You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/02/07 17:03:25 UTC
svn commit: r1241505 - in /webservices/wss4j/branches/swssf:
streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/
streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/
streaming-xml-security/src/main/java/org/swssf...
Author: coheigea
Date: Tue Feb 7 16:03:25 2012
New Revision: 1241505
URL: http://svn.apache.org/viewvc?rev=1241505&view=rev
Log:
Reverting some unintended commits
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1241505&r1=1241504&r2=1241505&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java Tue Feb 7 16:03:25 2012
@@ -18,11 +18,6 @@
*/
package org.swssf.wss.impl.processor.input;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.events.XMLEvent;
-
import org.swssf.binding.xmldsig.KeyInfoType;
import org.swssf.binding.xmlenc.EncryptedDataType;
import org.swssf.binding.xmlenc.ReferenceList;
@@ -34,16 +29,12 @@ import org.swssf.wss.securityEvent.Conte
import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
import org.swssf.wss.securityEvent.TokenSecurityEvent;
-import org.swssf.xmlsec.ext.ComparableAttribute;
-import org.swssf.xmlsec.ext.ComparableNamespace;
-import org.swssf.xmlsec.ext.InputProcessorChain;
-import org.swssf.xmlsec.ext.SecurePart;
-import org.swssf.xmlsec.ext.SecurityContext;
-import org.swssf.xmlsec.ext.SecurityToken;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.swssf.xmlsec.ext.XMLSecurityProperties;
+import org.swssf.xmlsec.ext.*;
import org.swssf.xmlsec.impl.processor.input.AbstractDecryptInputProcessor;
-import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.events.XMLEvent;
+import java.util.List;
/**
* Processor for decryption of EncryptedData XML structures
@@ -91,15 +82,6 @@ public class DecryptInputProcessor exten
this,
securityToken);
}
-
- @Override
- protected SecurityToken findSecurityToken(
- KeyInfoType keyInfoType, XMLSecurityProperties securityProperties,
- SecurityContext securityContext, Object processor) throws XMLSecurityException {
- return SecurityTokenFactory.newInstance().getSecurityToken(
- keyInfoType, getSecurityProperties().getDecryptionCrypto(),
- getSecurityProperties().getCallbackHandler(), securityContext, processor);
- }
@Override
protected void handleSecurityToken(
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java?rev=1241505&r1=1241504&r2=1241505&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java Tue Feb 7 16:03:25 2012
@@ -18,27 +18,26 @@
*/
package org.swssf.wss.impl.processor.output;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSDocumentContext;
+import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.EncryptionPartDef;
+import org.swssf.xmlsec.impl.processor.output.AbstractEncryptOutputProcessor;
import javax.crypto.NoSuchPaddingException;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.StartElement;
-
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.xmlsec.ext.OutputProcessorChain;
-import org.swssf.xmlsec.ext.XMLSecurityConstants;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.swssf.xmlsec.impl.EncryptionPartDef;
-import org.swssf.xmlsec.impl.processor.output.XMLEncryptOutputProcessor;
+import javax.xml.stream.events.XMLEvent;
+import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.UUID;
/**
* Processor to encrypt XML structures
@@ -46,37 +45,58 @@ import org.swssf.xmlsec.impl.processor.o
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptOutputProcessor extends XMLEncryptOutputProcessor {
+public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
public EncryptOutputProcessor(WSSSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
super(securityProperties, action);
}
-
- /**
- * Return InternalEncryptionOutputProcessor, which writes out a SecurityTokenReference in the KeyInfo
- * of the EncryptedData
- */
+
@Override
- protected AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(
- EncryptionPartDef encryptionPartDef,
- StartElement startElement,
- OutputProcessorChain outputProcessorChain
- ) throws XMLStreamException, XMLSecurityException {
- try {
- return new InternalEncryptionOutputProcessor((WSSSecurityProperties)getSecurityProperties(),
+ public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+
+ if (xmlEvent.isStartElement()) {
+ StartElement startElement = xmlEvent.asStartElement();
+
+ //avoid double encryption when child elements matches too
+ if (getActiveInternalEncryptionOutputProcessor() == null) {
+ SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getEncryptionSecureParts());
+ if (securePart != null) {
+ logger.debug("Matched securePart for encryption");
+ InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;
+ try {
+ String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
+ SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
+ EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
+ encryptionPartDef.setModifier(securePart.getModifier());
+ encryptionPartDef.setEncRefId("ED-" + UUID.randomUUID().toString());
+ encryptionPartDef.setKeyId(securityTokenProvider.getId());
+ encryptionPartDef.setSymmetricKey(securityTokenProvider.getSecurityToken(null).getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null));
+ outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
+ internalEncryptionOutputProcessor =
+ new InternalEncryptionOutputProcessor(
+ ((WSSSecurityProperties) getSecurityProperties()),
getAction(),
encryptionPartDef,
startElement,
- outputProcessorChain.getDocumentContext().getEncoding());
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (NoSuchPaddingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (InvalidKeyException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (IOException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ outputProcessorChain.getDocumentContext().getEncoding()
+ );
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (NoSuchPaddingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (InvalidKeyException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (IOException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ }
+
+ setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
+ outputProcessorChain.addProcessor(internalEncryptionOutputProcessor);
+ }
+ }
}
+
+ outputProcessorChain.processEvent(xmlEvent);
}
/**
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1241505&r1=1241504&r2=1241505&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java Tue Feb 7 16:03:25 2012
@@ -18,24 +18,18 @@
*/
package org.swssf.xmlsec.impl.processor.input;
-import java.io.BufferedWriter;
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PipedInputStream;
-import java.io.PipedOutputStream;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.util.ArrayDeque;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Deque;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.UUID;
+import org.apache.commons.codec.binary.Base64OutputStream;
+import org.swssf.binding.xmldsig.KeyInfoType;
+import org.swssf.binding.xmlenc.EncryptedDataType;
+import org.swssf.binding.xmlenc.ReferenceList;
+import org.swssf.binding.xmlenc.ReferenceType;
+import org.swssf.xmlsec.config.JCEAlgorithmMapper;
+import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.impl.XMLSecurityEventReader;
+import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
+import org.swssf.xmlsec.impl.util.IVSplittingOutputStream;
+import org.swssf.xmlsec.impl.util.ReplaceableOuputStream;
+import org.xmlsecurity.ns.configuration.AlgorithmType;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
@@ -51,30 +45,11 @@ import javax.xml.stream.XMLStreamExcepti
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
-
-import org.apache.commons.codec.binary.Base64OutputStream;
-import org.swssf.binding.xmldsig.KeyInfoType;
-import org.swssf.binding.xmlenc.EncryptedDataType;
-import org.swssf.binding.xmlenc.ReferenceList;
-import org.swssf.binding.xmlenc.ReferenceType;
-import org.swssf.xmlsec.config.JCEAlgorithmMapper;
-import org.swssf.xmlsec.ext.AbstractInputProcessor;
-import org.swssf.xmlsec.ext.ComparableAttribute;
-import org.swssf.xmlsec.ext.ComparableNamespace;
-import org.swssf.xmlsec.ext.InputProcessorChain;
-import org.swssf.xmlsec.ext.SecurePart;
-import org.swssf.xmlsec.ext.SecurityContext;
-import org.swssf.xmlsec.ext.SecurityToken;
-import org.swssf.xmlsec.ext.UncheckedXMLSecurityException;
-import org.swssf.xmlsec.ext.XMLEventNS;
-import org.swssf.xmlsec.ext.XMLSecurityConstants;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.swssf.xmlsec.ext.XMLSecurityProperties;
-import org.swssf.xmlsec.ext.XMLSecurityUtils;
-import org.swssf.xmlsec.impl.XMLSecurityEventReader;
-import org.swssf.xmlsec.impl.util.IVSplittingOutputStream;
-import org.swssf.xmlsec.impl.util.ReplaceableOuputStream;
-import org.xmlsecurity.ns.configuration.AlgorithmType;
+import java.io.*;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.*;
/**
* Processor for decryption of EncryptedData XML structures
@@ -94,10 +69,6 @@ public abstract class AbstractDecryptInp
private ArrayDeque<XMLEvent> tmpXmlEventList = new ArrayDeque<XMLEvent>();
- public AbstractDecryptInputProcessor(XMLSecurityProperties securityProperties) {
- super(securityProperties);
- }
-
public AbstractDecryptInputProcessor(ReferenceList referenceList, XMLSecurityProperties securityProperties) {
super(securityProperties);
this.referenceList = referenceList;
@@ -181,7 +152,7 @@ public abstract class AbstractDecryptInp
//check if the current start-element has the name EncryptedData and an Id attribute
if (startElement.getName().equals(XMLSecurityConstants.TAG_xenc_EncryptedData)) {
ReferenceType referenceType = matchesReferenceId(startElement);
- if (referenceType != null || referenceList == null) {
+ if (referenceType != null) {
//duplicate id's are forbidden
if (processedReferences.contains(referenceType)) {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
@@ -255,15 +226,11 @@ public abstract class AbstractDecryptInp
final String algorithmURI = encryptedDataType.getEncryptionMethod().getAlgorithm();
//retrieve the securityToken which must be used for decryption
- SecurityToken securityToken =
- findSecurityToken(keyInfoType, getSecurityProperties(),
- inputProcessorChain.getSecurityContext(), this);
- if (securityToken != null) {
- handleSecurityToken(
- securityToken, inputProcessorChain.getSecurityContext(), encryptedDataType
- );
- }
-
+ SecurityToken securityToken = SecurityTokenFactory.newInstance().getSecurityToken(
+ keyInfoType, getSecurityProperties().getDecryptionCrypto(),
+ getSecurityProperties().getCallbackHandler(), inputProcessorChain.getSecurityContext(), this);
+
+ handleSecurityToken(securityToken, inputProcessorChain.getSecurityContext(), encryptedDataType);
//only fire here ContentEncryptedElementEvents
//the other ones will be fired later, because we don't know the encrypted element name yet
if (SecurePart.Modifier.Content.getModifier().equals(encryptedDataType.getType())) {
@@ -356,10 +323,6 @@ public abstract class AbstractDecryptInp
boolean encryptedHeader, List<ComparableNamespace>[] comparableNamespaceList,
List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType, SecurityToken securityToken);
- protected abstract SecurityToken findSecurityToken(
- KeyInfoType keyInfoType, XMLSecurityProperties securityProperties,
- SecurityContext securityContext, Object processor) throws XMLSecurityException;
-
protected abstract void handleSecurityToken(
SecurityToken securityToken, SecurityContext securityContext, EncryptedDataType encryptedDataType) throws XMLSecurityException;
@@ -387,14 +350,12 @@ public abstract class AbstractDecryptInp
@Override
public void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
//here we check if all references where processed.
- if (referenceList != null) {
- List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
- Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
- while (referenceTypeIterator.hasNext()) {
- ReferenceType referenceType = referenceTypeIterator.next().getValue();
- if (!processedReferences.contains(referenceType)) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedEncryptionReferences");
- }
+ List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
+ Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
+ while (referenceTypeIterator.hasNext()) {
+ ReferenceType referenceType = referenceTypeIterator.next().getValue();
+ if (!processedReferences.contains(referenceType)) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "unprocessedEncryptionReferences");
}
}
inputProcessorChain.doFinal();