You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/11/21 15:08:58 UTC
svn commit: r1770695 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/
Author: coheigea
Date: Mon Nov 21 15:08:58 2016
New Revision: 1770695
URL: http://svn.apache.org/viewvc?rev=1770695&view=rev
Log:
WSS-594 - Copy Security Header SOAP MustUnderstand/Actor to an EncryptedHeader element
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Mon Nov 21 15:08:58 2016
@@ -50,6 +50,8 @@ public class WSSecDKEncrypt extends WSSe
private List<Element> attachmentEncryptedDataElements;
private Serializer encryptionSerializer;
+
+ private WSSecHeader securityHeader;
public WSSecDKEncrypt() {
super();
@@ -64,6 +66,8 @@ public class WSSecDKEncrypt extends WSSe
public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
+ securityHeader = secHeader;
+
//
// Setup the encrypted key
//
@@ -131,7 +135,7 @@ public class WSSecDKEncrypt extends WSSe
List<String> encDataRefs =
WSSecEncrypt.doEncryption(
- document, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup,
+ document, securityHeader, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup,
attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment,
encryptionSerializer
);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Mon Nov 21 15:08:58 2016
@@ -107,6 +107,8 @@ public class WSSecEncrypt extends WSSecE
private List<Element> attachmentEncryptedDataElements;
private Serializer encryptionSerializer;
+
+ private WSSecHeader securityHeader;
public WSSecEncrypt() {
super();
@@ -198,6 +200,7 @@ public class WSSecEncrypt extends WSSecE
public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
throws WSSecurityException {
doDebug = LOG.isDebugEnabled();
+ securityHeader = secHeader;
prepare(doc, crypto);
@@ -262,7 +265,7 @@ public class WSSecEncrypt extends WSSecE
SecretKeySpec secretKeySpec = new SecretKeySpec(symmetricKey.getEncoded(), symmetricKey.getAlgorithm());
List<String> encDataRefs =
doEncryption(
- document, getIdAllocator(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(), references,
+ document, securityHeader, getIdAllocator(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(), references,
callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements,
storeBytesInAttachment
);
@@ -344,6 +347,7 @@ public class WSSecEncrypt extends WSSecE
*/
public static List<String> doEncryption(
Document doc,
+ WSSecHeader securityHeader,
WsuIdAllocator idAllocator,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -352,12 +356,13 @@ public class WSSecEncrypt extends WSSecE
CallbackLookup callbackLookup
) throws WSSecurityException {
return doEncryption(
- doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
+ doc, securityHeader, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
references, callbackLookup, null, null, false);
}
public static List<String> doEncryption(
Document doc,
+ WSSecHeader securityHeader,
WsuIdAllocator idAllocator,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -369,13 +374,14 @@ public class WSSecEncrypt extends WSSecE
boolean storeBytesInAttachment
) throws WSSecurityException {
return doEncryption(
- doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
+ doc, securityHeader, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
references, callbackLookup, attachmentCallbackHandler,
attachmentEncryptedDataElements, storeBytesInAttachment, null);
}
public static List<String> doEncryption(
Document doc,
+ WSSecHeader securityHeader,
WsuIdAllocator idAllocator,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -432,8 +438,8 @@ public class WSSecEncrypt extends WSSecE
for (Element elementToEncrypt : elementsToEncrypt) {
try {
String id =
- encryptElementInAttachment(doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
- attachmentCallbackHandler, encPart, elementToEncrypt);
+ encryptElementInAttachment(doc, securityHeader, idAllocator, keyInfo, secretKey,
+ encryptionAlgorithm, attachmentCallbackHandler, encPart, elementToEncrypt);
encPart.setEncId(id);
encDataRef.add("#" + id);
} catch (Exception ex) {
@@ -445,8 +451,8 @@ public class WSSecEncrypt extends WSSecE
} else {
for (Element elementToEncrypt : elementsToEncrypt) {
String id =
- encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), idAllocator, xmlCipher,
- secretKey, keyInfo);
+ encryptElement(doc, securityHeader, elementToEncrypt, encPart.getEncModifier(), idAllocator,
+ xmlCipher, secretKey, keyInfo);
encPart.setEncId(id);
encDataRef.add("#" + id);
}
@@ -464,6 +470,7 @@ public class WSSecEncrypt extends WSSecE
private static String encryptElementInAttachment(
Document doc,
+ WSSecHeader securityHeader,
WsuIdAllocator idAllocator,
KeyInfo keyInfo,
SecretKey secretKey,
@@ -483,7 +490,7 @@ public class WSSecEncrypt extends WSSecE
if ("Header".equals(encryptionPart.getEncModifier())
&& elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc))) {
- createEncryptedHeaderElement(doc, elementToEncrypt, idAllocator);
+ createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, idAllocator);
}
Element encryptedData =
@@ -676,6 +683,7 @@ public class WSSecEncrypt extends WSSecE
*/
private static String encryptElement(
Document doc,
+ WSSecHeader securityHeader,
Element elementToEncrypt,
String modifier,
WsuIdAllocator idAllocator,
@@ -691,8 +699,8 @@ public class WSSecEncrypt extends WSSecE
String xencEncryptedDataId = idAllocator.createId("ED-", elementToEncrypt);
try {
if ("Header".equals(modifier)
- && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc))) {
- createEncryptedHeaderElement(doc, elementToEncrypt, idAllocator);
+ && elementToEncrypt.getParentNode().equals(securityHeader.getSecurityHeader().getParentNode())) {
+ createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, idAllocator);
}
xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
@@ -710,6 +718,7 @@ public class WSSecEncrypt extends WSSecE
private static void createEncryptedHeaderElement(
Document doc,
+ WSSecHeader securityHeader,
Element elementToEncrypt,
WsuIdAllocator idAllocator
) {
@@ -724,6 +733,7 @@ public class WSSecEncrypt extends WSSecE
elem.setAttributeNS(
WSConstants.WSU_NS, wsuPrefix + ":Id", headerId
);
+
//
// Add the EncryptedHeader node to the element to be encrypted's parent
// (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
@@ -733,22 +743,25 @@ public class WSSecEncrypt extends WSSecE
elementToEncrypt = (Element)parent.replaceChild(elem, elementToEncrypt);
elem.appendChild(elementToEncrypt);
- NamedNodeMap map = elementToEncrypt.getAttributes();
- for (int i = 0; i < map.getLength(); i++) {
- Attr attr = (Attr)map.item(i);
- if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
- || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
- String soapEnvPrefix =
- XMLUtils.setNamespace(
- elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+ if (securityHeader != null) {
+ NamedNodeMap map = securityHeader.getSecurityHeader().getAttributes();
+ for (int i = 0; i < map.getLength(); i++) {
+ Attr attr = (Attr)map.item(i);
+ if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
+ || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
+ String soapEnvPrefix =
+ XMLUtils.setNamespace(
+ elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+ );
+ elem.setAttributeNS(
+ attr.getNamespaceURI(),
+ soapEnvPrefix + ":" + attr.getLocalName(),
+ attr.getValue()
);
- elem.setAttributeNS(
- attr.getNamespaceURI(),
- soapEnvPrefix + ":" + attr.getLocalName(),
- attr.getValue()
- );
+ }
}
}
+
}
/**
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java Mon Nov 21 15:08:58 2016
@@ -352,16 +352,25 @@ public class EncryptOutputProcessor exte
List<XMLSecAttribute> attributes = new ArrayList<>(1);
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = getXmlSecStartElement().getAttributes();
- while (attributeIterator.hasNext()) {
- Attribute attribute = attributeIterator.next();
- if (!attribute.isNamespace()
- && (WSSConstants.NS_SOAP11.equals(attribute.getName().getNamespaceURI())
- || WSSConstants.NS_SOAP12.equals(attribute.getName().getNamespaceURI()))) {
- attributes.add(createAttribute(attribute.getName(), attribute.getValue()));
+ final String actor = ((WSSSecurityProperties) getSecurityProperties()).getActor();
+ final String soapMessageVersion = WSSUtils.getSOAPMessageVersionNamespace(xmlSecStartElement);
+ if (actor != null && !actor.isEmpty()) {
+ if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+ attributes.add(createAttribute(WSSConstants.ATT_SOAP11_ACTOR, actor));
+ } else {
+ attributes.add(createAttribute(WSSConstants.ATT_SOAP12_ROLE, actor));
}
}
+
+ boolean mustUnderstand = ((WSSSecurityProperties) getSecurityProperties()).isMustUnderstand();
+ if (mustUnderstand) {
+ if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+ attributes.add(createAttribute(WSSConstants.ATT_SOAP11_MUST_UNDERSTAND, "1"));
+ } else {
+ attributes.add(createAttribute(WSSConstants.ATT_SOAP12_MUST_UNDERSTAND, "true"));
+ }
+ }
+
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader, true, attributes);
}