You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2005/10/10 17:47:03 UTC
svn commit: r312670 - in
/webservices/wss4j/trunk/src/org/apache/ws/security: ./ message/ processor/
util/
Author: werner
Date: Mon Oct 10 08:46:54 2005
New Revision: 312670
URL: http://svn.apache.org/viewcvs?rev=312670&view=rev
Log:
Introduce functions and modifications to be able to
configure the JCE security provider.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Mon Oct 10 08:46:54 2005
@@ -24,6 +24,9 @@
import org.apache.ws.security.action.Action;
import org.apache.ws.security.processor.Processor;
import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.algorithms.JCEMapper;
+
+import java.util.HashMap;
import javax.xml.namespace.QName;
@@ -58,23 +61,17 @@
protected boolean precisionInMilliSeconds = true;
protected boolean enableSignatureConfirmation = true;
+
+ protected HashMap jceProvider = new HashMap(10);
+ protected String jceProviderId = null;
+
+
+
protected WSSConfig() {
org.apache.xml.security.Init.init();
- try {
- Class c = Loader
- .loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider");
- String Id = "BC";
- if (java.security.Security.getProvider(Id) == null) {
- if (log.isDebugEnabled()) {
- log.debug("The provider " + Id
- + " had to be added to the java.security.Security");
- }
- java.security.Security.addProvider((java.security.Provider) c
- .newInstance());
- }
- } catch (Throwable t) {
- }
+ addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
+ setJceProviderId("BC");
Transform.init();
try {
Transform.register(STRTransform.implementedTransformURI,
@@ -227,5 +224,69 @@
}
}
return null;
+ }
+
+ private boolean loadProvider(String id, String className) {
+ try {
+ Class c = Loader
+ .loadClass(className);
+ if (java.security.Security.getProvider(id) == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("The provider " + id
+ + " had to be added to the java.security.Security");
+ }
+ java.security.Security.addProvider((java.security.Provider) c
+ .newInstance());
+ }
+ return true;
+ } catch (Throwable t) {
+ return false;
+ }
+
+ }
+
+ public boolean addJceProvider(String id, String className) {
+ /*
+ * Check if provider already exists, if not add it, otherwise
+ * not (don't allow overwrite to protect standard providers).
+ *
+ * After adding to hashmap, load the class and register with
+ * standard security provider.
+ */
+ if (jceProvider.get(id) == null) {
+ jceProvider.put(id, className);
+ return loadProvider(id, className);
+ }
+ return false;
+ }
+
+ /**
+ * Sets the JCE provider to use in all following security operations.
+ *
+ * The method checks if the provider is known. If yes it sets
+ * the provider id and returns true. Otherwise the provider id
+ * remains unchanged and the method returns false.
+ *
+ * @param id is the JCE provider's id
+ * @return <code>true</code> if set, <code>false</code> otherwise
+ * @see addJceProvider
+ */
+ public boolean setJceProviderId(String id) {
+ /*
+ * Check if provider exists, if yes just set id and
+ * return, otherwsie do nothing and return false
+ * (or shall we use exceptions here - which are more
+ * expensive).
+ */
+ if (jceProvider.get(id) != null) {
+ jceProviderId = id;
+ JCEMapper.setProviderId(id);
+ return true;
+ }
+ return false;
+ }
+
+ public String getJceProviderId() {
+ return jceProviderId;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java Mon Oct 10 08:46:54 2005
@@ -249,7 +249,7 @@
QName el = new QName(elem.getNamespaceURI(), elem.getLocalName());
Processor p = wssConfig.getProcessor(el);
if (p != null) {
- p.handleToken((Element) elem, sigCrypto, decCrypto, cb, wsDocInfo, returnResults);
+ p.handleToken((Element) elem, sigCrypto, decCrypto, cb, wsDocInfo, returnResults, wssConfig);
} else {
/*
* Add check for a BinarySecurityToken, add info to WSDocInfo. If BST is
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java Mon Oct 10 08:46:54 2005
@@ -322,7 +322,7 @@
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
}
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo, wssConfig.getJceProviderId());
try {
cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
} catch (InvalidKeyException e) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java Mon Oct 10 08:46:54 2005
@@ -20,6 +20,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -56,11 +57,13 @@
LogFactory.getLog("org.apache.ws.security.TIME");
byte[] decryptedBytes = null;
+ WSSConfig wssConfig = null;
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found encrypted key element");
}
+ wssConfig = wsc;
if (decCrypto == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noDecCryptoFile");
@@ -107,7 +110,7 @@
throw new WSSecurityException
(WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo");
}
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo, wssConfig.getJceProviderId());
/*
* Well, we can decrypt the session (symmetric) key. Now lookup CipherValue, this is the value of the
* encrypted session key (session key usually is a symmetrical key that encrypts
@@ -261,6 +264,7 @@
try {
privateKey = crypto.getPrivateKey(alias, password);
+ System.out.println("Private Key class: " + privateKey.getClass().getName());
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/Processor.java Mon Oct 10 08:46:54 2005
@@ -18,6 +18,7 @@
package org.apache.ws.security.processor;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.w3c.dom.Element;
@@ -26,5 +27,7 @@
import java.util.Vector;
public interface Processor {
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException;
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
+ CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults,
+ WSSConfig config) throws WSSecurityException;
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java Mon Oct 10 08:46:54 2005
@@ -21,6 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -38,7 +39,7 @@
public class ReferenceListProcessor implements Processor {
private static Log log = LogFactory.getLog(ReferenceListProcessor.class.getName());
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found reference list element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java Mon Oct 10 08:46:54 2005
@@ -21,6 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -34,7 +35,7 @@
public class SAMLTokenProcessor implements Processor {
private static Log log = LogFactory.getLog(SAMLTokenProcessor.class.getName());
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SAML Assertion element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java Mon Oct 10 08:46:54 2005
@@ -21,6 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -33,7 +34,7 @@
public class SignatureConfirmationProcessor implements Processor {
private static Log log = LogFactory.getLog(SignatureConfirmationProcessor.class.getName());
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SignatureConfirmation list element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Mon Oct 10 08:46:54 2005
@@ -22,6 +22,7 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
@@ -58,7 +59,7 @@
private static Log tlog =
LogFactory.getLog("org.apache.ws.security.TIME");
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found signature element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java Mon Oct 10 08:46:54 2005
@@ -21,6 +21,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -36,7 +37,7 @@
public class TimestampProcessor implements Processor {
private static Log log = LogFactory.getLog(TimestampProcessor.class.getName());
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found Timestamp list element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Mon Oct 10 08:46:54 2005
@@ -22,6 +22,7 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
@@ -39,7 +40,7 @@
public class UsernameTokenProcessor implements Processor {
private static Log log = LogFactory.getLog(UsernameTokenProcessor.class.getName());
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults) throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found UsernameToken list element");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=312670&r1=312669&r2=312670&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Mon Oct 10 08:46:54 2005
@@ -634,15 +634,15 @@
}
}
- public static Cipher getCipherInstance(String cipherAlgo)
+ public static Cipher getCipherInstance(String cipherAlgo, String jceId)
throws WSSecurityException {
Cipher cipher = null;
try {
if (cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
- cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");
+ cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", jceId);
} else if (
cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
- cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING", "BC");
+ cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING", jceId);
} else {
throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp",
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org