You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/09/20 19:44:30 UTC
svn commit: r1388132 - in /santuario/xml-security-java/trunk/src/main:
java/org/apache/xml/security/stax/ext/
java/org/apache/xml/security/stax/impl/processor/input/
java/org/apache/xml/security/stax/impl/processor/output/ resources/
Author: giger
Date: Thu Sep 20 17:44:29 2012
New Revision: 1388132
URL: http://svn.apache.org/viewvc?rev=1388132&view=rev
Log:
cleanups
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1388132&r1=1388131&r2=1388132&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Thu Sep 20 17:44:29 2012
@@ -103,11 +103,6 @@ public class XMLSec {
for (int i = 0; i < securityProperties.getOutAction().length; i++) {
XMLSecurityConstants.Action action = securityProperties.getOutAction()[i];
if (action.equals(XMLSecurityConstants.SIGNATURE)) {
- /*
- if (securityProperties.getCallbackHandler() == null) {
- throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "noCallback");
- }
- */
if (securityProperties.getSignatureAlgorithm() == null) {
if (securityProperties.getSignatureKey() instanceof RSAPrivateKey) {
securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
@@ -127,33 +122,15 @@ public class XMLSec {
securityProperties.setSignatureKeyIdentifierType(XMLSecurityConstants.XMLKeyIdentifierType.X509_ISSUER_SERIAL);
}
} else if (action.equals(XMLSecurityConstants.ENCRYPT)) {
- /*
- * if (securityProperties.getEncryptionUseThisCertificate() == null
- && securityProperties.getEncryptionKeyStore() == null
- && !securityProperties.isUseReqSigCertForEncryption()) {
- throw new WSSConfigurationException(WSSecurityException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
- }
- */
if (securityProperties.getEncryptionKeyTransportAlgorithm() == null) {
//@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5 :
//"RSA-OAEP is RECOMMENDED for the transport of AES keys"
//@see http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p
securityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
}
- if (securityProperties.getEncryptionKeyTransportDigestAlgorithm() == null) {
- securityProperties.setEncryptionKeyTransportDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
- }
- if (securityProperties.getEncryptionKeyTransportMGFAlgorithm() == null) {
- securityProperties.setEncryptionKeyTransportMGFAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha1");
- }
if (securityProperties.getEncryptionSymAlgorithm() == null) {
securityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
}
- /*
- if (securityProperties.getEncryptionKeyIdentifierType() == null) {
- securityProperties.setEncryptionKeyIdentifierType(XMLSecurityConstants.XMLKeyIdentifierType.ISSUER_SERIAL);
- }
- */
}
}
//todo clone securityProperties
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1388132&r1=1388131&r2=1388132&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Thu Sep 20 17:44:29 2012
@@ -65,7 +65,15 @@ public class XMLSecurityConstants {
}
try {
- setJaxbContext(JAXBContext.newInstance("org.apache.xml.security.binding.xmlenc:org.apache.xml.security.binding.xmlenc11:org.apache.xml.security.binding.xmldsig:org.apache.xml.security.binding.xmldsig11:org.apache.xml.security.binding.excc14n"));
+ setJaxbContext(
+ JAXBContext.newInstance(
+ "org.apache.xml.security.binding.xmlenc:" +
+ "org.apache.xml.security.binding.xmlenc11:" +
+ "org.apache.xml.security.binding.xmldsig:" +
+ "org.apache.xml.security.binding.xmldsig11:" +
+ "org.apache.xml.security.binding.excc14n"
+ )
+ );
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
schemaFactory.setResourceResolver(new LSResourceResolver() {
@Override
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1388132&r1=1388131&r2=1388132&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Thu Sep 20 17:44:29 2012
@@ -18,7 +18,6 @@
*/
package org.apache.xml.security.stax.impl.processor.input;
-import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.binding.xmldsig.DigestMethodType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmlenc.EncryptedKeyType;
@@ -175,7 +174,7 @@ public class XMLEncryptedKeyInputHandler
XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_dsig_DigestMethod);
String jceDigestAlgorithm = "SHA-1";
if (digestMethodType != null) {
- jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestMethodType.getAlgorithm());
+ jceDigestAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(digestMethodType.getAlgorithm());
}
PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
@@ -189,13 +188,8 @@ public class XMLEncryptedKeyInputHandler
final MGFType mgfType =
XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_xenc11_MGF);
if (mgfType != null) {
- if (XMLSecurityConstants.NS_MGF1_SHA256.equals(mgfType.getAlgorithm())) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
- } else if (XMLSecurityConstants.NS_MGF1_SHA384.equals(mgfType.getAlgorithm())) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
- } else if (XMLSecurityConstants.NS_MGF1_SHA512.equals(mgfType.getAlgorithm())) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
- }
+ String jceMGFAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(mgfType.getAlgorithm());
+ mgfParameterSpec = new MGF1ParameterSpec(jceMGFAlgorithm);
}
OAEPParameterSpec oaepParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
cipher.init(Cipher.UNWRAP_MODE, wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID), oaepParameterSpec);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java?rev=1388132&r1=1388131&r2=1388132&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.java Thu Sep 20 17:44:29 2012
@@ -21,7 +21,6 @@ package org.apache.xml.security.stax.imp
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
@@ -151,6 +150,7 @@ public class XMLEncryptOutputProcessor e
attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportAlgorithm));
createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, attributes);
+ final String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
final String encryptionKeyTransportMGFAlgorithm = getSecurityProperties().getEncryptionKeyTransportMGFAlgorithm();
if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
@@ -163,15 +163,19 @@ public class XMLEncryptOutputProcessor e
createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams);
}
- attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm()));
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
-
- attributes = new ArrayList<XMLSecAttribute>(1);
- attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
- createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
+ if (encryptionKeyTransportDigestAlgorithm != null) {
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportDigestAlgorithm));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, attributes);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
+ }
+
+ if (encryptionKeyTransportMGFAlgorithm != null) {
+ attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
+ createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, attributes);
+ createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
+ }
}
createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
@@ -187,7 +191,10 @@ public class XMLEncryptOutputProcessor e
if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {
- String jceDigestAlgorithm = JCEMapper.translateURItoJCEID(getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm());
+ String jceDigestAlgorithm = "SHA-1";
+ if (encryptionKeyTransportDigestAlgorithm != null) {
+ jceDigestAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportDigestAlgorithm);
+ }
PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
byte[] oaepParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
@@ -195,16 +202,10 @@ public class XMLEncryptOutputProcessor e
pSource = new PSource.PSpecified(oaepParams);
}
- MGF1ParameterSpec mgfParameterSpec = null;
-
- if (XMLSecurityConstants.NS_MGF1_SHA1.equals(encryptionKeyTransportMGFAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
- } else if (XMLSecurityConstants.NS_MGF1_SHA256.equals(encryptionKeyTransportMGFAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
- } else if (XMLSecurityConstants.NS_MGF1_SHA384.equals(encryptionKeyTransportMGFAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
- } else if (XMLSecurityConstants.NS_MGF1_SHA512.equals(encryptionKeyTransportMGFAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
+ MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
+ if (encryptionKeyTransportMGFAlgorithm != null) {
+ String jceMGFAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportMGFAlgorithm);
+ mgfParameterSpec = new MGF1ParameterSpec(jceMGFAlgorithm);
}
algorithmParameterSpec = new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
}
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1388132&r1=1388131&r2=1388132&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Thu Sep 20 17:44:29 2012
@@ -108,6 +108,41 @@
KeyLength="512"
JCEName="SHA-512"/>
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha1"
+ Description="Mask Generation Function with SHA-1 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ KeyLength="160"
+ JCEName="SHA-1"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha224"
+ Description="Mask Generation Function with SHA-224 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ KeyLength="224"
+ JCEName="SHA-224"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha256"
+ Description="Mask Generation Function with SHA-256 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ KeyLength="256"
+ JCEName="SHA-256"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha384"
+ Description="Mask Generation Function with SHA-384 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ KeyLength="384"
+ JCEName="SHA-384"/>
+
+ <Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha512"
+ Description="Mask Generation Function with SHA-512 used with the RSA-OAEP key transport algorithm"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+ KeyLength="512"
+ JCEName="SHA-512"/>
+
<!-- Signature Algorithms -->
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
Description="Digital Signature Algorithm with SHA-1 message digest"