You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/05/25 12:27:00 UTC
svn commit: r1681579 - in
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom:
processor/BinarySecurityTokenProcessor.java
processor/EncryptedKeyProcessor.java util/EncryptionUtils.java
util/WSSecurityUtil.java
Author: coheigea
Date: Mon May 25 10:26:59 2015
New Revision: 1681579
URL: http://svn.apache.org/r1681579
Log:
Adding support for processing a BinarySecurityToken that references a child Element via xop:Include
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java?rev=1681579&r1=1681578&r2=1681579&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java Mon May 25 10:26:59 2015
@@ -30,11 +30,13 @@ import org.apache.wss4j.common.principal
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.PKIPathSecurity;
import org.apache.wss4j.common.token.X509Security;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.Validator;
import org.w3c.dom.Element;
@@ -166,6 +168,18 @@ public class BinarySecurityTokenProcesso
} else {
token = new BinarySecurity(element, data.getBSPEnforcer());
}
+
+ // Now see if the Element content is actually referenced via xop:Include
+ Element elementChild =
+ XMLUtils.getDirectChildElement(element, "Include", WSConstants.XOP_NS);
+ if (elementChild != null && elementChild.hasAttributeNS(null, "href")) {
+ String xopUri = elementChild.getAttributeNS(null, "href");
+ if (xopUri != null && xopUri.startsWith("cid:")) {
+ byte[] content = WSSecurityUtil.getBytesFromAttachment(xopUri, data);
+ token.setToken(content);
+ }
+ }
+
return token;
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1681579&r1=1681578&r2=1681579&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Mon May 25 10:26:59 2015
@@ -35,17 +35,16 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.ext.Attachment;
-import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.DOMX509IssuerSerial;
import org.apache.wss4j.common.token.SecurityTokenReference;
@@ -66,10 +65,6 @@ import org.apache.wss4j.dom.util.X509Uti
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.JavaUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
public class EncryptedKeyProcessor implements Processor {
private static final org.slf4j.Logger LOG =
@@ -244,7 +239,7 @@ public class EncryptedKeyProcessor imple
// Get the key bytes from CipherValue directly or via an attachment
String xopUri = EncryptionUtils.getXOPURIFromCipherValue(xencCipherValue);
if (xopUri != null && xopUri.startsWith("cid:")) {
- encryptedEphemeralKey = getDecryptedKeyBytesFromAttachment(xopUri, data);
+ encryptedEphemeralKey = WSSecurityUtil.getBytesFromAttachment(xopUri, data);
} else {
encryptedEphemeralKey = getDecodedBase64EncodedData(xencCipherValue);
}
@@ -280,39 +275,6 @@ public class EncryptedKeyProcessor imple
return Collections.singletonList(result);
}
- private byte[] getDecryptedKeyBytesFromAttachment(
- String xopUri, RequestData data
- ) throws WSSecurityException {
- CallbackHandler attachmentCallbackHandler = data.getAttachmentCallbackHandler();
- if (attachmentCallbackHandler == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
- }
-
- final String attachmentId = xopUri.substring(4);
-
- AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
- attachmentRequestCallback.setAttachmentId(attachmentId);
-
- try {
- attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
-
- List<Attachment> attachments = attachmentRequestCallback.getAttachments();
- if (attachments == null || attachments.isEmpty() || !attachmentId.equals(attachments.get(0).getId())) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.INVALID_SECURITY,
- "empty", new Object[] {"Attachment not found"}
- );
- }
- Attachment attachment = attachments.get(0);
- InputStream inputStream = attachment.getSourceStream();
-
- return JavaUtils.getBytesFromStream(inputStream);
- } catch (UnsupportedCallbackException | IOException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
/**
* Generates a random secret key using the algorithm specified in the
* first DataReference URI
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java?rev=1681579&r1=1681578&r2=1681579&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java Mon May 25 10:26:59 2015
@@ -211,8 +211,7 @@ public final class EncryptionUtils {
}
public static String getXOPURIFromCipherValue(Element cipherValue) {
- if (cipherValue != null && cipherValue.hasAttributeNS(WSConstants.XMLNS_NS, "xop")
- && WSConstants.XOP_NS.equals(cipherValue.getAttributeNS(WSConstants.XMLNS_NS, "xop"))) {
+ if (cipherValue != null) {
Element cipherValueChild =
XMLUtils.getDirectChildElement(cipherValue, "Include", WSConstants.XOP_NS);
if (cipherValueChild != null && cipherValueChild.hasAttributeNS(null, "href")) {
@@ -250,7 +249,7 @@ public final class EncryptionUtils {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
}
- final String attachmentId = uri.substring(4);
+ final String attachmentId = uri.substring("cid:".length());
AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
attachmentRequestCallback.setAttachmentId(attachmentId);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1681579&r1=1681578&r2=1681579&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Mon May 25 10:26:59 2015
@@ -28,23 +28,33 @@ import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.ext.Attachment;
+import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.HandlerAction;
+import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
/**
* WS-Security Utility methods. <p/>
*/
@@ -556,4 +566,37 @@ public final class WSSecurityUtil {
return false;
}
+ public static byte[] getBytesFromAttachment(
+ String xopUri, RequestData data
+ ) throws WSSecurityException {
+ CallbackHandler attachmentCallbackHandler = data.getAttachmentCallbackHandler();
+ if (attachmentCallbackHandler == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ }
+
+ final String attachmentId = xopUri.substring("cid:".length());
+
+ AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
+ attachmentRequestCallback.setAttachmentId(attachmentId);
+
+ try {
+ attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
+
+ List<Attachment> attachments = attachmentRequestCallback.getAttachments();
+ if (attachments == null || attachments.isEmpty()
+ || !attachmentId.equals(attachments.get(0).getId())) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.INVALID_SECURITY,
+ "empty", new Object[] {"Attachment not found"}
+ );
+ }
+ Attachment attachment = attachments.get(0);
+ InputStream inputStream = attachment.getSourceStream();
+
+ return JavaUtils.getBytesFromStream(inputStream);
+ } catch (UnsupportedCallbackException | IOException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ }
+ }
+
}