You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/09/06 18:22:41 UTC
svn commit: r1381663 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Author: coheigea
Date: Thu Sep 6 16:22:41 2012
New Revision: 1381663
URL: http://svn.apache.org/viewvc?rev=1381663&view=rev
Log:
[WSS-360] - Finished remaining Stax BSP rules
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java?rev=1381663&r1=1381662&r2=1381663&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java Thu Sep 6 16:22:41 2012
@@ -127,13 +127,10 @@ public final class STRParserUtil {
if (secRef.containsReference()) {
// Check the ValueType attributes
String valueType = secRef.getReference().getValueType();
- if ((valueType == null || "".equals(valueType)) && (token instanceof KerberosSecurity)) {
- bspEnforcer.handleBSPRule(BSPRule.R3059);
- }
-
if (((token instanceof X509Security) && !X509Security.X509_V3_TYPE.equals(valueType))
|| ((token instanceof PKIPathSecurity) && !PKIPathSecurity.PKI_TYPE.equals(valueType))
|| ((token instanceof KerberosSecurity)
+ && !(valueType == null || "".equals(valueType))
&& !WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType))) {
bspEnforcer.handleBSPRule(BSPRule.R3058);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1381663&r1=1381662&r2=1381663&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java Thu Sep 6 16:22:41 2012
@@ -34,6 +34,7 @@ import org.apache.xml.security.stax.impl
import org.apache.xml.security.stax.impl.securityToken.ECKeyValueSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.RsaKeyValueSecurityToken;
import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
+import org.opensaml.common.SAMLVersion;
import javax.security.auth.callback.CallbackHandler;
import java.util.Deque;
@@ -94,7 +95,7 @@ public class SecurityTokenFactoryImpl ex
if (securityTokenReferenceType.getAny().size() > 1) {
((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3061);
}
-
+
//todo BSP.R3027 KeyName? not supported ATM
//todo BSP.R3060,BSP.R3025,BSP.R3056 only one Embedded element? Not supported ATM
final X509DataType x509DataType
@@ -104,6 +105,11 @@ public class SecurityTokenFactoryImpl ex
x509DataType, securityTokenReferenceType.getId(),
WSSConstants.WSSKeyIdentifierType.ISSUER_SERIAL);
}
+
+ String tokenType =
+ XMLSecurityUtils.getQNameAttribute(
+ securityTokenReferenceType.getOtherAttributes(),
+ WSSConstants.ATT_wsse11_TokenType);
final KeyIdentifierType keyIdentifierType
= XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_KeyIdentifier);
@@ -123,6 +129,9 @@ public class SecurityTokenFactoryImpl ex
} else {
((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3071);
}
+ } else if (encodingType != null
+ && (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType))) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6604);
}
if (WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
@@ -138,6 +147,11 @@ public class SecurityTokenFactoryImpl ex
(WSSecurityContext) securityContext, crypto, callbackHandler, binaryContent,
securityTokenReferenceType.getId(), WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER);
} else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType)) {
+ if (WSSConstants.NS_SAML20_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6617);
+ } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) && !WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE.equals(tokenType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6611);
+ }
SecurityTokenProvider securityTokenProvider = securityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
if (securityTokenProvider == null) {
throw new WSSecurityException(
@@ -153,7 +167,7 @@ public class SecurityTokenFactoryImpl ex
final org.apache.ws.security.binding.wss10.ReferenceType referenceType
= XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_Reference);
if (referenceType != null) {
- //We do not check for BSP.R3023, BSP.R3022, BSP.R3066, BSP.R3067, BSP.R3024, BSP.R3064, BSP.R3211, BSP.R3058, BSP.R3059
+ //We do not check for BSP.R3023, BSP.R3022, BSP.R3066, BSP.R3067, BSP.R3024, BSP.R3064, BSP.R3211, BSP.R3059
String uri = referenceType.getURI();
if (uri == null) {
@@ -186,7 +200,41 @@ public class SecurityTokenFactoryImpl ex
}
if (securityTokenProvider.getSecurityToken() instanceof SecurityTokenReference) {
((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3057);
- }
+ } else if (securityTokenProvider.getSecurityToken() instanceof X509PKIPathv1SecurityToken) {
+ String valueType = referenceType.getValueType();
+ if (!WSSConstants.NS_X509PKIPathv1.equals(valueType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3058);
+ }
+ if (!WSSConstants.NS_X509PKIPathv1.equals(tokenType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R5215);
+ }
+ } else if (securityTokenProvider.getSecurityToken() instanceof X509SecurityToken) {
+ String valueType = referenceType.getValueType();
+ if (!WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3058);
+ }
+ } else if (securityTokenProvider.getSecurityToken() instanceof UsernameSecurityToken) {
+ String valueType = referenceType.getValueType();
+ if (!WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken.equals(valueType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R4214);
+ }
+ } else if (securityTokenProvider.getSecurityToken() instanceof SAMLSecurityToken) {
+ SAMLVersion samlVersion =
+ ((SAMLSecurityToken)securityTokenProvider.getSecurityToken()).getSamlVersion();
+ if (samlVersion == SAMLVersion.VERSION_20) {
+ String valueType = referenceType.getValueType();
+ if (valueType != null && !"".equals(valueType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6614);
+ }
+ if (!WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6617);
+ }
+ } else if (samlVersion == SAMLVersion.VERSION_10 && !WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE.equals(tokenType)) {
+ ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6611);
+ }
+ }
+
+
return securityTokenProvider.getSecurityToken();
}
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");