You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2005/09/05 20:36:42 UTC
svn commit: r278808 [1/3] - in
/webservices/wss4j/trunk/src/org/apache/ws/security: ./ handler/ message/
message/token/ transform/ util/
Author: werner
Date: Mon Sep 5 11:36:22 2005
New Revision: 278808
URL: http://svn.apache.org/viewcvs?rev=278808&view=rev
Log:
Disable handling of old (draft) namespaces, clean up code and WSSConfig usage, prepare to
add WSS 1.1 features. See also E-mail, Subject "Re: Extending WSS4J to the new OASIS specs"
from Sep, 5th.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSAddTimestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddSAMLToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddUsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/BinarySecurity.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/PKIPathSecurity.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Reference.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java
webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Mon Sep 5 11:36:22 2005
@@ -25,62 +25,39 @@
* Constants in WS-Security spec.
*/
public class WSConstants {
- // the following compliance mode values must have increasing values as new
- // modes are added; a later spec should have a value > value of an an earlier spec.
- public static final int OASIS_2002_07 = 1;
- public static final int OASIS_2002_12 = 2;
- public static final int OASIS_2003_06 = 3;
- public static final int OASIS_1_0 = 4;
-
- /**
- * Set the specification compliance mode. This affects namespaces as well
- * as how certain items are constructed in security headers.
- * <p/>
- * Currently this can only be set at compile time. The valid values are:
- * <ul>
- * <li> {@link #OASIS_2002_07} </li>
- * <li> {@link #OASIS_2002_12} </li>
- * <li> {@link #OASIS_2003_06} </li>
- * <li> {@link #OASIS_1_0} OASIS WS-Security v1.0 as released on March 2004. This is the default and recommended setting</li>
- * </ul>
- * <p/>
- * Using {@link #OASIS_2002} enhances chances of interoperability with other
- * WSS implementations that do not fully adhere to the OASIS v1.0 March 2004
- * specs yet.
- *
- * @param specs instructs WSS4J on which standard to follow
+ /*
+ * All the various string and keywords required.
+ *
+ * At first the WSS namespaces as per WSS specifications
*/
- public static final int COMPLIANCE_MODE = OASIS_1_0;
+ public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd";
+ public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
/*
- * All the various string and keywords required.
+ * The base UIRs for the various profiles.
+ * No new base URIs in WSS specification 1.1
*/
- public static final String WSSE_NS_OASIS_2002_07 = "http://schemas.xmlsoap.org/ws/2002/07/secext";
- public static final String WSSE_NS_OASIS_2002_12 = "http://schemas.xmlsoap.org/ws/2002/12/secext";
- public static final String WSSE_NS_OASIS_2003_06 = "http://schemas.xmlsoap.org/ws/2003/06/secext";
- public static final String WSSE_NS_OASIS_1_0 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- public static String WSSE_NS = WSSE_NS_OASIS_1_0;
- public static final String[] WSSE_NS_ARRAY =
- new String[]{WSSE_NS_OASIS_1_0,
- WSSE_NS_OASIS_2003_06,
- WSSE_NS_OASIS_2002_12,
- WSSE_NS_OASIS_2002_07};
- public static final String USERNAMETOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
public static final String SOAPMESSAGE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
+ public static final String USERNAMETOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
public static final String X509TOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
- public static final String WSSE_PREFIX = "wsse";
+
+ /*
+ * The Element name (local name) of the security header
+ */
public static final String WSSE_LN = "Security";
- public static final String WSU_NS_OASIS_2002_07 = "http://schemas.xmlsoap.org/ws/2002/07/utility";
- public static final String WSU_NS_OASIS_2002_12 = "http://schemas.xmlsoap.org/ws/2002/12/utility";
- public static final String WSU_NS_OASIS_2003_06 = "http://schemas.xmlsoap.org/ws/2003/06/utility";
- public static final String WSU_NS_OASIS_1_0 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
- public static String WSU_NS = WSU_NS_OASIS_1_0;
- public static final String[] WSU_NS_ARRAY =
- new String[]{WSU_NS_OASIS_1_0,
- WSU_NS_OASIS_2003_06,
- WSU_NS_OASIS_2002_12,
- WSU_NS_OASIS_2002_07};
+
+ /*
+ * The namespace prefixes used. We uses the same prefix convention
+ * as shown in the specifications
+ */
+ public static final String WSSE_PREFIX = "wsse";
+ public static final String WSSE11_PREFIX = "wsse11";
public static final String WSU_PREFIX = "wsu";
+
+ /*
+ * Now the namespaces, local names, and prefixes of XML-SIG and XML-ENC
+ */
public static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
public static final String SIG_PREFIX = "ds";
public static final String SIG_LN = "Signature";
@@ -88,9 +65,16 @@
public static final String ENC_PREFIX = "xenc";
public static final String ENC_KEY_LN = "EncryptedKey";
public static final String REF_LIST_LN = "ReferenceList";
-// public static final String SOAP_SEC_NS = "http://schemas.xmlsoap.org/soap/security/2000-12";
+
+ /*
+ * The standard namesace definitions
+ */
public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/";
public static final String XML_NS = "http://www.w3.org/XML/1998/namespace";
+
+ /*
+ * The local names and attribute names used by WSS
+ */
public static final String USERNAME_TOKEN_LN = "UsernameToken";
public static final String BINARY_TOKEN_LN = "BinarySecurityToken";
public static final String TIMESTAMP_TOKEN_LN = "Timestamp";
@@ -101,6 +85,9 @@
public static final String CREATED_LN = "Created";
public static final String EXPIRES_LN = "Expires";
+ /*
+ * The definitions for SAML
+ */
public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
public static final String ASSERTION_LN = "Assertion";
@@ -146,6 +133,9 @@
* This is a required method as defined by WS Specification, Username token profile.
*/
public static final String PW_DIGEST = "PasswordDigest";
+ /*
+ * The password type URI used in the username token
+ */
public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS + "#PasswordDigest";
/**
@@ -155,7 +145,9 @@
* This is a required method as defined by WS Specification, Username token profile.
*/
public static final String PW_TEXT = "PasswordText";
-
+ /*
+ * The password type URI used in the username token
+ */
public static final String PASSWORD_TEXT = USERNAMETOKEN_NS + "#PasswordText";
/**
@@ -314,6 +306,10 @@
*/
public static final int UT_SIGNING = 7;
+ /*
+ * The following values are bits that can be combined to for a set.
+ * Be carefull when selecting new values.
+ */
public static final int NO_SECURITY = 0;
public static final int UT = 0x1; // perform UsernameToken
public static final int SIGN = 0x2; // Perform Signature
@@ -339,35 +335,5 @@
public static final int WSE_DERIVED_KEY_LEN = 16;
public static final String LABEL_FOR_DERIVED_KEY = "WS-Security";
- static {
- setComplianceMode();
- }
-
- /**
- * init various constants to the chosen compliance mode
- */
- private static void setComplianceMode() {
- switch (COMPLIANCE_MODE) {
- case OASIS_1_0:
- WSSE_NS = WSSE_NS_OASIS_1_0;
- WSU_NS = WSU_NS_OASIS_1_0;
- break;
- case OASIS_2003_06:
- WSSE_NS = WSSE_NS_OASIS_2003_06;
- WSU_NS = WSU_NS_OASIS_2003_06;
- break;
- case OASIS_2002_12:
- WSSE_NS = WSSE_NS_OASIS_2002_12;
- WSU_NS = WSU_NS_OASIS_2002_12;
- break;
- case OASIS_2002_07:
- WSSE_NS = WSSE_NS_OASIS_2002_07;
- WSU_NS = WSU_NS_OASIS_2002_07;
- break;
- default:
- WSSE_NS = WSSE_NS_OASIS_1_0;
- WSU_NS = WSU_NS_OASIS_1_0;
- }
- }
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Mon Sep 5 11:36:22 2005
@@ -39,28 +39,21 @@
* <p/>
*
* @author Rami Jaamour (rjaamour@parasoft.com)
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de)
*/
public class WSSConfig {
private static Log log = LogFactory.getLog(WSSConfig.class.getName());
protected static WSSConfig defaultConfig = getNewInstance();
- protected String wsse_ns = WSConstants.WSSE_NS_OASIS_1_0;
- protected String wsu_ns = WSConstants.WSU_NS_OASIS_1_0;
- protected boolean qualifyBSTAttributes = false;
- protected boolean prefixBSTValues = false;
- protected boolean targetIdQualified = true;
protected boolean wsiBSPCompliant = false;
- protected boolean processNonCompliantMessages = true;
- public static final int TIMESTAMP_IN_SECURITY_ELEMENT = 1;
- public static final int TIMESTAMP_IN_HEADER_ELEMENT = 2;
- protected int timestampLocation = TIMESTAMP_IN_SECURITY_ELEMENT;
-
/**
* Set the timestamp precision mode.
* If set to <code>true</code> then use timestamps with milliseconds,
* otherwise omit the millisconds. As per XML Date/Time specification
- * the defualt is to include the milliseconds.
+ * the default is to include the milliseconds.
*/
protected boolean precisionInMilliSeconds = true;
+
+ protected boolean enableSignatureConfirmation = false;
protected WSSConfig() {
org.apache.xml.security.Init.init();
@@ -100,145 +93,6 @@
}
/**
- * default value is {@link WSConstants.WSSE_NS_OASIS_1_0}
- * <p/>
- * The WS-Security namespace
- */
- public String getWsseNS() {
- return wsse_ns;
- }
-
- /**
- * Valid values:
- * <ul>
- * <li> {@link WSConstants#WSSE_NS_OASIS_2002_07} </li>
- * <li> {@link WSConstants#WSSE_NS_OASIS_2002_12} </li>
- * <li> {@link WSConstants#WSSE_NS_OASIS_2003_06} </li>
- * <li> {@link WSConstants#WSSE_NS_OASIS_1_0} OASIS WS-Security v1.0 (March 2004). This is the default and recommended setting</li>
- * </ul>
- */
- public void setWsseNS(String wsseNamespace) {
- wsse_ns = wsseNamespace;
- }
-
- /**
- * default value is {@link WSConstants.WSU_NS_OASIS_1_0}
- * <p/>
- * The WS-Security utility namespace
- */
- public String getWsuNS() {
- return wsu_ns;
- }
-
- /**
- * Valid values:
- * <ul>
- * <li> {@link WSConstants#WSU_NS_OASIS_2002_07} </li>
- * <li> {@link WSConstants#WSU_NS_OASIS_2002_12} </li>
- * <li> {@link WSConstants#WSU_NS_OASIS_2003_06} </li>
- * <li> {@link WSConstants#WSU_NS_OASIS_1_0} OASIS WS-Security v1.0 (March 2004). This is the default and recommended setting</li>
- * </ul>
- */
- public void setWsuNS(String wsuNamespace) {
- wsu_ns = wsuNamespace;
- }
-
- /**
- * default value is false.
- * <p/>
- * returns true if the BinarySecurityToken EncodingType and ValueType
- * attributes should be namespace qualified.
- */
- public boolean isBSTAttributesQualified() {
- return qualifyBSTAttributes;
- }
-
- /**
- * specify if the BinarySecurityToken EncodingType and ValueType
- * attributes should be namespace qualified. The default value is false.
- */
- public void setBSTAttributesQualified(boolean qualifyBSTAttributes) {
- this.qualifyBSTAttributes = qualifyBSTAttributes;
- }
-
- /**
- * default value is false.
- * <p/>
- * returns true if the BinarySecurityToken EncodingType and ValueType
- * attribute values should be prefixed with "wsse" or otherwise qualified
- * with the wsse namespace (false).
- */
- public boolean isBSTValuesPrefixed() {
- return prefixBSTValues;
- }
-
- /**
- * sets and option whether the BinarySecurityToken EncodingType and ValueType
- * attribute values should be prefixed with "wsse" or otherwise qualified
- * with the wsse namespace (false).
- */
- public void setBSTValuesPrefixed(boolean prefixBSTAttributeValues) {
- prefixBSTValues = prefixBSTAttributeValues;
- }
-
- /**
- * default value is true.
- * <p/>
- * returns true if the Id attribute placed in the signature target element is
- * qualified with the wsu namespace.
- */
- public boolean isTargetIdQualified() {
- return targetIdQualified;
- }
-
- /**
- * Sets an option whether the Id attribute placed in the signature target should be
- * qualified with the wsu namespace.
- */
- public void setTargetIdQualified(boolean qualifyTargetIdAttribute) {
- targetIdQualified = qualifyTargetIdAttribute;
- }
-
- /**
- * default value is TIMESTAMP_IN_SECURITY_ELEMENT (following OASIS 2003 and 2004 specs).
- * <p/>
- * returns TIMESTAMP_IN_SECURITY_ELEMENT if the wsu:Timestamp element is placed inside
- * the wsse:Secutriy element. TIMESTAMP_IN_HEADER_ELEMENT if it is placed under the Header directly, outside
- * the wsse:Secutriy element.
- */
- public int getTimestampLocation() {
- return timestampLocation;
- }
-
- /**
- * Sets an option whether the Iwsu:Timestamp element is placed inside
- * the wsse:Secutriy element. set it to false foe placement in the Header,
- * outside the wsse:Secutriy element.
- */
- public void setTimestampLocation(int timestampElementLocation) {
- timestampLocation = timestampElementLocation;
- }
-
- /**
- * default value is true.
- * <p/>
- * returns true if WSS4J attempts to process non-compliant WS-Security
- * messages, such as WS-Security headers with older OASIS spec namespaces.
- */
- public boolean getProcessNonCompliantMessages() {
- return processNonCompliantMessages;
- }
-
- /**
- * Sets an option whether WSS4J should attempt to process non-compliant
- * WS-Security messages, such as WS-Security headers with older OASIS spec
- * namespaces.
- */
- public void setProcessNonCompliantMessages(boolean attemptProcess) {
- processNonCompliantMessages = attemptProcess;
- }
-
- /**
* Checks if we are in WS-I Basic Security Profile compliance mode
*
* @return
@@ -273,5 +127,19 @@
*/
public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
this.precisionInMilliSeconds = precisionInMilliSeconds;
+ }
+
+ /**
+ * @return Returns the enableSignatureConfirmation.
+ */
+ public boolean isEnableSignatureConfirmation() {
+ return enableSignatureConfirmation;
+ }
+
+ /**
+ * @param enableSignatureConfirmation The enableSignatureConfirmation to set.
+ */
+ public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
+ this.enableSignatureConfirmation = enableSignatureConfirmation;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java Mon Sep 5 11:36:22 2005
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2004 The Apache Software Foundation.
+ * Copyright 2003-2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.BinarySecurity;
@@ -27,7 +28,6 @@
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.message.token.X509Security;
-import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.encryption.XMLCipher;
@@ -41,7 +41,6 @@
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.utils.Base64;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
@@ -88,27 +87,27 @@
private static Log tlog =
LogFactory.getLog("org.apache.ws.security.TIME");
- private static final Class[] constructorType = {WSSConfig.class, org.w3c.dom.Element.class};
+ private static final Class[] constructorType = {org.w3c.dom.Element.class};
private static WSSecurityEngine engine = null;
+ private static WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
/**
* The symmetric key.
*/
private byte[] decryptedBytes = null;
private boolean doDebug = false;
- protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
/**
* <code>wsse:BinarySecurityToken</code> as defined by WS Security specification
*/
- protected QName binaryToken;
+ protected static final QName binaryToken = new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN);
/**
* <code>wsse:UsernameToken</code> as defined by WS Security specification
*/
- protected QName usernameToken;
+ protected static final QName usernameToken = new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN);
/**
* <code>wsu:Timestamp</code> as defined by OASIS WS Security specification,
*/
- protected QName timeStamp;
+ protected static final QName timeStamp = new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN);
/**
* <code>ds:Signature</code> as defined by XML Signature specification,
* enhanced by WS Security specification
@@ -132,15 +131,6 @@
}
public WSSecurityEngine() {
- this(WSSConfig.getDefaultWSConfig());
- }
-
- public WSSecurityEngine(WSSConfig wssConfig) {
- this.wssConfig = wssConfig;
- binaryToken = new QName(wssConfig.getWsseNS(), WSConstants.BINARY_TOKEN_LN);
- usernameToken = new QName(wssConfig.getWsseNS(), WSConstants.USERNAME_TOKEN_LN);
- timeStamp = new QName(wssConfig.getWsuNS(), WSConstants.TIMESTAMP_TOKEN_LN);
-
}
/**
@@ -157,20 +147,11 @@
}
/**
- * Get a singleton instance of security engine with specified configuration
- * settings. <p/>
- *
- * @param wssConfig
- * the configuration parameters to use.
- * @return ws-security engine.
- */
- public synchronized static WSSecurityEngine getInstance(WSSConfig wssConfig) {
- if (engine == null) {
- engine = new WSSecurityEngine(wssConfig);
- }
- return engine;
+ * @param wsc set the static WSSConfig to other than default
+ */
+ public static void setWssConfig(WSSConfig wsc) {
+ wssConfig = wsc;
}
-
/**
* Process the security header given the soap envelope as W3C document.
* <p/>
@@ -236,7 +217,7 @@
}
Vector wsResult = null;
SOAPConstants sc = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
- Element elem = WSSecurityUtil.getSecurityHeader(wssConfig, doc, actor, sc);
+ Element elem = WSSecurityUtil.getSecurityHeader(doc, actor, sc);
if (elem != null) {
if (doDebug) {
log.debug("Processing WS-Security header for '" + actor
@@ -316,9 +297,10 @@
WSDocInfoStore.store(wsDocInfo);
X509Certificate[] returnCert = new X509Certificate[1];
Vector returnQname[] = new Vector[1];
+ byte signatureValue[] = null;
try {
lastPrincipalFound = verifyXMLSignature((Element) elem,
- sigCrypto, returnCert, returnQname);
+ sigCrypto, returnCert, returnQname, signatureValue);
} catch (WSSecurityException ex) {
throw ex;
} finally {
@@ -327,12 +309,12 @@
if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
returnResults.add(0, new WSSecurityEngineResult(
WSConstants.UT_SIGN, lastPrincipalFound, null,
- returnQname[0]));
+ returnQname[0], signatureValue));
} else {
returnResults.add(0, new WSSecurityEngineResult(
WSConstants.SIGN, lastPrincipalFound,
- returnCert[0], returnQname[0]));
+ returnCert[0], returnQname[0], signatureValue));
}
} else if (el.equals(ENCRYPTED_KEY)) {
if (doDebug) {
@@ -347,7 +329,7 @@
"noCallback");
}
handleEncryptedKey((Element) elem, cb, decCrypto);
- returnResults.add(0, new WSSecurityEngineResult(WSConstants.ENCR, null, null, null));
+ returnResults.add(0, new WSSecurityEngineResult(WSConstants.ENCR, null, null, null, null));
} else if (el.equals(REFERENCE_LIST)) {
if (doDebug) {
log.debug("Found reference list element");
@@ -357,14 +339,14 @@
"noCallback");
}
handleReferenceList((Element) elem, cb);
- returnResults.add(0, new WSSecurityEngineResult(WSConstants.ENCR, null, null, null));
+ returnResults.add(0, new WSSecurityEngineResult(WSConstants.ENCR, null, null, null, null));
} else if (el.equals(usernameToken)) {
if (doDebug) {
log.debug("Found UsernameToken list element");
}
lastPrincipalFound = handleUsernameToken((Element) elem, cb);
returnResults.add(0, new WSSecurityEngineResult(WSConstants.UT,
- lastPrincipalFound, null, null));
+ lastPrincipalFound, null, null, null));
} else if (el.equals(SAML_TOKEN)) {
if (doDebug) {
log.debug("Found SAML Assertion element");
@@ -380,7 +362,7 @@
/*
* Decode Timestamp, add the found time (created/expiry) to result
*/
- Timestamp timestamp = new Timestamp(wssConfig, (Element) elem);
+ Timestamp timestamp = new Timestamp((Element) elem);
handleTimestamp(timestamp);
returnResults.add(0,
new WSSecurityEngineResult(WSConstants.TS,
@@ -446,7 +428,8 @@
protected Principal verifyXMLSignature(Element elem,
Crypto crypto,
X509Certificate[] returnCert,
- Vector[] returnQname)
+ Vector[] returnQname,
+ byte[] signatureValue)
throws WSSecurityException {
if (doDebug) {
log.debug("Verify XML Signature");
@@ -464,7 +447,7 @@
"noXMLSig");
}
- sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));
+ sig.addResourceResolver(EnvelopeIdResolver.getInstance());
X509Certificate[] certs = null;
KeyInfo info = sig.getKeyInfo();
@@ -472,22 +455,15 @@
UsernameToken ut = null;
if (info != null) {
- Node node;
- if (wssConfig.getProcessNonCompliantMessages()) {
- node = WSSecurityUtil.getDirectChildWSSE(info.getElement(),
- SecurityTokenReference.SECURITY_TOKEN_REFERENCE);
- } else {
- node = WSSecurityUtil.getDirectChild(info.getElement(),
+ Node node = WSSecurityUtil.getDirectChild(info.getElement(),
SecurityTokenReference.SECURITY_TOKEN_REFERENCE,
- wssConfig.getWsseNS());
- }
+ WSConstants.WSSE_NS);
if (node == null) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
"unsupportedKeyInfo");
}
- SecurityTokenReference secRef = new SecurityTokenReference(
- wssConfig, (Element) node);
+ SecurityTokenReference secRef = new SecurityTokenReference((Element) node);
int docHash = elem.getOwnerDocument().hashCode();
/*
@@ -506,8 +482,8 @@
*/
QName el = new QName(token.getNamespaceURI(), token
.getLocalName());
- if (token.getLocalName().equals(UsernameToken.TOKEN)) {
- ut = new UsernameToken(wssConfig, token);
+ if (token.getLocalName().equals(WSConstants.USERNAME_TOKEN_LN)) {
+ ut = new UsernameToken(token);
secretKey = ut.getSecretKey();
} else {
if (crypto == null) {
@@ -580,6 +556,7 @@
+ ", prepare-cert= " + (t1 - t0) + ", verify= "
+ (t2 - t1));
}
+ signatureValue = sig.getSignatureValue();
/*
* Now dig into the Signature element to get the elements that
* this Signature covers. Build the QName of these Elements and
@@ -597,8 +574,7 @@
WSSecurityException.FAILED_CHECK);
}
String uri = siRef.getURI();
- Element se = WSSecurityUtil.getElementByWsuId(wssConfig,
- elem.getOwnerDocument(), uri);
+ Element se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
if (se == null) {
se = WSSecurityUtil.getElementByGenId(elem
.getOwnerDocument(), uri);
@@ -746,22 +722,13 @@
* @throws WSSecurityException
*/
private BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
- BinarySecurity token = new BinarySecurity(wssConfig, element);
+ BinarySecurity token = new BinarySecurity(element);
String type = token.getValueType();
Class clazz = null;
- if (wssConfig.getProcessNonCompliantMessages() ||
- wssConfig.isBSTValuesPrefixed()) {
- if (type.endsWith(X509Security.X509_V3)) {
- clazz = X509Security.class;
- } else if (type.endsWith(PKIPathSecurity.X509PKI_PATH)) {
- clazz = PKIPathSecurity.class;
- }
- } else {
- if (type.equals(X509Security.getType(wssConfig))) {
- clazz = X509Security.class;
- } else if (type.equals(PKIPathSecurity.getType(wssConfig))) {
- clazz = PKIPathSecurity.class;
- }
+ if (type.equals(X509Security.getType())) {
+ clazz = X509Security.class;
+ } else if (type.equals(PKIPathSecurity.getType())) {
+ clazz = PKIPathSecurity.class;
}
if (clazz == null) {
throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
@@ -773,7 +740,7 @@
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidConstructor", new Object[]{clazz});
}
- return (BinarySecurity) constructor.newInstance(new Object[]{wssConfig, element});
+ return (BinarySecurity) constructor.newInstance(new Object[]{element});
} catch (InvocationTargetException e) {
Throwable ee = e.getTargetException();
if (ee instanceof WSSecurityException) {
@@ -812,7 +779,7 @@
* @throws WSSecurityException
*/
public WSUsernameTokenPrincipal handleUsernameToken(Element token, CallbackHandler cb) throws WSSecurityException {
- UsernameToken ut = new UsernameToken(wssConfig, token);
+ UsernameToken ut = new UsernameToken(token);
String user = ut.getName();
String password = ut.getPassword();
String nonce = ut.getNonce();
@@ -980,13 +947,8 @@
String alias;
if (keyInfo != null) {
Element secRefToken;
- if (wssConfig.getProcessNonCompliantMessages()) {
- secRefToken = (Element) WSSecurityUtil.getDirectChildWSSE(keyInfo,
- "SecurityTokenReference");
- } else {
- secRefToken = (Element) WSSecurityUtil.getDirectChild(keyInfo,
- "SecurityTokenReference", wssConfig.getWsseNS());
- }
+ secRefToken = (Element) WSSecurityUtil.getDirectChild(keyInfo,
+ "SecurityTokenReference", WSConstants.WSSE_NS);
if (secRefToken == null) {
secRefToken = (Element) WSSecurityUtil.getDirectChild(keyInfo,
"KeyName", WSConstants.SIG_NS);
@@ -995,7 +957,7 @@
throw new WSSecurityException
(WSSecurityException.INVALID_SECURITY, "noSecTokRef");
}
- SecurityTokenReference secRef = new SecurityTokenReference(wssConfig, secRefToken);
+ SecurityTokenReference secRef = new SecurityTokenReference(secRefToken);
/*
* Well, at this point there are several ways to get the key.
* Try to handle all of them :-).
@@ -1045,15 +1007,8 @@
if (el.equals(binaryToken)) {
X509Security token = null;
String value = bstElement.getAttribute(VALUE_TYPE);
- // attempt to get attribute in case it is qualified
- if (wssConfig.getProcessNonCompliantMessages()) {
- for (int i = 0; i < WSConstants.WSSE_NS_ARRAY.length && value.length() == 0; ++i) {
- String ns = WSConstants.WSSE_NS_ARRAY[i];
- value = bstElement.getAttributeNS(ns, VALUE_TYPE);
- }
- }
- if (!value.endsWith(X509Security.X509_V3)
- || ((token = new X509Security(wssConfig, bstElement)) == null)) {
+ if (!X509Security.getType().equals(value)
+ || ((token = new X509Security(bstElement)) == null)) {
throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
"unsupportedBinaryTokenType",
new Object[]{"for decryption (BST)"});
@@ -1191,7 +1146,7 @@
* try the generic lookup to find Id="someURI"
*/
Element encBodyData = null;
- if ((encBodyData = WSSecurityUtil.getElementByWsuId(wssConfig, doc, dataRefURI)) == null) {
+ if ((encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI)) == null) {
encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
}
if (encBodyData == null) {
@@ -1271,7 +1226,7 @@
* try the generic lookup to find Id="someURI"
*/
Element encBodyData = null;
- if ((encBodyData = WSSecurityUtil.getElementByWsuId(wssConfig, doc, dataRefURI)) == null) {
+ if ((encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI)) == null) {
encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
}
if (encBodyData == null) {
@@ -1429,12 +1384,5 @@
*/
public byte[] getDecryptedBytes() {
return decryptedBytes;
- }
-
- /**
- * Should the timestamps have millisecond precision
- */
- public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
- wssConfig.setPrecisionInMilliSeconds(precisionInMilliSeconds);
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java Mon Sep 5 11:36:22 2005
@@ -35,6 +35,7 @@
private SAMLAssertion assertion;
private Timestamp timestamp;
private Vector signedElementQnames;
+ private byte[] signatureValue = null;
WSSecurityEngineResult(int act, SAMLAssertion ass) {
principal = null;
@@ -43,11 +44,13 @@
assertion = ass;
}
- WSSecurityEngineResult(int act, Principal princ, X509Certificate certificate, Vector elemQnames) {
+ WSSecurityEngineResult(int act, Principal princ,
+ X509Certificate certificate, Vector elemQnames, byte[] sv) {
principal = princ;
action = act;
cert = certificate;
signedElementQnames = elemQnames;
+ signatureValue = sv;
}
WSSecurityEngineResult(int act,
@@ -100,4 +103,12 @@
public Vector getSignedElementQnames() {
return signedElementQnames;
}
+
+ /**
+ * @return Returns the signatureValue.
+ */
+ public byte[] getSignatureValue() {
+ return signatureValue;
+ }
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/RequestData.java Mon Sep 5 11:36:22 2005
@@ -1,6 +1,7 @@
package org.apache.ws.security.handler;
import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import java.util.Vector;
@@ -9,7 +10,7 @@
/**
* This class holds per request data.
*
- * @author wdi
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de)
*/
public class RequestData {
private Object msgContext = null;
@@ -32,6 +33,8 @@
private Vector encryptParts = new Vector();
private X509Certificate encCert = null;
private int timeToLive = 300; // Timestamp: time in seconds between creation and expiry
+ private WSSConfig wssConfig = null;
+ private Vector signatureValues = new Vector();
public void clear() {
soapConstants = null;
@@ -42,6 +45,9 @@
signatureParts = encryptParts = null;
encCert = null;
utElements = null;
+ wssConfig = null;
+ signatureValues.clear();
+ signatureValues = null;
}
public Object getMsgContext() {
@@ -136,9 +142,9 @@
return signatureParts;
}
- public void setSignatureParts(Vector signatureParts) {
- this.signatureParts = signatureParts;
- }
+// public void setSignatureParts(Vector signatureParts) {
+// this.signatureParts = signatureParts;
+// }
public Crypto getEncCrypto() {
return encCrypto;
@@ -184,9 +190,9 @@
return encryptParts;
}
- public void setEncryptParts(Vector encryptParts) {
- this.encryptParts = encryptParts;
- }
+// public void setEncryptParts(Vector encryptParts) {
+// this.encryptParts = encryptParts;
+// }
public X509Certificate getEncCert() {
return encCert;
@@ -203,4 +209,31 @@
public void setTimeToLive(int timeToLive) {
this.timeToLive = timeToLive;
}
+
+ /**
+ * @return Returns the wssConfig.
+ */
+ public WSSConfig getWssConfig() {
+ return wssConfig;
+ }
+
+ /**
+ * @param wssConfig The wssConfig to set.
+ */
+ public void setWssConfig(WSSConfig wssConfig) {
+ this.wssConfig = wssConfig;
+ }
+ /**
+ * @return Returns the vector of stored signature values.
+ */
+ public Vector getSignatureValues() {
+ return signatureValues;
+ }
+
+// /**
+// * @param signatureValue The signature value to store.
+// */
+// public void addSignatureValue(byte[] signatureValue) {
+// this.signatureValues.add(signatureValue);
+// }
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Mon Sep 5 11:36:22 2005
@@ -1,5 +1,5 @@
/*
-* Copyright 2003-2004 The Apache Software Foundation.
+* Copyright 2003-2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
@@ -53,14 +54,18 @@
/**
* Extracted from WSDoAllReceiver and WSDoAllSender
+ *
+ *
+ * @author Davanum Srinivas (dims@yahoo.com).
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de).
*/
public abstract class WSHandler {
protected static Log log = LogFactory.getLog(WSHandler.class.getName());
protected static final WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
- protected static boolean doDebug = true;
protected static Hashtable cryptos = new Hashtable(5);
-
+ private boolean doDebug = log.isDebugEnabled();
+
/**
* Performs all defined security actions to set-up the SOAP request.
*
@@ -73,11 +78,13 @@
* @throws WSSecurityException
*/
protected void doSenderAction(int doAction, Document doc,
- RequestData reqData, Vector actions) throws WSSecurityException {
+ RequestData reqData, Vector actions, boolean isRequest) throws WSSecurityException {
boolean mu = decodeMustUnderstand(reqData);
- secEngine.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData));
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData));
+ reqData.setWssConfig(wssConfig);
String actor = null;
if ((actor = (String) getOption(WSHandlerConstants.ACTOR)) == null) {
@@ -172,8 +179,56 @@
break;
}
}
+ if (wssConfig.isEnableSignatureConfirmation()) {
+ /*
+ * If this is a request then store all signature values. Add ours to
+ * already gathered values because of chained handlers, e.g. for
+ * other actors.
+ */
+ log.debug("Signature value handling, request is: " + isRequest);
+ if (isRequest) {
+ if (reqData.getSignatureValues().size() > 0) {
+ Vector sigv = null;
+ if ((sigv = (Vector) getProperty(reqData.getMsgContext(),
+ WSHandlerConstants.SEND_SIGV)) == null) {
+ sigv = new Vector();
+ setProperty(reqData.getMsgContext(),
+ WSHandlerConstants.SEND_SIGV, sigv);
+ }
+ sigv.add(reqData.getSignatureValues());
+ }
+ } else {
+ /*
+ * If we are going to send a response generate the Signature
+ * confirmation elements
+ */
+ Vector results = null;
+ if ((results = (Vector) getProperty(reqData.getMsgContext(),
+ WSHandlerConstants.RECV_RESULTS)) != null) {
+ performSIGNConfirmation(mu, doc, reqData, results);
+ }
+ }
+ }
}
+ protected void doReceiverAction(int doAction, RequestData reqData)
+ throws WSSecurityException {
+
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ reqData.setWssConfig(wssConfig);
+
+ if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
+ decodeSignatureParameter2(reqData);
+ }
+
+ if ((doAction & WSConstants.ENCR) == WSConstants.ENCR) {
+ decodeDecryptionParameter(reqData);
+ }
+ if ((doAction & WSConstants.NO_SERIALIZE) == WSConstants.NO_SERIALIZE) {
+ reqData.setNoSerialization(true);
+ }
+ }
+
protected void performSIGNAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
throws WSSecurityException {
String password;
@@ -185,6 +240,8 @@
.getPassword();
WSSignEnvelope wsSign = new WSSignEnvelope(reqData.getActor(), mu);
+ wsSign.setWsConfig(reqData.getWssConfig());
+
if (reqData.getSigKeyId() != 0) {
wsSign.setKeyIdentifierType(reqData.getSigKeyId());
}
@@ -199,6 +256,7 @@
try {
wsSign.build(doc, reqData.getSigCrypto());
+ reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("WSHandler: Signature: error during message procesing" + e);
}
@@ -207,6 +265,8 @@
protected void performENCRAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
throws WSSecurityException {
WSEncryptBody wsEncrypt = new WSEncryptBody(reqData.getActor(), mu);
+ wsEncrypt.setWsConfig(reqData.getWssConfig());
+
if (reqData.getEncKeyId() != 0) {
wsEncrypt.setKeyIdentifierType(reqData.getEncKeyId());
}
@@ -257,6 +317,7 @@
.getPassword();
WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
builder.setPasswordType(reqData.getPwType());
//Set the wsu:Id of the UNT
@@ -287,12 +348,16 @@
WSHandlerConstants.PW_CALLBACK_REF, reqData).getPassword();
WSSAddUsernameToken builder = new WSSAddUsernameToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
+
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.preSetUsernameToken(doc, reqData.getUsername(), password);
builder.addCreated(doc);
builder.addNonce(doc);
WSSignEnvelope sign = new WSSignEnvelope(reqData.getActor(), mu);
+ sign.setWsConfig(reqData.getWssConfig());
+
if (reqData.getSignatureParts().size() > 0) {
sign.setParts(reqData.getSignatureParts());
}
@@ -301,6 +366,7 @@
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
try {
sign.build(doc, null);
+ reqData.getSignatureValues().add(sign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("WSHandler: Error during Signatur with UsernameToken secret"
+ e);
@@ -311,6 +377,8 @@
protected void performSTAction(int actionToDo, boolean mu, Document doc, RequestData reqData)
throws WSSecurityException {
WSSAddSAMLToken builder = new WSSAddSAMLToken(reqData.getActor(), mu);
+ builder.setWsConfig(reqData.getWssConfig());
+
SAMLIssuer saml = loadSamlIssuer(reqData);
saml.setUsername(reqData.getUsername());
SAMLAssertion assertion = saml.newAssertion();
@@ -346,6 +414,8 @@
Crypto issuerCrypto = null;
WSSignEnvelope wsSign = new WSSignEnvelope(reqData.getActor(), mu);
+ wsSign.setWsConfig(reqData.getWssConfig());
+
String password = null;
if (saml.isSenderVouches()) {
issuerKeyName = saml.getIssuerKeyName();
@@ -370,6 +440,7 @@
issuerCrypto,
issuerKeyName,
issuerKeyPW);
+ reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("WSHandler: Signed SAML: error during message processing"
+ e);
@@ -379,6 +450,8 @@
protected void performTSAction(int actionToDo, boolean mu, Document doc, RequestData reqData) throws WSSecurityException {
WSAddTimestamp timeStampBuilder =
new WSAddTimestamp(reqData.getActor(), mu);
+ timeStampBuilder.setWsConfig(reqData.getWssConfig());
+
timeStampBuilder.setId("Timestamp-" + System.currentTimeMillis());
@@ -386,6 +459,22 @@
timeStampBuilder.build(doc, decodeTimeToLive(reqData));
}
+ protected void performSIGNConfirmation(boolean mu, Document doc,
+ RequestData reqData, Vector results) {
+ if (doDebug) {
+ log.debug("Perform Signature confirmation");
+ }
+ }
+
+ protected boolean checkSignatureConfirmation(RequestData reqData, Vector wsResult) {
+ if (doDebug) {
+ log.debug("Check Signature confirmation");
+ }
+ if (!reqData.isNoSerialization()) {
+ log.debug("Check Signature confirmation - last handler");
+ }
+ return true;
+ }
/**
* Hook to allow subclasses to load their Signature Crypto however they see
* fit.
@@ -1093,6 +1182,9 @@
public abstract Object getOption(String key);
public abstract Object getProperty(Object msgContext, String key);
+
+ public abstract void setProperty(Object msgContext, String key, Object value);
+
public abstract String getPassword(Object msgContext);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Mon Sep 5 11:36:22 2005
@@ -1301,6 +1301,8 @@
* Should timestamps have precision in milliseconds
*/
public static final String TIMESTAMP_PRECISION = "precisionInMilliseconds";
+
+ public static final String SEND_SIGV = "_sendSignatureValues_";
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java Mon Sep 5 11:36:22 2005
@@ -62,9 +62,8 @@
public class WSS4JHandler extends WSHandler implements Handler {
private HandlerInfo handlerInfo;
static Log log = LogFactory.getLog(WSS4JHandler.class.getName());
-// static final WSSecurityEngine secEngine = new WSSecurityEngine();
- private boolean doDebug = false;
+ private boolean doDebug = log.isDebugEnabled();;
static final String DEPLOYMENT = "deployment";
static final String CLIENT_DEPLOYMENT = "client";
@@ -153,14 +152,19 @@
boolean needsHandling = ( isRequestMessage && !handleFlow.equals(RESPONSE_ONLY)) ||
(!isRequestMessage && !handleFlow.equals(REQUEST_ONLY));
- if (deployment.equals(CLIENT_DEPLOYMENT) ^ isRequestMessage) {
- if (needsHandling) {
- return doReceiver(mc, reqData);
- }
- } else {
- if (needsHandling) {
- return doSender(mc, reqData);
+ try {
+ if (deployment.equals(CLIENT_DEPLOYMENT) ^ isRequestMessage) {
+ if (needsHandling) {
+ return doReceiver(mc, reqData, isRequestMessage);
+ }
+ } else {
+ if (needsHandling) {
+ return doSender(mc, reqData, isRequestMessage);
+ }
}
+ } finally {
+ reqData.clear();
+ reqData = null;
}
return true;
}
@@ -168,7 +172,7 @@
/**
* Handles incoming web service requests and outgoing responses
*/
- public boolean doSender(MessageContext mc, RequestData reqData) throws WSSecurityException {
+ public boolean doSender(MessageContext mc, RequestData reqData, boolean isRequest) throws WSSecurityException {
reqData.getSignatureParts().removeAllElements();
reqData.getEncryptParts().removeAllElements();
@@ -255,8 +259,8 @@
log.debug("WSS4JHandler: orginal SOAP request: ");
log.debug(org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc));
}
- doSenderAction(doAction, doc, reqData, actions);
-
+ doSenderAction(doAction, doc, reqData, actions, isRequest);
+
/*
* If required convert the resulting document into a message first. The
* outputDOM() method performs the necessary c14n call. After that we
@@ -307,7 +311,7 @@
* @return
* @throws WSSecurityException
*/
- public boolean doReceiver(MessageContext mc, RequestData reqData) throws WSSecurityException {
+ public boolean doReceiver(MessageContext mc, RequestData reqData, boolean isRequest) throws WSSecurityException {
Vector actions = new Vector();
String action = (String) getOption(WSHandlerConstants.RECEIVE + '.' + WSHandlerConstants.ACTION);
@@ -359,14 +363,7 @@
* Get and check the Signature specific parameters first because they
* may be used for encryption too.
*/
-
- if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
- decodeSignatureParameter2(reqData);
- }
-
- if ((doAction & WSConstants.ENCR) == WSConstants.ENCR) {
- decodeDecryptionParameter(reqData);
- }
+ doReceiverAction(doAction, reqData);
Vector wsResult = null;
try {
@@ -388,6 +385,9 @@
throw new JAXRPCException("WSS4JHandler: Request does not contain required Security header");
}
}
+ if (reqData.getWssConfig().isEnableSignatureConfirmation() && !isRequest) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
/*
* If we had some security processing, get the original
@@ -545,6 +545,10 @@
public Object getProperty(Object msgContext, String key) {
return ((MessageContext)msgContext).getProperty(key);
+ }
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext)msgContext).setProperty(key, value);
}
public String getPassword(Object msgContext) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java Mon Sep 5 11:36:22 2005
@@ -20,7 +20,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
-import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.XMLUtils;
@@ -49,7 +49,6 @@
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
private static EnvelopeIdResolver resolver = null;
- private WSSConfig wssConfig;
private boolean doDebug = false;
@@ -59,17 +58,14 @@
*
* @return
*/
- public synchronized static ResourceResolverSpi getInstance(WSSConfig wssConfig) {
- // instance comparison, should be same instance most of the time
- // so no need for quals() here?
- if (resolver == null || resolver.wssConfig != wssConfig) {
- resolver = new EnvelopeIdResolver(wssConfig);
+ public synchronized static ResourceResolverSpi getInstance() {
+ if (resolver == null) {
+ resolver = new EnvelopeIdResolver();
}
return resolver;
}
- private EnvelopeIdResolver(WSSConfig wssConfig) {
- this.wssConfig = wssConfig;
+ private EnvelopeIdResolver() {
}
/**
@@ -124,7 +120,7 @@
uri,
BaseURI);
}
- String cId = selectedElem.getAttributeNS(wssConfig.getWsuNS(), "Id");
+ String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
/*
* If Body Id match fails, look for a generic Id (without a namespace)
@@ -133,7 +129,7 @@
*/
if (!id.equals(cId)) {
cId = null;
- if ((selectedElem = WSSecurityUtil.getElementByWsuId(wssConfig, doc, uriNodeValue)) != null) {
+ if ((selectedElem = WSSecurityUtil.getElementByWsuId(doc, uriNodeValue)) != null) {
cId = selectedElem.getAttribute("Id");
} else if ((selectedElem = WSSecurityUtil.getElementByGenId(doc, uriNodeValue)) != null) {
cId = selectedElem.getAttribute("Id");
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSAddTimestamp.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSAddTimestamp.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSAddTimestamp.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSAddTimestamp.java Mon Sep 5 11:36:22 2005
@@ -19,7 +19,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -65,18 +64,6 @@
}
/**
- * Constructor.
- * <p/>
- *
- * @param wssConfig Configuration options for processing and building security headers
- * @param actor The name of the actor of the <code>wsse:Security</code> header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSAddTimestamp(WSSConfig wssConfig, String actor, boolean mu) {
- super(wssConfig, actor, mu);
- }
-
- /**
* Adds a new <code>Timestamp</code> to a soap envelope.
* <p/>
* A complete <code>Timestamp</code> is constructed and added to
@@ -90,17 +77,11 @@
public Document build(Document doc, int ttl) {
log.debug("Begin add timestamp...");
Element securityHeader = insertSecurityHeader(doc);
- Element target;
- if (wssConfig.getTimestampLocation() == WSSConfig.TIMESTAMP_IN_SECURITY_ELEMENT) {
- target = securityHeader;
- } else {
- target = (Element) securityHeader.getParentNode();
- }
- ts = new Timestamp(wssConfig, doc, ttl);
+ ts = new Timestamp(wssConfig.isPrecisionInMilliSeconds(), doc, ttl);
if(id != null) {
ts.setID(id);
}
- WSSecurityUtil.prependChildElement(doc, target, ts.getElement(), true);
+ WSSecurityUtil.prependChildElement(doc, securityHeader, ts.getElement(), true);
return doc;
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSBaseMessage.java Mon Sep 5 11:36:22 2005
@@ -20,8 +20,8 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
-import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -33,7 +33,7 @@
* It provides common functions and fields used by the specific message
* classes such as sign, encrypt, and username token.
*
- * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de)
*/
public class WSBaseMessage {
private static Log log = LogFactory.getLog(WSBaseMessage.class.getName());
@@ -44,9 +44,11 @@
protected int keyIdentifierType = WSConstants.ISSUER_SERIAL;
protected Vector parts = null;
protected int timeToLive = 300; // time between Created and Expires
+
+ protected boolean doDebug = false;
+
protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
- protected boolean doDebug = false;
/**
* Constructor.
@@ -72,19 +74,6 @@
* @param mu Set <code>mustUnderstand</code> to true or false
*/
public WSBaseMessage(String actor, boolean mu) {
- this(WSSConfig.getDefaultWSConfig(), actor, mu);
- }
-
- /**
- * Constructor.
- * <p/>
- *
- * @param wssConfig configuration options for processing and building security headers
- * @param actor The actor name of the <code>wsse:Security</code> header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSBaseMessage(WSSConfig wssConfig, String actor, boolean mu) {
- this.wssConfig = wssConfig;
setActor(actor);
setMustUnderstand(mu);
}
@@ -163,6 +152,13 @@
}
/**
+ * @param wsConfig The wsConfig to set.
+ */
+ public void setWsConfig(WSSConfig wsConfig) {
+ this.wssConfig = wsConfig;
+ }
+
+ /**
* Looks up or adds a body id.
* <p/>
* First try to locate the <code>wsu:Id</code> in the SOAP body element.
@@ -190,30 +186,15 @@
protected String setWsuId(Element bodyElement) {
String id = null;
- // try to get a differently qualified Id in case it was created with
- // an older spec namespace
- if (wssConfig.getProcessNonCompliantMessages()) {
- id = WSSecurityUtil.getAttributeValueWSU(bodyElement, "Id", null);
- }
- if (wssConfig.getProcessNonCompliantMessages() ||
- !wssConfig.isTargetIdQualified()) {
- if ((id == null) || (id.length() == 0)) {
- id = bodyElement.getAttribute("Id");
- }
- } else {
- id = bodyElement.getAttributeNS(wssConfig.getWsuNS(), "Id");
- }
+ id = bodyElement.getAttributeNS(WSConstants.WSU_NS, "Id");
+
if ((id == null) || (id.length() == 0)) {
id = "id-" + Integer.toString(bodyElement.hashCode());
- if (wssConfig.isTargetIdQualified()) {
- String prefix =
- WSSecurityUtil.setNamespace(bodyElement,
- wssConfig.getWsuNS(),
- WSConstants.WSU_PREFIX);
- bodyElement.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", id);
- } else {
- bodyElement.setAttributeNS(null, "Id", id);
- }
+ String prefix =
+ WSSecurityUtil.setNamespace(bodyElement,
+ WSConstants.WSU_NS,
+ WSConstants.WSU_PREFIX);
+ bodyElement.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
return id;
}
@@ -248,11 +229,10 @@
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
// lookup a security header block that matches actor
Element securityHeader =
- WSSecurityUtil.getSecurityHeader(wssConfig, doc, actor, soapConstants);
+ WSSecurityUtil.getSecurityHeader(doc, actor, soapConstants);
if (securityHeader == null) { // create if nothing found
securityHeader =
- WSSecurityUtil.findWsseSecurityHeaderBlock(wssConfig,
- doc,
+ WSSecurityUtil.findWsseSecurityHeaderBlock(doc,
doc.getDocumentElement(),
actor,
true);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java Mon Sep 5 11:36:22 2005
@@ -22,7 +22,6 @@
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
@@ -117,18 +116,6 @@
}
/**
- * Constructor.
- * <p/>
- *
- * @param wssConfig Configuration options for processing and building the <code>wsse:Security</code> header
- * @param actor The actor name of the <code>wsse:Security</code> header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSEncryptBody(WSSConfig wssConfig, String actor, boolean mu) {
- super(wssConfig, actor, mu);
- }
-
- /**
* Sets the key to use during embedded encryption.
* <p/>
*
@@ -394,7 +381,7 @@
xencEncryptedKey,
true);
}
- SecurityTokenReference secToken = new SecurityTokenReference(wssConfig, doc);
+ SecurityTokenReference secToken = new SecurityTokenReference(doc);
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
@@ -411,10 +398,10 @@
break;
case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(wssConfig, doc);
+ Reference ref = new Reference(doc);
ref.setURI("#" + certUri);
BinarySecurity bstToken = null;
- bstToken = new X509Security(wssConfig, doc);
+ bstToken = new X509Security(doc);
((X509Security) bstToken).setX509Certificate(remoteCert);
bstToken.setID(certUri);
ref.setValueType(bstToken.getValueType());
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddSAMLToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddSAMLToken.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddSAMLToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddSAMLToken.java Mon Sep 5 11:36:22 2005
@@ -18,7 +18,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
@@ -62,19 +61,6 @@
*/
public WSSAddSAMLToken(String actor, boolean mu) {
super(actor, mu);
- }
-
- /**
- * Constructor.
- * <p/>
- *
- * @param wssConfig Configuration options for processing and building the <code>wsse:Security</code> header
- * @param actor The name of the actor of the <code>wsse:Security</code>
- * header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSSAddSAMLToken(WSSConfig wssConfig, String actor, boolean mu) {
- super(wssConfig, actor, mu);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddUsernameToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddUsernameToken.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddUsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSAddUsernameToken.java Mon Sep 5 11:36:22 2005
@@ -20,7 +20,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -68,18 +67,6 @@
}
/**
- * Constructor.
- * <p/>
- *
- * @param wssConfig Configuration options for processing and building the <code>wsse:Security</code> header
- * @param actor The name of the actor of the <code>wsse:Security</code> header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSSAddUsernameToken(WSSConfig wssConfig, String actor, boolean mu) {
- super(wssConfig, actor, mu);
- }
-
- /**
* Defines how to construct the password element of the
* <code>UsernameToken</code>.
*
@@ -106,7 +93,7 @@
* Creates and adds a Created element to the UsernameToken
*/
public void addCreated(Document doc) {
- ut.addCreated(doc);
+ ut.addCreated(wssConfig.isPrecisionInMilliSeconds(), doc);
}
/**
@@ -131,7 +118,7 @@
}
public Document preSetUsernameToken(Document doc, String username, String password) {
- ut = new UsernameToken(wssConfig, doc, passwordType);
+ ut = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc, passwordType);
ut.setName(username);
ut.setPassword(password);
return doc;
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org