You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/01/08 13:14:50 UTC
svn commit: r1723711 - in
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom:
message/WSSecEncryptedKey.java processor/EncryptedKeyProcessor.java
str/EncryptedKeySTRParser.java
Author: coheigea
Date: Fri Jan 8 12:14:49 2016
New Revision: 1723711
URL: http://svn.apache.org/viewvc?rev=1723711&view=rev
Log:
More SAML KeyValue fixes
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/EncryptedKeySTRParser.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1723711&r1=1723710&r2=1723711&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Fri Jan 8 12:14:49 2016
@@ -483,28 +483,95 @@ public class WSSecEncryptedKey extends W
if (customEKKeyInfoElement != null) {
encryptedKeyElement.appendChild(document.adoptNode(customEKKeyInfoElement));
} else {
- try {
- XMLSignatureFactory signatureFactory;
+ SecurityTokenReference secToken = null;
+
+ switch (keyIdentifierType) {
+ case WSConstants.CUSTOM_SYMM_SIGNING :
+ secToken = new SecurityTokenReference(document);
+ Reference refCust = new Reference(document);
+ if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ refCust.setValueType(customEKTokenValueType);
+ } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ refCust.setValueType(customEKTokenValueType);
+ } else {
+ refCust.setValueType(customEKTokenValueType);
+ }
+ refCust.setURI("#" + customEKTokenId);
+ secToken.setReference(refCust);
+ break;
+
+ case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
+ secToken = new SecurityTokenReference(document);
+ Reference refCustd = new Reference(document);
+ if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ refCustd.setValueType(customEKTokenValueType);
+ } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ refCustd.setValueType(customEKTokenValueType);
+ } else {
+ refCustd.setValueType(customEKTokenValueType);
+ }
+ refCustd.setURI(customEKTokenId);
+ secToken.setReference(refCustd);
+ break;
+
+ case WSConstants.CUSTOM_KEY_IDENTIFIER:
+ secToken = new SecurityTokenReference(document);
+ secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
+ if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ } else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customEKTokenValueType)) {
+ secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ }
+ break;
+
+ default:
try {
- signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
- } catch (NoSuchProviderException ex) {
- signatureFactory = XMLSignatureFactory.getInstance("DOM");
+ XMLSignatureFactory signatureFactory;
+ try {
+ signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
+ } catch (NoSuchProviderException ex) {
+ signatureFactory = XMLSignatureFactory.getInstance("DOM");
+ }
+
+ KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
+ KeyValue keyValue = keyInfoFactory.newKeyValue(remoteKey);
+ String keyInfoUri = getIdAllocator().createSecureId("KI-", null);
+ KeyInfo keyInfo =
+ keyInfoFactory.newKeyInfo(
+ java.util.Collections.singletonList(keyValue), keyInfoUri
+ );
+
+ keyInfo.marshal(new DOMStructure(encryptedKeyElement), null);
+ } catch (java.security.KeyException | MarshalException ex) {
+ LOG.error("", ex);
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
+ );
}
-
- KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
- KeyValue keyValue = keyInfoFactory.newKeyValue(remoteKey);
- String keyInfoUri = getIdAllocator().createSecureId("KI-", null);
- KeyInfo keyInfo =
- keyInfoFactory.newKeyInfo(
- java.util.Collections.singletonList(keyValue), keyInfoUri
+ }
+
+ if (secToken != null) {
+ Element keyInfoElement =
+ document.createElementNS(
+ WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
);
-
- keyInfo.marshal(new DOMStructure(encryptedKeyElement), null);
- } catch (java.security.KeyException | MarshalException ex) {
- LOG.error("", ex);
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex
+ keyInfoElement.setAttributeNS(
+ WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
);
+ keyInfoElement.appendChild(secToken.getElement());
+ encryptedKeyElement.appendChild(keyInfoElement);
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1723711&r1=1723710&r2=1723711&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Fri Jan 8 12:14:49 2016
@@ -152,6 +152,7 @@ public class EncryptedKeyProcessor imple
STRParserResult parserResult = strParser.parseSecurityTokenReference(parameters);
certs = parserResult.getCertificates();
+ publicKey = parserResult.getPublicKey();
referenceType = parserResult.getCertificatesReferenceType();
} else {
certs = getCertificatesFromX509Data(keyInfoChildElement, data);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/EncryptedKeySTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/EncryptedKeySTRParser.java?rev=1723711&r1=1723710&r2=1723711&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/EncryptedKeySTRParser.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/EncryptedKeySTRParser.java Fri Jan 8 12:14:49 2016
@@ -114,6 +114,7 @@ public class EncryptedKeySTRParser imple
new WSSSAMLKeyInfoProcessor(data, parameters.getWsDocInfo()),
data.getSigVerCrypto(), data.getCallbackHandler());
parserResult.setCerts(keyInfo.getCerts());
+ parserResult.setPublicKey(keyInfo.getPublicKey());
} else {
throw new WSSecurityException(
WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN,
@@ -151,6 +152,7 @@ public class EncryptedKeySTRParser imple
new WSSSAMLKeyInfoProcessor(data, wsDocInfo),
data.getSigVerCrypto(), data.getCallbackHandler());
parserResult.setCerts(samlKi.getCerts());
+ parserResult.setPublicKey(samlKi.getPublicKey());
} else {
STRParserUtil.checkBinarySecurityBSPCompliance(secRef, null, data.getBSPEnforcer());
parserResult.setCerts(secRef.getKeyIdentifier(crypto));