You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/10/27 12:50:58 UTC
svn commit: r1189702 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j:
policyhandlers/ policyvalidators/
Author: coheigea
Date: Thu Oct 27 10:50:58 2011
New Revision: 1189702
URL: http://svn.apache.org/viewvc?rev=1189702&view=rev
Log:
Added support to also encrypt SignatureConfirmation elements when the SignatureProtection property of the binding is enabled
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1189702&r1=1189701&r2=1189702&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Thu Oct 27 10:50:58 2011
@@ -144,6 +144,7 @@ public abstract class AbstractBindingBui
protected SoapMessage message;
protected WSSecTimestamp timestampEl;
protected String mainSigId;
+ protected List<WSEncryptionPart> sigConfList;
protected Set<String> encryptedTokensIdList = new HashSet<String>();
@@ -1909,6 +1910,7 @@ public abstract class AbstractBindingBui
WSConstants.UT_SIGN, signatureActions);
}
+ sigConfList = new ArrayList<WSEncryptionPart>();
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
if (signatureActions.size() > 0) {
@@ -1918,7 +1920,10 @@ public abstract class AbstractBindingBui
wsc.prepare(saaj.getSOAPPart());
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
- sigParts.add(new WSEncryptionPart(wsc.getId()));
+ WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
+ part.setElement(wsc.getSignatureConfirmationElement());
+ sigParts.add(part);
+ sigConfList.add(part);
}
}
} else {
@@ -1926,7 +1931,10 @@ public abstract class AbstractBindingBui
wsc.prepare(saaj.getSOAPPart());
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
- sigParts.add(new WSEncryptionPart(wsc.getId()));
+ WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
+ part.setElement(wsc.getSignatureConfirmationElement());
+ sigParts.add(part);
+ sigConfList.add(part);
}
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1189702&r1=1189701&r2=1189702&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Thu Oct 27 10:50:58 2011
@@ -150,10 +150,15 @@ public class AsymmetricBindingHandler ex
List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
- if (abinding.isSignatureProtection() && mainSigId != null) {
- WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
- sigPart.setElement(bottomUpElement);
- enc.add(sigPart);
+ if (abinding.isSignatureProtection()) {
+ if (mainSigId != null) {
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
+ }
+ if (sigConfList != null && !sigConfList.isEmpty()) {
+ enc.addAll(sigConfList);
+ }
}
if (isRequestor()) {
@@ -257,13 +262,19 @@ public class AsymmetricBindingHandler ex
}
// Check for signature protection
- if (abinding.isSignatureProtection() && mainSigId != null) {
+ if (abinding.isSignatureProtection()) {
List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
// Now encrypt the signature using the above token
- WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
- sigPart.setElement(bottomUpElement);
- secondEncrParts.add(sigPart);
+ if (mainSigId != null) {
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
+ }
+
+ if (sigConfList != null && !sigConfList.isEmpty()) {
+ secondEncrParts.addAll(sigConfList);
+ }
if (isRequestor()) {
for (String id : encryptedTokensIdList) {
@@ -271,7 +282,7 @@ public class AsymmetricBindingHandler ex
}
}
- if (encryptionToken.isDerivedKeys()) {
+ if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
try {
Element secondRefList
= ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
@@ -280,7 +291,7 @@ public class AsymmetricBindingHandler ex
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
- } else {
+ } else if (!secondEncrParts.isEmpty()) {
try {
// Encrypt, get hold of the ref list and add it
Element secondRefList = saaj.getSOAPPart()
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1189702&r1=1189701&r2=1189702&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Oct 27 10:50:58 2011
@@ -221,16 +221,21 @@ public class SymmetricBindingHandler ext
}
//Check for signature protection and encryption of UsernameToken
- if (sbinding.isSignatureProtection() && this.mainSigId != null
+ if (sbinding.isSignatureProtection()
|| encryptedTokensIdList.size() > 0 && isRequestor()) {
List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
//Now encrypt the signature using the above token
if (sbinding.isSignatureProtection()) {
- WSEncryptionPart sigPart =
- new WSEncryptionPart(this.mainSigId, "Element");
- sigPart.setElement(bottomUpElement);
- secondEncrParts.add(sigPart);
+ if (this.mainSigId != null) {
+ WSEncryptionPart sigPart =
+ new WSEncryptionPart(this.mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
+ }
+ if (sigConfList != null && !sigConfList.isEmpty()) {
+ secondEncrParts.addAll(sigConfList);
+ }
}
if (isRequestor()) {
@@ -241,11 +246,11 @@ public class SymmetricBindingHandler ext
Element secondRefList = null;
- if (encryptionToken.isDerivedKeys()) {
+ if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,
secondEncrParts);
this.addDerivedKeyElement(secondRefList);
- } else {
+ } else if (!secondEncrParts.isEmpty()) {
//Encrypt, get hold of the ref list and add it
secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, encrParts);
this.addDerivedKeyElement(secondRefList);
@@ -358,10 +363,15 @@ public class SymmetricBindingHandler ext
List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
- if (sbinding.isSignatureProtection() && mainSigId != null) {
- WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
- sigPart.setElement(bottomUpElement);
- enc.add(sigPart);
+ if (sbinding.isSignatureProtection()) {
+ if (mainSigId != null) {
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
+ }
+ if (sigConfList != null && !sigConfList.isEmpty()) {
+ enc.addAll(sigConfList);
+ }
}
if (isRequestor()) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1189702&r1=1189701&r2=1189702&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Thu Oct 27 10:50:58 2011
@@ -310,8 +310,8 @@ public abstract class AbstractBindingPol
protected boolean isSignatureEncrypted() {
for (WSSecurityEngineResult result : results) {
Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.SIGN) {
- // TODO || actInt.intValue() == WSConstants.SC) {
+ if (actInt.intValue() == WSConstants.SIGN
+ || actInt.intValue() == WSConstants.SC) {
String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
if (sigId == null || !isIdEncrypted(sigId)) {
return false;