You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2004/03/08 21:13:08 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/security/message WSEncryptBody.java WSBaseMessage.java
werner 2004/03/08 12:13:08
Modified: wss4j/src/org/apache/ws/security SOAP12Constants.java
SOAPConstants.java SOAP11Constants.java
wss4j/src/org/apache/ws/axis/security WSDoAllReceiver.java
wss4j/src/org/apache/ws/security/message WSEncryptBody.java
WSBaseMessage.java
Log:
Fixing problems in header and mustUnderstand handling
(setProcessed header). Also fix Mustunderstand flag according
to specs ("1" in SOAP 1.1, "true" in SOAP 1.2) to be inline with
Axis.
Revision Changes Path
1.2 +6 -0 ws-fx/wss4j/src/org/apache/ws/security/SOAP12Constants.java
Index: SOAP12Constants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/SOAP12Constants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SOAP12Constants.java 13 Feb 2004 20:43:07 -0000 1.1
+++ SOAP12Constants.java 8 Mar 2004 20:13:08 -0000 1.2
@@ -63,5 +63,11 @@
public String getNextRoleURI() {
return WSConstants.URI_SOAP12_NEXT_ROLE;
}
+ /**
+ * Obtain the Mustunderstand string
+ */
+ public String getMustunderstand() {
+ return "true";
+ }
}
1.2 +6 -0 ws-fx/wss4j/src/org/apache/ws/security/SOAPConstants.java
Index: SOAPConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/SOAPConstants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SOAPConstants.java 13 Feb 2004 20:43:07 -0000 1.1
+++ SOAPConstants.java 8 Mar 2004 20:13:08 -0000 1.2
@@ -62,6 +62,12 @@
* Obtain the "next" role/actor URI
*/
public String getNextRoleURI();
+
+ /**
+ * Obtain the "next" role/actor URI
+ */
+ public String getMustunderstand();
+
}
1.2 +7 -0 ws-fx/wss4j/src/org/apache/ws/security/SOAP11Constants.java
Index: SOAP11Constants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/SOAP11Constants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SOAP11Constants.java 13 Feb 2004 20:43:07 -0000 1.1
+++ SOAP11Constants.java 8 Mar 2004 20:13:08 -0000 1.2
@@ -58,4 +58,11 @@
public String getNextRoleURI() {
return WSConstants.URI_SOAP11_NEXT_ACTOR;
}
+ /**
+ * Obtain the Mustunderstand string
+ */
+ public String getMustunderstand() {
+ return "1";
+ }
+
}
1.3 +30 -14 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java
Index: WSDoAllReceiver.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WSDoAllReceiver.java 24 Feb 2004 12:47:30 -0000 1.2
+++ WSDoAllReceiver.java 8 Mar 2004 20:13:08 -0000 1.3
@@ -100,9 +100,10 @@
SOAPHeaderElement headerElement = null;
while (headers.hasNext()) {
- headerElement = (SOAPHeaderElement) headers.next();
- if (headerElement.getLocalName().equals(WSConstants.WSSE_LN)
- && headerElement.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ SOAPHeaderElement hE = (SOAPHeaderElement) headers.next();
+ if (hE.getLocalName().equals(WSConstants.WSSE_LN)
+ && hE.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerElement = hE;
break;
}
}
@@ -123,10 +124,7 @@
} else {
throw new AxisFault("WSDoAllReceiver: Request does not contain required Security header");
}
- } else {
- ((org.apache.axis.message.SOAPHeaderElement) headerElement)
- .setProcessed(true);
- }
+ }
Document doc = null;
try {
@@ -186,17 +184,35 @@
log.debug(osStr);
}
sPart.setCurrentMessage(osStr, SOAPPart.FORM_STRING);
+
+ /*
+ * After setting the new current message, probably modified because
+ * of decryption, we need to redo the security header locate. That is,
+ * we force Axis (with getSOAPEnvelope()) to parse the string, build
+ * the new header. Then we examine again, look up the security header
+ * (as above when checking for security) and set the header as
+ * processed.
+ */
- /*
try {
- AxisUtil.updateSOAPMessage(doc, sm);
-
+ sHeader = sm.getSOAPEnvelope().getHeader();
} catch (Exception ex) {
- throw new AxisFault(
- "WSDoAllReceiver: cannot update processed message",
- ex);
+ throw new AxisFault("WSDoAllReceiver: cannot get SOAP header", ex);
}
- */
+
+ headers = sHeader.examineHeaderElements(actor);
+
+ headerElement = null;
+ while (headers.hasNext()) {
+ SOAPHeaderElement hE = (SOAPHeaderElement) headers.next();
+ if (hE.getLocalName().equals(WSConstants.WSSE_LN)
+ && hE.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerElement = hE;
+ break;
+ }
+ }
+ ((org.apache.axis.message.SOAPHeaderElement) headerElement).setProcessed(true);
+
Vector resultActions = wsResult.getActions();
int size = actions.size();
if (size != resultActions.size()) {
1.3 +12 -1 ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java
Index: WSEncryptBody.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WSEncryptBody.java 7 Mar 2004 10:47:50 -0000 1.2
+++ WSEncryptBody.java 8 Mar 2004 20:13:08 -0000 1.3
@@ -340,7 +340,18 @@
"unsupportedKeyTransp", new Object[]{keyEncAlgo});
}
cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
- byte[] encryptedKey = cipher.doFinal(symmetricKey.getEncoded());
+ byte[] encKey = symmetricKey.getEncoded();
+ if (doDebug) {
+ log.debug("cipher blksize: " + cipher.getBlockSize() +
+ ", symm key length: " + encKey.length);
+ }
+ if (cipher.getBlockSize() < encKey.length) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "unsupportedKeyTransp",
+ new Object[] { "public key algorithm to weak to encrypt smmetric key" });
+ }
+ byte[] encryptedKey = cipher.doFinal(encKey);
Text keyText =
WSSecurityUtil.createBase64EncodedTextNode(doc, encryptedKey);
1.2 +4 -4 ws-fx/wss4j/src/org/apache/ws/security/message/WSBaseMessage.java
Index: WSBaseMessage.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSBaseMessage.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WSBaseMessage.java 13 Feb 2004 20:43:08 -0000 1.1
+++ WSBaseMessage.java 8 Mar 2004 20:13:08 -0000 1.2
@@ -41,7 +41,7 @@
public class WSBaseMessage {
private static Log log = LogFactory.getLog(WSBaseMessage.class.getName());
protected String actor = null;
- protected String mustunderstand = "true";
+ protected boolean mustunderstand = true;
protected String user = null;
protected String password = null;
protected int keyIdentifierType = WSConstants.ISSUER_SERIAL;
@@ -103,7 +103,7 @@
* @param mu Set <code>mustUnderstand</code> to true or false
*/
public void setMustUnderstand(boolean mu) {
- mustunderstand = mu ? "true" : null;
+ mustunderstand = mu;
}
/**
@@ -226,11 +226,11 @@
+ soapConstants.getRoleAttributeQName().getLocalPart(),
actor);
}
- if (mustunderstand != null) {
+ if (mustunderstand) {
securityHeader.setAttributeNS(
soapConstants.getEnvelopeURI(),
soapPrefix + ":" + WSConstants.ATTR_MUST_UNDERSTAND,
- mustunderstand);
+ soapConstants.getMustunderstand());
}
if (timestamp) {
Element elementTime = doc.createElementNS(WSConstants.WSU_NS, "wsu:Timestamp");