You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/02/24 17:01:47 UTC
svn commit: r1661996 - in
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom:
./ message/ processor/ util/
Author: coheigea
Date: Tue Feb 24 16:01:47 2015
New Revision: 1661996
URL: http://svn.apache.org/r1661996
Log:
Get the SOAP Body from the CallbackLookup
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/CallbackLookup.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/DOMCallbackLookup.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java Tue Feb 24 16:01:47 2015
@@ -32,6 +32,7 @@ import org.apache.wss4j.common.derivedKe
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.CallbackLookup;
+import org.apache.wss4j.dom.message.DOMCallbackLookup;
import org.apache.wss4j.dom.processor.Processor;
import org.apache.wss4j.dom.saml.DOMSAMLUtil;
import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -398,7 +399,11 @@ public class WSSecurityEngine {
// (no need for encryption --- yet)
//
WSDocInfo wsDocInfo = new WSDocInfo(securityHeader.getOwnerDocument());
- wsDocInfo.setCallbackLookup(callbackLookup);
+ CallbackLookup callbackLookupToUse = callbackLookup;
+ if (callbackLookupToUse == null) {
+ callbackLookupToUse = new DOMCallbackLookup(securityHeader.getOwnerDocument());
+ }
+ wsDocInfo.setCallbackLookup(callbackLookupToUse);
wsDocInfo.setCrypto(requestData.getSigVerCrypto());
wsDocInfo.setSecurityHeader(securityHeader);
@@ -454,9 +459,7 @@ public class WSSecurityEngine {
// Validate SAML Subject Confirmation requirements
if (wssConfig.isValidateSamlSubjectConfirmation()) {
- Element bodyElement =
- WSSecurityUtil.findBodyElement(securityHeader.getOwnerDocument());
-
+ Element bodyElement = callbackLookupToUse.getSOAPBody();
DOMSAMLUtil.validateSAMLResults(returnResults, requestData.getTlsCerts(), bodyElement);
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/CallbackLookup.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/CallbackLookup.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/CallbackLookup.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/CallbackLookup.java Tue Feb 24 16:01:47 2015
@@ -73,4 +73,9 @@ public interface CallbackLookup {
List<Element> getElements(
String localname, String namespace
) throws WSSecurityException;
+
+ /**
+ * Get the SOAP Body
+ */
+ Element getSOAPBody();
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/DOMCallbackLookup.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/DOMCallbackLookup.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/DOMCallbackLookup.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/DOMCallbackLookup.java Tue Feb 24 16:01:47 2015
@@ -81,7 +81,7 @@ public class DOMCallbackLookup implement
//
// Try the SOAP Body first
//
- Element bodyElement = WSSecurityUtil.findBodyElement(doc);
+ Element bodyElement = getSOAPBody();
if (bodyElement != null) {
String cId = bodyElement.getAttributeNS(WSConstants.WSU_NS, "Id");
if (cId.equals(idToMatch)) {
@@ -151,11 +151,19 @@ public class DOMCallbackLookup implement
//
// Try the SOAP Body first
//
- Element bodyElement = WSSecurityUtil.findBodyElement(doc);
+ Element bodyElement = getSOAPBody();
if (WSConstants.ELEM_BODY.equals(localname) &&
bodyElement.getNamespaceURI().equals(namespace)) {
return Collections.singletonList(bodyElement);
}
return WSSecurityUtil.findElements(doc.getDocumentElement(), localname, namespace);
}
+
+
+ /**
+ * Get the SOAP Body
+ */
+ public Element getSOAPBody() {
+ return WSSecurityUtil.findBodyElement(doc);
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java Tue Feb 24 16:01:47 2015
@@ -134,7 +134,10 @@ public class WSSecBase {
* @throws Exception
*/
protected String setBodyID(Document doc) throws Exception {
- Element bodyElement = WSSecurityUtil.findBodyElement(doc);
+ if (callbackLookup == null) {
+ callbackLookup = new DOMCallbackLookup(doc);
+ }
+ Element bodyElement = callbackLookup.getSOAPBody();
if (bodyElement == null) {
throw new Exception("SOAP Body Element node not found");
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ReferenceListProcessor.java Tue Feb 24 16:01:47 2015
@@ -58,7 +58,6 @@ import org.apache.wss4j.dom.WSSecurityEn
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.CallbackLookup;
-import org.apache.wss4j.dom.message.DOMCallbackLookup;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.str.STRParser;
import org.apache.wss4j.dom.str.SecurityTokenRefSTRParser;
@@ -282,9 +281,6 @@ public class ReferenceListProcessor impl
String dataRefURI
) throws WSSecurityException {
CallbackLookup callbackLookup = wsDocInfo.getCallbackLookup();
- if (callbackLookup == null) {
- callbackLookup = new DOMCallbackLookup(doc);
- }
Element encryptedDataElement =
callbackLookup.getElement(dataRefURI, null, true);
if (encryptedDataElement == null) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Tue Feb 24 16:01:47 2015
@@ -73,7 +73,6 @@ import org.apache.wss4j.dom.WSSecurityEn
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.CallbackLookup;
-import org.apache.wss4j.dom.message.DOMCallbackLookup;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.Timestamp;
import org.apache.wss4j.dom.str.STRParser;
@@ -411,7 +410,7 @@ public class SignatureProcessor implemen
// Test for replay attacks
testMessageReplay(elem, xmlSignature.getSignatureValue().getValue(), data, wsDocInfo);
- setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo, elem.getOwnerDocument());
+ setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo);
boolean signatureOk = xmlSignature.validate(context);
if (signatureOk) {
return xmlSignature;
@@ -457,15 +456,11 @@ public class SignatureProcessor implemen
private void setElementsOnContext(
XMLSignature xmlSignature,
DOMValidateContext context,
- WSDocInfo wsDocInfo,
- Document doc
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
java.util.Iterator<?> referenceIterator =
xmlSignature.getSignedInfo().getReferences().iterator();
CallbackLookup callbackLookup = wsDocInfo.getCallbackLookup();
- if (callbackLookup == null) {
- callbackLookup = new DOMCallbackLookup(doc);
- }
while (referenceIterator.hasNext()) {
Reference reference = (Reference)referenceIterator.next();
String uri = reference.getURI();
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1661996&r1=1661995&r2=1661996&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Tue Feb 24 16:01:47 2015
@@ -29,7 +29,6 @@ import org.apache.wss4j.dom.WSSecurityEn
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
@@ -46,13 +45,11 @@ import org.w3c.dom.Text;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.namespace.QName;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
/**
@@ -232,9 +229,6 @@ public final class WSSecurityUtil {
* contain a SOAP body
*/
public static Element findBodyElement(Document doc) {
- //
- // Find the SOAP Envelope NS. Default to SOAP11 NS
- //
Element docElement = doc.getDocumentElement();
String ns = docElement.getNamespaceURI();
return getDirectChildElement(docElement, WSConstants.ELEM_BODY, ns);
@@ -537,9 +531,6 @@ public final class WSSecurityUtil {
return prefix;
}
- /*
- * The following methods were copied over from axis.utils.XMLUtils and adapted
- */
public static String getPrefixNS(String uri, Node e) {
while (e != null && e.getNodeType() == Element.ELEMENT_NODE) {
NamedNodeMap attrs = e.getAttributes();
@@ -555,85 +546,6 @@ public final class WSSecurityUtil {
return null;
}
- public static String getNamespace(String prefix, Node e) {
- while (e != null && e.getNodeType() == Node.ELEMENT_NODE) {
- Attr attr = null;
- if (prefix == null) {
- attr = ((Element) e).getAttributeNodeNS(null, "xmlns");
- } else {
- attr = ((Element) e).getAttributeNodeNS(WSConstants.XMLNS_NS, prefix);
- }
- if (attr != null) {
- return attr.getValue();
- }
- e = e.getParentNode();
- }
- return null;
- }
-
- /**
- * Return a QName when passed a string like "foo:bar" by mapping the "foo"
- * prefix to a namespace in the context of the given Node.
- *
- * @return a QName generated from the given string representation
- */
- public static QName getQNameFromString(String str, Node e) {
- return getQNameFromString(str, e, false);
- }
-
- /**
- * Return a QName when passed a string like "foo:bar" by mapping the "foo"
- * prefix to a namespace in the context of the given Node. If default
- * namespace is found it is returned as part of the QName.
- *
- * @return a QName generated from the given string representation
- */
- public static QName getFullQNameFromString(String str, Node e) {
- return getQNameFromString(str, e, true);
- }
-
- private static QName getQNameFromString(String str, Node e, boolean defaultNS) {
- if (str == null || e == null) {
- return null;
- }
- int idx = str.indexOf(':');
- if (idx > -1) {
- String prefix = str.substring(0, idx);
- String ns = XMLUtils.getNamespace(prefix, e);
- if (ns == null) {
- return null;
- }
- return new QName(ns, str.substring(idx + 1));
- } else {
- if (defaultNS) {
- String ns = XMLUtils.getNamespace(null, e);
- if (ns != null) {
- return new QName(ns, str);
- }
- }
- return new QName("", str);
- }
- }
-
- /**
- * Return a string for a particular QName, mapping a new prefix if
- * necessary.
- */
- public static String getStringForQName(QName qname, Element e) {
- String uri = qname.getNamespaceURI();
- String prefix = getPrefixNS(uri, e);
- if (prefix == null) {
- int i = 1;
- prefix = "ns" + i;
- while (XMLUtils.getNamespace(prefix, e) != null) {
- i++;
- prefix = "ns" + i;
- }
- e.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + prefix, uri);
- }
- return prefix + ":" + qname.getLocalPart();
- }
-
/**
* Turn a reference (eg "#5") into an ID (eg "5").
*
@@ -919,15 +831,16 @@ public final class WSSecurityUtil {
}
public static List<Integer> decodeAction(String action) throws WSSecurityException {
- List<Integer> actions = new ArrayList<>();
String actionToParse = action;
if (actionToParse == null) {
- return actions;
+ return Collections.emptyList();
}
actionToParse = actionToParse.trim();
if ("".equals(actionToParse)) {
- return actions;
+ return Collections.emptyList();
}
+
+ List<Integer> actions = new ArrayList<>();
String single[] = actionToParse.split("\\s");
for (int i = 0; i < single.length; i++) {
if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
@@ -977,11 +890,11 @@ public final class WSSecurityUtil {
String action,
WSSConfig wssConfig
) throws WSSecurityException {
- List<HandlerAction> actions = new ArrayList<>();
if (action == null) {
- return actions;
+ return Collections.emptyList();
}
+ List<HandlerAction> actions = new ArrayList<>();
String single[] = action.split(" ");
for (int i = 0; i < single.length; i++) {
if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
@@ -1064,73 +977,6 @@ public final class WSSecurityUtil {
}
/**
- * @return a list of child Nodes
- */
- public static List<Node>
- listChildren(
- final Node parent
- ) {
- final List<Node> ret = new ArrayList<>();
- if (parent != null) {
- Node node = parent.getFirstChild();
- while (node != null) {
- ret.add(node);
- node = node.getNextSibling();
- }
- }
- return ret;
- }
-
- /**
- * @return a list of Nodes in b that are not in a
- */
- public static List<Node>
- newNodes(
- final List<Node> a,
- final List<Node> b
- ) {
- if (a.size() == 0) {
- return b;
- }
- final List<Node> ret = new ArrayList<>();
- if (b.size() == 0) {
- return ret;
- }
- for (
- final Iterator<Node> bpos = b.iterator();
- bpos.hasNext();
- ) {
- final Node bnode = bpos.next();
- final String bns = bnode.getNamespaceURI();
- final String bln = bnode.getLocalName();
- boolean found = false;
- for (
- final Iterator<Node> apos = a.iterator();
- apos.hasNext() && !found;
- ) {
- final Node anode = apos.next();
- final String ans = anode.getNamespaceURI();
- final String aln = anode.getLocalName();
- final boolean nsmatch =
- ans == null
- ? bns == null ? true : false
- : bns == null ? false : ans.equals(bns);
- final boolean lnmatch =
- aln == null
- ? bln == null ? true : false
- : bln == null ? false : aln.equals(bln);
- if (nsmatch && lnmatch) {
- found = true;
- }
- }
- if (!found) {
- ret.add(bnode);
- }
- }
- return ret;
- }
-
- /**
* Store the element argument in the DOM Crypto Context if it has one of the standard
* "Id" attributes.
*/