You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by we...@apache.org on 2006/01/26 15:04:52 UTC
svn commit: r372529 - in
/webservices/wss4j/trunk/src/org/apache/ws/security/message: WSSecBase.java
WSSecEncrypt.java WSSecSignature.java WSSecSignatureConfirmation.java
WSSecTimestamp.java WSSecUsernameToken.java package.html
Author: werner
Date: Thu Jan 26 06:04:46 2006
New Revision: 372529
URL: http://svn.apache.org/viewcvs?rev=372529&view=rev
Log:
Refactor the WSS4J message classes to allow for more flexible control. Added some documentation.
Added:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/package.html
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=372529&r1=372528&r2=372529&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java Thu Jan 26 06:04:46 2006
@@ -155,8 +155,9 @@
}
/**
- * Set the user and password info. <p/> Both information is used to get the
- * user's private signing key.
+ * Set the user and password info.
+ *
+ * Both information is used to get the user's private signing key.
*
* @param user
* This is the user's alias name in the keystore that identifies
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=372529&r1=372528&r2=372529&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Thu Jan 26 06:04:46 2006
@@ -52,7 +52,7 @@
/**
* Encrypts a parts of a message according to WS Specification, X509 profile,
- * and adds the encryption data. <p/>
+ * and adds the encryption data.
*
* @author Davanum Srinivas (dims@yahoo.com).
* @author Werner Dittmann (Werner.Dittmann@apache.org).
@@ -126,8 +126,6 @@
/**
* Sets the algorithm to encode the symmetric key.
*
- * <p/>
- *
* Default is the <code>WSConstants.KEYTRANSPORT_RSA15</code> algorithm.
*
* @param keyEnc
@@ -226,19 +224,23 @@
/**
* Initialize a WSSec Encrypt.
*
- * The method sets up and initializes a WSSec Encrypt structure after the
- * relevant token information was set. After setup of the token references
- * may be added. After all references are added they can be signed.
+ * The method prepares and initializes a WSSec Encrypt structure after the
+ * relevant information was set. After preparartion of the token references
+ * can be added and encrypted.
+ *
+ * </p>
*
+ * This method does not add any element to the security header. This must
+ * be done explicitly.
*
* @param doc
* The unsigned SOAP envelope as <code>Document</code>
- * @param cr
+ * @param crypto
* An instance of the Crypto API to handle keystore and
* certificates
* @throws WSSecurityException
*/
- public void setupToken(Document doc, Crypto crypto, Element securityHeader)
+ public void prepare(Document doc, Crypto crypto)
throws WSSecurityException {
document = doc;
@@ -312,9 +314,7 @@
* element, this wraps the wsse:SecurityTokenReference 3) Create and set
* up the SecurityTokenReference according to the keyIdentifer parameter
* 4) Create the CipherValue element structure and insert the encrypted
- * session key 5) The last step sets up the reference list that pints to
- * the encrypted data that was encrypted with this encrypted session key
- * :-)
+ * session key
*/
xencEncryptedKey = createEnrcyptedKey(doc, keyEncAlgo);
encKeyId = "EncKeyId-" + xencEncryptedKey.hashCode();
@@ -330,7 +330,6 @@
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
secToken.setKeyIdentifier(remoteCert);
- // build a key id class??
break;
case WSConstants.SKI_KEY_IDENTIFIER:
@@ -376,36 +375,36 @@
}
/**
- * Prepends the Encrypt element to the elements already in the Security
+ * Prepend the EncryptedKey element to the elements already in the Security
* header.
*
- * The method can be called any time after <code>setupToken()</code>.
- * This allows to insert the Signature element at any position in the
+ * The method can be called any time after <code>prepare()</code>.
+ * This allows to insert the EncryptedKey element at any position in the
* Security header.
*
- * @param securityHeader
- * The securityHeader that holds the Signature element.
+ * @param secHeader
+ * The security header that holds the Signature element.
*/
- public void prependEncryptElementToHeader(Element securityHeader) {
- WSSecurityUtil.prependChildElement(document, securityHeader,
- xencEncryptedKey, false);
+ public void prependToHeader(WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), xencEncryptedKey, false);
}
/**
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
*
- * The method can be called any time after <code>setupToken()</code>.
+ * The method can be called any time after <code>prepare()</code>.
* This allows to insert the BST element at any position in the Security
* header.
*
- * @param securityHeader
- * The securityHeader that holds the BST element.
+ * @param secHeader
+ * The security header that holds the BST element.
*/
- public void prependBSTElementToHeader(Element securityHeader) {
+ public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
- WSSecurityUtil.prependChildElement(document, securityHeader,
- bstToken.getElement(), false);
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), bstToken.getElement(), false);
}
bstToken = null;
}
@@ -443,9 +442,8 @@
if (doDebug) {
log.debug("Beginning Encryption...");
}
- Element securityHeader = secHeader.getSecurityHeader();
- setupToken(doc, crypto, securityHeader);
+ prepare(doc, crypto);
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
if (parts == null) {
@@ -457,18 +455,45 @@
}
Element refs = encryptForInternalRef(null, parts);
- addRefElement(refs);
+ addInternalRefElement(refs);
- prependEncryptElementToHeader(securityHeader);
+ prependToHeader(secHeader);
if (bstToken != null) {
- prependBSTElementToHeader(securityHeader);
+ prependBSTElementToHeader(secHeader);
}
log.debug("Encryption complete.");
return doc;
}
+ /**
+ * Encrypt one or more parts or elements of the message (internal).
+ *
+ * This method takes a vector of <code>WSEncryptionPart</code> object that
+ * contain information about the elements to encrypt. The method call the
+ * encryption method, takes the reference information generated during
+ * encryption and add this to the <code>enc:Reference</code> element. This
+ * method can be called after <code>prepare()</code> and can be
+ * called multiple times to encrypt a number of parts or elements.
+ *
+ * </p>
+ *
+ * The method generates a <code>enc:Reference</code> element that <i>must</i>
+ * be added to this token. See <code>addInternalRefElement()</code>.
+ *
+ * </p>
+ *
+ * If the <code>dataRef</code> parameter is <code>null</code> the method
+ * creates and initializes a new Reference element.
+ *
+ * @param dataRef
+ * A <code>enc:Reference</code> element or <code>null</code>
+ * @param references
+ * A vector containing WSEncryptionPart objects
+ * @return Returns the updated <code>enc:Reference</code> element
+ * @throws WSSecurityException
+ */
public Element encryptForInternalRef(Element dataRef, Vector references)
throws WSSecurityException {
Vector encDataRefs = doEncryption(document, this.encryptionKey, parts);
@@ -481,6 +506,33 @@
return referenceList;
}
+ /**
+ * Encrypt one or more parts or elements of the message (external).
+ *
+ * This method takes a vector of <code>WSEncryptionPart</code> object that
+ * contain information about the elements to encrypt. The method call the
+ * encryption method, takes the reference information generated during
+ * encryption and add this to the <code>enc:Reference</code> element. This
+ * method can be called after <code>prepare()</code> and can be
+ * called multiple times to encrypt a number of parts or elements.
+ *
+ * </p>
+ *
+ * The method generates a <code>enc:Reference</code> element that <i>must</i>
+ * be added to the SecurityHeader. See <code>addExternalRefElement()</code>.
+ *
+ * </p>
+ *
+ * If the <code>dataRef</code> parameter is <code>null</code> the method
+ * creates and initializes a new Reference element.
+ *
+ * @param dataRef
+ * A <code>enc:Reference</code> element or <code>null</code>
+ * @param references
+ * A vector containing WSEncryptionPart objects
+ * @return Returns the updated <code>enc:Reference</code> element
+ * @throws WSSecurityException
+ */
public Element encryptForExternalRef(Element dataRef, Vector references)
throws WSSecurityException {
@@ -502,11 +554,39 @@
return referenceList;
}
- public void addRefElement(Element referenceList) {
+ /**
+ * Adds the internal Reference element to this Encrypt data.
+ *
+ * The refernce element <i>must</i> be created by the
+ * <code>encryptForInternalRef()</code> method. The refernce element is
+ * added to the <code>EncryptedKey</code> element of this encrypt block.
+ *
+ * @param dataRef
+ * The internal <code>enc:Reference</code> element
+ */
+ public void addInternalRefElement(Element dataRef) {
WSSecurityUtil.appendChildElement(document, xencEncryptedKey,
- referenceList);
+ dataRef);
}
+ /**
+ * Adds (prepends) the external Reference element to the Security header.
+ *
+ * The refernce element <i>must</i> be created by the
+ * <code>encryptForExternalRef() </code> method. The method prepends the
+ * reference element in the SecurityHeader.
+ *
+ * @param dataRef
+ * The external <code>enc:Reference</code> element
+ * @param secHeader
+ * The security header.
+ */
+ public void addExternalRefElement(Element dataRef, WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), dataRef, false);
+ }
+
+
private Vector doEncryption(Document doc, SecretKey secretKey,
Vector references) throws WSSecurityException {
return doEncryption(doc, secretKey, null, references);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=372529&r1=372528&r2=372529&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Thu Jan 26 06:04:46 2006
@@ -61,7 +61,7 @@
* Creates a Signature according to WS Specification, X509 profile.
*
* This class is a refactored implementation of the previous WSS4J class
- * <code>WSSigneEnvlope</code>. This new class allows the better control of
+ * <code>WSSignEnvlope</code>. This new class allows better control of
* the process to create a Signature and to add it to the Security header.
*
* <br/>
@@ -82,12 +82,12 @@
protected String canonAlgo = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
- protected WSSAddUsernameToken usernameToken = null;
+ protected WSSecUsernameToken usernameToken = null;
protected byte[] signatureValue = null;
/*
- * The following private variable are setup during setupToken().
+ * The following private variable are setup during prepare().
*/
private Document document = null;
@@ -139,7 +139,7 @@
* Set the name of the signature encryption algorithm to use.
*
* If the algorithm is not set then an automatic detection of the signature
- * algorithm to use is perfomed during the <code>setupToken()</code>
+ * algorithm to use is perfomed during the <code>prepare()</code>
* method. Refer to WSConstants which algorithms are supported.
*
* @param algo
@@ -154,7 +154,7 @@
/**
* Get the name of the signature algorithm that is being used.
*
- * Call this method after <code>setupToken</code> to get the information
+ * Call this method after <code>prepare</code> to get the information
* which signature algorithem was automaticall detected if no signature
* algorithm was preset.
*
@@ -198,11 +198,16 @@
* @param usernameToken
* The usernameToken to set.
*/
- public void setUsernameToken(WSSAddUsernameToken usernameToken) {
+ public void setUsernameToken(WSSecUsernameToken usernameToken) {
this.usernameToken = usernameToken;
}
/**
+ * Returns the computed Signature value.
+ *
+ * Call this method after <code>computeSignature()</code> or <code>build()</code>
+ * methods were called.
+ *
* @return Returns the signatureValue.
*/
public byte[] getSignatureValue() {
@@ -213,18 +218,25 @@
* Initialize a WSSec Signature.
*
* The method sets up and initializes a WSSec Signature structure after the
- * relevant token information was set. After setup of the token references
- * may be added. After all references are added they can be signed.
+ * relevant information was set. After setup of the references to elements
+ * to sign may be added. After all references are added they can be signed.
+ *
+ * <p/>
*
+ * This method does not add the Signature element to the security header.
+ * See <code>prependSignatureElementToHeader()</code> method.
*
* @param doc
- * The unsigned SOAP envelope as <code>Document</code>
+ * The SOAP envelope as <code>Document</code>
* @param cr
* An instance of the Crypto API to handle keystore and
* certificates
+ * @param secHeader
+ * The security header that will hold the Signature. This ise use
+ * to construct namespace prefixes for Signature. This method
* @throws WSSecurityException
*/
- public void setupToken(Document doc, Crypto cr, Element securityHeader)
+ public void prepare(Document doc, Crypto cr, WSSecHeader secHeader)
throws WSSecurityException {
/*
* Gather some info about the document to process and store it for
@@ -278,7 +290,7 @@
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, canonAlgo);
if (wssConfig.isWsiBSPCompliant()) {
- Set prefixes = getInclusivePrefixes(securityHeader, false);
+ Set prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(
doc, prefixes);
@@ -357,10 +369,6 @@
Reference refUt = new Reference(document);
refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
String utId = usernameToken.getId();
- if (utId == null) {
- utId = "usernameTokenId-" + usernameToken.hashCode();
- usernameToken.setId(utId);
- }
refUt.setURI("#" + utId);
secRef.setReference(refUt);
secretKey = usernameToken.getSecretKey();
@@ -384,17 +392,17 @@
* The added references are signed when calling
* <code>computeSignature()</code>. This method can be called several
* times to add references as required. <code>addReferencesToSign()</code>
- * can be called anytime after <code>setupToken</code>.
+ * can be called anytime after <code>prepare</code>.
*
* @param references
* A vector containing <code>WSEncryptionPart</code> objects
* that define the parts to sign.
- * @param securityHeader
+ * @param secHeader
* Used to compute namespaces to be inserted by
* InclusiveNamespaces to be WSI compliant.
* @throws WSSecurityException
*/
- public void addReferencesToSign(Vector references, Element securityHeader)
+ public void addReferencesToSign(Vector references, WSSecHeader secHeader)
throws WSSecurityException {
Transforms transforms = null;
@@ -447,7 +455,7 @@
.appendChild(
new InclusiveNamespaces(
document,
- getInclusivePrefixes(securityHeader))
+ getInclusivePrefixes(secHeader.getSecurityHeader()))
.getElement());
}
sig.addDocument("#" + certUri, transforms);
@@ -525,15 +533,15 @@
* Prepends the Signature element to the elements already in the Security
* header.
*
- * The method can be called any time after <code>setupToken()</code>.
+ * The method can be called any time after <code>prepare()</code>.
* This allows to insert the Signature element at any position in the
* Security header.
*
* @param securityHeader
- * The securityHeader that holds the Signature element.
+ * The secHeader that holds the Signature element.
*/
- public void prependSignatureElementToHeader(Element securityHeader) {
- WSSecurityUtil.prependChildElement(document, securityHeader, sig
+ public void prependToHeader(WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader.getSecurityHeader(), sig
.getElement(), false);
}
@@ -541,16 +549,16 @@
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
*
- * The method can be called any time after <code>setupToken()</code>.
+ * The method can be called any time after <code>prepare()</code>.
* This allows to insert the BST element at any position in the Security
* header.
*
- * @param securityHeader
- * The securityHeader that holds the BST element.
+ * @param secHeader
+ * The security header that holds the BST element.
*/
- public void prependBSTElementToHeader(Element securityHeader) {
+ public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
- WSSecurityUtil.prependChildElement(document, securityHeader,
+ WSSecurityUtil.prependChildElement(document, secHeader.getSecurityHeader(),
bstToken.getElement(), false);
}
bstToken = null;
@@ -560,7 +568,7 @@
* Compute the Signature over the references.
*
* After references are set this method computes the Signature for them.
- * This method can be called anytime after the references are set using
+ * This method can be called anytime after the references were set. See
* <code>addReferencesToSign()</code>.
*
* @throws WSSecurityException
@@ -591,13 +599,13 @@
*
* This is a convenience method and for backward compatibility. The method
* creates a Signature and puts it into the Security header. It does so by
- * calling the sigle functions in order to perform a <i>one shot signature</i>.
+ * calling the single functions in order to perform a <i>one shot signature</i>.
* This method is compatible with the build method of the previous version
* with the exception of the additional WSSecHeader parameter.
*
* @param doc
* The unsigned SOAP envelope as <code>Document</code>
- * @param crypto
+ * @param cr
* An instance of the Crypto API to handle keystore and
* certificates
* @param secHeader
@@ -615,7 +623,7 @@
Element securityHeader = secHeader.getSecurityHeader();
- setupToken(doc, cr, securityHeader);
+ prepare(doc, cr, secHeader);
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
.getDocumentElement());
@@ -628,16 +636,16 @@
parts.add(encP);
}
- addReferencesToSign(parts, securityHeader);
+ addReferencesToSign(parts, secHeader);
- prependSignatureElementToHeader(securityHeader);
+ prependToHeader(secHeader);
/*
* if we have a BST prepend it in front of the Signature according to
* strict layout rules.
*/
if (bstToken != null) {
- prependBSTElementToHeader(securityHeader);
+ prependBSTElementToHeader(secHeader);
}
computeSignature();
Added: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java?rev=372529&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureConfirmation.java Thu Jan 26 06:04:46 2006
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.ws.security.message;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.message.token.SignatureConfirmation;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Builds a WS SignatureConfirmation and inserts it into the SOAP Envelope.
+ *
+ * @author Werner Dittmann (Werner.Dittmann@t-online.de).
+ */
+
+public class WSSecSignatureConfirmation extends WSSecBase {
+ private static Log log = LogFactory.getLog(WSSecSignatureConfirmation.class
+ .getName());
+
+ private SignatureConfirmation sc = null;
+
+ private Document document = null;
+
+ byte[] signatureValue = null;
+
+ /**
+ * Constructor.
+ */
+ public WSSecSignatureConfirmation() {
+ }
+
+ /**
+ * Set the Signature value to store in this SignatureConfirmation.
+ *
+ * @param signatureValue
+ * The Signature value to store in the SignatureConfirmation
+ * element
+ */
+ public void setSignatureValue(byte[] signatureValue) {
+ this.signatureValue = signatureValue;
+ }
+
+
+ /**
+ * Creates a SignatureConfimation element.
+ *
+ * The method prepares and initializes a WSSec SignatureConfirmation structure after
+ * the relevant information was set. Before calling <code>prepare()</code> the
+ * filed <code>signatureValue</code> must be set
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ */
+ public void prepare(Document doc) {
+ document = doc;
+ sc = new SignatureConfirmation(doc, signatureValue);;
+ String scId = "SigConf-" + sc.hashCode();
+ sc.setID(scId);
+ }
+
+ /**
+ * Prepends the SignatureConfirmation element to the elements already in the
+ * Security header.
+ *
+ * The method can be called any time after <code>prepare()</code>.
+ * This allows to insert the SignatureConfirmation element at any position in the
+ * Security header.
+ *
+ * @param secHeader
+ * The security header that holds the Signature element.
+ */
+ public void prependToHeader(WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), sc.getElement(), false);
+ }
+
+ /**
+ * Adds a new <code>SignatureConfirmation</code> to a soap envelope.
+ *
+ * A complete <code>SignatureConfirmation</code> is constructed and added
+ * to the <code>wsse:Security</code> header.
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ * @param sigVal
+ * the Signature value. This will be the content of the "Value"
+ * attribute.
+ * @param secHeader
+ * The security header that holds the Signature element.
+ * @return Document with SignatureConfirmation added
+ */
+ public Document build(Document doc, byte[] sigVal, WSSecHeader secHeader) {
+ log.debug("Begin add signature confirmation...");
+
+ signatureValue = sigVal;
+ prepare(doc);
+ prependToHeader(secHeader);
+
+ return doc;
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of this SignatureConfirmation.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepareToken()</code>
+ * was not called before.
+ */
+ public String getId() {
+ if (sc == null) {
+ return null;
+ }
+ return sc.getID();
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java?rev=372529&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java Thu Jan 26 06:04:46 2006
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.ws.security.message;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Builds a WS Timestamp and inserts it into the SOAP Envelope. Refer to the WS
+ * specification 1.0. chapter 10 / appendix A.2
+ *
+ * @author Christof Soehngen (Christof.Soehngen@syracom.de).
+ * @author Werner Dittmann (werner@apache.org).
+ */
+
+public class WSSecTimestamp extends WSSecBase {
+ private static Log log = LogFactory.getLog(WSSecTimestamp.class.getName());
+
+ private Timestamp ts = null;
+
+ private Document document = null;
+
+ /**
+ * Constructor.
+ */
+ public WSSecTimestamp() {
+ }
+
+ /**
+ * Creates a Timestamp element.
+ *
+ * The method prepares and initializes a WSSec Timestamp structure after the
+ * relevant information was set. Before calling <code>prepare()</code> the
+ * parameter such as <code>timeToLive</code> can be set if the deafult
+ * value is not suitable.
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ */
+ public void prepare(Document doc) {
+ document = doc;
+ ts = new Timestamp(wssConfig.isPrecisionInMilliSeconds(), doc, timeToLive);
+ String tsId = "Timestamp-" + ts.hashCode();
+ ts.setID(tsId);
+ }
+
+ /**
+ * Prepends the Timestamp element to the elements already in the
+ * Security header.
+ *
+ * The method can be called any time after <code>prepare()</code>.
+ * This allows to insert the Timestamp element at any position in the
+ * Security header.
+ *
+ * @param secHeader
+ * The security header that holds the Signature element.
+ */
+ public void prependToHeader(WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), ts.getElement(), false);
+ }
+
+ /**
+ * Adds a new <code>Timestamp</code> to a soap envelope.
+ *
+ * A complete <code>Timestamp</code> is constructed and added to the
+ * <code>wsse:Security</code> header.
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ * @param secHeader
+ * The security header that hold this Timestamp
+ * @return Document with Timestamp added
+ * @throws Exception
+ */
+ public Document build(Document doc, WSSecHeader secHeader) {
+ log.debug("Begin add timestamp...");
+
+ prepare(doc);
+ prependToHeader(secHeader);
+
+ return doc;
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of this Timestamp.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepareToken()</code>
+ * was not called before.
+ */
+ public String getId() {
+ if (ts == null) {
+ return null;
+ }
+ return ts.getID();
+ }
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java?rev=372529&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecUsernameToken.java Thu Jan 26 06:04:46 2006
@@ -0,0 +1,189 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.ws.security.message;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.UsernameToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Builds a WS UsernameToken.
+ *
+ * Refer to the WS specification, UsernameToken profile
+ *
+ * @author Werner Dittmann (werner@apache.org).
+ */
+
+public class WSSecUsernameToken extends WSSecBase {
+ private static Log log = LogFactory.getLog(WSSecUsernameToken.class
+ .getName());
+
+ private String passwordType = WSConstants.PASSWORD_DIGEST;
+
+ private UsernameToken ut = null;
+
+ private String id = null;
+
+ private boolean nonce = false;
+
+ private boolean created = false;
+
+ private Document document = null;
+
+ /**
+ * Constructor.
+ */
+ public WSSecUsernameToken() {
+ }
+
+ /**
+ * Defines how to construct the password element of the
+ * <code>UsernameToken</code>.
+ *
+ * @param pwType
+ * contains the password type. Only allowed values are
+ * {@link WSConstants#PASSWORD_DIGEST} and
+ * {@link WSConstants#PASSWORD_TEXT}.
+ */
+ public void setPasswordType(String pwType) {
+ if (pwType == null) {
+ passwordType = WSConstants.PASSWORD_DIGEST;
+ } else if (pwType.equals(WSConstants.PASSWORD_DIGEST)
+ || pwType.equals(WSConstants.PASSWORD_TEXT)) {
+ passwordType = pwType;
+ }
+ }
+
+ /**
+ * Add a Nonce element to the UsernameToken.
+ */
+ public void addNonce() {
+ nonce = true;
+ }
+
+ /**
+ * Add a Created element to the UsernameToken.
+ */
+ public void addCreated() {
+ created = true;
+ }
+
+
+ /**
+ * Get the derived secret key.
+ *
+ * After the <code>prepare()</code> method was called use this method
+ * to compute a derived secret key. The generation of this secret key is according
+ * to WS-Trust specification.
+ *
+ * @return Return the derived secret key of this token or null if <code>prepare()</code>
+ * was not called before.
+ */
+ public byte[] getSecretKey() {
+ if (ut == null) {
+ return null;
+ }
+ return ut.getSecretKey();
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of this UsernameToken.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepare()</code>
+ * was not called before.
+ */
+ public String getId() {
+ if (ut == null) {
+ return null;
+ }
+ return ut.getID();
+ }
+
+ /**
+ * Creates a Username token.
+ *
+ * The method prepares and initializes a WSSec UsernameToken structure after
+ * the relevant information was set. A Before calling
+ * <code>prepare()</code> all parameters such as user, password,
+ * passwordType etc. must be set. A complete <code>UsernameToken</code> is
+ * constructed.
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ */
+ public void prepare(Document doc) {
+ document = doc;
+ ut = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc,
+ passwordType);
+ ut.setName(user);
+ ut.setPassword(password);
+ String utId = "UsernameToken-" + ut.hashCode();
+ ut.setID(utId);
+ if (nonce) {
+ ut.addNonce(doc);
+ }
+ if (created) {
+ ut.addCreated(wssConfig.isPrecisionInMilliSeconds(), doc);
+ }
+ }
+
+ /**
+ * Prepends the UsernameToken element to the elements already in the
+ * Security header.
+ *
+ * The method can be called any time after <code>prepare()</code>.
+ * This allows to insert the UsernameToken element at any position in the
+ * Security header.
+ *
+ * @param secHeader
+ * The security header that holds the Signature element.
+ */
+ public void prependToHeader(WSSecHeader secHeader) {
+ WSSecurityUtil.prependChildElement(document, secHeader
+ .getSecurityHeader(), ut.getElement(), false);
+ }
+
+ /**
+ * Adds a new <code>UsernameToken</code> to a soap envelope.
+ *
+ * Before calling <code>build()</code> all parameters such as user,
+ * password, passwordType etc. must be set. A complete
+ * <code>UsernameToken</code> is constructed and added to the
+ * <code>wsse:Security</code> header.
+ *
+ * @param doc
+ * The SOAP enevlope as W3C document
+ * @param secHeader
+ * The security header inside the SOAP envelope
+ * @return Document with UsernameToken added
+ */
+ public Document build(Document doc, WSSecHeader secHeader) {
+ log.debug("Begin add username token...");
+
+ prepare(doc);
+ prependToHeader(secHeader);
+
+ return doc;
+ }
+
+}
Added: webservices/wss4j/trunk/src/org/apache/ws/security/message/package.html
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/package.html?rev=372529&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/package.html (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/package.html Thu Jan 26 06:04:46 2006
@@ -0,0 +1,134 @@
+<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+ -->
+<html>
+<head>
+ <title>Web Service Security classes for message creation</title>
+<!--
+
+ @(#)Web Service Security classes for message creation
+
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+-->
+</head>
+<body bgcolor="white">
+
+The package provides classes to create messages that are compliant to the
+OASIS Web Service Security specifications.
+<p/>
+The OASIS WSS specifications define a number of features and it is possible
+to combine them in several ways. The WSS4J classes already support
+a large number of WSS features and their combinations.
+<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss">
+Here</a> are the WSS specifications.
+<p/>
+Currently this package contains two sets of classes that provide the same
+or similar functionality.
+<ul>
+ <li>The old classes, named WSAdd*, WSEncryptBody, WSSignEnvelope, WSBaseMessage.
+ The usage of these classes is depreciated.</li>
+ <li>The new, refactored classes. Their names start with the prefix <e>WSSec</e>.
+</ul>
+
+<h3>How to use the WSSec* classes</h3>
+The new refactored classes follow the same usage pattern.
+<ol type="1">
+ <li>Create an object for the required security element, for example a
+ <code>WSSecSignature</code>.
+ </li>
+ <li>Set the required fields using setter methods, for example user name, signature
+ algorithm, etc.
+ </li>
+ <li>After the fields are set call <code>prepare(...)</code>. This initializes the internal
+ structures, gets the required data like X509 tokens, etc.
+ </li>
+ <li>After preparation you may do security element specific functions, for example add
+ data refernces that should be included in the signature. You can also add the element to
+ the <code>WSSecHeader</code> at this time (adding to the security header can be done at any
+ time after <code>prepare(...)</code>). See the documentation of the various classes what is
+ available.
+ </li>
+</ol>
+In contrast to the old classes the handling of the security header is not longer
+implicitly performed. To provide better flexibilty the class <code>WSSecHeader</code>
+deals with the security header.
+<p/>
+The new structure of the classes provide a much more flxible handling of the actions
+performed by the classes. This enhanced flexibility enables a precise control of
+the placement of security elements in the security header and a much better control
+which elements to sign or to encrypt.
+<p/>
+This code snippet shows how to setup a Signature element:
+<pre>
+ /*
+ * Explicit security header handling. The WSSecHeader object
+ * remains the same for all elements that shall go into this
+ * security header. Thus you usually need to created one
+ * WSSecHeader object only.
+ */
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+
+ WSSecSignature builder = new WSSecSignature();
+
+ builder.setUserInfo("username", "password");
+ builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+ Document doc = getSOAPEnvelope();
+
+ builder.prepare(doc, crypto, secHeader);
+
+ /*
+ * Set parts to sign
+ */
+ Vector parts = new Vector();
+ WSEncryptionPart encP = new WSEncryptionPart(localName, namespace, "Content");
+ parts.add(encP);
+
+ /*
+ * Add the references to include into Signature. This can be done multiple
+ * times.
+ */
+ builder.addReferencesToSign(parts, secHeader);
+
+ /*
+ * Add the Signature now to the security header
+ */
+ builder.prependToHeader(secHeader);
+
+ /*
+ * There maybe a BST to prepend it in front of the Signature according to
+ * strict layout rules.
+ */
+ builder.prependBSTElementToHeader(secHeader);
+
+ /*
+ * Before calling computeSignature make sure all elements to sign are
+ * available in the document (SOAP Envelope)
+ */
+ builder.computeSignature();
+
+</pre>
+Each new class also contains a <code>build()</code> method that is similar to the
+<code>build()</code> method in the old classes. Thus, if the flexibilty is not
+required you may use this method for convenience.
+
+@since WSS4J 2.0
+</body>
+</html>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org