You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/01/27 15:28:32 UTC
svn commit: r1727063 - in
/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src:
main/java/org/apache/wss4j/dom/message/
main/java/org/apache/wss4j/dom/processor/
main/java/org/apache/wss4j/dom/util/ test/java/org/apache/wss4j/dom/message/
Author: coheigea
Date: Wed Jan 27 14:28:31 2016
New Revision: 1727063
URL: http://svn.apache.org/viewvc?rev=1727063&view=rev
Log:
Brief refactor of inclusive prefixes
Added:
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java Wed Jan 27 14:28:31 2016
@@ -43,11 +43,10 @@ import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.callback.DOMCallbackLookup;
import org.apache.wss4j.dom.transform.AttachmentTransformParameterSpec;
import org.apache.wss4j.dom.transform.STRTransform;
+import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
/**
* This is the base class for WS Security messages that are used for signature generation or
@@ -287,48 +286,7 @@ public class WSSecSignatureBase extends
* Get the List of inclusive prefixes from the DOM Element argument
*/
public List<String> getInclusivePrefixes(Element target, boolean excludeVisible) {
- List<String> result = new ArrayList<>();
- Node parent = target;
- while (parent.getParentNode() != null
- && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
- parent = parent.getParentNode();
- NamedNodeMap attributes = parent.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- Node attribute = attributes.item(i);
- if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
- if ("xmlns".equals(attribute.getNodeName())) {
- result.add("#default");
- } else {
- result.add(attribute.getLocalName());
- }
- }
- }
- }
-
- if (excludeVisible) {
- NamedNodeMap attributes = target.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- Node attribute = attributes.item(i);
- if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
- if ("xmlns".equals(attribute.getNodeName())) {
- result.remove("#default");
- } else {
- result.remove(attribute.getLocalName());
- }
- }
- if (attribute.getPrefix() != null) {
- result.remove(attribute.getPrefix());
- }
- }
-
- if (target.getPrefix() == null) {
- result.remove("#default");
- } else {
- result.remove(target.getPrefix());
- }
- }
-
- return result;
+ return SignatureUtils.getInclusivePrefixes(target, excludeVisible);
}
/**
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java Wed Jan 27 14:28:31 2016
@@ -47,7 +47,7 @@ import org.apache.wss4j.dom.str.STRParse
import org.apache.wss4j.dom.str.STRParserResult;
import org.apache.wss4j.dom.str.SecurityTokenRefSTRParser;
import org.apache.wss4j.dom.util.EncryptionUtils;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.X509Util;
import org.w3c.dom.Element;
@@ -101,7 +101,7 @@ public class EncryptedDataProcessor impl
if (request.isRequireSignedEncryptedDataElements()) {
List<WSSecurityEngineResult> signedResults =
wsDocInfo.getResultsByTag(WSConstants.SIGN);
- WSSecurityUtil.verifySignedElement(elem, signedResults);
+ SignatureUtils.verifySignedElement(elem, signedResults);
}
SecretKey key = null;
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Wed Jan 27 14:28:31 2016
@@ -63,6 +63,7 @@ import org.apache.wss4j.dom.str.STRParse
import org.apache.wss4j.dom.str.STRParserParameters;
import org.apache.wss4j.dom.str.STRParserResult;
import org.apache.wss4j.dom.util.EncryptionUtils;
+import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.X509Util;
import org.apache.xml.security.algorithms.JCEMapper;
@@ -547,7 +548,7 @@ public class EncryptedKeyProcessor imple
if (encryptedDataElement != null && data.isRequireSignedEncryptedDataElements()) {
List<WSSecurityEngineResult> signedResults =
docInfo.getResultsByTag(WSConstants.SIGN);
- WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
+ SignatureUtils.verifySignedElement(encryptedDataElement, signedResults);
}
//
// Prepare the SecretKey object to decrypt EncryptedData
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java Wed Jan 27 14:28:31 2016
@@ -49,7 +49,7 @@ import org.apache.wss4j.dom.str.STRParse
import org.apache.wss4j.dom.str.STRParserResult;
import org.apache.wss4j.dom.str.SecurityTokenRefSTRParser;
import org.apache.wss4j.dom.util.EncryptionUtils;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.X509Util;
public class ReferenceListProcessor implements Processor {
@@ -133,7 +133,7 @@ public class ReferenceListProcessor impl
if (encryptedDataElement != null && data.isRequireSignedEncryptedDataElements()) {
List<WSSecurityEngineResult> signedResults =
wsDocInfo.getResultsByTag(WSConstants.SIGN);
- WSSecurityUtil.verifySignedElement(encryptedDataElement, signedResults);
+ SignatureUtils.verifySignedElement(encryptedDataElement, signedResults);
}
//
// Prepare the SecretKey object to decrypt EncryptedData
Added: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java?rev=1727063&view=auto
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java (added)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java Wed Jan 27 14:28:31 2016
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.util;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDataRef;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+
+/**
+ * WS-Security Utility methods. <p/>
+ */
+public final class SignatureUtils {
+
+ private SignatureUtils() {
+ // Complete
+ }
+
+ public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo)
+ throws WSSecurityException {
+ verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN));
+ }
+
+ public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults)
+ throws WSSecurityException {
+ if (signedResults != null) {
+ for (WSSecurityEngineResult signedResult : signedResults) {
+ @SuppressWarnings("unchecked")
+ List<WSDataRef> dataRefs =
+ (List<WSDataRef>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ if (dataRefs != null) {
+ for (WSDataRef dataRef : dataRefs) {
+ if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) {
+ return;
+ }
+ }
+ }
+ }
+ }
+
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_CHECK, "elementNotSigned",
+ new Object[] {elem});
+ }
+
+ /**
+ * Get the List of inclusive prefixes from the DOM Element argument
+ */
+ public static List<String> getInclusivePrefixes(Element target, boolean excludeVisible) {
+ List<String> result = new ArrayList<>();
+ Node parent = target;
+ while (parent.getParentNode() != null
+ && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
+ parent = parent.getParentNode();
+ NamedNodeMap attributes = parent.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Node attribute = attributes.item(i);
+ if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
+ if ("xmlns".equals(attribute.getNodeName())) {
+ result.add("#default");
+ } else {
+ result.add(attribute.getLocalName());
+ }
+ }
+ }
+ }
+
+ if (excludeVisible) {
+ NamedNodeMap attributes = target.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Node attribute = attributes.item(i);
+ if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
+ if ("xmlns".equals(attribute.getNodeName())) {
+ result.remove("#default");
+ } else {
+ result.remove(attribute.getLocalName());
+ }
+ }
+ if (attribute.getPrefix() != null) {
+ result.remove(attribute.getPrefix());
+ }
+ }
+
+ if (target.getPrefix() == null) {
+ result.remove("#default");
+ } else {
+ result.remove(target.getPrefix());
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Does the current element or some ancestor of it correspond to the known "signedElement"?
+ */
+ private static boolean isElementOrAncestorSigned(Element elem, Element signedElement)
+ throws WSSecurityException {
+ final Element envelope = elem.getOwnerDocument().getDocumentElement();
+ Node cur = elem;
+ while (!cur.isSameNode(envelope)) {
+ if (cur.getNodeType() == Node.ELEMENT_NODE && cur.equals(signedElement)) {
+ return true;
+ }
+ cur = cur.getParentNode();
+ }
+
+ return false;
+ }
+
+}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Wed Jan 27 14:28:31 2016
@@ -23,11 +23,8 @@ import org.apache.wss4j.dom.SOAP11Consta
import org.apache.wss4j.dom.SOAP12Constants;
import org.apache.wss4j.dom.SOAPConstants;
import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSDataRef;
-import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.callback.CallbackLookup;
import org.apache.wss4j.dom.engine.WSSConfig;
-import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
@@ -528,50 +525,6 @@ public final class WSSecurityUtil {
}
}
- public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo)
- throws WSSecurityException {
- verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN));
- }
-
- public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults)
- throws WSSecurityException {
- if (signedResults != null) {
- for (WSSecurityEngineResult signedResult : signedResults) {
- @SuppressWarnings("unchecked")
- List<WSDataRef> dataRefs =
- (List<WSDataRef>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
- if (dataRefs != null) {
- for (WSDataRef dataRef : dataRefs) {
- if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) {
- return;
- }
- }
- }
- }
- }
-
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILED_CHECK, "elementNotSigned",
- new Object[] {elem});
- }
-
- /**
- * Does the current element or some ancestor of it correspond to the known "signedElement"?
- */
- private static boolean isElementOrAncestorSigned(Element elem, Element signedElement)
- throws WSSecurityException {
- final Element envelope = elem.getOwnerDocument().getDocumentElement();
- Node cur = elem;
- while (!cur.isSameNode(envelope)) {
- if (cur.getNodeType() == Node.ELEMENT_NODE && cur.equals(signedElement)) {
- return true;
- }
- cur = cur.getParentNode();
- }
-
- return false;
- }
-
public static byte[] getBytesFromAttachment(
String xopUri, RequestData data
) throws WSSecurityException {
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java?rev=1727063&r1=1727062&r2=1727063&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/ModifiedRequestTest.java Wed Jan 27 14:28:31 2016
@@ -46,6 +46,7 @@ import org.apache.wss4j.dom.engine.WSSec
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.saml.WSSecSignatureSAML;
+import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.junit.Test;
@@ -207,7 +208,7 @@ public class ModifiedRequestTest extends
List<WSSecurityEngineResult> signedResults =
results.getActionResults().get(WSConstants.SIGN);
try {
- WSSecurityUtil.verifySignedElement((Element)valueNode, signedResults);
+ SignatureUtils.verifySignedElement((Element)valueNode, signedResults);
fail("Failure expected on the required element not being signed");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);