName(Constants.ATT_wsu_Id);
- if (refId != null) {
- List<ReferenceType> references = signatureType.getSignedInfo().getReference();
- for (int i = 0; i < references.size(); i++) {
- ReferenceType referenceType = references.get(i);
- if (refId.getValue().equals(referenceType.getURI())) {
- logger.debug("Found signature reference: " + refId.getValue() + " on element" + startElement.getName());
- if (referenceType.isProcessed()) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
- }
- InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
- new InternalSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain, referenceType, startElement.getName());
- if (!internalSignatureReferenceVerifier.isFinished()) {
- internalSignatureReferenceVerifier.processEvent(xmlEvent, inputProcessorChain);
- inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
- }
- referenceType.setProcessed(true);
- inputProcessorChain.getDocumentContext().setIsInSignedContent();
-
- //fire a SecurityEvent:
- if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3
- && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
- SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
- signedPartSecurityEvent.setElement(startElement.getName());
- inputProcessorChain.getSecurityContext().registerSecurityEvent(signedPartSecurityEvent);
- } else {
- SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, false);
- signedElementSecurityEvent.setElement(startElement.getName());
- inputProcessorChain.getSecurityContext().registerSecurityEvent(signedElementSecurityEvent);
- }
- }
+ if (referenceType.isProcessed()) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
+ }
+ InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
+ new InternalSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain, referenceType, startElement.getName());
+ if (!internalSignatureReferenceVerifier.isFinished()) {
+ internalSignatureReferenceVerifier.processEvent(xmlEvent, inputProcessorChain);
+ inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
}
+ referenceType.setProcessed(true);
+ inputProcessorChain.getDocumentContext().setIsInSignedContent();
}
}
-
return xmlEvent;
}
- private void detectReplayAttack(InputProcessorChain inputProcessorChain) throws WSSecurityException {
- TimestampSecurityEvent timestampSecurityEvent = inputProcessorChain.getSecurityContext().get(Constants.PROP_TIMESTAMP_SECURITYEVENT);
- if (timestampSecurityEvent != null) {
- final String cacheKey = String.valueOf(timestampSecurityEvent.getCreated().getTimeInMillis()) + signatureType.getSignatureValue().getRawValue();
- if (cache.get(cacheKey) != null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
- }
- ElementAttributes elementAttributes = new ElementAttributes();
- if (timestampSecurityEvent.getExpires() != null) {
- long lifeTime = timestampSecurityEvent.getExpires().getTime().getTime() - new Date().getTime();
- elementAttributes.setMaxLifeSeconds(lifeTime / 1000);
- } else {
- elementAttributes.setMaxLifeSeconds(300);
- }
- try {
- cache.put(cacheKey, timestampSecurityEvent.getCreated(), elementAttributes);
- } catch (CacheException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ protected ReferenceType matchesReferenceId(StartElement startElement) {
+ Attribute refId = getReferenceIDAttribute(startElement);
+ if (refId != null) {
+ List<ReferenceType> references = getSignatureType().getSignedInfo().getReference();
+ for (int i = 0; i < references.size(); i++) {
+ ReferenceType referenceType = references.get(i);
+ if (refId.getValue().equals(referenceType.getURI())) {
+ logger.debug("Found signature reference: " + refId.getValue() + " on element" + startElement.getName());
+ return referenceType;
+ }
}
}
+ return null;
}
@Override
- public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
- List<ReferenceType> references = signatureType.getSignedInfo().getReference();
+ public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
+ List<ReferenceType> references = getSignatureType().getSignedInfo().getReference();
for (int i = 0; i < references.size(); i++) {
ReferenceType referenceType = references.get(i);
if (!referenceType.isProcessed()) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "unprocessedSignatureReferences");
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedSignatureReferences");
}
}
inputProcessorChain.doFinal();
}
- class InternalSignatureReferenceVerifier extends AbstractInputProcessor {
+ public class InternalSignatureReferenceVerifier extends AbstractInputProcessor {
private ReferenceType referenceType;
private Transformer transformer;
@@ -180,33 +127,28 @@ public class SignatureReferenceVerifyInp
private int elementCounter = 0;
private boolean finished = false;
- public InternalSignatureReferenceVerifier(SecurityProperties securityProperties, InputProcessorChain inputProcessorChain, ReferenceType referenceType, QName startElement) throws WSSecurityException {
+ public InternalSignatureReferenceVerifier(XMLSecurityProperties securityProperties, InputProcessorChain inputProcessorChain, ReferenceType referenceType, QName startElement) throws XMLSecurityException {
super(securityProperties);
- this.getAfterProcessors().add(SignatureReferenceVerifyInputProcessor.class.getName());
- this.startElement = startElement;
- this.referenceType = referenceType;
+ this.setStartElement(startElement);
+ this.setReferenceType(referenceType);
try {
createMessageDigest(inputProcessorChain.getSecurityContext());
buildTransformerChain(referenceType, inputProcessorChain);
} catch (Exception e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
}
- private void createMessageDigest(SecurityContext securityContext) throws WSSecurityException, NoSuchAlgorithmException, NoSuchProviderException {
- AlgorithmType digestAlgorithm = JCEAlgorithmMapper.getAlgorithmMapping(referenceType.getDigestMethod().getAlgorithm());
-
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
- algorithmSuiteSecurityEvent.setAlgorithmURI(digestAlgorithm.getURI());
- algorithmSuiteSecurityEvent.setKeyUsage(Constants.KeyUsage.Dig);
- securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ protected AlgorithmType createMessageDigest(SecurityContext securityContext) throws XMLSecurityException, NoSuchAlgorithmException, NoSuchProviderException {
+ AlgorithmType digestAlgorithm = JCEAlgorithmMapper.getAlgorithmMapping(getReferenceType().getDigestMethod().getAlgorithm());
MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithm.getJCEName(), digestAlgorithm.getJCEProvider());
- this.digestOutputStream = new DigestOutputStream(messageDigest);
- this.bufferedDigestOutputStream = new BufferedOutputStream(this.digestOutputStream);
+ this.setDigestOutputStream(new DigestOutputStream(messageDigest));
+ this.setBufferedDigestOutputStream(new BufferedOutputStream(this.getDigestOutputStream()));
+ return digestAlgorithm;
}
- private void buildTransformerChain(ReferenceType referenceType, InputProcessorChain inputProcessorChain) throws WSSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
+ protected void buildTransformerChain(ReferenceType referenceType, InputProcessorChain inputProcessorChain) throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
List<TransformType> transformTypeList = referenceType.getTransforms().getTransform();
String algorithm = null;
@@ -214,87 +156,48 @@ public class SignatureReferenceVerifyInp
for (int i = transformTypeList.size() - 1; i >= 0; i--) {
TransformType transformType = transformTypeList.get(i);
- if (transformType.getTransformationParametersType() != null) {
- TransformationParametersType transformationParametersType = transformType.getTransformationParametersType();
- final CanonicalizationMethodType canonicalizationMethodType = transformationParametersType.getCanonicalizationMethodType();
- if (canonicalizationMethodType != null) {
- algorithm = canonicalizationMethodType.getAlgorithm();
- String inclusiveNamespaces = canonicalizationMethodType.getInclusiveNamespaces();
- if (Constants.SOAPMESSAGE_NS10_STRTransform.equals(transformType.getAlgorithm())) {
- if (inclusiveNamespaces == null) {
- inclusiveNamespaces = "#default";
- } else {
- inclusiveNamespaces = "#default " + inclusiveNamespaces;
- }
- }
- parentTransformer = Utils.getTransformer(inclusiveNamespaces, this.bufferedDigestOutputStream, algorithm);
- }
- }
algorithm = transformType.getAlgorithm();
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
- algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
- algorithmSuiteSecurityEvent.setKeyUsage(Constants.KeyUsage.C14n);
- inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
-
if (parentTransformer != null) {
- parentTransformer = Utils.getTransformer(parentTransformer, transformType.getInclusiveNamespaces(), algorithm);
+ parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, transformType.getInclusiveNamespaces(), algorithm);
} else {
- parentTransformer = Utils.getTransformer(transformType.getInclusiveNamespaces(), this.bufferedDigestOutputStream, algorithm);
- }
- }
-
- this.transformer = parentTransformer;
-
- if (Constants.SOAPMESSAGE_NS10_STRTransform.equals(algorithm)) {
- SecurityTokenProvider securityTokenProvider = inputProcessorChain.getSecurityContext().getSecurityTokenProvider(referenceType.getURI());
- if (securityTokenProvider == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noReference");
- }
- SecurityToken securityToken = securityTokenProvider.getSecurityToken(getSecurityProperties().getSignatureVerificationCrypto());
- if (!(securityToken instanceof SecurityTokenReference)) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN);
- }
- SecurityTokenReference securityTokenReference = (SecurityTokenReference) securityToken;
- this.startElement = securityTokenReference.getXmlEvents().getLast().asStartElement().getName();
- Iterator<XMLEvent> xmlEventIterator = securityTokenReference.getXmlEvents().descendingIterator();
- while (xmlEventIterator.hasNext()) {
- processEvent(xmlEventIterator.next(), inputProcessorChain);
+ parentTransformer = XMLSecurityUtils.getTransformer(transformType.getInclusiveNamespaces(), this.getBufferedDigestOutputStream(), algorithm);
}
}
+ this.setTransformer(parentTransformer);
}
@Override
- public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return inputProcessorChain.processHeaderEvent();
}
@Override
- public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
XMLEvent xmlEvent = inputProcessorChain.processEvent();
processEvent(xmlEvent, inputProcessorChain);
return xmlEvent;
}
- protected void processEvent(XMLEvent xmlEvent, InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ protected void processEvent(XMLEvent xmlEvent, InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
- transformer.transform(xmlEvent);
+ getTransformer().transform(xmlEvent);
if (xmlEvent.isStartElement()) {
- elementCounter++;
+ setElementCounter(getElementCounter() + 1);
} else if (xmlEvent.isEndElement()) {
EndElement endElement = xmlEvent.asEndElement();
- elementCounter--;
+ setElementCounter(getElementCounter() - 1);
- if (endElement.getName().equals(startElement) && elementCounter == 0) {
+ if (endElement.getName().equals(getStartElement()) && getElementCounter() == 0) {
try {
- bufferedDigestOutputStream.close();
+ getBufferedDigestOutputStream().close();
} catch (IOException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
}
- byte[] calculatedDigest = this.digestOutputStream.getDigestValue();
- byte[] storedDigest = Base64.decodeBase64(referenceType.getDigestValue());
+ byte[] calculatedDigest = this.getDigestOutputStream().getDigestValue();
+ byte[] storedDigest = Base64.decodeBase64(getReferenceType().getDigestValue());
if (logger.isDebugEnabled()) {
logger.debug("Calculated Digest: " + new String(Base64.encodeBase64(calculatedDigest)));
@@ -302,11 +205,11 @@ public class SignatureReferenceVerifyInp
}
if (!MessageDigest.isEqual(storedDigest, calculatedDigest)) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "digestVerificationFailed", referenceType.getURI());
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "digestVerificationFailed", getReferenceType().getURI());
}
inputProcessorChain.removeProcessor(this);
inputProcessorChain.getDocumentContext().unsetIsInSignedContent();
- finished = true;
+ setFinished(true);
}
}
}
@@ -314,5 +217,57 @@ public class SignatureReferenceVerifyInp
public boolean isFinished() {
return finished;
}
+
+ protected ReferenceType getReferenceType() {
+ return referenceType;
+ }
+
+ protected void setReferenceType(ReferenceType referenceType) {
+ this.referenceType = referenceType;
+ }
+
+ protected Transformer getTransformer() {
+ return transformer;
+ }
+
+ protected void setTransformer(Transformer transformer) {
+ this.transformer = transformer;
+ }
+
+ protected DigestOutputStream getDigestOutputStream() {
+ return digestOutputStream;
+ }
+
+ protected void setDigestOutputStream(DigestOutputStream digestOutputStream) {
+ this.digestOutputStream = digestOutputStream;
+ }
+
+ protected OutputStream getBufferedDigestOutputStream() {
+ return bufferedDigestOutputStream;
+ }
+
+ protected void setBufferedDigestOutputStream(OutputStream bufferedDigestOutputStream) {
+ this.bufferedDigestOutputStream = bufferedDigestOutputStream;
+ }
+
+ protected QName getStartElement() {
+ return startElement;
+ }
+
+ protected void setStartElement(QName startElement) {
+ this.startElement = startElement;
+ }
+
+ protected int getElementCounter() {
+ return elementCounter;
+ }
+
+ protected void setElementCounter(int elementCounter) {
+ this.elementCounter = elementCounter;
+ }
+
+ protected void setFinished(boolean finished) {
+ this.finished = finished;
+ }
}
}
Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/LogInputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/LogInputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/LogInputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/LogInputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/LogInputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/LogInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/LogInputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.input;
+package org.swssf.xmlsec.impl.processor.input;
-import org.swssf.ext.*;
+import org.swssf.xmlsec.ext.*;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.XMLEvent;
@@ -30,19 +30,18 @@ import java.io.StringWriter;
*/
public class LogInputProcessor extends AbstractInputProcessor {
- public LogInputProcessor(SecurityProperties securityProperties) {
+ public LogInputProcessor(XMLSecurityProperties securityProperties) {
super(securityProperties);
- setPhase(Constants.Phase.POSTPROCESSING);
- this.getAfterProcessors().add(SecurityHeaderInputProcessor.class.getName());
+ setPhase(XMLSecurityConstants.Phase.POSTPROCESSING);
}
@Override
- public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return inputProcessorChain.processHeaderEvent();
}
@Override
- public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
XMLEvent xmlEvent = inputProcessorChain.processEvent();
StringWriter stringWriter = new StringWriter();
xmlEvent.writeAsEncodedUnicode(stringWriter);
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/XMLEventReaderInputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/XMLEventReaderInputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/XMLEventReaderInputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/XMLEventReaderInputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/XMLEventReaderInputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/input/XMLEventReaderInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/XMLEventReaderInputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.input;
+package org.swssf.xmlsec.impl.processor.input;
-import org.swssf.ext.*;
+import org.swssf.xmlsec.ext.*;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLStreamException;
@@ -40,24 +40,24 @@ public class XMLEventReaderInputProcesso
private Deque<List<ComparableNamespace>> nsStack = new ArrayDeque<List<ComparableNamespace>>(10);
private Deque<List<ComparableAttribute>> attrStack = new ArrayDeque<List<ComparableAttribute>>(10);
- public XMLEventReaderInputProcessor(SecurityProperties securityProperties, XMLEventReader xmlEventReader) {
+ public XMLEventReaderInputProcessor(XMLSecurityProperties securityProperties, XMLEventReader xmlEventReader) {
super(securityProperties);
- setPhase(Constants.Phase.PREPROCESSING);
+ setPhase(XMLSecurityConstants.Phase.PREPROCESSING);
this.xmlEventReader = xmlEventReader;
}
@Override
- public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return processNextEventInternal(inputProcessorChain);
}
@Override
- public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return processNextEventInternal(inputProcessorChain);
}
private XMLEvent processNextEventInternal(InputProcessorChain inputProcessorChain) throws XMLStreamException {
- XMLEvent xmlEvent = Utils.createXMLEventNS(xmlEventReader.nextEvent(), nsStack, attrStack);
+ XMLEvent xmlEvent = XMLSecurityUtils.createXMLEventNS(xmlEventReader.nextEvent(), nsStack, attrStack);
if (xmlEvent.isStartElement()) {
inputProcessorChain.getDocumentContext().addPathElement(xmlEvent.asStartElement().getName());
} else if (xmlEvent.isEndElement()) {
@@ -67,7 +67,7 @@ public class XMLEventReaderInputProcesso
}
@Override
- public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
//nothing to-do. Also don't call super.doFinal() we are the last processor
}
}
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptEndingOutputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptEndingOutputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptEndingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,9 +16,9 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.output;
+package org.swssf.xmlsec.impl.processor.output;
-import org.swssf.ext.*;
+import org.swssf.xmlsec.ext.*;
import javax.xml.stream.XMLStreamException;
@@ -28,19 +28,15 @@ import javax.xml.stream.XMLStreamExcepti
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptEndingOutputProcessor extends AbstractBufferingOutputProcessor {
+public abstract class AbstractEncryptEndingOutputProcessor extends AbstractBufferingOutputProcessor {
- public EncryptEndingOutputProcessor(SecurityProperties securityProperties, Constants.Action action) throws WSSecurityException {
+ public AbstractEncryptEndingOutputProcessor(XMLSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
super(securityProperties, action);
- this.getAfterProcessors().add(EncryptOutputProcessor.class.getName());
- this.getAfterProcessors().add(UsernameTokenOutputProcessor.class.getName());
}
@Override
- protected void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
- OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
- if (getAction() == Constants.Action.ENCRYPT_WITH_DERIVED_KEY) {
- createReferenceListStructure(subOutputProcessorChain);
- }
- }
+ protected abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
+
+ @Override
+ public abstract void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
}
Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java (from r1179730, webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptOutputProcessor.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java?p2=webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java&p1=webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptOutputProcessor.java&r1=1179730&r2=1181995&rev=1181995&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java Tue Oct 11 18:03:00 2011
@@ -16,13 +16,13 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.swssf.impl.processor.output;
+package org.swssf.xmlsec.impl.processor.output;
import org.apache.commons.codec.binary.Base64OutputStream;
-import org.swssf.config.JCEAlgorithmMapper;
-import org.swssf.ext.*;
-import org.swssf.impl.EncryptionPartDef;
-import org.swssf.impl.util.TrimmerOutputStream;
+import org.swssf.xmlsec.config.JCEAlgorithmMapper;
+import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.EncryptionPartDef;
+import org.swssf.xmlsec.impl.util.TrimmerOutputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
@@ -46,77 +46,70 @@ import java.util.*;
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptOutputProcessor extends AbstractOutputProcessor {
+public abstract class AbstractEncryptOutputProcessor extends AbstractOutputProcessor {
private List<SecurePart> secureParts;
- private InternalEncryptionOutputProcessor activeInternalEncryptionOutputProcessor = null;
+ private AbstractInternalEncryptionOutputProcessor activeInternalEncryptionOutputProcessor = null;
- public EncryptOutputProcessor(SecurityProperties securityProperties, Constants.Action action) throws WSSecurityException {
+ public AbstractEncryptOutputProcessor(XMLSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
super(securityProperties, action);
secureParts = securityProperties.getEncryptionSecureParts();
}
@Override
- public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public abstract void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
+ protected SecurePart securePartMatches(StartElement startElement, OutputProcessorChain outputProcessorChain) {
+ SecurePart securePart = securePartMatches(startElement, this.secureParts);
+ if (securePart != null) {
+ return securePart;
+ }
+ List<SecurePart> secureParts = outputProcessorChain.getSecurityContext().getAsList(SecurePart.class);
+ if (secureParts == null) {
+ return null;
+ }
+ return securePartMatches(startElement, secureParts);
+ }
- //avoid double encryption when child elements matches too
- if (activeInternalEncryptionOutputProcessor == null) {
- //find an element which matches a user configured securePart
- Iterator<SecurePart> securePartIterator = secureParts.iterator();
- while (securePartIterator.hasNext()) {
- SecurePart securePart = securePartIterator.next();
- if (securePart.getIdToSign() == null) {
- if (startElement.getName().getLocalPart().equals(securePart.getName())
- && startElement.getName().getNamespaceURI().equals(securePart.getNamespace())) {
-
- logger.debug("Matched securePart for encryption");
- InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;
- try {
- String tokenId = outputProcessorChain.getSecurityContext().get(Constants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
- SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
- EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
- encryptionPartDef.setModifier(securePart.getModifier());
- encryptionPartDef.setEncRefId("ED-" + UUID.randomUUID().toString());
- encryptionPartDef.setKeyId(securityTokenProvider.getId());
- encryptionPartDef.setSymmetricKey(securityTokenProvider.getSecurityToken(null).getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null));
- outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
- internalEncryptionOutputProcessor =
- new InternalEncryptionOutputProcessor(
- getSecurityProperties(),
- getAction(),
- encryptionPartDef,
- startElement,
- outputProcessorChain.getDocumentContext().getEncoding()
- );
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (NoSuchPaddingException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (InvalidKeyException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (IOException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- }
-
- activeInternalEncryptionOutputProcessor = internalEncryptionOutputProcessor;
- outputProcessorChain.addProcessor(internalEncryptionOutputProcessor);
- break;
+ protected SecurePart securePartMatches(StartElement startElement, List<SecurePart> secureParts) {
+ Iterator<SecurePart> securePartIterator = secureParts.iterator();
+ while (securePartIterator.hasNext()) {
+ SecurePart securePart = securePartIterator.next();
+ if (securePart.getIdToSign() == null) {
+ if (startElement.getName().getLocalPart().equals(securePart.getName())
+ && startElement.getName().getNamespaceURI().equals(securePart.getNamespace())) {
+ return securePart;
+ }
+ } else {
+ @SuppressWarnings("unchecked")
+ Iterator<Attribute> attributeIterator = startElement.getAttributes();
+ while (attributeIterator.hasNext()) {
+ Attribute attribute = attributeIterator.next();
+ if (attribute != null) {
+ QName attributeName = attribute.getName();
+ if ((attributeName.equals(XMLSecurityConstants.ATT_NULL_Id))
+ && attribute.getValue().equals(securePart.getIdToSign())) {
+ return securePart;
}
}
}
}
}
+ return null;
+ }
+
+ protected AbstractInternalEncryptionOutputProcessor getActiveInternalEncryptionOutputProcessor() {
+ return activeInternalEncryptionOutputProcessor;
+ }
- outputProcessorChain.processEvent(xmlEvent);
+ protected void setActiveInternalEncryptionOutputProcessor(AbstractInternalEncryptionOutputProcessor activeInternalEncryptionOutputProcessor) {
+ this.activeInternalEncryptionOutputProcessor = activeInternalEncryptionOutputProcessor;
}
/**
* Processor which handles the effective enryption of the data
*/
- class InternalEncryptionOutputProcessor extends AbstractOutputProcessor {
+ public abstract class AbstractInternalEncryptionOutputProcessor extends AbstractOutputProcessor {
private EncryptionPartDef encryptionPartDef;
private CharacterEventGeneratorOutputStream characterEventGeneratorOutputStream;
@@ -125,19 +118,18 @@ public class EncryptOutputProcessor exte
private StartElement startElement;
private int elementCounter = 0;
- private boolean doEncryptedHeader = false;
private OutputProcessorChain subOutputProcessorChain;
- InternalEncryptionOutputProcessor(SecurityProperties securityProperties, Constants.Action action, EncryptionPartDef encryptionPartDef,
- StartElement startElement, String encoding)
+ public AbstractInternalEncryptionOutputProcessor(XMLSecurityProperties securityProperties, XMLSecurityConstants.Action action, EncryptionPartDef encryptionPartDef,
+ StartElement startElement, String encoding)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException, XMLStreamException {
super(securityProperties, action);
- this.getBeforeProcessors().add(EncryptEndingOutputProcessor.class.getName());
- this.getBeforeProcessors().add(InternalEncryptionOutputProcessor.class.getName());
- this.getAfterProcessors().add(EncryptOutputProcessor.class.getName());
- this.encryptionPartDef = encryptionPartDef;
- this.startElement = startElement;
+ this.getBeforeProcessors().add(AbstractEncryptEndingOutputProcessor.class.getName());
+ this.getBeforeProcessors().add(AbstractInternalEncryptionOutputProcessor.class.getName());
+ this.getAfterProcessors().add(AbstractEncryptOutputProcessor.class.getName());
+ this.setEncryptionPartDef(encryptionPartDef);
+ this.setStartElement(startElement);
//initialize the cipher
String jceAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(securityProperties.getEncryptionSymAlgorithm());
@@ -165,22 +157,22 @@ public class EncryptOutputProcessor exte
}
@Override
- public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
if (xmlEvent.isStartElement()) {
StartElement startElement = xmlEvent.asStartElement();
- if (startElement.getName().equals(this.startElement.getName()) && elementCounter == 0) {
+ if (startElement.getName().equals(this.getStartElement().getName()) && getElementCounter() == 0) {
//if the user selected element encryption we have to encrypt the current element-event...
- if (encryptionPartDef.getModifier() == SecurePart.Modifier.Element) {
+ if (getEncryptionPartDef().getModifier() == SecurePart.Modifier.Element) {
subOutputProcessorChain = outputProcessorChain.createSubChain(this);
processEventInternal(subOutputProcessorChain);
//encrypt the current element event
encryptEvent(xmlEvent);
} //...the user selected content encryption, so we let pass this event as usual
- else if (encryptionPartDef.getModifier() == SecurePart.Modifier.Content) {
+ else if (getEncryptionPartDef().getModifier() == SecurePart.Modifier.Content) {
outputProcessorChain.processEvent(xmlEvent);
subOutputProcessorChain = outputProcessorChain.createSubChain(this);
processEventInternal(subOutputProcessorChain);
@@ -189,15 +181,15 @@ public class EncryptOutputProcessor exte
encryptEvent(xmlEvent);
}
- elementCounter++;
+ setElementCounter(getElementCounter() + 1);
} else if (xmlEvent.isEndElement()) {
- elementCounter--;
+ setElementCounter(getElementCounter() - 1);
EndElement endElement = xmlEvent.asEndElement();
- if (endElement.getName().equals(this.startElement.getName()) && elementCounter == 0) {
- if (encryptionPartDef.getModifier() == SecurePart.Modifier.Element) {
+ if (endElement.getName().equals(this.getStartElement().getName()) && getElementCounter() == 0) {
+ if (getEncryptionPartDef().getModifier() == SecurePart.Modifier.Element) {
encryptEvent(xmlEvent);
doFinalInternal(subOutputProcessorChain);
} else {
@@ -207,7 +199,7 @@ public class EncryptOutputProcessor exte
subOutputProcessorChain.removeProcessor(this);
subOutputProcessorChain = null;
//from now on encryption is possible again
- activeInternalEncryptionOutputProcessor = null;
+ setActiveInternalEncryptionOutputProcessor(null);
} else {
encryptEvent(xmlEvent);
@@ -234,50 +226,24 @@ public class EncryptOutputProcessor exte
/**
* Creates the Data structure around the cipher data
*/
- private void processEventInternal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ protected void processEventInternal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
Map<QName, String> attributes = null;
- //WSS 1.1 EncryptedHeader Element:
- if (outputProcessorChain.getDocumentContext().getDocumentLevel() == 3
- && outputProcessorChain.getDocumentContext().isInSOAPHeader()) {
- doEncryptedHeader = true;
-
- attributes = new HashMap<QName, String>();
-
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = this.startElement.getAttributes();
- while (attributeIterator.hasNext()) {
- Attribute attribute = attributeIterator.next();
- if (!attribute.isNamespace() &&
- (Constants.NS_SOAP11.equals(attribute.getName().getNamespaceURI()) ||
- Constants.NS_SOAP12.equals(attribute.getName().getNamespaceURI()))) {
- attributes.put(attribute.getName(), attribute.getValue());
- }
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse11_EncryptedHeader, attributes);
- }
-
attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_Id, encryptionPartDef.getEncRefId());
- attributes.put(Constants.ATT_NULL_Type, encryptionPartDef.getModifier().getModifier());
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_EncryptedData, attributes);
+ attributes.put(XMLSecurityConstants.ATT_NULL_Id, getEncryptionPartDef().getEncRefId());
+ attributes.put(XMLSecurityConstants.ATT_NULL_Type, getEncryptionPartDef().getModifier().getModifier());
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedData, attributes);
attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_Algorithm, securityProperties.getEncryptionSymAlgorithm());
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_EncryptionMethod, attributes);
+ attributes.put(XMLSecurityConstants.ATT_NULL_Algorithm, securityProperties.getEncryptionSymAlgorithm());
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_EncryptionMethod);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_KeyInfo, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, null);
-
- attributes = new HashMap<QName, String>();
- attributes.put(Constants.ATT_NULL_URI, "#" + encryptionPartDef.getKeyId());
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_KeyInfo);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_CipherData, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_CipherValue, null);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, null);
+ createKeyInfoStructure(outputProcessorChain);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, null);
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue, null);
/*
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-1612925417"
@@ -299,7 +265,9 @@ public class EncryptOutputProcessor exte
*/
}
- private void doFinalInternal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+ protected abstract void createKeyInfoStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
+
+ protected void doFinalInternal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
try {
xmlEventWriter.add(XMLEventFactory.newFactory().createEndElement(new QName("a"), null));
@@ -319,25 +287,45 @@ public class EncryptOutputProcessor exte
charactersIterator.remove();
}
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_CipherValue);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_CipherData);
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_EncryptedData);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedData);
+ }
- if (doEncryptedHeader) {
- createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse11_EncryptedHeader);
- }
+ protected EncryptionPartDef getEncryptionPartDef() {
+ return encryptionPartDef;
+ }
+
+ protected void setEncryptionPartDef(EncryptionPartDef encryptionPartDef) {
+ this.encryptionPartDef = encryptionPartDef;
+ }
+
+ protected StartElement getStartElement() {
+ return startElement;
+ }
+
+ protected void setStartElement(StartElement startElement) {
+ this.startElement = startElement;
+ }
+
+ protected int getElementCounter() {
+ return elementCounter;
+ }
+
+ protected void setElementCounter(int elementCounter) {
+ this.elementCounter = elementCounter;
}
}
/**
* Creates Character-XMLEvents from the byte stream
*/
- class CharacterEventGeneratorOutputStream extends OutputStream {
+ public class CharacterEventGeneratorOutputStream extends OutputStream {
private List<Characters> charactersBuffer = new Vector<Characters>();
private String encoding;
- CharacterEventGeneratorOutputStream(String encoding) {
+ public CharacterEventGeneratorOutputStream(String encoding) {
this.encoding = encoding;
}
Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision