You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/08/14 11:21:42 UTC
svn commit: r1513772 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/tes...
Author: coheigea
Date: Wed Aug 14 09:21:42 2013
New Revision: 1513772
URL: http://svn.apache.org/r1513772
Log:
[WSS-476] - Add the ability to configure the Signature Canonicalization Algorithm via WSHandler
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Wed Aug 14 09:21:42 2013
@@ -580,6 +580,12 @@ public final class ConfigurationConstant
* </pre>
*/
public static final String SIG_DIGEST_ALGO = "signatureDigestAlgorithm";
+
+ /**
+ * Defines which signature c14n (canonicalization) algorithm to use. The default is:
+ * "http://www.w3.org/2001/10/xml-exc-c14n#"
+ */
+ public static final String SIG_C14N_ALGO = "signatureC14nAlgorithm";
/**
* Parameter to define which parts of the request shall be signed.
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java Wed Aug 14 09:21:42 2013
@@ -104,6 +104,9 @@ public class SAMLTokenSignedAction imple
if (reqData.getSigDigestAlgorithm() != null) {
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
+ if (reqData.getSignatureC14nAlgorithm() != null) {
+ wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm());
+ }
/*
* required to add support for the
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Wed Aug 14 09:21:42 2013
@@ -52,6 +52,9 @@ public class SignatureAction implements
if (reqData.getSigDigestAlgorithm() != null) {
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
+ if (reqData.getSignatureC14nAlgorithm() != null) {
+ wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm());
+ }
wsSign.setIncludeSignatureToken(reqData.isIncludeSignatureToken());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Wed Aug 14 09:21:42 2013
@@ -66,6 +66,7 @@ public class RequestData {
private int sigKeyId;
private String sigAlgorithm;
private String signatureDigestAlgorithm;
+ private String signatureC14nAlgorithm;
private String encryptionDigestAlgorithm;
private String encryptionMGFAlgorithm;
private List<WSEncryptionPart> signatureParts = new ArrayList<WSEncryptionPart>();
@@ -112,6 +113,7 @@ public class RequestData {
wssConfig = null;
signatureValues.clear();
signatureDigestAlgorithm = null;
+ signatureC14nAlgorithm = null;
encryptionDigestAlgorithm = null;
encSymmetricEncryptionKey = true;
signatureUser = null;
@@ -136,6 +138,14 @@ public class RequestData {
includeSignatureToken = false;
}
+ public String getSignatureC14nAlgorithm() {
+ return signatureC14nAlgorithm;
+ }
+
+ public void setSignatureC14nAlgorithm(String signatureC14nAlgorithm) {
+ this.signatureC14nAlgorithm = signatureC14nAlgorithm;
+ }
+
public Object getMsgContext() {
return msgContext;
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Wed Aug 14 09:21:42 2013
@@ -528,6 +528,9 @@ public abstract class WSHandler {
String digestAlgo = getString(WSHandlerConstants.SIG_DIGEST_ALGO, mc);
reqData.setSigDigestAlgorithm(digestAlgo);
+
+ String c14nAlgo = getString(WSHandlerConstants.SIG_C14N_ALGO, mc);
+ reqData.setSignatureC14nAlgorithm(c14nAlgo);
String parts = getString(WSHandlerConstants.SIGNATURE_PARTS, mc);
if (parts != null) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Wed Aug 14 09:21:42 2013
@@ -582,6 +582,12 @@ public final class WSHandlerConstants {
* </pre>
*/
public static final String SIG_DIGEST_ALGO = ConfigurationConstants.SIG_DIGEST_ALGO;
+
+ /**
+ * Defines which signature c14n (canonicalization) algorithm to use. The default is:
+ * "http://www.w3.org/2001/10/xml-exc-c14n#"
+ */
+ public static final String SIG_C14N_ALGO = ConfigurationConstants.SIG_C14N_ALGO;
/**
* Parameter to define which parts of the request shall be signed.
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java Wed Aug 14 09:21:42 2013
@@ -868,6 +868,53 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
}
+
+ @org.junit.Test
+ public void testWSHandlerSignatureCanonicalization() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.SIG_C14N_ALGO, WSConstants.C14N_WITH_COMMENTS);
+ config.put("password", "security");
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new java.util.ArrayList<Integer>();
+ actions.add(WSConstants.SIGN);
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+
+ RequestData data = new RequestData();
+ data.setWssConfig(WSSConfig.getNewInstance());
+ data.setSigVerCrypto(crypto);
+
+ List<BSPRule> disabledRules = new ArrayList<BSPRule>();
+ disabledRules.add(BSPRule.R5404);
+ disabledRules.add(BSPRule.R5406);
+ data.setIgnoredBSPRules(disabledRules);
+
+ WSSecurityEngine newSecEngine = new WSSecurityEngine();
+ List<WSSecurityEngineResult> results =
+ newSecEngine.processSecurityHeader(doc, "", data);
+ assertTrue(handler.checkResults(results, actions));
+ }
/**
* Verifies the soap envelope.
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1513772&r1=1513771&r2=1513772&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Wed Aug 14 09:21:42 2013
@@ -462,6 +462,9 @@ public final class ConfigurationConverte
String sigDigestAlgo = getString(ConfigurationConstants.SIG_DIGEST_ALGO, config);
properties.setSignatureDigestAlgorithm(sigDigestAlgo);
+ String sigC14nAlgo = getString(ConfigurationConstants.SIG_C14N_ALGO, config);
+ properties.setSignatureCanonicalizationAlgorithm(sigC14nAlgo);
+
String sigParts = getString(ConfigurationConstants.SIGNATURE_PARTS, config);
if (sigParts != null) {
List<SecurePart> parts = new ArrayList<SecurePart>();