You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/10/28 11:00:02 UTC
svn commit: r1190214 [6/6] - in /webservices/wss4j/branches/swssf: ./
bindings/ bindings/c14n-binding/ bindings/c14n-binding/src/
bindings/c14n-binding/src/main/ bindings/c14n-binding/src/main/java/
bindings/c14n-binding/src/main/resources/ bindings/c1...
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Fri Oct 28 08:59:57 2011
@@ -19,22 +19,17 @@
package org.swssf.wss.impl.securityToken;
import org.apache.commons.codec.binary.Base64;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.BinarySecurityTokenType;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.KeyIdentifierType;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.SecurityTokenReferenceType;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.UsernameTokenType;
import org.opensaml.common.SAMLVersion;
+import org.swssf.binding.wss10.*;
+import org.swssf.binding.xmldsig.KeyInfoType;
+import org.swssf.binding.xmldsig.X509DataType;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSUtils;
import org.swssf.wss.ext.WSSecurityException;
import org.swssf.wss.impl.saml.SAMLKeyInfo;
import org.swssf.xmlsec.crypto.Crypto;
-import org.swssf.xmlsec.ext.SecurityContext;
-import org.swssf.xmlsec.ext.SecurityToken;
-import org.swssf.xmlsec.ext.SecurityTokenProvider;
-import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.ext.*;
import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
-import org.w3._2000._09.xmldsig_.KeyInfoType;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.stream.events.XMLEvent;
@@ -55,8 +50,9 @@ public class SecurityTokenFactoryImpl ex
public SecurityToken getSecurityToken(KeyInfoType keyInfoType, Crypto crypto,
final CallbackHandler callbackHandler, SecurityContext securityContext,
Object processor) throws XMLSecurityException {
- if (keyInfoType != null && keyInfoType instanceof org.w3._2000._09.xmldsig_.wss.KeyInfoType) {
- return getSecurityToken(((org.w3._2000._09.xmldsig_.wss.KeyInfoType) keyInfoType).getSecurityTokenReferenceType(), crypto, callbackHandler, securityContext, processor);
+ if (keyInfoType != null) {
+ final SecurityTokenReferenceType securityTokenReferenceType = XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
+ return getSecurityToken(securityTokenReferenceType, crypto, callbackHandler, securityContext, processor);
} else if (crypto.getDefaultX509Alias() != null) {
return new X509DefaultSecurityToken(securityContext, crypto, callbackHandler, crypto.getDefaultX509Alias(), crypto.getDefaultX509Alias(), processor);
}
@@ -71,13 +67,18 @@ public class SecurityTokenFactoryImpl ex
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSecTokRef");
}
- if (securityTokenReferenceType.getX509DataType() != null) {
- return new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.ISSUER_SERIAL, new X509DataSecurityToken(securityContext, crypto, callbackHandler, securityTokenReferenceType.getX509DataType(), securityTokenReferenceType.getId(), processor));
+ final X509DataType x509DataType = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_dsig_X509Data);
+ final KeyIdentifierType keyIdentifierType = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_KeyIdentifier);
+ final ReferenceType referenceType = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_Reference);
+ if (x509DataType != null) {
+ return new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.ISSUER_SERIAL,
+ new X509DataSecurityToken(securityContext, crypto, callbackHandler,
+ x509DataType,
+ securityTokenReferenceType.getId(), processor));
}
- //todo this is not supported by outputProcessor but can be implemented. We'll have a look at the spec if this is allowed
- else if (securityTokenReferenceType.getKeyIdentifierType() != null) {
- KeyIdentifierType keyIdentifierType = securityTokenReferenceType.getKeyIdentifierType();
-
+ //todo this is not supported by outputProcessor but can be implemented.
+ // We'll have a look at the spec if this is allowed
+ else if (keyIdentifierType != null) {
String valueType = keyIdentifierType.getValueType();
String encodingType = keyIdentifierType.getEncodingType();
@@ -99,40 +100,42 @@ public class SecurityTokenFactoryImpl ex
}
return securityTokenProvider.getSecurityToken(crypto);
}
- } else if (securityTokenReferenceType.getReferenceType() != null) {
+ } else if (referenceType != null) {
- String uri = securityTokenReferenceType.getReferenceType().getURI();
+ String uri = referenceType.getURI();
if (uri == null) {
throw new WSSecurityException("badReferenceURI");
}
uri = WSSUtils.dropReferenceMarker(uri);
//embedded BST:
- if (securityTokenReferenceType.getReferenceType().getBinarySecurityTokenType() != null
- && uri.equals(securityTokenReferenceType.getReferenceType().getBinarySecurityTokenType().getId())) {
- BinarySecurityTokenType binarySecurityTokenType = securityTokenReferenceType.getReferenceType().getBinarySecurityTokenType();
+ //todo? this seems not to be schema valid!
+ /*BinarySecurityTokenType binarySecurityTokenType = XMLSecurityUtils.getQNameType(referenceType, WSSConstants.TAG_dsig_X509Data)
+ if (referenceType.getBinarySecurityTokenType() != null
+ && uri.equals(referenceType.getBinarySecurityTokenType().getId())) {
+ BinarySecurityTokenType binarySecurityTokenType = referenceType.getBinarySecurityTokenType();
return new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.BST_EMBEDDED, getSecurityToken(binarySecurityTokenType, securityContext, crypto, callbackHandler, processor));
- } else {//referenced BST:
- //we have to search BST somewhere in the doc. First we will check for a BST already processed and
- //stored in the context. Otherwise we will abort now.
-
- //prevent recursive key reference DOS:
- Integer invokeCount = securityContext.<Integer>get("" + Thread.currentThread().hashCode());
- if (invokeCount == null) {
- invokeCount = 0;
- }
- invokeCount++;
- if (invokeCount == 10) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
- }
- securityContext.put("" + Thread.currentThread().hashCode(), invokeCount);
+ } else {//referenced BST:*/
+ //we have to search BST somewhere in the doc. First we will check for a BST already processed and
+ //stored in the context. Otherwise we will abort now.
+
+ //prevent recursive key reference DOS:
+ Integer invokeCount = securityContext.<Integer>get("" + Thread.currentThread().hashCode());
+ if (invokeCount == null) {
+ invokeCount = 0;
+ }
+ invokeCount++;
+ if (invokeCount == 10) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
+ }
+ securityContext.put("" + Thread.currentThread().hashCode(), invokeCount);
- SecurityTokenProvider securityTokenProvider = securityContext.getSecurityTokenProvider(uri);
- if (securityTokenProvider == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
- }
- return new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE, securityTokenProvider.getSecurityToken(crypto));
+ SecurityTokenProvider securityTokenProvider = securityContext.getSecurityTokenProvider(uri);
+ if (securityTokenProvider == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
}
+ return new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE, securityTokenProvider.getSecurityToken(crypto));
}
+ //}
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
} finally {
securityContext.remove("" + Thread.currentThread().hashCode());
@@ -157,8 +160,10 @@ public class SecurityTokenFactoryImpl ex
}
}
- public static SecurityToken getSecurityToken(UsernameTokenType usernameTokenType, SecurityContext securityContext, Object processor) throws WSSecurityException {
- return new UsernameSecurityToken(usernameTokenType, securityContext, usernameTokenType.getId(), processor);
+ public static SecurityToken getSecurityToken(String username, String password, String created, byte[] nonce,
+ byte[] salt, Long iteration, SecurityContext securityContext,
+ String id, Object processor) throws WSSecurityException {
+ return new UsernameSecurityToken(username, password, created, nonce, salt, iteration, securityContext, id, processor);
}
public static SecurityToken getSecurityToken(SAMLVersion samlVersion, SAMLKeyInfo samlKeyInfo, SecurityContext securityContext, Crypto crypto, CallbackHandler callbackHandler, String id, Object processor) throws WSSecurityException {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/UsernameSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/UsernameSecurityToken.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/UsernameSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/UsernameSecurityToken.java Fri Oct 28 08:59:57 2011
@@ -18,8 +18,6 @@
*/
package org.swssf.wss.impl.securityToken;
-import org.apache.commons.codec.binary.Base64;
-import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0.UsernameTokenType;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityException;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
@@ -41,26 +39,16 @@ import java.util.Map;
*/
public class UsernameSecurityToken extends AbstractAlgorithmSuiteSecurityEventFiringSecurityToken {
- private static final int DEFAULT_ITERATION = 1000;
+ private static final long DEFAULT_ITERATION = 1000;
private String username;
private String password;
private String created;
private byte[] nonce;
private byte[] salt;
- private Integer iteration;
+ private Long iteration;
- UsernameSecurityToken(UsernameTokenType usernameTokenType, SecurityContext securityContext, String id, Object processor) {
- super(securityContext, id, processor);
- this.username = usernameTokenType.getUsername();
- this.password = usernameTokenType.getPassword();
- this.created = usernameTokenType.getCreated();
- this.nonce = usernameTokenType.getNonce() != null ? Base64.decodeBase64(usernameTokenType.getNonce()) : null;
- this.salt = usernameTokenType.getSalt() != null ? Base64.decodeBase64(usernameTokenType.getSalt()) : null;
- this.iteration = usernameTokenType.getIteration() != null ? Integer.parseInt(usernameTokenType.getIteration()) : null;
- }
-
- public UsernameSecurityToken(String username, String password, String created, byte[] nonce, byte[] salt, Integer iteration, SecurityContext securityContext, String id, Object processor) {
+ public UsernameSecurityToken(String username, String password, String created, byte[] nonce, byte[] salt, Long iteration, SecurityContext securityContext, String id, Object processor) {
super(securityContext, id, processor);
this.username = username;
this.password = password;
@@ -90,7 +78,7 @@ public class UsernameSecurityToken exten
return salt;
}
- public Integer getIteration() {
+ public Long getIteration() {
return iteration;
}
@@ -106,7 +94,7 @@ public class UsernameSecurityToken exten
* @throws org.swssf.wss.ext.WSSecurityException
*
*/
- public byte[] generateDerivedKey(String rawPassword, byte[] salt, int iteration) throws WSSecurityException {
+ public byte[] generateDerivedKey(String rawPassword, byte[] salt, long iteration) throws WSSecurityException {
if (iteration == 0) {
iteration = DEFAULT_ITERATION;
}
@@ -224,9 +212,8 @@ public class UsernameSecurityToken exten
super.getSecretKey(algorithmURI, keyUsage);
byte[] secretToken = null;
if (getSalt() != null && getIteration() != null) {
- int iteration = getIteration();
byte[] salt = getSalt();
- secretToken = generateDerivedKey(getPassword(), salt, iteration);
+ secretToken = generateDerivedKey(getPassword(), salt, getIteration());
} else {
secretToken = getSecretKey(getPassword(), WSSConstants.WSE_DERIVED_KEY_LEN, WSSConstants.LABEL_FOR_DERIVED_KEY);
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java Fri Oct 28 08:59:57 2011
@@ -18,11 +18,13 @@
*/
package org.swssf.wss.impl.securityToken;
+import org.swssf.binding.xmldsig.X509DataType;
+import org.swssf.binding.xmldsig.X509IssuerSerialType;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.ext.SecurityContext;
import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.w3._2000._09.xmldsig_.X509DataType;
+import org.swssf.xmlsec.ext.XMLSecurityUtils;
import javax.security.auth.callback.CallbackHandler;
@@ -41,7 +43,8 @@ public class X509DataSecurityToken exten
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getAliasForX509Cert(x509DataType.getX509IssuerSerialType().getX509IssuerName(), x509DataType.getX509IssuerSerialType().getX509SerialNumber());
+ X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
+ this.alias = getCrypto().getAliasForX509Cert(x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber());
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/DerivedKeyTokenTest.java Fri Oct 28 08:59:57 2011
@@ -23,6 +23,7 @@ import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.*;
import org.apache.ws.security.message.token.SecurityTokenReference;
@@ -37,6 +38,7 @@ import org.swssf.xmlsec.test.utils.StAX2
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -62,6 +64,14 @@ public class DerivedKeyTokenTest extends
WSSConfig.init();
}
+ @DataProvider(name = "versionProvider")
+ public Object[][] versionProvider() {
+ return new Object[][]{
+ {ConversationConstants.VERSION_05_02},
+ {ConversationConstants.VERSION_05_12}
+ };
+ }
+
@Test
public void testEncryptionDecryptionTRIPLEDESOutbound() throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -94,8 +104,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testEncryptionDecryptionTRIPLEDESInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testEncryptionDecryptionTRIPLEDESInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -105,6 +115,7 @@ public class DerivedKeyTokenTest extends
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
+ sctBuilder.setWscVersion(version);
sctBuilder.prepare(doc, crypto);
//EncryptedKey
@@ -119,6 +130,7 @@ public class DerivedKeyTokenTest extends
//Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
encrBuilder.setExternalKey(ek, tokenIdentifier);
encrBuilder.build(doc, secHeader);
@@ -147,7 +159,6 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
public void testEncryptionDecryptionAES128Outbound() throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -179,8 +190,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testEncryptionDecryptionAES128Inbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testEncryptionDecryptionAES128Inbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -189,6 +200,7 @@ public class DerivedKeyTokenTest extends
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -204,6 +216,7 @@ public class DerivedKeyTokenTest extends
//Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(ek, tokenIdentifier);
encrBuilder.build(doc, secHeader);
@@ -265,8 +278,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testSignatureInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSignatureInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -287,6 +300,7 @@ public class DerivedKeyTokenTest extends
//Derived key encryption
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(ek, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
@@ -360,8 +374,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testSignatureThumbprintSHA1Inbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSignatureThumbprintSHA1Inbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -377,6 +391,7 @@ public class DerivedKeyTokenTest extends
secToken.setKeyIdentifierThumb(certs[0]);
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
java.security.Key key = crypto.getPrivateKey("transmitter", "default");
sigBuilder.setExternalKey(key.getEncoded(), secToken.getElement());
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
@@ -450,8 +465,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testSignatureSKIInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSignatureSKIInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -467,6 +482,7 @@ public class DerivedKeyTokenTest extends
secToken.setKeyIdentifierSKI(certs[0], crypto);
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
java.security.Key key = crypto.getPrivateKey("transmitter", "default");
sigBuilder.setExternalKey(key.getEncoded(), secToken.getElement());
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
@@ -544,8 +560,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testSignatureEncryptInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSignatureEncryptInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -567,12 +583,14 @@ public class DerivedKeyTokenTest extends
//Derived key encryption
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(ek, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
Document signedDoc = sigBuilder.build(doc, secHeader);
//Derived key signature
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(ek, tokenIdentifier);
encrBuilder.build(signedDoc, secHeader);
@@ -656,8 +674,8 @@ public class DerivedKeyTokenTest extends
}
}
- @Test
- public void testEncryptSignatureInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testEncryptSignatureInbound(int version) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
{
@@ -679,12 +697,14 @@ public class DerivedKeyTokenTest extends
//Derived key signature
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(ek, tokenIdentifier);
encrBuilder.build(doc, secHeader);
//Derived key encryption
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(ek, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/EncDecryptionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/EncDecryptionTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/EncDecryptionTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/EncDecryptionTest.java Fri Oct 28 08:59:57 2011
@@ -630,6 +630,7 @@ public class EncDecryptionTest extends A
* }
*/
+/* Not spec conform and therefore not supported!:
@Test
public void testEncDecryptionKeyIdentifierBinarySecurityTokenEmbedded() throws Exception {
@@ -677,8 +678,7 @@ public class EncDecryptionTest extends A
nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
Assert.assertEquals(nodeList.getLength(), 0);
}
- }
-
+ }*/
@Test
public void testEncDecryptionKeyIdentifierX509KeyOutbound() throws Exception {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/ProfilingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/ProfilingTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/ProfilingTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/ProfilingTest.java Fri Oct 28 08:59:57 2011
@@ -22,7 +22,6 @@ import org.swssf.wss.WSSec;
import org.swssf.wss.ext.InboundWSSec;
import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
-import org.testng.annotations.Test;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamReader;
@@ -51,7 +50,7 @@ public class ProfilingTest extends Abstr
}
*/
- @Test(invocationCount = 1)
+ //@Test(invocationCount = 1)
public void testStreamingSecOutbound() throws Exception {
/*
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
@@ -85,7 +84,7 @@ public class ProfilingTest extends Abstr
}
*/
- @Test(invocationCount = 1, dependsOnMethods = {"testStreamingSecOutbound"})
+ //@Test(invocationCount = 1, dependsOnMethods = {"testStreamingSecOutbound"})
public void testStreamingSecInbound() throws Exception {
final ThreadStopper threadStopper = new ThreadStopper();
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java Fri Oct 28 08:59:57 2011
@@ -22,6 +22,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.*;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -37,6 +38,7 @@ import org.swssf.xmlsec.test.utils.StAX2
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
@@ -63,6 +65,14 @@ public class SecurityContextTokenTest ex
WSSConfig.init();
}
+ @DataProvider(name = "versionProvider")
+ public Object[][] versionProvider() {
+ return new Object[][]{
+ {ConversationConstants.VERSION_05_02},
+ {ConversationConstants.VERSION_05_12}
+ };
+ }
+
@Test
public void testSCTDKTEncryptOutbound() throws Exception {
byte[] secret = new byte[128 / 8];
@@ -107,8 +117,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTDKTEncryptInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTDKTEncryptInbound(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -118,6 +128,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -129,6 +140,7 @@ public class SecurityContextTokenTest ex
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, secHeader);
@@ -197,8 +209,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTKDKTSignInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTKDKTSignInbound(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -208,6 +220,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -219,6 +232,7 @@ public class SecurityContextTokenTest ex
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(tempSecret, tokenId);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
@@ -242,8 +256,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTKDKTSignAbsoluteInbound() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTKDKTSignAbsoluteInbound(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -253,6 +267,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -262,6 +277,7 @@ public class SecurityContextTokenTest ex
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(tempSecret, sctBuilder.getIdentifier());
sigBuilder.setTokenIdDirectId(true);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
@@ -286,8 +302,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTKDKTSignEncrypt() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTKDKTSignEncrypt(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -297,6 +313,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -308,12 +325,14 @@ public class SecurityContextTokenTest ex
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(tempSecret, tokenId);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, secHeader);
@@ -340,8 +359,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTKDKTEncryptSign() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTKDKTEncryptSign(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -351,6 +370,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
@@ -362,12 +382,14 @@ public class SecurityContextTokenTest ex
// Derived key encryption
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setWscVersion(version);
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(tempSecret, tokenId);
encrBuilder.build(doc, secHeader);
// Derived key signature
WSSecDKSign sigBuilder = new WSSecDKSign();
+ sigBuilder.setWscVersion(version);
sigBuilder.setExternalKey(tempSecret, tokenId);
sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
sigBuilder.build(doc, secHeader);
@@ -394,8 +416,8 @@ public class SecurityContextTokenTest ex
}
}
- @Test
- public void testSCTSign() throws Exception {
+ @Test(dataProvider = "versionProvider")
+ public void testSCTSign(int version) throws Exception {
byte[] tempSecret = WSSecurityUtil.generateNonce(16);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -405,6 +427,7 @@ public class SecurityContextTokenTest ex
secHeader.insertSecurityHeader(doc);
WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken();
+ sctBuilder.setWscVersion(version);
Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
sctBuilder.prepare(doc, crypto);
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java Fri Oct 28 08:59:57 2011
@@ -498,6 +498,7 @@ public class SignatureTest extends Abstr
}
}
+/* Not spec conform and therefore not supported!:
@Test
public void testSignatureKeyIdentifierBinarySecurityTokenEmbedded() throws Exception {
@@ -549,7 +550,7 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.getLength(), 1);
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
}
- }
+ }*/
@Test
public void testSignatureKeyIdentifierX509KeyOutbound() throws Exception {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java Fri Oct 28 08:59:57 2011
@@ -22,7 +22,6 @@ import org.apache.ws.security.handler.WS
import org.swssf.wss.WSSec;
import org.swssf.wss.ext.*;
import org.swssf.wss.securityEvent.SecurityEvent;
-import org.swssf.xmlsec.ext.ParseException;
import org.swssf.xmlsec.test.utils.StAX2DOM;
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
import org.testng.Assert;
@@ -407,10 +406,7 @@ public class TimestampTest extends Abstr
Throwable throwable = e.getCause();
Assert.assertNotNull(throwable);
Assert.assertTrue(throwable instanceof WSSecurityException);
- throwable = throwable.getCause();
- Assert.assertNotNull(throwable);
- Assert.assertTrue(throwable instanceof ParseException);
- Assert.assertEquals(throwable.getMessage(), "Element \"Created\" is missing");
+ Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header (Created time is missing)");
}
}
}
@@ -496,10 +492,7 @@ public class TimestampTest extends Abstr
Throwable throwable = e.getCause();
Assert.assertNotNull(throwable);
Assert.assertTrue(throwable instanceof WSSecurityException);
- throwable = throwable.getCause();
- Assert.assertNotNull(throwable);
- Assert.assertTrue(throwable instanceof ParseException);
- Assert.assertEquals(throwable.getMessage(), "Element \"Created\" is missing");
+ Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header (Created time is missing)");
}
}
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/pom.xml Fri Oct 28 08:59:57 2011
@@ -20,6 +20,21 @@
<dependencies>
<dependency>
+ <groupId>org.swssf</groupId>
+ <artifactId>xmldsig-binding</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.swssf</groupId>
+ <artifactId>c14n-binding</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.swssf</groupId>
+ <artifactId>xmlenc-binding</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>wstx-asl</artifactId>
<version>3.2.9</version>
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java Fri Oct 28 08:59:57 2011
@@ -20,11 +20,12 @@ package org.swssf.xmlsec.ext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.swssf.xmlsec.impl.XMLSecurityEventReader;
-import javax.xml.stream.events.StartElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
import javax.xml.stream.events.XMLEvent;
import java.util.Deque;
-import java.util.Iterator;
/**
* Abstract class for SecurityHeaderHandlers with parse logic for the xml structures
@@ -36,35 +37,13 @@ public abstract class AbstractInputSecur
protected final transient Log logger = LogFactory.getLog(this.getClass());
- protected abstract Parseable getParseable(StartElement startElement);
-
- protected Parseable parseStructure(Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException {
- Iterator<XMLEvent> iterator = eventDeque.descendingIterator();
- //skip to <XY> Element
- int i = 0;
- while (i < index) {
- iterator.next();
- i++;
- }
-
- if (!iterator.hasNext()) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "unexpectedEndOfXML");
- }
- XMLEvent xmlEvent = iterator.next();
- if (!xmlEvent.isStartElement()) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, "notAStartElement");
- }
- Parseable parseable = getParseable(xmlEvent.asStartElement());
-
+ protected <T> T parseStructure(Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException {
try {
- while (iterator.hasNext()) {
- xmlEvent = iterator.next();
- parseable.parseXMLEvent(xmlEvent);
- }
- parseable.validate();
- } catch (ParseException e) {
+ Unmarshaller unmarshaller = XMLSecurityConstants.getJaxbContext().createUnmarshaller();
+ return (T) unmarshaller.unmarshal(new XMLSecurityEventReader(eventDeque, index));
+
+ } catch (JAXBException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, e);
}
- return parseable;
}
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java Fri Oct 28 08:59:57 2011
@@ -18,7 +18,10 @@
*/
package org.swssf.xmlsec.ext;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
@@ -30,10 +33,9 @@ import java.security.SecureRandom;
*/
public class XMLSecurityConstants {
- protected XMLSecurityConstants() {
- }
-
public static final SecureRandom secureRandom;
+ //todo jaxbContext pool?
+ private static JAXBContext jaxbContext;
static {
try {
@@ -42,6 +44,24 @@ public class XMLSecurityConstants {
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
+
+ try {
+ //todo schema validation?
+ setJaxbContext(JAXBContext.newInstance("org.swssf.binding.xmlenc:org.swssf.binding.xmldsig:org.swssf.binding.excc14n"));
+ } catch (JAXBException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ protected XMLSecurityConstants() {
+ }
+
+ protected static synchronized void setJaxbContext(JAXBContext jaxbContext) {
+ XMLSecurityConstants.jaxbContext = jaxbContext;
+ }
+
+ public static JAXBContext getJaxbContext() {
+ return jaxbContext;
}
public enum Phase {
@@ -51,6 +71,7 @@ public class XMLSecurityConstants {
}
public static final String XMLINPUTFACTORY = "XMLInputFactory";
+ public static final XMLEventFactory XMLEVENTFACTORY = XMLEventFactory.newFactory();
public static final String NS_XML = "http://www.w3.org/2000/xmlns/";
public static final String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java Fri Oct 28 08:59:57 2011
@@ -23,6 +23,7 @@ import org.swssf.xmlsec.config.Transform
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.Namespace;
@@ -223,4 +224,30 @@ public class XMLSecurityUtils {
}
return childTransformer;
}
+
+ public static <T> T getType(List<Object> objects, Class<T> clazz) {
+ for (int i = 0; i < objects.size(); i++) {
+ Object o = objects.get(i);
+ if (o instanceof JAXBElement) {
+ o = ((JAXBElement) o).getValue();
+ }
+ if (clazz.isAssignableFrom(o.getClass())) {
+ return (T) o;
+ }
+ }
+ return null;
+ }
+
+ public static <T> T getQNameType(List<Object> objects, QName qName) {
+ for (int i = 0; i < objects.size(); i++) {
+ Object o = objects.get(i);
+ if (o instanceof JAXBElement) {
+ JAXBElement jaxbElement = (JAXBElement) o;
+ if (jaxbElement.getName().equals(qName)) {
+ return (T) jaxbElement.getValue();
+ }
+ }
+ }
+ return null;
+ }
}
Added: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/XMLSecurityEventReader.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/XMLSecurityEventReader.java?rev=1190214&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/XMLSecurityEventReader.java (added)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/XMLSecurityEventReader.java Fri Oct 28 08:59:57 2011
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.swssf.xmlsec.impl;
+
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.XMLEvent;
+import java.util.Deque;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+/**
+ * @author $Author:$
+ * @version $Revision:$ $Date:$
+ */
+public class XMLSecurityEventReader implements XMLEventReader {
+
+ private Iterator<XMLEvent> xmlEventIterator;
+ private XMLEvent currentXMLEvent;
+ private XMLEvent nextXMLEvent;
+
+ public XMLSecurityEventReader(Deque<XMLEvent> xmlEvents, int fromIndex) {
+ this.xmlEventIterator = xmlEvents.descendingIterator();
+ int curIdx = 0;
+ while (curIdx++ < fromIndex) {
+ this.xmlEventIterator.next();
+ }
+ }
+
+ @Override
+ public XMLEvent nextEvent() throws XMLStreamException {
+ if (this.nextXMLEvent != null) {
+ this.currentXMLEvent = this.nextXMLEvent;
+ this.nextXMLEvent = null;
+ return this.currentXMLEvent;
+ }
+ try {
+ this.currentXMLEvent = xmlEventIterator.next();
+ } catch (NoSuchElementException e) {
+ throw new XMLStreamException(e);
+ }
+ return this.currentXMLEvent;
+ }
+
+ @Override
+ public boolean hasNext() {
+ if (this.nextXMLEvent != null) {
+ return true;
+ }
+ return xmlEventIterator.hasNext();
+ }
+
+ @Override
+ public XMLEvent peek() throws XMLStreamException {
+ if (this.nextXMLEvent != null) {
+ return this.nextXMLEvent;
+ }
+ try {
+ this.nextXMLEvent = xmlEventIterator.next();
+ } catch (NoSuchElementException e) {
+ throw new XMLStreamException(e);
+ }
+ return this.nextXMLEvent;
+ }
+
+ @Override
+ public String getElementText() throws XMLStreamException {
+ //todo
+ throw new XMLStreamException(new UnsupportedOperationException());
+ }
+
+ @Override
+ public XMLEvent nextTag() throws XMLStreamException {
+ //todo
+ throw new XMLStreamException(new UnsupportedOperationException());
+ }
+
+ @Override
+ public Object getProperty(String name) throws IllegalArgumentException {
+ //todo
+ throw new IllegalArgumentException(new UnsupportedOperationException());
+ }
+
+ @Override
+ public void close() throws XMLStreamException {
+ //nop
+ }
+
+ @Override
+ public Object next() {
+ try {
+ return nextEvent();
+ } catch (XMLStreamException e) {
+ throw new NoSuchElementException(e.getMessage());
+ }
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java Fri Oct 28 08:59:57 2011
@@ -19,20 +19,24 @@
package org.swssf.xmlsec.impl.processor.input;
import org.apache.commons.codec.binary.Base64OutputStream;
+import org.swssf.binding.xmldsig.KeyInfoType;
+import org.swssf.binding.xmlenc.EncryptedDataType;
+import org.swssf.binding.xmlenc.ReferenceList;
+import org.swssf.binding.xmlenc.ReferenceType;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.XMLSecurityEventReader;
import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
import org.swssf.xmlsec.impl.util.IVSplittingOutputStream;
import org.swssf.xmlsec.impl.util.ReplaceableOuputStream;
-import org.w3._2000._09.xmldsig_.KeyInfoType;
-import org.w3._2001._04.xmlenc_.EncryptedDataType;
-import org.w3._2001._04.xmlenc_.ReferenceList;
-import org.w3._2001._04.xmlenc_.ReferenceType;
import org.xmlsecurity.ns.configuration.AlgorithmType;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLInputFactory;
@@ -57,6 +61,7 @@ public abstract class AbstractDecryptInp
private ReferenceList referenceList;
private KeyInfoType keyInfoType;
+ private List<ReferenceType> processedReferences = new ArrayList<ReferenceType>();
//the prefix must start with a letter by spec!:
private final String uuid = "a" + UUID.randomUUID().toString().replaceAll("-", "");
@@ -148,7 +153,7 @@ public abstract class AbstractDecryptInp
ReferenceType referenceType = matchesReferenceId(startElement);
if (referenceType != null) {
//duplicate id's are forbidden
- if (referenceType.isProcessed()) {
+ if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
}
@@ -167,22 +172,17 @@ public abstract class AbstractDecryptInp
comparableAttributeList = Arrays.copyOfRange(xmlEventNS.getAttributeList(), 1, xmlEventNS.getNamespaceList().length);
}
- EncryptedDataType currentEncryptedDataType = newEncryptedDataType(startElement);
-
- referenceType.setProcessed(true);
+ processedReferences.add(referenceType);
inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
- //only fire here ContentEncryptedElementEvents
- //the other ones will be fired later, because we don't know the encrypted element name yet
- if (SecurePart.Modifier.Content.getModifier().equals(currentEncryptedDataType.getType())) {
- encryptedContentEvent(inputProcessorChain, xmlEvent);
- }
-
//the following logic reads the encryptedData structure and doesn't pass them further
//through the chain
InputProcessorChain subInputProcessorChain = inputProcessorChain.createSubChain(this);
+ Deque<XMLEvent> xmlEvents = new LinkedList<XMLEvent>();
+ xmlEvents.push(xmlEvent);
XMLEvent encryptedDataXMLEvent;
+ int count = 0;
do {
subInputProcessorChain.reset();
if (isSecurityHeaderEvent) {
@@ -191,37 +191,51 @@ public abstract class AbstractDecryptInp
encryptedDataXMLEvent = subInputProcessorChain.processEvent();
}
- //todo this self made parsing is ugly as hell. An idea would be to use JAXB with a custom WS-Security schema.
- //todo the schema would have only the declared the elements which we are supporting.
- try {
- currentEncryptedDataType.parseXMLEvent(encryptedDataXMLEvent);
- } catch (ParseException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, e);
+ xmlEvents.push(encryptedDataXMLEvent);
+ if (++count >= 50) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY);
}
}
- while (!(encryptedDataXMLEvent.isStartElement() && encryptedDataXMLEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_xenc_CipherValue)));
+ while (!(encryptedDataXMLEvent.isStartElement()
+ && encryptedDataXMLEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_xenc_CipherValue)));
+
+ xmlEvents.push(XMLSecurityConstants.XMLEVENTFACTORY.createEndElement(XMLSecurityConstants.TAG_xenc_CipherValue, null));
+ xmlEvents.push(XMLSecurityConstants.XMLEVENTFACTORY.createEndElement(XMLSecurityConstants.TAG_xenc_CipherData, null));
+ xmlEvents.push(XMLSecurityConstants.XMLEVENTFACTORY.createEndElement(XMLSecurityConstants.TAG_xenc_EncryptedData, null));
+
+ EncryptedDataType encryptedDataType;
try {
- currentEncryptedDataType.validate();
- } catch (ParseException e) {
+ Unmarshaller unmarshaller = XMLSecurityConstants.getJaxbContext().createUnmarshaller();
+ JAXBElement<EncryptedDataType> encryptedDataTypeJAXBElement =
+ (JAXBElement<EncryptedDataType>) unmarshaller.unmarshal(new XMLSecurityEventReader(xmlEvents, 0));
+ encryptedDataType = encryptedDataTypeJAXBElement.getValue();
+
+ } catch (JAXBException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY, e);
}
+ //only fire here ContentEncryptedElementEvents
+ //the other ones will be fired later, because we don't know the encrypted element name yet
+ if (SecurePart.Modifier.Content.getModifier().equals(encryptedDataType.getType())) {
+ encryptedContentEvent(inputProcessorChain, xmlEvent);
+ }
+
KeyInfoType keyInfoType;
if (this.keyInfoType != null) {
keyInfoType = this.keyInfoType;
} else {
- keyInfoType = currentEncryptedDataType.getKeyInfo();
+ keyInfoType = encryptedDataType.getKeyInfo();
}
//create a new Thread for streaming decryption
DecryptionThread decryptionThread = new DecryptionThread(subInputProcessorChain, isSecurityHeaderEvent,
- currentEncryptedDataType, keyInfoType, xmlEventNS);
+ encryptedDataType, keyInfoType, xmlEventNS);
Thread receiverThread = new Thread(decryptionThread);
receiverThread.setName("decrypting thread");
- AbstractDecryptedEventReaderInputProcessor decryptedEventReaderInputProcessor = newDecryptedEventReaderInputProccessor(encryptedHeader, comparableNamespaceList, comparableAttributeList, currentEncryptedDataType);
+ AbstractDecryptedEventReaderInputProcessor decryptedEventReaderInputProcessor = newDecryptedEventReaderInputProccessor(encryptedHeader, comparableNamespaceList, comparableAttributeList, encryptedDataType);
//add the new created EventReader processor to the chain.
inputProcessorChain.addProcessor(decryptedEventReaderInputProcessor);
@@ -278,8 +292,6 @@ public abstract class AbstractDecryptInp
boolean encryptedHeader, List<ComparableNamespace>[] comparableNamespaceList,
List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType);
- protected abstract EncryptedDataType newEncryptedDataType(StartElement startElement);
-
protected abstract void encryptedContentEvent(InputProcessorChain inputProcessorChain, XMLEvent xmlEvent) throws XMLSecurityException;
protected ReferenceType matchesReferenceId(StartElement startElement) {
@@ -287,11 +299,11 @@ public abstract class AbstractDecryptInp
Attribute refId = getReferenceIDAttribute(startElement);
if (refId != null) {
//exists the id in the referenceList?
- List<ReferenceType> references = referenceList.getDataReferenceOrKeyReference();
- Iterator<ReferenceType> referenceTypeIterator = references.iterator();
+ List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
+ Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
while (referenceTypeIterator.hasNext()) {
- ReferenceType referenceType = referenceTypeIterator.next();
- if (refId.getValue().equals(referenceType.getURI())) {
+ ReferenceType referenceType = referenceTypeIterator.next().getValue();
+ if (refId.getValue().equals(XMLSecurityUtils.dropReferenceMarker(referenceType.getURI()))) {
logger.debug("Found encryption reference: " + refId.getValue() + " on element" + startElement.getName());
return referenceType;
}
@@ -303,11 +315,11 @@ public abstract class AbstractDecryptInp
@Override
public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
//here we check if all references where processed.
- List<ReferenceType> references = referenceList.getDataReferenceOrKeyReference();
- Iterator<ReferenceType> referenceTypeIterator = references.iterator();
+ List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
+ Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
while (referenceTypeIterator.hasNext()) {
- ReferenceType referenceType = referenceTypeIterator.next();
- if (!referenceType.isProcessed()) {
+ ReferenceType referenceType = referenceTypeIterator.next().getValue();
+ if (!processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedEncryptionReferences");
}
}
@@ -469,7 +481,7 @@ public abstract class AbstractDecryptInp
private Key secretKey;
protected DecryptionThread(InputProcessorChain inputProcessorChain, boolean header,
- EncryptedDataType encryptedDataType, KeyInfoType keyInfoType, XMLEventNS startXMLElement) throws XMLStreamException, XMLSecurityException {
+ EncryptedDataType encryptedDataType, KeyInfoType keyInfoType, XMLEventNS startXMLElement) throws XMLStreamException, XMLSecurityException {
this.inputProcessorChain = inputProcessorChain;
this.header = header;
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java Fri Oct 28 08:59:57 2011
@@ -18,16 +18,18 @@
*/
package org.swssf.xmlsec.impl.processor.input;
+import org.swssf.binding.excc14n.InclusiveNamespaces;
+import org.swssf.binding.xmldsig.CanonicalizationMethodType;
+import org.swssf.binding.xmldsig.KeyInfoType;
+import org.swssf.binding.xmldsig.SignatureType;
import org.swssf.xmlsec.ext.*;
import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithm;
import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithmFactory;
import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
import org.swssf.xmlsec.impl.util.SignerOutputStream;
-import org.w3._2000._09.xmldsig_.KeyInfoType;
-import org.w3._2000._09.xmldsig_.SignatureType;
+import javax.xml.bind.JAXBElement;
import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.io.BufferedOutputStream;
import java.io.IOException;
@@ -40,6 +42,7 @@ import java.security.NoSuchProviderExcep
import java.security.cert.CertificateException;
import java.util.Deque;
import java.util.Iterator;
+import java.util.List;
/**
* @author $Author$
@@ -49,14 +52,12 @@ public abstract class AbstractSignatureI
public AbstractSignatureInputHandler(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, Deque<XMLEvent> eventQueue, Integer index) throws XMLSecurityException, XMLStreamException {
- final SignatureType signatureType = (SignatureType) parseStructure(eventQueue, index);
+ @SuppressWarnings("unchecked")
+ final SignatureType signatureType = ((JAXBElement<SignatureType>) parseStructure(eventQueue, index)).getValue();
verifySignedInfo(inputProcessorChain, securityProperties, signatureType, eventQueue, index);
addSignatureReferenceInputProcessorToChain(inputProcessorChain, securityProperties, signatureType);
}
- @Override
- protected abstract Parseable getParseable(StartElement startElement);
-
protected abstract void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, SignatureType signatureType);
protected void verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties, SignatureType signatureType, Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException, XMLStreamException {
@@ -89,8 +90,8 @@ public abstract class AbstractSignatureI
}
protected abstract SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain,
- XMLSecurityProperties securityProperties,
- final SignatureType signatureType) throws XMLSecurityException;
+ XMLSecurityProperties securityProperties,
+ final SignatureType signatureType) throws XMLSecurityException;
/*
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1022834285">
@@ -166,7 +167,24 @@ public abstract class AbstractSignatureI
bufferedSignerOutputStream = new BufferedOutputStream(signerOutputStream);
try {
- transformer = XMLSecurityUtils.getTransformer(signatureType.getSignedInfo().getCanonicalizationMethod().getInclusiveNamespaces(), this.bufferedSignerOutputStream, signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm());
+ final CanonicalizationMethodType canonicalizationMethodType = signatureType.getSignedInfo().getCanonicalizationMethod();
+ InclusiveNamespaces inclusiveNamespacesType = XMLSecurityUtils.getQNameType(canonicalizationMethodType.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
+ String inclusiveNamespaces = null;
+ if (inclusiveNamespacesType != null) {
+ List<String> prefixList = inclusiveNamespacesType.getPrefixList();
+ StringBuilder stringBuilder = new StringBuilder();
+ for (int i = 0; i < prefixList.size(); i++) {
+ String s = prefixList.get(i);
+ stringBuilder.append(s);
+ stringBuilder.append(' ');
+ }
+ inclusiveNamespaces = stringBuilder.toString();
+ }
+ //todo hand over inclusive namespaces as list?
+ transformer = XMLSecurityUtils.getTransformer(
+ inclusiveNamespaces,
+ this.bufferedSignerOutputStream,
+ canonicalizationMethodType.getAlgorithm());
} catch (NoSuchMethodException e) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, e);
} catch (InstantiationException e) {
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Fri Oct 28 08:59:57 2011
@@ -19,12 +19,13 @@
package org.swssf.xmlsec.impl.processor.input;
import org.apache.commons.codec.binary.Base64;
+import org.swssf.binding.excc14n.InclusiveNamespaces;
+import org.swssf.binding.xmldsig.ReferenceType;
+import org.swssf.binding.xmldsig.SignatureType;
+import org.swssf.binding.xmldsig.TransformType;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
import org.swssf.xmlsec.ext.*;
import org.swssf.xmlsec.impl.util.DigestOutputStream;
-import org.w3._2000._09.xmldsig_.ReferenceType;
-import org.w3._2000._09.xmldsig_.SignatureType;
-import org.w3._2000._09.xmldsig_.TransformType;
import org.xmlsecurity.ns.configuration.AlgorithmType;
import javax.xml.namespace.QName;
@@ -40,6 +41,7 @@ import java.lang.reflect.InvocationTarge
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.util.ArrayList;
import java.util.List;
/**
@@ -49,6 +51,7 @@ import java.util.List;
public abstract class AbstractSignatureReferenceVerifyInputProcessor extends AbstractInputProcessor {
private SignatureType signatureType;
+ private List<ReferenceType> processedReferences = new ArrayList<ReferenceType>();
public AbstractSignatureReferenceVerifyInputProcessor(SignatureType signatureType, XMLSecurityProperties securityProperties) {
super(securityProperties);
@@ -59,6 +62,10 @@ public abstract class AbstractSignatureR
return signatureType;
}
+ public List<ReferenceType> getProcessedReferences() {
+ return processedReferences;
+ }
+
@Override
public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
return inputProcessorChain.processHeaderEvent();
@@ -74,7 +81,7 @@ public abstract class AbstractSignatureR
ReferenceType referenceType = matchesReferenceId(startElement);
if (referenceType != null) {
- if (referenceType.isProcessed()) {
+ if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
}
InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
@@ -83,7 +90,7 @@ public abstract class AbstractSignatureR
internalSignatureReferenceVerifier.processEvent(xmlEvent, inputProcessorChain);
inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
}
- referenceType.setProcessed(true);
+ processedReferences.add(referenceType);
inputProcessorChain.getDocumentContext().setIsInSignedContent();
}
}
@@ -96,7 +103,7 @@ public abstract class AbstractSignatureR
List<ReferenceType> references = getSignatureType().getSignedInfo().getReference();
for (int i = 0; i < references.size(); i++) {
ReferenceType referenceType = references.get(i);
- if (refId.getValue().equals(referenceType.getURI())) {
+ if (refId.getValue().equals(XMLSecurityUtils.dropReferenceMarker(referenceType.getURI()))) {
logger.debug("Found signature reference: " + refId.getValue() + " on element" + startElement.getName());
return referenceType;
}
@@ -110,7 +117,7 @@ public abstract class AbstractSignatureR
List<ReferenceType> references = getSignatureType().getSignedInfo().getReference();
for (int i = 0; i < references.size(); i++) {
ReferenceType referenceType = references.get(i);
- if (!referenceType.isProcessed()) {
+ if (!processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedSignatureReferences");
}
}
@@ -151,17 +158,19 @@ public abstract class AbstractSignatureR
protected void buildTransformerChain(ReferenceType referenceType, InputProcessorChain inputProcessorChain) throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
List<TransformType> transformTypeList = referenceType.getTransforms().getTransform();
- String algorithm = null;
Transformer parentTransformer = null;
for (int i = transformTypeList.size() - 1; i >= 0; i--) {
TransformType transformType = transformTypeList.get(i);
- algorithm = transformType.getAlgorithm();
+ InclusiveNamespaces inclusiveNamespacesType = XMLSecurityUtils.getQNameType(transformType.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
+ String inclusiveNamespaces = getInclusiveNamespaces(inclusiveNamespacesType);
+ //todo hand over inclusive namespaces as list?
+ String algorithm = transformType.getAlgorithm();
if (parentTransformer != null) {
- parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, transformType.getInclusiveNamespaces(), algorithm);
+ parentTransformer = XMLSecurityUtils.getTransformer(parentTransformer, inclusiveNamespaces, algorithm);
} else {
- parentTransformer = XMLSecurityUtils.getTransformer(transformType.getInclusiveNamespaces(), this.getBufferedDigestOutputStream(), algorithm);
+ parentTransformer = XMLSecurityUtils.getTransformer(inclusiveNamespaces, this.getBufferedDigestOutputStream(), algorithm);
}
}
this.setTransformer(parentTransformer);
@@ -197,7 +206,7 @@ public abstract class AbstractSignatureR
}
byte[] calculatedDigest = this.getDigestOutputStream().getDigestValue();
- byte[] storedDigest = Base64.decodeBase64(getReferenceType().getDigestValue());
+ byte[] storedDigest = getReferenceType().getDigestValue();
if (logger.isDebugEnabled()) {
logger.debug("Calculated Digest: " + new String(Base64.encodeBase64(calculatedDigest)));
@@ -269,5 +278,20 @@ public abstract class AbstractSignatureR
protected void setFinished(boolean finished) {
this.finished = finished;
}
+
+ protected String getInclusiveNamespaces(InclusiveNamespaces inclusiveNamespacesType) {
+ if (inclusiveNamespacesType != null) {
+ StringBuilder stringBuilder = new StringBuilder();
+ List<String> prefixList = inclusiveNamespacesType.getPrefixList();
+
+ for (int j = 0; j < prefixList.size(); j++) {
+ String s = prefixList.get(j);
+ stringBuilder.append(s);
+ stringBuilder.append(' ');
+ }
+ return stringBuilder.toString();
+ }
+ return null;
+ }
}
}
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactory.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactory.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactory.java Fri Oct 28 08:59:57 2011
@@ -18,12 +18,12 @@
*/
package org.swssf.xmlsec.impl.securityToken;
+import org.swssf.binding.xmldsig.KeyInfoType;
import org.swssf.xmlsec.config.ConfigurationProperties;
import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.ext.SecurityContext;
import org.swssf.xmlsec.ext.SecurityToken;
import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.w3._2000._09.xmldsig_.KeyInfoType;
import javax.security.auth.callback.CallbackHandler;
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1190214&r1=1190213&r2=1190214&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/securityToken/SecurityTokenFactoryImpl.java Fri Oct 28 08:59:57 2011
@@ -18,11 +18,11 @@
*/
package org.swssf.xmlsec.impl.securityToken;
+import org.swssf.binding.xmldsig.KeyInfoType;
import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.ext.SecurityContext;
import org.swssf.xmlsec.ext.SecurityToken;
import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.w3._2000._09.xmldsig_.KeyInfoType;
import javax.security.auth.callback.CallbackHandler;