You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/11/21 15:49:22 UTC
svn commit: r1770708 - in /webservices/wss4j/branches/2_0_x-fixes:
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/
Author: coheigea
Date: Mon Nov 21 15:49:22 2016
New Revision: 1770708
URL: http://svn.apache.org/viewvc?rev=1770708&view=rev
Log:
WSS-594 - Copy Security Header SOAP MustUnderstand/Actor to an EncryptedHeader element
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Mon Nov 21 15:49:22 2016
@@ -48,6 +48,8 @@ public class WSSecDKEncrypt extends WSSe
private List<Element> attachmentEncryptedDataElements;
+ private WSSecHeader securityHeader;
+
public WSSecDKEncrypt() {
super();
}
@@ -64,6 +66,8 @@ public class WSSecDKEncrypt extends WSSe
}
public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
+
+ securityHeader = secHeader;
//
// Setup the encrypted key
@@ -136,7 +140,7 @@ public class WSSecDKEncrypt extends WSSe
List<String> encDataRefs =
WSSecEncrypt.doEncryption(
- document, getWsConfig(), keyInfo, key, symEncAlgo, references, callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
+ document, securityHeader, getWsConfig(), keyInfo, key, symEncAlgo, references, callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
);
if (dataRef == null) {
dataRef =
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Mon Nov 21 15:49:22 2016
@@ -102,7 +102,9 @@ public class WSSecEncrypt extends WSSecE
private boolean embedEncryptedKey;
private List<Element> attachmentEncryptedDataElements;
-
+
+ private WSSecHeader securityHeader;
+
public WSSecEncrypt() {
super();
}
@@ -209,6 +211,7 @@ public class WSSecEncrypt extends WSSecE
public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
throws WSSecurityException {
doDebug = LOG.isDebugEnabled();
+ securityHeader = secHeader;
prepare(doc, crypto);
@@ -284,7 +287,7 @@ public class WSSecEncrypt extends WSSecE
SecretKeySpec secretKeySpec = new SecretKeySpec(symmetricKey.getEncoded(), symmetricKey.getAlgorithm());
List<String> encDataRefs =
doEncryption(
- document, getWsConfig(), keyInfo, secretKeySpec, symEncAlgo, references, callbackLookup,
+ document, securityHeader, getWsConfig(), keyInfo, secretKeySpec, symEncAlgo, references, callbackLookup,
attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
);
if (encDataRefs.isEmpty()) {
@@ -365,6 +368,7 @@ public class WSSecEncrypt extends WSSecE
*/
public static List<String> doEncryption(
Document doc,
+ WSSecHeader securityHeader,
WSSConfig config,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -373,12 +377,13 @@ public class WSSecEncrypt extends WSSecE
CallbackLookup callbackLookup
) throws WSSecurityException {
return doEncryption(
- doc, config, keyInfo, secretKey, encryptionAlgorithm,
+ doc, securityHeader, config, keyInfo, secretKey, encryptionAlgorithm,
references, callbackLookup, null, null, false);
}
public static List<String> doEncryption(
Document doc,
+ WSSecHeader securityHeader,
WSSConfig config,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -431,7 +436,7 @@ public class WSSecEncrypt extends WSSecE
for (Element elementToEncrypt : elementsToEncrypt) {
try {
String id =
- encryptElementInAttachment(doc, config, keyInfo, secretKey, encryptionAlgorithm,
+ encryptElementInAttachment(doc, securityHeader, config, keyInfo, secretKey, encryptionAlgorithm,
attachmentCallbackHandler, encPart, elementToEncrypt);
encPart.setEncId(id);
encDataRef.add("#" + id);
@@ -444,7 +449,7 @@ public class WSSecEncrypt extends WSSecE
} else {
for (Element elementToEncrypt : elementsToEncrypt) {
String id =
- encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), config, xmlCipher,
+ encryptElement(doc, securityHeader, elementToEncrypt, encPart.getEncModifier(), config, xmlCipher,
secretKey, keyInfo);
encPart.setEncId(id);
encDataRef.add("#" + id);
@@ -463,6 +468,7 @@ public class WSSecEncrypt extends WSSecE
private static String encryptElementInAttachment(
Document doc,
+ WSSecHeader securityHeader,
WSSConfig config,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -482,7 +488,7 @@ public class WSSecEncrypt extends WSSecE
if ("Header".equals(encryptionPart.getEncModifier())
&& elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc))) {
- createEncryptedHeaderElement(doc, elementToEncrypt, config);
+ createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, config);
}
Element encryptedData =
@@ -674,6 +680,7 @@ public class WSSecEncrypt extends WSSecE
*/
private static String encryptElement(
Document doc,
+ WSSecHeader securityHeader,
Element elementToEncrypt,
String modifier,
WSSConfig config,
@@ -691,7 +698,7 @@ public class WSSecEncrypt extends WSSecE
try {
if ("Header".equals(modifier)
&& elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc))) {
- createEncryptedHeaderElement(doc, elementToEncrypt, config);
+ createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, config);
}
xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
@@ -709,6 +716,7 @@ public class WSSecEncrypt extends WSSecE
private static void createEncryptedHeaderElement(
Document doc,
+ WSSecHeader securityHeader,
Element elementToEncrypt,
WSSConfig config
) {
@@ -723,6 +731,7 @@ public class WSSecEncrypt extends WSSecE
elem.setAttributeNS(
WSConstants.WSU_NS, wsuPrefix + ":Id", headerId
);
+
//
// Add the EncryptedHeader node to the element to be encrypted's parent
// (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
@@ -732,22 +741,25 @@ public class WSSecEncrypt extends WSSecE
elementToEncrypt = (Element)parent.replaceChild(elem, elementToEncrypt);
elem.appendChild(elementToEncrypt);
- NamedNodeMap map = elementToEncrypt.getAttributes();
- for (int i = 0; i < map.getLength(); i++) {
- Attr attr = (Attr)map.item(i);
- if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
- || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
- String soapEnvPrefix =
- WSSecurityUtil.setNamespace(
- elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+ if (securityHeader != null) {
+ NamedNodeMap map = securityHeader.getSecurityHeader().getAttributes();
+ for (int i = 0; i < map.getLength(); i++) {
+ Attr attr = (Attr)map.item(i);
+ if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
+ || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
+ String soapEnvPrefix =
+ WSSecurityUtil.setNamespace(
+ elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+ );
+ elem.setAttributeNS(
+ attr.getNamespaceURI(),
+ soapEnvPrefix + ":" + attr.getLocalName(),
+ attr.getValue()
);
- elem.setAttributeNS(
- attr.getNamespaceURI(),
- soapEnvPrefix + ":" + attr.getLocalName(),
- attr.getValue()
- );
+ }
}
}
+
}
/**
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java Mon Nov 21 15:49:22 2016
@@ -350,16 +350,25 @@ public class EncryptOutputProcessor exte
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = getXmlSecStartElement().getAttributes();
- while (attributeIterator.hasNext()) {
- Attribute attribute = attributeIterator.next();
- if (!attribute.isNamespace() &&
- (WSSConstants.NS_SOAP11.equals(attribute.getName().getNamespaceURI()) ||
- WSSConstants.NS_SOAP12.equals(attribute.getName().getNamespaceURI()))) {
- attributes.add(createAttribute(attribute.getName(), attribute.getValue()));
+ final String actor = ((WSSSecurityProperties) getSecurityProperties()).getActor();
+ final String soapMessageVersion = WSSUtils.getSOAPMessageVersionNamespace(xmlSecStartElement);
+ if (actor != null && !actor.isEmpty()) {
+ if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+ attributes.add(createAttribute(WSSConstants.ATT_soap11_Actor, actor));
+ } else {
+ attributes.add(createAttribute(WSSConstants.ATT_soap12_Role, actor));
}
}
+
+ boolean mustUnderstand = ((WSSSecurityProperties) getSecurityProperties()).isMustUnderstand();
+ if (mustUnderstand) {
+ if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+ attributes.add(createAttribute(WSSConstants.ATT_soap11_MustUnderstand, "1"));
+ } else {
+ attributes.add(createAttribute(WSSConstants.ATT_soap12_MustUnderstand, "true"));
+ }
+ }
+
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader, true, attributes);
}