You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by dk...@apache.org on 2011/03/08 17:57:37 UTC
svn commit: r1079437 [1/2] - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/ main/java/org/apache/ws/security/handler/
main/java/org/apache/ws/security/message/token/
main/java/org/apache/ws/security/processor/ main/java/org/apache/w...
Author: dkulp
Date: Tue Mar 8 16:57:34 2011
New Revision: 1079437
URL: http://svn.apache.org/viewvc?rev=1079437&view=rev
Log:
Pass in the RequestData to the various processors and validators instead of the individual fields. This allows delayed creation of things like cryptos and callback handlers as well as gives the validators and handlers access to request specific information that they may need.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/NoOpValidator.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/TimestampValidator.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/UsernameTokenValidator.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/Validator.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/CustomProcessor.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/components/crypto/CertificateStoreTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/handler/CustomActionProcessorTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/handler/SignatureUTAliasTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/NoSoapPrefixSignatureTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SKISignatureTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignaturePartsTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SymmetricSignatureTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/UsernameTokenTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlNegativeTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenHOKTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenSVTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenHOKTest.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java Tue Mar 8 16:57:34 2011
@@ -21,6 +21,8 @@ package org.apache.ws.security;
import org.w3c.dom.Element;
+import org.apache.ws.security.handler.RequestData;
+
import javax.security.auth.callback.Callback;
/**
@@ -110,6 +112,7 @@ public class WSPasswordCallback implemen
private int usage;
private String type;
private Element customToken;
+ private RequestData data;
/**
* Constructor.
@@ -118,7 +121,7 @@ public class WSPasswordCallback implemen
* this identifier.
*/
public WSPasswordCallback(String id, int usage) {
- this(id, null, null, usage);
+ this(id, null, null, usage, null);
}
/**
@@ -127,11 +130,12 @@ public class WSPasswordCallback implemen
* @param id The application called back must supply the password for
* this identifier.
*/
- public WSPasswordCallback(String id, String pw, String type, int usage) {
+ public WSPasswordCallback(String id, String pw, String type, int usage, RequestData data) {
identifier = id;
password = pw;
this.type = type;
this.usage = usage;
+ this.data = data;
}
/**
@@ -224,6 +228,15 @@ public class WSPasswordCallback implemen
public void setCustomToken(Element customToken) {
this.customToken = customToken;
}
+
+
+ /**
+ * Returns the RequestData associated with the request
+ * @return
+ */
+ public RequestData getRequestData() {
+ return data;
+ }
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java Tue Mar 8 16:57:34 2011
@@ -705,12 +705,7 @@ public class WSSConfig {
if (processorObject instanceof Class<?>) {
try {
- Processor processor = (Processor)((Class<?>)processorObject).newInstance();
- Validator validator = getValidator(el);
- if (validator != null) {
- processor.setValidator(validator);
- }
- return processor;
+ return (Processor)((Class<?>)processorObject).newInstance();
} catch (Throwable t) {
if (log.isDebugEnabled()) {
log.debug(t.getMessage(), t);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java Tue Mar 8 16:57:34 2011
@@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.CallbackLookup;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.processor.Processor;
@@ -295,7 +296,64 @@ public class WSSecurityEngine {
CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto
- ) throws WSSecurityException {
+ ) throws WSSecurityException {
+ RequestData data = new RequestData();
+ data.setWssConfig(getWssConfig());
+ data.setDecCrypto(decCrypto);
+ data.setSigCrypto(sigCrypto);
+ data.setCallbackHandler(cb);
+ return processSecurityHeader(securityHeader, data);
+ }
+
+
+ /**
+ * Process the security header given the <code>wsse:Security</code> DOM
+ * Element.
+ *
+ * This function loops over all direct child elements of the
+ * <code>wsse:Security</code> header. If it finds a known element, it
+ * transfers control to the appropriate handling function. The method
+ * processes the known child elements in the same order as they appear in
+ * the <code>wsse:Security</code> element. This is in accordance to the WS
+ * Security specification. <p/>
+ *
+ * Currently the functions can handle the following child elements:
+ *
+ * <ul>
+ * <li>{@link #SIGNATURE <code>ds:Signature</code>}</li>
+ * <li>{@link #ENCRYPTED_KEY <code>xenc:EncryptedKey</code>}</li>
+ * <li>{@link #REFERENCE_LIST <code>xenc:ReferenceList</code>}</li>
+ * <li>{@link #USERNAME_TOKEN <code>wsse:UsernameToken</code>}</li>
+ * <li>{@link #TIMESTAMP <code>wsu:Timestamp</code>}</li>
+ * </ul>
+ *
+ * Note that additional child elements can be processed if appropriate
+ * Processors have been registered with the WSSCondig instance set
+ * on this class.
+ *
+ * @param securityHeader the <code>wsse:Security</code> header element
+ * @param requestData the RequestData associated with the request. It should
+ * be able to provide the callback handler, cryptos, etc...
+ * as needed by the processing
+ * @return a List of {@link WSSecurityEngineResult}. Each element in the
+ * the List represents the result of a security action. The elements
+ * are ordered according to the sequence of the security actions in the
+ * wsse:Signature header. The List may be empty if no security processing
+ * was performed.
+ * @throws WSSecurityException
+ */
+ public List<WSSecurityEngineResult> processSecurityHeader(
+ Element securityHeader,
+ RequestData requestData) throws WSSecurityException {
+ List<WSSecurityEngineResult> returnResults = new ArrayList<WSSecurityEngineResult>();
+ if (securityHeader == null) {
+ return returnResults;
+ }
+
+ if (requestData.getWssConfig() == null) {
+ requestData.setWssConfig(getWssConfig());
+ }
+
//
// Gather some info about the document to process and store
// it for retrieval. Store the implementation of signature crypto
@@ -303,9 +361,8 @@ public class WSSecurityEngine {
//
WSDocInfo wsDocInfo = new WSDocInfo(securityHeader.getOwnerDocument());
wsDocInfo.setCallbackLookup(callbackLookup);
- wsDocInfo.setCrypto(sigCrypto);
+ wsDocInfo.setCrypto(requestData.getSigCrypto());
- List<WSSecurityEngineResult> returnResults = new ArrayList<WSSecurityEngineResult>();
final WSSConfig cfg = getWssConfig();
Node node = securityHeader.getFirstChild();
@@ -337,7 +394,7 @@ public class WSSecurityEngine {
Processor p = cfg.getProcessor(el);
if (p != null) {
List<WSSecurityEngineResult> results =
- p.handleToken((Element) node, sigCrypto, decCrypto, cb, wsDocInfo, cfg);
+ p.handleToken((Element) node, requestData, wsDocInfo);
returnResults.addAll(0, results);
} else {
//
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/RequestData.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/handler/RequestData.java Tue Mar 8 16:57:34 2011
@@ -23,14 +23,19 @@ import org.apache.ws.security.SOAPConsta
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.token.UsernameToken;
+import org.apache.ws.security.validate.Validator;
import java.util.ArrayList;
import java.util.List;
import java.security.cert.X509Certificate;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
/**
* This class holds per request data.
*
@@ -68,6 +73,7 @@ public class RequestData {
private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
private boolean useDerivedKeyForMAC = true;
private boolean useSingleCert = true;
+ private CallbackHandler callback = null;
public void clear() {
soapConstants = null;
@@ -87,6 +93,7 @@ public class RequestData {
derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
useDerivedKeyForMAC = true;
useSingleCert = true;
+ callback = null;
}
public Object getMsgContext() {
@@ -374,4 +381,24 @@ public class RequestData {
return useSingleCert;
}
+
+ /**
+ * Sets the CallbackHandler used for this request
+ * @param cb
+ */
+ public void setCallbackHandler(CallbackHandler cb) {
+ callback = cb;
+ }
+
+ /**
+ * Returns the CallbackHandler used for this request.
+ * @return
+ */
+ public CallbackHandler getCallbackHandler() {
+ return callback;
+ }
+
+ public Validator getValidator(QName qName) throws WSSecurityException {
+ return wssConfig.getValidator(qName);
+ }
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/UsernameToken.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/UsernameToken.java Tue Mar 8 16:57:34 2011
@@ -25,6 +25,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -37,7 +38,6 @@ import org.w3c.dom.Text;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
@@ -491,14 +491,14 @@ public class UsernameToken {
/**
* Set the raw (plain text) password used to compute secret key.
*/
- public void setRawPassword(CallbackHandler callbackHandler) throws WSSecurityException {
+ public void setRawPassword(RequestData data) throws WSSecurityException {
WSPasswordCallback pwCb =
new WSPasswordCallback(
getName(), getPassword(), getPasswordType(),
- WSPasswordCallback.USERNAME_TOKEN
+ WSPasswordCallback.USERNAME_TOKEN, data
);
try {
- callbackHandler.handle(new Callback[]{pwCb});
+ data.getCallbackHandler().handle(new Callback[]{pwCb});
} catch (IOException e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java Tue Mar 8 16:57:34 2011
@@ -25,6 +25,7 @@ import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.X509Security;
@@ -35,47 +36,41 @@ import org.w3c.dom.Element;
import java.security.cert.X509Certificate;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
/**
* Processor implementation to handle wsse:BinarySecurityToken elements
*/
public class BinarySecurityTokenProcessor implements Processor {
- private Validator validator = new NoOpValidator();
-
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- this.validator = validator;
- }
-
/**
* {@inheritDoc}
*/
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
- BinarySecurity token = createSecurityToken(elem, config);
+ BinarySecurity token = createSecurityToken(elem, data.getWssConfig());
X509Certificate[] certs = null;
- if (crypto == null) {
- certs = getCertificatesTokenReference(token, decCrypto);
+ Validator validator = data.getValidator(new QName(elem.getNamespaceURI(),
+ elem.getLocalName()));
+
+ if (validator == null) {
+ validator = new NoOpValidator();
+ }
+ if (data.getSigCrypto() == null) {
+ certs = getCertificatesTokenReference(token, data.getDecCrypto());
} else {
- certs = getCertificatesTokenReference(token, crypto);
+ certs = getCertificatesTokenReference(token, data.getSigCrypto());
}
// Hook to allow the user to validate the BinarySecurityToken
Credential credential = new Credential();
credential.setBinarySecurityToken(token);
- validator.validate(credential);
+
+ validator.validate(credential, data);
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.BST, token, certs);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java Tue Mar 8 16:57:34 2011
@@ -21,17 +21,14 @@ package org.apache.ws.security.processor
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.str.DerivedKeyTokenSTRParser;
import org.apache.ws.security.str.STRParser;
-import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
-import javax.security.auth.callback.CallbackHandler;
import java.util.List;
@@ -42,21 +39,10 @@ import java.util.List;
*/
public class DerivedKeyTokenProcessor implements Processor {
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- // not used
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
// Deserialize the DKT
@@ -65,7 +51,9 @@ public class DerivedKeyTokenProcessor im
Element secRefElement = dkt.getSecurityTokenReferenceElement();
if (secRefElement != null) {
STRParser strParser = new DerivedKeyTokenSTRParser();
- strParser.parseSecurityTokenReference(secRefElement, crypto, cb, wsDocInfo, config, null);
+ strParser.parseSecurityTokenReference(secRefElement,
+ data,
+ wsDocInfo, null);
secret = strParser.getSecretKey();
} else {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java Tue Mar 8 16:57:34 2011
@@ -24,17 +24,16 @@ import org.apache.commons.logging.LogFac
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.str.EncryptedKeySTRParser;
import org.apache.ws.security.str.STRParser;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -44,7 +43,6 @@ import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
-import javax.security.auth.callback.CallbackHandler;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
@@ -54,29 +52,18 @@ import java.util.List;
public class EncryptedKeyProcessor implements Processor {
private static Log log = LogFactory.getLog(EncryptedKeyProcessor.class.getName());
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- // not used
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found encrypted key element");
}
- if (decCrypto == null) {
+ if (data.getDecCrypto() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noDecCryptoFile");
}
- if (cb == null) {
+ if (data.getCallbackHandler() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback");
}
//
@@ -89,7 +76,7 @@ public class EncryptedKeyProcessor imple
WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
);
}
- if (config.isWsiBSPCompliant()) {
+ if (data.getWssConfig().isWsiBSPCompliant()) {
checkBSPCompliance(elem, encryptedKeyTransportMethod);
}
Cipher cipher = WSSecurityUtil.getCipherInstance(encryptedKeyTransportMethod);
@@ -110,10 +97,13 @@ public class EncryptedKeyProcessor imple
}
X509Certificate[] certs =
- getCertificatesFromEncryptedKey(elem, decCrypto, cb, wsDocInfo, config);
+ getCertificatesFromEncryptedKey(elem,
+ data,
+ data.getDecCrypto(),
+ wsDocInfo);
try {
- PrivateKey privateKey = decCrypto.getPrivateKey(certs[0], cb);
+ PrivateKey privateKey = data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
@@ -177,10 +167,9 @@ public class EncryptedKeyProcessor imple
*/
private X509Certificate[] getCertificatesFromEncryptedKey(
Element xencEncryptedKey,
+ RequestData data,
Crypto crypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
Element keyInfo =
WSSecurityUtil.getDirectChildElement(
@@ -188,7 +177,7 @@ public class EncryptedKeyProcessor imple
);
if (keyInfo != null) {
Element strElement = null;
- if (config.isWsiBSPCompliant()) {
+ if (data.getWssConfig().isWsiBSPCompliant()) {
int result = 0;
Node node = keyInfo.getFirstChild();
while (node != null) {
@@ -217,7 +206,7 @@ public class EncryptedKeyProcessor imple
);
}
STRParser strParser = new EncryptedKeySTRParser();
- strParser.parseSecurityTokenReference(strElement, crypto, cb, wsDocInfo, config, null);
+ strParser.parseSecurityTokenReference(strElement, data, wsDocInfo, null);
X509Certificate[] certs = strParser.getCertificates();
if (certs == null || certs.length < 1 || certs[0] == null) {
@@ -228,7 +217,8 @@ public class EncryptedKeyProcessor imple
);
}
return certs;
- } else if (!config.isWsiBSPCompliant() && crypto.getDefaultX509Identifier() != null) {
+ } else if (!data.getWssConfig().isWsiBSPCompliant()
+ && crypto.getDefaultX509Identifier() != null) {
String alias = crypto.getDefaultX509Identifier();
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java Tue Mar 8 16:57:34 2011
@@ -20,31 +20,19 @@
package org.apache.ws.security.processor;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.validate.Validator;
+import org.apache.ws.security.handler.RequestData;
import org.w3c.dom.Element;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
public interface Processor {
public List<WSSecurityEngineResult> handleToken(
- Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ Element elem,
+ RequestData request,
+ WSDocInfo wsDocInfo
) throws WSSecurityException;
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator);
-
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java Tue Mar 8 16:57:34 2011
@@ -25,24 +25,21 @@ import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
-import javax.security.auth.callback.CallbackHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.CallbackLookup;
import org.apache.ws.security.message.DOMCallbackLookup;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.str.STRParser;
import org.apache.ws.security.str.SecurityTokenRefSTRParser;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Validator;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.w3c.dom.Attr;
@@ -54,29 +51,18 @@ public class ReferenceListProcessor impl
private static Log log =
LogFactory.getLog(ReferenceListProcessor.class.getName());
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- // not used
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found reference list element");
}
- if (cb == null) {
+ if (data.getCallbackHandler() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback");
}
- List<WSDataRef> dataRefs = handleReferenceList(elem, cb, decCrypto, wsDocInfo, config);
+ List<WSDataRef> dataRefs = handleReferenceList(elem, data, wsDocInfo);
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.ENCR, dataRefs);
wsDocInfo.addTokenElement(elem);
@@ -94,10 +80,8 @@ public class ReferenceListProcessor impl
*/
private List<WSDataRef> handleReferenceList(
Element elem,
- CallbackHandler cb,
- Crypto crypto,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
List<WSDataRef> dataRefs = new ArrayList<WSDataRef>();
for (Node node = elem.getFirstChild();
@@ -113,7 +97,7 @@ public class ReferenceListProcessor impl
}
WSDataRef dataRef =
decryptDataRefEmbedded(
- elem.getOwnerDocument(), dataRefURI, cb, crypto, wsDocInfo, config);
+ elem.getOwnerDocument(), dataRefURI, data, wsDocInfo);
dataRefs.add(dataRef);
}
}
@@ -128,10 +112,8 @@ public class ReferenceListProcessor impl
private WSDataRef decryptDataRefEmbedded(
Document doc,
String dataRefURI,
- CallbackHandler cb,
- Crypto crypto,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found data reference: " + dataRefURI);
@@ -153,7 +135,7 @@ public class ReferenceListProcessor impl
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyinfo");
}
// Check BSP compliance
- if (config.isWsiBSPCompliant()) {
+ if (data.getWssConfig().isWsiBSPCompliant()) {
checkBSPCompliance(keyInfoElement, symEncAlgo);
}
//
@@ -166,13 +148,14 @@ public class ReferenceListProcessor impl
);
SecretKey symmetricKey = null;
if (secRefToken == null) {
- symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo, cb);
+ symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo, data.getCallbackHandler());
} else {
STRParser strParser = new SecurityTokenRefSTRParser();
Map<String, Object> parameters = new HashMap<String, Object>();
parameters.put(SecurityTokenRefSTRParser.SIGNATURE_METHOD, symEncAlgo);
strParser.parseSecurityTokenReference(
- secRefToken, crypto, cb, wsDocInfo, config, parameters
+ secRefToken, data,
+ wsDocInfo, parameters
);
byte[] secretKey = strParser.getSecretKey();
symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKey);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java Tue Mar 8 16:57:34 2011
@@ -23,46 +23,31 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SamlAssertionValidator;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
public class SAMLTokenProcessor implements Processor {
private static Log log = LogFactory.getLog(SAMLTokenProcessor.class.getName());
- private Validator validator = new SamlAssertionValidator();
-
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- this.validator = validator;
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SAML Assertion element");
}
- AssertionWrapper assertion = handleSAMLToken(elem, crypto, cb, wsDocInfo, config);
+ AssertionWrapper assertion = handleSAMLToken(elem, data, wsDocInfo);
wsDocInfo.addTokenElement(elem);
WSSecurityEngineResult result = null;
if (assertion.isSigned()) {
@@ -78,25 +63,22 @@ public class SAMLTokenProcessor implemen
public AssertionWrapper handleSAMLToken(
Element token,
- Crypto crypto,
- CallbackHandler cb,
- WSDocInfo docInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo docInfo
) throws WSSecurityException {
AssertionWrapper assertion = new AssertionWrapper(token);
if (assertion.isSigned()) {
- assertion.verifySignature(crypto, docInfo, config);
+ assertion.verifySignature(data, docInfo);
}
// Parse the HOK subject if it exists
- assertion.parseHOKSubject(crypto, cb, docInfo, config);
+ assertion.parseHOKSubject(data, docInfo);
// Now delegate the rest of the verification to the Validator
- validator.setCrypto(crypto);
- validator.setCallbackHandler(cb);
- validator.setWSSConfig(config);
+ Validator validator = data.getValidator(new QName(token.getNamespaceURI(),
+ token.getLocalName()));
Credential credential = new Credential();
credential.setAssertion(assertion);
- validator.validate(credential);
+ validator.validate(credential, data);
if (log.isDebugEnabled()) {
log.debug("SAML Assertion issuer " + assertion.getIssuerString());
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java Tue Mar 8 16:57:34 2011
@@ -22,12 +22,10 @@ package org.apache.ws.security.processor
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityContextToken;
-import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
import javax.security.auth.callback.Callback;
@@ -44,24 +42,13 @@ import java.io.IOException;
*/
public class SecurityContextTokenProcessor implements Processor {
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- // not used
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
SecurityContextToken sct = new SecurityContextToken(elem);
- byte[] secret = getSecret(cb, sct);
+ byte[] secret = getSecret(data.getCallbackHandler(), sct);
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.SCT, sct);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java Tue Mar 8 16:57:34 2011
@@ -23,35 +23,21 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SignatureConfirmation;
-import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
public class SignatureConfirmationProcessor implements Processor {
private static Log log = LogFactory.getLog(SignatureConfirmationProcessor.class.getName());
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- // not used
- }
-
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SignatureConfirmation list element");
@@ -62,7 +48,7 @@ public class SignatureConfirmationProces
SignatureConfirmation sigConf = new SignatureConfirmation(elem);
String id = sigConf.getID();
// A wsu:Id is required as per the BSP spec
- if (config.isWsiBSPCompliant() && (id == null || "".equals(id))) {
+ if (data.getWssConfig().isWsiBSPCompliant() && (id == null || "".equals(id))) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
"requiredElementNoID",
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java Tue Mar 8 16:57:34 2011
@@ -27,11 +27,13 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.DOMCallbackLookup;
import org.apache.ws.security.message.DOMURIDereferencer;
import org.apache.ws.security.message.CallbackLookup;
@@ -49,7 +51,6 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.NodeSetData;
@@ -81,23 +82,11 @@ public class SignatureProcessor implemen
private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
- private Validator validator = new SignatureTrustValidator();
-
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- this.validator = validator;
- }
public List<WSSecurityEngineResult> handleToken(
- Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ Element elem,
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (LOG.isDebugEnabled()) {
LOG.debug("Found signature element");
@@ -114,9 +103,12 @@ public class SignatureProcessor implemen
byte[] secretKey = null;
String signatureMethod = getSignatureMethod(elem);
- validator.setCrypto(crypto);
+ Validator validator = data.getValidator(WSSecurityEngine.SIGNATURE);
+ if (validator == null) {
+ validator = new SignatureTrustValidator();
+ }
if (keyInfoElement == null) {
- certs = getDefaultCerts(crypto);
+ certs = getDefaultCerts(data.getSigCrypto());
principal = certs[0].getSubjectX500Principal();
} else {
List<Element> strElements =
@@ -125,7 +117,7 @@ public class SignatureProcessor implemen
SecurityTokenReference.SECURITY_TOKEN_REFERENCE,
WSConstants.WSSE_NS
);
- if (config.isWsiBSPCompliant()) {
+ if (data.getWssConfig().isWsiBSPCompliant()) {
if (strElements.isEmpty()) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY, "noSecurityTokenReference"
@@ -143,16 +135,16 @@ public class SignatureProcessor implemen
credential.setPublicKey(publicKey);
principal = new PublicKeyPrincipal(publicKey);
credential.setPrincipal(principal);
- validator.validate(credential);
+ validator.validate(credential, data);
} else {
STRParser strParser = new SignatureSTRParser();
Map<String, Object> parameters = new HashMap<String, Object>();
parameters.put(SignatureSTRParser.SIGNATURE_METHOD, signatureMethod);
parameters.put(
- SignatureSTRParser.SECRET_KEY_LENGTH, new Integer(config.getSecretKeyLength())
+ SignatureSTRParser.SECRET_KEY_LENGTH, new Integer(data.getWssConfig().getSecretKeyLength())
);
strParser.parseSecurityTokenReference(
- strElements.get(0), crypto, cb, wsDocInfo, config, parameters
+ strElements.get(0), data, wsDocInfo, parameters
);
principal = strParser.getPrincipal();
certs = strParser.getCertificates();
@@ -172,7 +164,7 @@ public class SignatureProcessor implemen
credential.setPublicKey(publicKey);
credential.setCertificates(certs);
credential.setPrincipal(principal);
- validator.validate(credential);
+ validator.validate(credential, data);
}
}
}
@@ -192,14 +184,15 @@ public class SignatureProcessor implemen
byte[] signatureValue = xmlSignature.getSignatureValue().getValue();
String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
// The c14n algorithm must be as specified by the BSP spec
- if (config.isWsiBSPCompliant() && !WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
+ if (data.getWssConfig().isWsiBSPCompliant()
+ && !WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY, "badC14nAlgo"
);
}
List<WSDataRef> dataRefs =
buildProtectedRefs(
- elem.getOwnerDocument(), xmlSignature.getSignedInfo(), config, wsDocInfo
+ elem.getOwnerDocument(), xmlSignature.getSignedInfo(), data.getWssConfig(), wsDocInfo
);
if (dataRefs.size() == 0) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java Tue Mar 8 16:57:34 2011
@@ -24,9 +24,10 @@ import org.apache.commons.logging.LogFac
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.TimestampValidator;
@@ -34,27 +35,15 @@ import org.apache.ws.security.validate.V
import org.w3c.dom.Element;
import java.util.List;
-import javax.security.auth.callback.CallbackHandler;
public class TimestampProcessor implements Processor {
private static Log log = LogFactory.getLog(TimestampProcessor.class.getName());
- private Validator validator = new TimestampValidator();
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- this.validator = validator;
- }
public List<WSSecurityEngineResult> handleToken(
Element elem,
- Crypto crypto,
- Crypto decCrypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found Timestamp list element");
@@ -62,11 +51,16 @@ public class TimestampProcessor implemen
//
// Decode Timestamp, add the found time (created/expiry) to result
//
+ WSSConfig config = data.getWssConfig();
Timestamp timestamp = new Timestamp(elem, config.isWsiBSPCompliant());
Credential credential = new Credential();
credential.setTimestamp(timestamp);
- validator.setWSSConfig(config);
- validator.validate(credential);
+
+ Validator validator = data.getValidator(WSSecurityEngine.TIMESTAMP);
+ if (validator == null) {
+ validator = new TimestampValidator();
+ }
+ validator.validate(credential, data);
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.TS, timestamp);
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java Tue Mar 8 16:57:34 2011
@@ -24,43 +24,32 @@ import org.apache.commons.logging.LogFac
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.UsernameTokenValidator;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;
-import javax.security.auth.callback.CallbackHandler;
import java.util.List;
public class UsernameTokenProcessor implements Processor {
private static Log log = LogFactory.getLog(UsernameTokenProcessor.class.getName());
- private Validator validator = new UsernameTokenValidator();
-
- /**
- * Set a Validator implementation to validate the credential
- * @param validator the Validator implementation to set
- */
- public void setValidator(Validator validator) {
- this.validator = validator;
- }
-
public List<WSSecurityEngineResult> handleToken(
- Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb,
- WSDocInfo wsDocInfo, WSSConfig config
+ Element elem,
+ RequestData data,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found UsernameToken list element");
}
- validator.setCallbackHandler(cb);
- validator.setWSSConfig(config);
- UsernameToken token = handleUsernameToken(elem, config);
+ UsernameToken token = handleUsernameToken(elem, data);
WSUsernameTokenPrincipal principal =
new WSUsernameTokenPrincipal(token.getName(), token.isHashed());
@@ -92,10 +81,11 @@ public class UsernameTokenProcessor impl
public UsernameToken
handleUsernameToken(
Element token,
- WSSConfig wssConfig
+ RequestData data
) throws WSSecurityException {
boolean allowNamespaceQualifiedPasswordTypes = false;
boolean bspCompliant = true;
+ WSSConfig wssConfig = data.getWssConfig();
if (wssConfig != null) {
allowNamespaceQualifiedPasswordTypes =
wssConfig.getAllowNamespaceQualifiedPasswordTypes();
@@ -109,8 +99,12 @@ public class UsernameTokenProcessor impl
new UsernameToken(token, allowNamespaceQualifiedPasswordTypes, bspCompliant);
Credential credential = new Credential();
credential.setUsernametoken(ut);
- validator.validate(credential);
-
+ Validator validator = data.getValidator(WSSecurityEngine.USERNAME_TOKEN);
+ if (validator == null) {
+ validator = new UsernameTokenValidator();
+ }
+ validator.validate(credential, data);
+
return ut;
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java Tue Mar 8 16:57:34 2011
@@ -26,8 +26,8 @@ import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.processor.Processor;
@@ -75,10 +75,8 @@ public class SAMLUtil {
public static AssertionWrapper getAssertionFromKeyIdentifier(
SecurityTokenReference secRef,
Element strElement,
- Crypto crypto,
- CallbackHandler cb,
- WSDocInfo wsDocInfo,
- WSSConfig config
+ RequestData request,
+ WSDocInfo wsDocInfo
) throws WSSecurityException {
String keyIdentifierValue = secRef.getKeyIdentifierValue();
String type = secRef.getKeyIdentifierValueType();
@@ -93,18 +91,21 @@ public class SAMLUtil {
} else {
token =
secRef.findProcessedTokenElement(
- strElement.getOwnerDocument(), wsDocInfo, cb, keyIdentifierValue, type
+ strElement.getOwnerDocument(), wsDocInfo,
+ request.getCallbackHandler(),
+ keyIdentifierValue, type
);
if (token != null) {
return new AssertionWrapper(token);
}
token =
secRef.findUnprocessedTokenElement(
- strElement.getOwnerDocument(), wsDocInfo, cb, keyIdentifierValue, type
+ strElement.getOwnerDocument(), wsDocInfo,
+ request.getCallbackHandler(), keyIdentifierValue, type
);
- Processor proc = config.getProcessor(WSSecurityEngine.SAML_TOKEN);
+ Processor proc = request.getWssConfig().getProcessor(WSSecurityEngine.SAML_TOKEN);
List<WSSecurityEngineResult> samlResult =
- proc.handleToken(token, null, crypto, cb, wsDocInfo, config);
+ proc.handleToken(token, request, wsDocInfo);
return
(AssertionWrapper)samlResult.get(0).get(
WSSecurityEngineResult.TAG_SAML_ASSERTION
@@ -126,15 +127,14 @@ public class SAMLUtil {
*/
public static SAMLKeyInfo getCredentialFromSubject(
AssertionWrapper assertion,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo docInfo,
boolean bspCompliant
) throws WSSecurityException {
if (assertion.getSaml1() != null) {
- return getCredentialFromSubject(assertion.getSaml1(), crypto, cb, docInfo, bspCompliant);
+ return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant);
} else {
- return getCredentialFromSubject(assertion.getSaml2(), crypto, cb, docInfo, bspCompliant);
+ return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant);
}
}
@@ -175,13 +175,12 @@ public class SAMLUtil {
*/
public static SAMLKeyInfo getCredentialFromSubject(
org.opensaml.saml1.core.Assertion assertion,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo docInfo,
boolean bspCompliant
) throws WSSecurityException {
// First try to get the credential from a CallbackHandler
- byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), cb);
+ byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler());
if (key != null && key.length > 0) {
return new SAMLKeyInfo(key);
}
@@ -214,7 +213,7 @@ public class SAMLUtil {
Element keyInfoElement =
WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS);
if (keyInfoElement != null) {
- return getCredentialFromKeyInfo(keyInfoElement, crypto, cb, docInfo, bspCompliant);
+ return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
}
}
@@ -234,13 +233,12 @@ public class SAMLUtil {
*/
public static SAMLKeyInfo getCredentialFromSubject(
org.opensaml.saml2.core.Assertion assertion,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo docInfo,
boolean bspCompliant
) throws WSSecurityException {
// First try to get the credential from a CallbackHandler
- byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), cb);
+ byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler());
if (key != null && key.length > 0) {
return new SAMLKeyInfo(key);
}
@@ -261,7 +259,7 @@ public class SAMLUtil {
Element keyInfoElement =
WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS);
if (keyInfoElement != null) {
- return getCredentialFromKeyInfo(keyInfoElement, crypto, cb, docInfo, bspCompliant);
+ return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
}
}
@@ -281,8 +279,7 @@ public class SAMLUtil {
*/
public static SAMLKeyInfo getCredentialFromKeyInfo(
Element keyInfoElement,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo docInfo,
boolean bspCompliant
) throws WSSecurityException {
@@ -298,7 +295,7 @@ public class SAMLUtil {
WSSConfig config = WSSConfig.getNewInstance();
config.setWsiBSPCompliant(bspCompliant);
List<WSSecurityEngineResult> result =
- proc.handleToken((Element)node, null, crypto, cb, docInfo, config);
+ proc.handleToken((Element)node, data, docInfo);
byte[] secret =
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
@@ -339,7 +336,7 @@ public class SAMLUtil {
certs[0] = (X509Certificate)x509obj;
return new SAMLKeyInfo(certs);
} else if (x509obj instanceof X509IssuerSerial) {
- if (crypto == null) {
+ if (data.getSigCrypto() == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noSigCryptoFile"
);
@@ -349,7 +346,7 @@ public class SAMLUtil {
((X509IssuerSerial)x509obj).getIssuerName(),
((X509IssuerSerial)x509obj).getSerialNumber()
);
- certs = crypto.getX509Certificates(cryptoType);
+ certs = data.getSigCrypto().getX509Certificates(cryptoType);
if (certs == null || certs.length < 1) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "invalidSAMLsecurity",
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java Tue Mar 8 16:57:34 2011
@@ -27,6 +27,7 @@ import org.apache.ws.security.WSEncrypti
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.DOMURIDereferencer;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
@@ -226,6 +227,7 @@ public class WSSecSignatureSAML extends
// retrieval
//
wsDocInfo = new WSDocInfo(doc);
+
X509Certificate[] certs = null;
PublicKey publicKey = null;
@@ -250,9 +252,11 @@ public class WSSecSignatureSAML extends
);
}
if (secretKey == null) {
+ RequestData data = new RequestData();
+ data.setSigCrypto(userCrypto);
SAMLKeyInfo samlKeyInfo =
SAMLUtil.getCredentialFromSubject(
- assertion, userCrypto, null, wsDocInfo, wssConfig.isWsiBSPCompliant()
+ assertion, data, wsDocInfo, wssConfig.isWsiBSPCompliant()
);
publicKey = samlKeyInfo.getPublicKey();
certs = samlKeyInfo.getCerts();
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java Tue Mar 8 16:57:34 2011
@@ -23,9 +23,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.saml.ext.builder.SAML1ComponentBuilder;
@@ -502,7 +501,7 @@ public class AssertionWrapper {
* @throws ValidationException
*/
public void verifySignature(
- Crypto crypto, WSDocInfo docInfo, WSSConfig config
+ RequestData data, WSDocInfo docInfo
) throws WSSecurityException {
Signature sig = null;
if (saml2 != null && saml2.getSignature() != null) {
@@ -514,7 +513,7 @@ public class AssertionWrapper {
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), crypto, null, docInfo, config.isWsiBSPCompliant()
+ keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()
);
if (samlKeyInfo == null) {
throw new WSSecurityException(
@@ -559,7 +558,7 @@ public class AssertionWrapper {
* @throws WSSecurityException
*/
public void parseHOKSubject(
- Crypto crypto, CallbackHandler cb, WSDocInfo docInfo, WSSConfig config
+ RequestData data, WSDocInfo docInfo
) throws WSSecurityException {
String confirmMethod = null;
List<String> methods = getConfirmationMethods();
@@ -569,10 +568,12 @@ public class AssertionWrapper {
if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {
if (saml1 != null) {
subjectKeyInfo =
- SAMLUtil.getCredentialFromSubject(saml1, crypto, cb, docInfo, config.isWsiBSPCompliant());
+ SAMLUtil.getCredentialFromSubject(saml1, data, docInfo,
+ data.getWssConfig().isWsiBSPCompliant());
} else if (saml2 != null) {
subjectKeyInfo =
- SAMLUtil.getCredentialFromSubject(saml2, crypto, cb, docInfo, config.isWsiBSPCompliant());
+ SAMLUtil.getCredentialFromSubject(saml2, data, docInfo,
+ data.getWssConfig().isWsiBSPCompliant());
}
}
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java Tue Mar 8 16:57:34 2011
@@ -26,6 +26,7 @@ import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.UsernameToken;
@@ -40,7 +41,6 @@ import java.security.cert.X509Certificat
import java.util.Map;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
/**
* This implementation of STRParser is for parsing a SecurityTokenReference element associated
@@ -63,13 +63,14 @@ public class DerivedKeyTokenSTRParser im
*/
public void parseSecurityTokenReference(
Element strElement,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo wsDocInfo,
- WSSConfig config,
Map<String, Object> parameters
) throws WSSecurityException {
boolean bspCompliant = true;
+ Crypto crypto = data.getDecCrypto();
+ WSSConfig config = data.getWssConfig();
+
if (config != null) {
bspCompliant = config.isWsiBSPCompliant();
}
@@ -103,7 +104,7 @@ public class DerivedKeyTokenSTRParser im
}
UsernameToken usernameToken =
(UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
- usernameToken.setRawPassword(cb);
+ usernameToken.setRawPassword(data);
secretKey = usernameToken.getDerivedKey();
} else if (WSConstants.ENCR == action) {
if (bspCompliant) {
@@ -119,7 +120,8 @@ public class DerivedKeyTokenSTRParser im
BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion);
}
SAMLKeyInfo keyInfo =
- SAMLUtil.getCredentialFromSubject(assertion, crypto, cb, wsDocInfo, bspCompliant);
+ SAMLUtil.getCredentialFromSubject(assertion,
+ data, wsDocInfo, bspCompliant);
// TODO Handle malformed SAML tokens where they don't have the
// secret in them
secretKey = keyInfo.getSecret();
@@ -131,7 +133,8 @@ public class DerivedKeyTokenSTRParser im
} else if (result == null && uri != null) {
// Now use the callback and get it
secretKey =
- getSecretKeyFromToken(uri, null, WSPasswordCallback.SECURITY_CONTEXT_TOKEN, cb);
+ getSecretKeyFromToken(uri, null, WSPasswordCallback.SECURITY_CONTEXT_TOKEN,
+ data);
} else if (keyIdentifierValue != null && keyIdentifierValueType != null) {
if (bspCompliant
&& keyIdentifierValueType.equals(SecurityTokenReference.ENC_KEY_SHA1_URI)) {
@@ -142,10 +145,10 @@ public class DerivedKeyTokenSTRParser im
secretKey =
this.getSecretKeyFromToken(
keyIdentifierValue, keyIdentifierValueType,
- WSPasswordCallback.SECRET_KEY, cb
+ WSPasswordCallback.SECRET_KEY, data
);
} else {
- secretKey = crypto.getPrivateKey(certs[0], cb).getEncoded();
+ secretKey = crypto.getPrivateKey(certs[0], data.getCallbackHandler()).getEncoded();
}
} else {
throw new WSSecurityException(
@@ -198,16 +201,16 @@ public class DerivedKeyTokenSTRParser im
String id,
String type,
int identifier,
- CallbackHandler cb
+ RequestData data
) throws WSSecurityException {
if (id.charAt(0) == '#') {
id = id.substring(1);
}
WSPasswordCallback pwcb =
- new WSPasswordCallback(id, null, type, identifier);
+ new WSPasswordCallback(id, null, type, identifier, data);
try {
Callback[] callbacks = new Callback[]{pwcb};
- cb.handle(callbacks);
+ data.getCallbackHandler().handle(callbacks);
} catch (Exception e) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java Tue Mar 8 16:57:34 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
@@ -41,7 +42,6 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Map;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
/**
@@ -67,12 +67,12 @@ public class EncryptedKeySTRParser imple
*/
public void parseSecurityTokenReference(
Element strElement,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo wsDocInfo,
- WSSConfig config,
Map<String, Object> parameters
) throws WSSecurityException {
+ Crypto crypto = data.getDecCrypto();
+ WSSConfig config = data.getWssConfig();
boolean bspCompliant = true;
if (config != null) {
bspCompliant = config.isWsiBSPCompliant();
@@ -98,13 +98,14 @@ public class EncryptedKeySTRParser imple
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) {
AssertionWrapper assertion =
SAMLUtil.getAssertionFromKeyIdentifier(
- secRef, strElement, crypto, cb, wsDocInfo, config
+ secRef, strElement, data, wsDocInfo
);
if (bspCompliant) {
BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion);
}
SAMLKeyInfo samlKi =
- SAMLUtil.getCredentialFromSubject(assertion, crypto, cb, wsDocInfo, bspCompliant);
+ SAMLUtil.getCredentialFromSubject(assertion,
+ data, wsDocInfo, bspCompliant);
certs = samlKi.getCerts();
} else {
if (bspCompliant) {
@@ -138,7 +139,9 @@ public class EncryptedKeySTRParser imple
BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion);
}
SAMLKeyInfo keyInfo =
- SAMLUtil.getCredentialFromSubject(assertion, crypto, cb, wsDocInfo, bspCompliant);
+ SAMLUtil.getCredentialFromSubject(assertion,
+ data,
+ wsDocInfo, bspCompliant);
certs = keyInfo.getCerts();
} else {
throw new WSSecurityException(
@@ -151,7 +154,7 @@ public class EncryptedKeySTRParser imple
}
if (certs == null) {
Element bstElement =
- secRef.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, cb);
+ secRef.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler());
// at this point ... check token type: Binary
QName el = new QName(bstElement.getNamespaceURI(), bstElement.getLocalName());
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java Tue Mar 8 16:57:34 2011
@@ -20,16 +20,15 @@
package org.apache.ws.security.str;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+
import org.w3c.dom.Element;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Map;
-import javax.security.auth.callback.CallbackHandler;
/**
* This interface describes a pluggable way of extracting credentials from SecurityTokenReference
@@ -50,10 +49,8 @@ public interface STRParser {
*/
public void parseSecurityTokenReference(
Element strElement,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo wsDocInfo,
- WSSConfig config,
Map<String, Object> parameters
) throws WSSecurityException;
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1079437&r1=1079436&r2=1079437&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java Tue Mar 8 16:57:34 2011
@@ -25,7 +25,7 @@ import org.apache.ws.security.WSPassword
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
@@ -41,7 +41,6 @@ import java.security.cert.X509Certificat
import java.util.Map;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
/**
* This implementation of STRParser is for parsing a SecurityTokenReference element, found in the
@@ -69,13 +68,12 @@ public class SecurityTokenRefSTRParser i
*/
public void parseSecurityTokenReference(
Element strElement,
- Crypto crypto,
- CallbackHandler cb,
+ RequestData data,
WSDocInfo wsDocInfo,
- WSSConfig config,
Map<String, Object> parameters
) throws WSSecurityException {
boolean bspCompliant = true;
+ WSSConfig config = data.getWssConfig();
if (config != null) {
bspCompliant = config.isWsiBSPCompliant();
}
@@ -111,7 +109,8 @@ public class SecurityTokenRefSTRParser i
BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion);
}
SAMLKeyInfo keyInfo =
- SAMLUtil.getCredentialFromSubject(assertion, crypto, cb, wsDocInfo, bspCompliant);
+ SAMLUtil.getCredentialFromSubject(assertion,
+ data, wsDocInfo, bspCompliant);
// TODO Handle malformed SAML tokens where they don't have the
// secret in them
secretKey = keyInfo.getSecret();
@@ -120,7 +119,7 @@ public class SecurityTokenRefSTRParser i
}
} else {
// Try asking the CallbackHandler for the secret key
- secretKey = getSecretKeyFromToken(id, null, cb);
+ secretKey = getSecretKeyFromToken(id, null, data);
if (secretKey == null) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, "unsupportedKeyId"
@@ -133,13 +132,16 @@ public class SecurityTokenRefSTRParser i
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(valueType)) {
AssertionWrapper assertion =
SAMLUtil.getAssertionFromKeyIdentifier(
- secRef, strElement, crypto, cb, wsDocInfo, config
+ secRef, strElement,
+ data, wsDocInfo
);
if (bspCompliant) {
BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion);
}
SAMLKeyInfo samlKi =
- SAMLUtil.getCredentialFromSubject(assertion, crypto, cb, wsDocInfo, bspCompliant);
+ SAMLUtil.getCredentialFromSubject(assertion,
+ data,
+ wsDocInfo, bspCompliant);
// TODO Handle malformed SAML tokens where they don't have the
// secret in them
secretKey = samlKi.getSecret();
@@ -149,8 +151,8 @@ public class SecurityTokenRefSTRParser i
}
secretKey =
getSecretKeyFromToken(
- secRef.getKeyIdentifierValue(), secRef.getKeyIdentifierValueType(), cb
- );
+ secRef.getKeyIdentifierValue(), secRef.getKeyIdentifierValueType(),
+ data);
}
} else {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK, "noReference");
@@ -200,16 +202,16 @@ public class SecurityTokenRefSTRParser i
private byte[] getSecretKeyFromToken(
String id,
String type,
- CallbackHandler cb
+ RequestData data
) throws WSSecurityException {
if (id.charAt(0) == '#') {
id = id.substring(1);
}
WSPasswordCallback pwcb =
- new WSPasswordCallback(id, null, type, WSPasswordCallback.SECRET_KEY);
+ new WSPasswordCallback(id, null, type, WSPasswordCallback.SECRET_KEY, data);
try {
Callback[] callbacks = new Callback[]{pwcb};
- cb.handle(callbacks);
+ data.getCallbackHandler().handle(callbacks);
} catch (Exception e) {
throw new WSSecurityException(
WSSecurityException.FAILURE,