You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/02/11 17:33:48 UTC
svn commit: r1069865 [2/3] - in /cxf/trunk: ./
distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/
distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/
rt/ws/se...
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java Fri Feb 11 16:33:46 2011
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j;
import java.util.Collections;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
@@ -51,8 +52,8 @@ public class WSS4JOutInterceptor extends
/**
* Property name for a map of action IDs ({@link Integer}) to action
- * class names. Values can be either {@link String}) or Objects
- * implementing {@link Action}.
+ * class names. Values can be either {@link Class}) or Objects
+- * implementing {@link Action}.
*/
public static final String WSS4J_ACTION_MAP = "wss4j.action.map";
@@ -182,7 +183,7 @@ public class WSS4JOutInterceptor extends
/*
* Get the action first.
*/
- Vector actions = new Vector();
+ List<Integer> actions = new Vector<Integer>();
String action = getString(WSHandlerConstants.ACTION, mc);
if (action == null) {
throw new SoapFault(new Message("NO_ACTION", LOG), version
@@ -304,19 +305,19 @@ public class WSS4JOutInterceptor extends
(Map<?, ?>)getProperty(mc, WSS4J_ACTION_MAP));
if (actionMap != null) {
for (Map.Entry<Integer, Object> entry : actionMap.entrySet()) {
- String removedAction = null;
+ Class<?> removedAction = null;
// Be defensive here since the cast above is slightly risky
// with the handler config options not being strongly typed.
try {
- if (entry.getValue() instanceof String) {
+ if (entry.getValue() instanceof Class<?>) {
removedAction = config.setAction(
- entry.getKey().intValue(),
- (String) entry.getValue());
+ entry.getKey().intValue(),
+ (Class<?>)entry.getValue());
} else if (entry.getValue() instanceof Action) {
removedAction = config.setAction(
- entry.getKey().intValue(),
- (Action) entry.getValue());
+ entry.getKey().intValue(),
+ (Action)entry.getValue());
} else {
throw new SoapFault(new Message("BAD_ACTION", LOG), version
.getReceiver());
@@ -328,7 +329,7 @@ public class WSS4JOutInterceptor extends
if (doDebug) {
if (removedAction != null) {
- LOG.fine("Replaced Action: " + removedAction
+ LOG.fine("Replaced Action: " + removedAction.getName()
+ " with Action: " + entry.getValue()
+ " for ID: " + entry.getKey());
} else {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Feb 11 16:33:46 2011
@@ -34,12 +34,12 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
@@ -119,21 +119,17 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
/**
*
*/
public abstract class AbstractBindingBuilder {
public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
- private static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
+ protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
-
- protected SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
+ protected SPConstants.ProtectionOrder protectionOrder =
+ SPConstants.ProtectionOrder.SignBeforeEncrypting;
protected SOAPMessage saaj;
protected WSSecHeader secHeader;
@@ -150,7 +146,7 @@ public abstract class AbstractBindingBui
protected Map<Token, WSSecBase> sgndEndEncSuppTokMap;
protected Map<Token, WSSecBase> sgndEndSuppTokMap;
- protected Vector<byte[]> signatures = new Vector<byte[]>();
+ protected List<byte[]> signatures = new ArrayList<byte[]>();
Element lastSupportingTokenElement;
Element lastEncryptedKeyElement;
@@ -178,6 +174,7 @@ public abstract class AbstractBindingBui
secHeader.getSecurityHeader().insertBefore(child, sib.getNextSibling());
}
}
+
protected void addDerivedKeyElement(Element el) {
if (lastDerivedKeyElement != null) {
insertAfter(el, lastDerivedKeyElement);
@@ -186,12 +183,15 @@ public abstract class AbstractBindingBui
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
} else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
} else {
secHeader.getSecurityHeader().appendChild(el);
}
lastEncryptedKeyElement = el;
- }
+ }
+
protected void addEncyptedKeyElement(Element el) {
if (lastEncryptedKeyElement != null) {
insertAfter(el, lastEncryptedKeyElement);
@@ -200,12 +200,15 @@ public abstract class AbstractBindingBui
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
} else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(el, secHeader.getSecurityHeader().getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
} else {
secHeader.getSecurityHeader().appendChild(el);
}
lastEncryptedKeyElement = el;
}
+
protected void addSupportingElement(Element el) {
if (lastSupportingTokenElement != null) {
insertAfter(el, lastSupportingTokenElement);
@@ -222,6 +225,7 @@ public abstract class AbstractBindingBui
}
lastSupportingTokenElement = el;
}
+
protected void insertBeforeBottomUp(Element el) {
if (bottomUpElement == null) {
secHeader.getSecurityHeader().appendChild(el);
@@ -230,14 +234,15 @@ public abstract class AbstractBindingBui
}
bottomUpElement = el;
}
+
protected void addTopDownElement(Element el) {
if (topDownElement == null) {
if (secHeader.getSecurityHeader().getFirstChild() == null) {
secHeader.getSecurityHeader().appendChild(el);
} else {
- secHeader.getSecurityHeader().insertBefore(el, secHeader
- .getSecurityHeader()
- .getFirstChild());
+ secHeader.getSecurityHeader().insertBefore(
+ el, secHeader.getSecurityHeader().getFirstChild()
+ );
}
} else {
insertAfter(el, topDownElement);
@@ -265,6 +270,7 @@ public abstract class AbstractBindingBui
}
throw new PolicyException(reason);
}
+
protected void policyNotAsserted(PolicyAssertion assertion, String reason) {
if (assertion == null) {
return;
@@ -283,6 +289,7 @@ public abstract class AbstractBindingBui
throw new PolicyException(new Message(reason, LOG));
}
}
+
protected void policyAsserted(PolicyAssertion assertion) {
if (assertion == null) {
return;
@@ -298,6 +305,7 @@ public abstract class AbstractBindingBui
}
}
}
+
protected void policyAsserted(QName n) {
Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
if (ais != null && !ais.isEmpty()) {
@@ -323,7 +331,8 @@ public abstract class AbstractBindingBui
protected final Map<Object, Crypto> getCryptoCache() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
- Map<Object, Crypto> o = CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
+ Map<Object, Crypto> o =
+ CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
if (o == null) {
o = new ConcurrentHashMap<Object, Crypto>();
info.setProperty(CRYPTO_CACHE, o);
@@ -331,10 +340,12 @@ public abstract class AbstractBindingBui
return o;
}
}
+
protected final TokenStore getTokenStore() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
- TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+ TokenStore tokenStore =
+ (TokenStore)message.getContextualProperty(TokenStore.class.getName());
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
}
@@ -345,24 +356,25 @@ public abstract class AbstractBindingBui
return tokenStore;
}
}
+
protected WSSecTimestamp createTimestamp() {
Collection<AssertionInfo> ais;
ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
if (ais != null) {
+ Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
+ int ttl = 300; //default is 300 seconds
+ if (o instanceof Number) {
+ ttl = ((Number)o).intValue();
+ } else if (o instanceof String) {
+ ttl = Integer.parseInt((String)o);
+ }
+ if (ttl <= 0) {
+ ttl = 300;
+ }
+ timestampEl = new WSSecTimestamp();
+ timestampEl.setTimeToLive(ttl);
+ timestampEl.prepare(saaj.getSOAPPart());
for (AssertionInfo ai : ais) {
- timestampEl = new WSSecTimestamp();
- Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
- int ttl = 300; //default is 300 seconds
- if (o instanceof Number) {
- ttl = ((Number)o).intValue();
- } else if (o instanceof String) {
- ttl = Integer.parseInt((String)o);
- }
- if (ttl <= 0) {
- ttl = 300;
- }
- timestampEl.setTimeToLive(ttl);
- timestampEl.prepare(saaj.getSOAPPart());
ai.setAsserted(true);
}
}
@@ -402,6 +414,7 @@ public abstract class AbstractBindingBui
}
return timestamp;
}
+
protected void assertSupportingTokens(Collection<PolicyAssertion> suppTokens) {
if (suppTokens == null) {
return;
@@ -414,6 +427,7 @@ public abstract class AbstractBindingBui
}
}
}
+
protected Map<Token, WSSecBase> handleSupportingTokens(Collection<PolicyAssertion> tokens,
boolean endorse) {
Map<Token, WSSecBase> ret = new HashMap<Token, WSSecBase>();
@@ -425,10 +439,12 @@ public abstract class AbstractBindingBui
}
}
return ret;
- }
+ }
+
protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens, boolean endorse) {
return handleSupportingTokens(suppTokens, endorse, new HashMap<Token, WSSecBase>());
}
+
protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens,
boolean endorse,
Map<Token, WSSecBase> ret) {
@@ -470,13 +486,13 @@ public abstract class AbstractBindingBui
//Add the extracted token
ret.put(token, new WSSecurityTokenHolder(secToken));
} else {
- WSSecSignatureHelper sig = new WSSecSignatureHelper();
+ WSSecSignature sig = new WSSecSignature();
sig.setX509Certificate(secToken.getX509Certificate());
sig.setCustomTokenId(secToken.getId());
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ // TODO Add support for SAML2 here
if (secToken.getTokenType() == null) {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
- + WSConstants.SAML_ASSERTION_ID);
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
} else {
sig.setCustomTokenValueType(secToken.getTokenType());
}
@@ -497,9 +513,7 @@ public abstract class AbstractBindingBui
}
sig.setUserInfo(uname, password);
try {
- sig.prepare(saaj.getSOAPPart(),
- secToken.getCrypto(),
- secHeader);
+ sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
} catch (WSSecurityException e) {
throw new Fault(e);
}
@@ -513,7 +527,7 @@ public abstract class AbstractBindingBui
} else if (token instanceof X509Token) {
//We have to use a cert
//Prepare X509 signature
- WSSecSignature sig = getSignatureBuider(suppTokens, token, endorse);
+ WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
Element bstElem = sig.getBinarySecurityTokenElement();
if (bstElem != null) {
sig.prependBSTElementToHeader(secHeader);
@@ -523,7 +537,7 @@ public abstract class AbstractBindingBui
}
ret.put(token, sig);
} else if (token instanceof KeyValueToken) {
- WSSecSignature sig = getSignatureBuider(suppTokens, token, endorse);
+ WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
if (suppTokens.isEncryptedToken()) {
encryptedTokensIdList.add(sig.getBSTTokenId());
}
@@ -555,31 +569,31 @@ public abstract class AbstractBindingBui
for (Map.Entry<Token, WSSecBase> entry : tokenMap.entrySet()) {
- Object tempTok = entry.getValue();
+ Object tempTok = entry.getValue();
WSEncryptionPart part = null;
- if (tempTok instanceof WSSecSignatureHelper) {
- WSSecSignatureHelper tempSig = (WSSecSignatureHelper) tempTok;
- if ((WSConstants.WSS_SAML_NS + WSConstants.SAML_ASSERTION_ID).
- equals(tempSig.getSecRef().getKeyIdentifierValueType())) {
+ if (tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ SecurityTokenReference secRef = tempSig.getSecurityTokenReference();
+ // TODO Add support for SAML2 here
+ if ((WSConstants.WSS_SAML_KI_VALUE_TYPE).equals(secRef.getKeyIdentifierValueType())) {
- addSupportingElement(cloneElement(tempSig.getSecRef().getElement()));
+ Element secRefElement = cloneElement(secRef.getElement());
+ addSupportingElement(secRefElement);
- // NOTE: This usage of WSEncryptionPart is a workaroud that is
- // coupled with WSSecSignatureHelper. This approach is used so that
- // we can force WSS4J to sign the assertion through a STR that
- // WSS4J did not create during message signature creation.
- part = new WSEncryptionPart(tempSig.getStrUri(), "ExternalSTRTransform", "Element",
- WSConstants.PART_TYPE_ELEMENT);
-
+ part = new WSEncryptionPart("STRTransform", null, "Element");
+ part.setId(tempSig.getSecurityTokenReferenceURI());
+ part.setElement(secRefElement);
} else {
if (tempSig.getBSTTokenId() != null) {
part = new WSEncryptionPart(tempSig.getBSTTokenId());
+ part.setElement(tempSig.getBinarySecurityTokenElement());
}
}
} else if (tempTok instanceof WSSecUsernameToken) {
WSSecUsernameToken unt = (WSSecUsernameToken)tempTok;
part = new WSEncryptionPart(unt.getId());
+ part.setElement(unt.getUsernameTokenElement());
} else {
policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken: " + tempTok);
}
@@ -589,9 +603,7 @@ public abstract class AbstractBindingBui
}
}
-
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
-
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
@@ -605,7 +617,6 @@ public abstract class AbstractBindingBui
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
-
if (!StringUtils.isEmpty(userName)) {
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
@@ -641,8 +652,9 @@ public abstract class AbstractBindingBui
}
return null;
}
+
public String getPassword(String userName, PolicyAssertion info, int type) {
- //Then try to get the password from the given callback handler
+ //Then try to get the password from the given callback handler
Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
CallbackHandler handler = null;
@@ -661,8 +673,7 @@ public abstract class AbstractBindingBui
return null;
}
- WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
- type)};
+ WSPasswordCallback[] cb = {new WSPasswordCallback(userName, type)};
try {
handler.handle(cb);
} catch (Exception e) {
@@ -720,7 +731,7 @@ public abstract class AbstractBindingBui
return id;
}
- public Vector<WSEncryptionPart> getEncryptedParts()
+ public List<WSEncryptionPart> getEncryptedParts()
throws SOAPException {
boolean isBody = false;
@@ -765,7 +776,7 @@ public abstract class AbstractBindingBui
// REVISIT consider catching exceptions and unassert failed assertions or
// to process and assert them one at a time. Additionally, a found list
// should be applied to all operations that involve adding anything to
- // the encrypted vector to prevent duplication / errors in encryption.
+ // the encrypted list to prevent duplication / errors in encryption.
return getPartsAndElements(false,
isBody,
signedParts,
@@ -775,7 +786,7 @@ public abstract class AbstractBindingBui
celements == null ? null : celements.getDeclaredNamespaces());
}
- public Vector<WSEncryptionPart> getSignedParts()
+ public List<WSEncryptionPart> getSignedParts()
throws SOAPException {
boolean isSignBody = false;
@@ -812,7 +823,7 @@ public abstract class AbstractBindingBui
// REVISIT consider catching exceptions and unassert failed assertions or
// to process and assert them one at a time. Additionally, a found list
// should be applied to all operations that involve adding anything to
- // the signed vector to prevent duplication in the signature.
+ // the signed list to prevent duplication in the signature.
return getPartsAndElements(true,
isSignBody,
signedParts,
@@ -843,7 +854,7 @@ public abstract class AbstractBindingBui
* @param cnamespaces
* namespace prefix to namespace mappings for XPath expressions
* in {@code contentXpaths}
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws SOAPException
* if there is an error extracting SOAP content from the SAAJ
@@ -852,7 +863,7 @@ public abstract class AbstractBindingBui
* @deprecated Use {@link #getSignedParts()} and {@link #getEncryptedParts()}
* instead.
*/
- public Vector<WSEncryptionPart> getPartsAndElements(boolean sign,
+ public List<WSEncryptionPart> getPartsAndElements(boolean sign,
boolean includeBody,
List<WSEncryptionPart> parts,
List<String> xpaths,
@@ -861,7 +872,7 @@ public abstract class AbstractBindingBui
Map<String, String> cnamespaces)
throws SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
List<Element> found = new ArrayList<Element>();
@@ -903,32 +914,29 @@ public abstract class AbstractBindingBui
* signing/encryption. Populated with additional matches found by
* this method and used to prevent including the same element
* twice under the same operation.
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws SOAPException
* if there is an error extracting SOAP content from the SAAJ
* model
*/
- private Vector<WSEncryptionPart> getParts(boolean sign,
+ private List<WSEncryptionPart> getParts(boolean sign,
boolean includeBody, List<WSEncryptionPart> parts,
List<Element> found) throws SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
-
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
if (includeBody && !found.contains(this.saaj.getSOAPBody())) {
found.add(saaj.getSOAPBody());
final String id = this.addWsuIdToElement(this.saaj.getSOAPBody());
if (sign) {
- result.add(new WSEncryptionPart(
- id,
- "Element",
- WSConstants.PART_TYPE_BODY));
+ WSEncryptionPart bodyPart = new WSEncryptionPart(id, "Element");
+ bodyPart.setElement(this.saaj.getSOAPBody());
+ result.add(bodyPart);
} else {
- result.add(new WSEncryptionPart(
- id,
- "Content",
- WSConstants.PART_TYPE_BODY));
+ WSEncryptionPart bodyPart = new WSEncryptionPart(id, "Content");
+ bodyPart.setElement(this.saaj.getSOAPBody());
+ result.add(bodyPart);
}
}
@@ -953,13 +961,13 @@ public abstract class AbstractBindingBui
found.add(el);
// Generate an ID for the element and use this ID or else
// WSS4J will only ever sign/encrypt the first matching
- // elemenet with the same name and namespace as that in the
+ // element with the same name and namespace as that in the
// WSEncryptionPart
final String id = this.addWsuIdToElement(el);
- result.add(new WSEncryptionPart(
- id,
- part.getEncModifier(),
- WSConstants.PART_TYPE_HEADER));
+ WSEncryptionPart elPart =
+ new WSEncryptionPart(id, part.getEncModifier());
+ elPart.setElement(el);
+ result.add(elPart);
}
}
}
@@ -983,7 +991,7 @@ public abstract class AbstractBindingBui
* signing/encryption. Populated with additional matches found by
* this method and used to prevent including the same element
* twice under the same operation.
- * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * @return a configured list of {@code WSEncryptionPart}s suitable for
* processing by WSS4J
* @throws XPathExpressionException
* if a provided XPath is invalid
@@ -991,11 +999,11 @@ public abstract class AbstractBindingBui
* if there is an error extracting SOAP content from the SAAJ
* model
*/
- private Vector<WSEncryptionPart> getElements(String encryptionModifier,
+ private List<WSEncryptionPart> getElements(String encryptionModifier,
List<String> xpaths, Map<String, String> namespaces,
List<Element> found) throws XPathExpressionException, SOAPException {
- Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
if (xpaths != null && !xpaths.isEmpty()) {
XPathFactory factory = XPathFactory.newInstance();
@@ -1017,11 +1025,10 @@ public abstract class AbstractBindingBui
// WSEncryptionPart
final String id = this.addWsuIdToElement(el);
-
WSEncryptionPart part = new WSEncryptionPart(
id,
- encryptionModifier,
- WSConstants.PART_TYPE_ELEMENT);
+ encryptionModifier);
+ part.setElement(el);
part.setXpath(expression);
/**
@@ -1067,13 +1074,13 @@ public abstract class AbstractBindingBui
SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
}
+
public Crypto getCrypto(TokenWrapper wrapper, String cryptoKey, String propKey) {
Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
if (crypto != null) {
return crypto;
}
-
Object o = message.getContextualProperty(propKey);
if (o == null) {
return null;
@@ -1159,37 +1166,20 @@ public abstract class AbstractBindingBui
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
}
-
} else {
policyAsserted(token);
policyAsserted(wrapper);
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
+
public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
? SecurityConstants.SIGNATURE_USERNAME
: SecurityConstants.ENCRYPT_USERNAME);
- if (crypto != null) {
- if (encrUser == null) {
- encrUser = crypto.getDefaultX509Alias();
- }
- if (encrUser == null) {
- try {
- Enumeration<String> en = crypto.getKeyStore().aliases();
- if (en.hasMoreElements()) {
- encrUser = en.nextElement();
- }
- if (en.hasMoreElements()) {
- //more than one alias in the keystore, user WILL need
- //to specify
- encrUser = null;
- }
- } catch (KeyStoreException e) {
- //ignore
- }
- }
+ if (crypto != null && encrUser == null) {
+ encrUser = getDefaultCryptoAlias(crypto);
} else if (encrUser == null || "".equals(encrUser)) {
policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " crypto object found.");
}
@@ -1197,13 +1187,15 @@ public abstract class AbstractBindingBui
policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " username found.");
}
if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
- Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
- if (resultsObj != null) {
- encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ List<WSHandlerResult> results =
+ CastUtils.cast((List<?>)
+ message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
+ if (results != null) {
+ encrKeyBuilder.setUseThisCert(getReqSigCert(results));
//TODO This is a hack, this should not come under USE_REQ_SIG_CERT
if (encrKeyBuilder.isCertSet()) {
- encrKeyBuilder.setUserInfo(getUsername((Vector)resultsObj));
+ encrKeyBuilder.setUserInfo(getUsername(results));
}
} else {
policyNotAsserted(token, "No security results in incoming message");
@@ -1212,24 +1204,40 @@ public abstract class AbstractBindingBui
encrKeyBuilder.setUserInfo(encrUser);
}
}
- private static X509Certificate getReqSigCert(Vector results) {
+
+ protected String getDefaultCryptoAlias(Crypto crypto) {
+ String user = crypto.getDefaultX509Alias();
+ if (user == null) {
+ try {
+ Enumeration<String> en = crypto.getKeyStore().aliases();
+ if (en.hasMoreElements()) {
+ user = en.nextElement();
+ }
+ if (en.hasMoreElements()) {
+ //more than one alias in the keystore, user WILL need
+ //to specify
+ user = null;
+ }
+ } catch (KeyStoreException e) {
+ //ignore
+ }
+ }
+ return user;
+ }
+
+ private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.SIGN) {
return (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
@@ -1241,29 +1249,23 @@ public abstract class AbstractBindingBui
}
/**
- * Scan through <code>WSHandlerResult<code> vector for a Username token and return
+ * Scan through <code>WSHandlerResult<code> list for a Username token and return
* the username if a Username Token found
* @param results
* @return
*/
-
- public static String getUsername(Vector results) {
+ public static String getUsername(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
* Scan the results for a username token. Use the username
* of this token to set the alias for the encryption user
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.UT) {
WSUsernameTokenPrincipal principal
@@ -1275,6 +1277,7 @@ public abstract class AbstractBindingBui
return null;
}
+
protected Wss10 getWss10() {
Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.WSS10);
if (ais != null) {
@@ -1300,8 +1303,9 @@ public abstract class AbstractBindingBui
}
}
}
- protected WSSecSignatureHelper getSignatureBuider(TokenWrapper wrapper, Token token, boolean endorse) {
- WSSecSignatureHelper sig = new WSSecSignatureHelper();
+
+ protected WSSecSignature getSignatureBuilder(TokenWrapper wrapper, Token token, boolean endorse) {
+ WSSecSignature sig = new WSSecSignature();
checkForX509PkiPath(sig, token);
setKeyIdentifierType(sig, wrapper, token);
@@ -1325,25 +1329,8 @@ public abstract class AbstractBindingBui
message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
}
String user = (String)message.getContextualProperty(userNameKey);
- if (crypto != null) {
- if (StringUtils.isEmpty(user)) {
- user = crypto.getDefaultX509Alias();
- }
- if (user == null) {
- try {
- Enumeration<String> en = crypto.getKeyStore().aliases();
- if (en.hasMoreElements()) {
- user = en.nextElement();
- }
- if (en.hasMoreElements()) {
- //more than one alias in the keystore, user WILL need
- //to specify
- user = null;
- }
- } catch (KeyStoreException e) {
- //ignore
- }
- }
+ if (crypto != null && StringUtils.isEmpty(user)) {
+ user = getDefaultCryptoAlias(crypto);
}
if (StringUtils.isEmpty(user)) {
policyNotAsserted(token, "No " + type + " username found.");
@@ -1360,9 +1347,7 @@ public abstract class AbstractBindingBui
sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
try {
- sig.prepare(saaj.getSOAPPart(),
- crypto,
- secHeader);
+ sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
} catch (WSSecurityException e) {
policyNotAsserted(token, e);
}
@@ -1377,18 +1362,22 @@ public abstract class AbstractBindingBui
for (Map.Entry<Token, WSSecBase> ent : tokenMap.entrySet()) {
WSSecBase tempTok = ent.getValue();
- Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
- sigParts.add(new WSEncryptionPart(mainSigId));
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId);
+ sigPart.setElement(bottomUpElement);
+ sigParts.add(sigPart);
if (tempTok instanceof WSSecSignature) {
WSSecSignature sig = (WSSecSignature)tempTok;
if (isTokenProtection && sig.getBSTTokenId() != null) {
- sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(sig.getBSTTokenId());
+ bstPart.setElement(sig.getBinarySecurityTokenElement());
+ sigParts.add(bstPart);
}
try {
- sig.addReferencesToSign(sigParts, secHeader);
- sig.computeSignature();
- sig.appendToHeader(secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
if (isSigProtect) {
@@ -1417,8 +1406,9 @@ public abstract class AbstractBindingBui
}
}
}
+
private void doSymmSignatureDerived(Token policyToken, SecurityToken tok,
- Vector<WSEncryptionPart> sigParts, boolean isTokenProtection)
+ List<WSEncryptionPart> sigParts, boolean isTokenProtection)
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
@@ -1488,19 +1478,19 @@ public abstract class AbstractBindingBui
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
- //Do signature
- dkSign.computeSignature();
-
//Add elements to header
addSupportingElement(dkSign.getdktElement());
- secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement());
+
+ //Do signature
+ dkSign.computeSignature(referenceList, false, null);
signatures.add(dkSign.getSignatureValue());
}
+
private void doSymmSignature(Token policyToken, SecurityToken tok,
- Vector<WSEncryptionPart> sigParts, boolean isTokenProtection)
+ List<WSEncryptionPart> sigParts, boolean isTokenProtection)
throws WSSecurityException, ConversationException {
Document doc = saaj.getSOAPPart();
@@ -1509,8 +1499,10 @@ public abstract class AbstractBindingBui
// be used in the wsse:Reference in ds:KeyInfo
if (policyToken instanceof X509Token) {
if (isRequestor()) {
- sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
- + WSConstants.ENC_KEY_VALUE_TYPE);
+ // TODO Add support for SAML2 here
+ sig.setCustomTokenValueType(
+ WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE
+ );
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
} else {
//the tok has to be an EncryptedKey token
@@ -1522,8 +1514,8 @@ public abstract class AbstractBindingBui
if (tok.getTokenType() != null) {
sig.setCustomTokenValueType(tok.getTokenType());
} else {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
- + WSConstants.SAML_ASSERTION_ID);
+ // TODO Add support for SAML2 here
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
}
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
}
@@ -1546,15 +1538,14 @@ public abstract class AbstractBindingBui
sig.prepare(doc, getSignatureCrypto(null), secHeader);
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
- sig.computeSignature();
+ sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
-
- secHeader.getSecurityHeader().appendChild(sig.getSignatureElement());
}
- protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
+
+ protected void assertSupportingTokens(List<WSEncryptionPart> sigs) {
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
@@ -1564,8 +1555,9 @@ public abstract class AbstractBindingBui
.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS));
assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS));
- }
- protected void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+ }
+
+ protected void addSupportingTokens(List<WSEncryptionPart> sigs) {
Collection<PolicyAssertion> sgndSuppTokens =
findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
@@ -1609,10 +1601,8 @@ public abstract class AbstractBindingBui
addSignatureParts(sgndEncSuppTokMap, sigs);
addSignatureParts(sgndEndSuppTokMap, sigs);
addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
}
-
protected void doEndorse() {
boolean tokenProtect = false;
boolean sigProtect = false;
@@ -1634,7 +1624,7 @@ public abstract class AbstractBindingBui
doEndorsedSignatures(sgndEndSuppTokMap, tokenProtect, sigProtect);
}
- protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) {
+ protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11)
@@ -1643,16 +1633,16 @@ public abstract class AbstractBindingBui
return;
}
- Vector results = (Vector)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
+ List<WSHandlerResult> results =
+ CastUtils.cast((List<?>)
+ message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
- * signature results in the signatureActions vector
+ * signature results in the signatureActions list
*/
- Vector signatureActions = new Vector();
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
-
+ List<WSSecurityEngineResult> signatureActions = new ArrayList<WSSecurityEngineResult>();
+ for (WSHandlerResult wshResult : results) {
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
WSConstants.SIGN, signatureActions);
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
@@ -1664,9 +1654,7 @@ public abstract class AbstractBindingBui
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
if (signatureActions.size() > 0) {
- for (int i = 0; i < signatureActions.size(); i++) {
- WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
- .get(i);
+ for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare(saaj.getSOAPPart());
@@ -1700,10 +1688,10 @@ public abstract class AbstractBindingBui
* and the {@code WSEncryptionPart} {@code name} value is not
* "Token"
*/
- public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> encryptedParts,
- Vector<WSEncryptionPart> signedParts) {
+ public void handleEncryptedSignedHeaders(List<WSEncryptionPart> encryptedParts,
+ List<WSEncryptionPart> signedParts) {
- final Vector<WSEncryptionPart> signedEncryptedParts = new Vector<WSEncryptionPart>();
+ final List<WSEncryptionPart> signedEncryptedParts = new ArrayList<WSEncryptionPart>();
for (WSEncryptionPart encryptedPart : encryptedParts) {
final Iterator<WSEncryptionPart> signedPartsIt = signedParts.iterator();
@@ -1725,59 +1713,30 @@ public abstract class AbstractBindingBui
// change the ID to the encrypted ID.
signedPartsIt.remove();
- signedEncryptedParts.add(
- new WSEncryptionPart(
- encryptedPart.getEncId(),
- encryptedPart.getEncModifier(),
- encryptedPart.getType()));
+ WSEncryptionPart part = new WSEncryptionPart(
+ encryptedPart.getEncId(),
+ encryptedPart.getEncModifier());
+ part.setElement(encryptedPart.getElement());
+ signedEncryptedParts.add(part);
}
}
}
signedParts.addAll(signedEncryptedParts);
}
-
- private static final class WSSecSignatureHelper extends WSSecSignature {
- public SecurityTokenReference getSecRef() {
- return this.secRef;
- }
-
- public String getStrUri() {
- return this.strUri;
- }
-
- @Override
- public void addReferencesToSign(Vector references,
- WSSecHeader secHeader) throws WSSecurityException {
- final Vector<Object> unalteredReferences = new Vector<Object>();
-
- try {
- for (int part = 0; part < references.size(); part++) {
- final WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
-
- final String elemName = encPart.getName();
- final Transforms transforms = new Transforms(document);
-
- if (elemName != null && "ExternalSTRTransform".equals(encPart.getNamespace())) {
- final Element ctx = this.createSTRParameter(document);
- transforms.addTransform(STRTransform.implementedTransformURI, ctx);
- this.sig.addDocument("#" + elemName, transforms, this.getDigestAlgo());
- } else {
- unalteredReferences.add(encPart);
- }
- }
- } catch (TransformationException e1) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
- );
- } catch (XMLSignatureException e1) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
- );
- }
-
- super.addReferencesToSign(unalteredReferences, secHeader);
- }
+
+ /**
+ * Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not
+ * one already.
+ * @param element The DOM Element to convert
+ * @return The WSEncryptionPart representing the DOM Element argument
+ */
+ public WSEncryptionPart convertToEncryptionPart(Element element) {
+ String id = addWsuIdToElement(element);
+ WSEncryptionPart part = new WSEncryptionPart(id);
+ part.setElement(element);
+ return part;
}
+
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Feb 11 16:33:46 2011
@@ -19,12 +19,13 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
-
+import java.util.ArrayList;
import java.util.Collection;
-import java.util.Vector;
+import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
@@ -32,6 +33,7 @@ import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -91,16 +93,15 @@ public class AsymmetricBindingHandler ex
}
}
-
-
private void doSignBeforeEncrypt() {
try {
- Vector<WSEncryptionPart> sigs = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigs = new ArrayList<WSEncryptionPart>();
if (isRequestor()) {
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
addSupportingTokens(sigs);
@@ -110,22 +111,24 @@ public class AsymmetricBindingHandler ex
//confirm sig
assertSupportingTokens(sigs);
-
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
addSignatureConfirmation(sigs);
doSignature(sigs);
}
- Vector<WSEncryptionPart> enc = getEncryptedParts();
+ List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
- enc.add(new WSEncryptionPart(mainSigId, "Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
}
if (isRequestor()) {
@@ -136,7 +139,6 @@ public class AsymmetricBindingHandler ex
//Do encryption
RecipientToken recToken = abinding.getRecipientToken();
-
doEncryption(recToken, enc, false);
} catch (Exception e) {
@@ -155,8 +157,8 @@ public class AsymmetricBindingHandler ex
wrapper = abinding.getInitiatorToken();
}
encryptionToken = wrapper.getToken();
- Vector<WSEncryptionPart> encrParts = null;
- Vector<WSEncryptionPart> sigParts = null;
+ List<WSEncryptionPart> encrParts = null;
+ List<WSEncryptionPart> sigParts = null;
try {
encrParts = getEncryptedParts();
//Signed parts are determined before encryption because encrypted signed headers
@@ -167,19 +169,18 @@ public class AsymmetricBindingHandler ex
e1.printStackTrace();
}
-
if (encryptionToken == null && encrParts.size() > 0) {
//REVISIT - no token to encrypt with
}
-
if (encryptionToken != null && encrParts.size() > 0) {
WSSecBase encrBase = doEncryption(wrapper, encrParts, true);
handleEncryptedSignedHeaders(encrParts, sigParts);
-
if (timestampEl != null) {
- sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
if (isRequestor()) {
@@ -209,10 +210,12 @@ public class AsymmetricBindingHandler ex
// Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
- Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
// Now encrypt the signature using the above token
- secondEncrParts.add(new WSEncryptionPart(mainSigId, "Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
if (isRequestor()) {
for (String id : encryptedTokensIdList) {
@@ -237,7 +240,7 @@ public class AsymmetricBindingHandler ex
.createElementNS(WSConstants.ENC_NS,
WSConstants.ENC_PREFIX + ":ReferenceList");
this.insertBeforeBottomUp(secondRefList);
- ((WSSecEncrypt)encrBase).encryptForExternalRef(secondRefList, secondEncrParts);
+ ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
} catch (WSSecurityException e) {
//REVISIT - exception
@@ -248,9 +251,8 @@ public class AsymmetricBindingHandler ex
}
}
-
private WSSecBase doEncryption(TokenWrapper recToken,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean externalRef) {
//Do encryption
if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
@@ -293,22 +295,20 @@ public class AsymmetricBindingHandler ex
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
- encr.prepare(saaj.getSOAPPart(),
- crypto);
+ encr.prepare(saaj.getSOAPPart(), crypto);
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader(secHeader);
}
-
Element encryptedKeyElement = encr.getEncryptedKeyElement();
//Encrypt, get hold of the ref list and add it
if (externalRef) {
- Element refList = encr.encryptForExternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
insertBeforeBottomUp(refList);
} else {
- Element refList = encr.encryptForInternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
// Add internal refs
encryptedKeyElement.appendChild(refList);
@@ -338,7 +338,7 @@ public class AsymmetricBindingHandler ex
}
}
- private void doSignature(Vector<WSEncryptionPart> sigParts) throws WSSecurityException, SOAPException {
+ private void doSignature(List<WSEncryptionPart> sigParts) throws WSSecurityException, SOAPException {
Token sigToken = null;
TokenWrapper wrapper = null;
if (isRequestor()) {
@@ -371,43 +371,59 @@ public class AsymmetricBindingHandler ex
dkSign.prepare(saaj.getSOAPPart(), secHeader);
if (abinding.isTokenProtection()) {
- sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ WSEncryptionPart ekPart =
+ new WSEncryptionPart(encrKey.getId());
+ ekPart.setElement(encrKey.getEncryptedKeyElement());
+ sigParts.add(ekPart);
}
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, secHeader);
-
- // Do signature
- dkSign.computeSignature();
- signatures.add(dkSign.getSignatureValue());
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
// Add elements to header
addDerivedKeyElement(dkSign.getdktElement());
- insertBeforeBottomUp(dkSign.getSignatureElement());
- mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+ signatures.add(dkSign.getSignatureValue());
+
+ mainSigId = dkSign.getSignatureId();
} catch (Exception e) {
//REVISIT
e.printStackTrace();
}
} else {
-
- WSSecSignature sig = getSignatureBuider(wrapper, sigToken, false);
+ WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, false);
// This action must occur before sig.prependBSTElementToHeader
if (abinding.isTokenProtection()
&& sig.getBSTTokenId() != null) {
- sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(sig.getBSTTokenId());
+ bstPart.setElement(sig.getBinarySecurityTokenElement());
+ sigParts.add(bstPart);
}
sig.prependBSTElementToHeader(secHeader);
- insertBeforeBottomUp(sig.getSignatureElement());
- sig.addReferencesToSign(sigParts, secHeader);
- sig.computeSignature();
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ //Do signature
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
+
signatures.add(sig.getSignatureValue());
- mainSigId = addWsuIdToElement(sig.getSignatureElement());
+ mainSigId = sig.getId();
}
}
@@ -419,10 +435,12 @@ public class AsymmetricBindingHandler ex
}
//Use the secret from the incoming EncryptedKey element
- Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
- if (resultsObj != null) {
- encryptedKeyId = getRequestEncryptedKeyId((Vector)resultsObj);
- encryptedKeyValue = getRequestEncryptedKeyValue((Vector)resultsObj);
+ List<WSHandlerResult> results =
+ CastUtils.cast(
+ (List<?>)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
+ if (results != null) {
+ encryptedKeyId = getRequestEncryptedKeyId(results);
+ encryptedKeyValue = getRequestEncryptedKeyValue(results);
//In the case where we don't have the EncryptedKey in the
//request, for the control to have reached this state,
@@ -439,25 +457,20 @@ public class AsymmetricBindingHandler ex
createEncryptedKey(wrapper, token);
}
}
- public static String getRequestEncryptedKeyId(Vector results) {
+
+ public static String getRequestEncryptedKeyId(List<WSHandlerResult> results) {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
/*
- * Scan the results for the first Signature action. Use the
- * certificate of this Signature to set the certificate for the
- * encryption action :-).
- */
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
- if (actInt.intValue() == WSConstants.ENCR
- && encrKeyId != null) {
+ String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ID);
+ if (actInt.intValue() == WSConstants.ENCR && encrKeyId != null) {
return encrKeyId;
}
}
@@ -466,25 +479,20 @@ public class AsymmetricBindingHandler ex
return null;
}
- public static byte[] getRequestEncryptedKeyValue(Vector results) {
+ public static byte[] getRequestEncryptedKeyValue(List<WSHandlerResult> results) {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
- Vector wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
- if (actInt.intValue() == WSConstants.ENCR
- && decryptedKey != null) {
+ byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
+ if (actInt.intValue() == WSConstants.ENCR && decryptedKey != null) {
return decryptedKey;
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Feb 11 16:33:46 2011
@@ -19,12 +19,11 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Calendar;
-import java.util.Vector;
-
+import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
@@ -32,6 +31,7 @@ import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -66,6 +66,7 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
/**
*
@@ -91,6 +92,7 @@ public class SymmetricBindingHandler ext
}
return sbinding.getSignatureToken();
}
+
private TokenWrapper getEncryptionToken() {
if (sbinding.getProtectionToken() != null) {
return sbinding.getProtectionToken();
@@ -115,10 +117,8 @@ public class SymmetricBindingHandler ext
//REVIST - what to do with these policies?
policyAsserted(SP11Constants.TRUST_10);
policyAsserted(SP12Constants.TRUST_13);
-
}
-
private void initializeTokens() {
//Setting up encryption token and signature token
Token sigTok = getSignatureToken().getToken();
@@ -133,13 +133,12 @@ public class SymmetricBindingHandler ext
}
}
-
private void doEncryptBeforeSign() {
try {
TokenWrapper encryptionWrapper = getEncryptionToken();
Token encryptionToken = encryptionWrapper.getToken();
- Vector<WSEncryptionPart> encrParts = getEncryptedParts();
- Vector<WSEncryptionPart> sigParts = getSignedParts();
+ List<WSEncryptionPart> encrParts = getEncryptedParts();
+ List<WSEncryptionPart> sigParts = getSignedParts();
if (encryptionToken == null && encrParts.size() > 0) {
//REVISIT - nothing to encrypt?
@@ -147,7 +146,7 @@ public class SymmetricBindingHandler ext
if (encryptionToken != null && encrParts.size() > 0) {
//The encryption token can be an IssuedToken or a
- //SecureConversationToken
+ //SecureConversationToken
String tokenId = null;
SecurityToken tok = null;
if (encryptionToken instanceof IssuedToken) {
@@ -196,9 +195,10 @@ public class SymmetricBindingHandler ext
handleEncryptedSignedHeaders(encrParts, sigParts);
-
if (timestampEl != null) {
- sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
if (isRequestor()) {
@@ -206,7 +206,6 @@ public class SymmetricBindingHandler ext
} else {
addSignatureConfirmation(sigParts);
}
-
//Sign the message
//We should use the same key in the case of EncryptBeforeSig
@@ -219,15 +218,17 @@ public class SymmetricBindingHandler ext
this.doEndorse();
}
-
//Check for signature protection and encryption of UsernameToken
if (sbinding.isSignatureProtection() && this.mainSigId != null
|| encryptedTokensIdList.size() > 0 && isRequestor()) {
- Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
//Now encrypt the signature using the above token
if (sbinding.isSignatureProtection()) {
- secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ WSEncryptionPart sigPart =
+ new WSEncryptionPart(this.mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
}
if (isRequestor()) {
@@ -244,8 +245,7 @@ public class SymmetricBindingHandler ext
this.addDerivedKeyElement(secondRefList);
} else {
//Encrypt, get hold of the ref list and add it
- secondRefList = ((WSSecEncrypt)encr).encryptForExternalRef(null,
- encrParts);
+ secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, encrParts);
this.addDerivedKeyElement(secondRefList);
}
}
@@ -256,6 +256,7 @@ public class SymmetricBindingHandler ext
throw new Fault(ex);
}
}
+
private void doSignBeforeEncrypt() {
TokenWrapper sigTokenWrapper = getSignatureToken();
Token sigToken = sigTokenWrapper.getToken();
@@ -314,12 +315,11 @@ public class SymmetricBindingHandler ext
tokIncluded = false;
}
-
- Vector<WSEncryptionPart> sigs = getSignedParts();
+ List<WSEncryptionPart> sigs = getSignedParts();
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
if (isRequestor()) {
@@ -337,8 +337,6 @@ public class SymmetricBindingHandler ext
}
}
-
-
//Encryption
TokenWrapper encrTokenWrapper = getEncryptionToken();
Token encrToken = encrTokenWrapper.getToken();
@@ -363,11 +361,13 @@ public class SymmetricBindingHandler ext
}
}
- Vector<WSEncryptionPart> enc = getEncryptedParts();
+ List<WSEncryptionPart> enc = getEncryptedParts();
//Check for signature protection
if (sbinding.isSignatureProtection() && mainSigId != null) {
- enc.add(new WSEncryptionPart(mainSigId, "Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
}
if (isRequestor()) {
@@ -384,11 +384,12 @@ public class SymmetricBindingHandler ext
throw new Fault(e);
}
}
+
private WSSecBase doEncryptionDerived(TokenWrapper recToken,
SecurityToken encrTok,
Token encrToken,
boolean attached,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean atEnd) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
@@ -463,7 +464,7 @@ public class SymmetricBindingHandler ext
private WSSecBase doEncryption(TokenWrapper recToken,
SecurityToken encrTok,
boolean attached,
- Vector<WSEncryptionPart> encrParts,
+ List<WSEncryptionPart> encrParts,
boolean atEnd) {
//Do encryption
if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
@@ -493,7 +494,7 @@ public class SymmetricBindingHandler ext
encr.setEncKeyIdDirectId(true);
}
if (encrTok.getTokenType() != null) {
- encr.setEncKeyValueType(encrTok.getTokenType());
+ encr.setCustomReferenceValue(encrTok.getTokenType());
}
encr.setEncKeyId(encrTokId);
encr.setEphemeralKey(encrTok.getSecret());
@@ -509,17 +510,14 @@ public class SymmetricBindingHandler ext
if (!isRequestor()) {
if (encrTok.getSHA1() != null) {
- encr.setUseKeyIdentifier(true);
encr.setCustomReferenceValue(encrTok.getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
} else {
- encr.setUseKeyIdentifier(true);
encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
}
} else {
if (encrToken instanceof IssuedToken) {
- encr.setUseKeyIdentifier(true);
- encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
+ encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
}
@@ -532,7 +530,7 @@ public class SymmetricBindingHandler ext
}
- Element refList = encr.encryptForExternalRef(null, encrParts);
+ Element refList = encr.encryptForRef(null, encrParts);
if (atEnd) {
this.insertBeforeBottomUp(refList);
} else {
@@ -547,7 +545,7 @@ public class SymmetricBindingHandler ext
return null;
}
- private byte[] doSignatureDK(Vector<WSEncryptionPart> sigs,
+ private byte[] doSignatureDK(List<WSEncryptionPart> sigs,
TokenWrapper policyTokenWrapper,
Token policyToken,
SecurityToken tok,
@@ -627,20 +625,26 @@ public class SymmetricBindingHandler ext
}
dkSign.setParts(sigs);
- dkSign.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
- //Do signature
- dkSign.computeSignature();
-
//Add elements to header
Element el = dkSign.getdktElement();
- addDerivedKeyElement(el);
- insertBeforeBottomUp(dkSign.getSignatureElement());
- this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+ addDerivedKeyElement(el);
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+
+ this.mainSigId = dkSign.getSignatureId();
return dkSign.getSignatureValue();
}
- private byte[] doSignature(Vector<WSEncryptionPart> sigs,
+
+ private byte[] doSignature(List<WSEncryptionPart> sigs,
TokenWrapper policyTokenWrapper,
Token policyToken,
SecurityToken tok,
@@ -655,8 +659,9 @@ public class SymmetricBindingHandler ext
: WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
if (policyToken instanceof X509Token) {
if (isRequestor()) {
- sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
- + WSConstants.ENC_KEY_VALUE_TYPE);
+ sig.setCustomTokenValueType(
+ WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE
+ );
sig.setKeyIdentifierType(type);
} else {
//the tok has to be an EncryptedKey token
@@ -667,8 +672,8 @@ public class SymmetricBindingHandler ext
sig.setCustomTokenValueType(tok.getTokenType());
sig.setKeyIdentifierType(type);
} else {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
- + WSConstants.SAML_ASSERTION_ID);
+ // TODO Add support for SAML2 here
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
@@ -701,14 +706,17 @@ public class SymmetricBindingHandler ext
this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
sig.setParts(sigs);
- sig.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
//Do signature
- sig.computeSignature();
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
- Element mainSigElement = sig.getSignatureElement();
- insertBeforeBottomUp(mainSigElement);
- mainSigId = addWsuIdToElement(mainSigElement);
+ this.mainSigId = sig.getId();
return sig.getSignatureValue();
}
}
@@ -718,9 +726,9 @@ public class SymmetricBindingHandler ext
String id = encrKey.getId();
byte[] secret = encrKey.getEphemeralKey();
- Calendar created = Calendar.getInstance();
- Calendar expires = Calendar.getInstance();
- expires.setTimeInMillis(System.currentTimeMillis() + 300000);
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(
id,
encrKey.getEncryptedKeyElement(),
@@ -747,30 +755,23 @@ public class SymmetricBindingHandler ext
private String getEncryptedKey() {
- Vector results = (Vector)message.getExchange().getInMessage()
- .get(WSHandlerConstants.RECV_RESULTS);
+ List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
+ .get(WSHandlerConstants.RECV_RESULTS));
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
if (actInt.intValue() == WSConstants.ENCR
- && wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID) != null
- && ((String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID)).length() != 0) {
-
- String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
-
- Calendar created = Calendar.getInstance();
- Calendar expires = Calendar.getInstance();
- expires.setTimeInMillis(System.currentTimeMillis() + 300000);
+ && encryptedKeyID != null
+ && encryptedKeyID.length() != 0) {
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(created.getTime() + 300000);
SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
- tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY));
+ tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setSHA1(getSHA1((byte[])wser
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
tokenStore.add(tempTok);
@@ -783,14 +784,10 @@ public class SymmetricBindingHandler ext
}
private String getSHA1(byte[] input) {
- MessageDigest sha;
try {
- sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(input);
- byte[] data = sha.digest();
- return Base64.encode(data);
- } catch (NoSuchAlgorithmException e) {
+ byte[] digestBytes = WSSecurityUtil.generateDigest(input);
+ return Base64.encode(digestBytes);
+ } catch (WSSecurityException e) {
//REVISIT
}
return null;