You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/04/01 15:57:35 UTC
svn commit: r1463136 [6/11] - in /webservices/wss4j/trunk:
cxf-integration/src/main/java/org/apache/wss4j/cxfIntegration/interceptor/
integration/src/test/java/org/apache/wss4j/integration/test/stax/
ws-security-common/src/main/java/org/apache/wss4j/co...
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java?rev=1463136&r1=1463135&r2=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java Mon Apr 1 13:57:32 2013
@@ -19,27 +19,18 @@
package org.apache.wss4j.stax.ext;
import org.apache.commons.codec.binary.Base64;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.securityEvent.*;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.EncryptionPartDef;
-import org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.KeyValueTokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.stax.securityEvent.DerivedKeyTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.RelTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.SecureConversationTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.SpnegoContextTokenSecurityEvent;
-import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -72,7 +63,7 @@ public class WSSUtils extends XMLSecurit
*
* @param callbackHandler
* @param callback
- * @throws XMLSecurityException if the callback couldn't be executed
+ * @throws WSSecurityException if the callback couldn't be executed
*/
public static void doPasswordCallback(CallbackHandler callbackHandler, Callback callback)
throws WSSecurityException {
@@ -94,7 +85,7 @@ public class WSSUtils extends XMLSecurit
*
* @param callbackHandler a CallbackHandler implementation
* @return An array of bytes corresponding to the secret key (can be null)
- * @throws XMLSecurityException
+ * @throws WSSecurityException
*/
public static void doSecretKeyCallback(CallbackHandler callbackHandler, Callback callback, String id)
throws WSSecurityException {
@@ -323,12 +314,12 @@ public class WSSUtils extends XMLSecurit
public static void createEmbeddedKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor,
OutputProcessorChain outputProcessorChain,
- XMLSecurityConstants.TokenType tokenType, String referenceId)
+ WSSecurityTokenConstants.TokenType tokenType, String referenceId)
throws XMLStreamException, XMLSecurityException {
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
- if (tokenType.equals(WSSConstants.Saml10Token) || tokenType.equals(WSSConstants.Saml11Token)) {
+ if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) || WSSecurityTokenConstants.Saml11Token.equals(tokenType)) {
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE));
- } else if (tokenType.equals(WSSConstants.Saml20Token)) {
+ } else if (WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE));
}
abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, attributes);
@@ -389,44 +380,45 @@ public class WSSUtils extends XMLSecurit
outputProcessorChain, XMLSecurityConstants.TAG_xenc_ReferenceList);
}
- public static TokenSecurityEvent createTokenSecurityEvent(final SecurityToken securityToken, String correlationID)
- throws WSSecurityException {
- WSSConstants.TokenType tokenType = securityToken.getTokenType();
+ @SuppressWarnings("unchecked")
+ public static TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent(
+ final InboundSecurityToken inboundSecurityToken, String correlationID) throws WSSecurityException {
+ WSSecurityTokenConstants.TokenType tokenType = inboundSecurityToken.getTokenType();
TokenSecurityEvent tokenSecurityEvent;
- if (tokenType == WSSConstants.X509V1Token
- || tokenType == WSSConstants.X509V3Token
- || tokenType == WSSConstants.X509Pkcs7Token
- || tokenType == WSSConstants.X509PkiPathV1Token) {
+ if (WSSecurityTokenConstants.X509V1Token.equals(tokenType) ||
+ WSSecurityTokenConstants.X509V3Token.equals(tokenType) ||
+ WSSecurityTokenConstants.X509Pkcs7Token.equals(tokenType) ||
+ WSSecurityTokenConstants.X509PkiPathV1Token.equals(tokenType)) {
tokenSecurityEvent = new X509TokenSecurityEvent();
- } else if (tokenType == WSSConstants.UsernameToken) {
+ } else if (WSSecurityTokenConstants.UsernameToken.equals(tokenType)) {
tokenSecurityEvent = new UsernameTokenSecurityEvent();
- } else if (tokenType == WSSConstants.KerberosToken) {
+ } else if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
tokenSecurityEvent = new KerberosTokenSecurityEvent();
- } else if (tokenType == WSSConstants.SpnegoContextToken) {
+ } else if (WSSecurityTokenConstants.SpnegoContextToken.equals(tokenType)) {
tokenSecurityEvent = new SpnegoContextTokenSecurityEvent();
- } else if (tokenType == WSSConstants.SecurityContextToken) {
+ } else if (WSSecurityTokenConstants.SecurityContextToken.equals(tokenType)) {
tokenSecurityEvent = new SecurityContextTokenSecurityEvent();
- } else if (tokenType == WSSConstants.SecureConversationToken) {
+ } else if (WSSecurityTokenConstants.SecureConversationToken.equals(tokenType)) {
tokenSecurityEvent = new SecureConversationTokenSecurityEvent();
- } else if (tokenType == WSSConstants.Saml10Token
- || tokenType == WSSConstants.Saml11Token
- || tokenType == WSSConstants.Saml20Token) {
+ } else if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) ||
+ WSSecurityTokenConstants.Saml11Token.equals(tokenType) ||
+ WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
tokenSecurityEvent = new SamlTokenSecurityEvent();
- } else if (tokenType == WSSConstants.RelToken) {
+ } else if (WSSecurityTokenConstants.RelToken.equals(tokenType)) {
tokenSecurityEvent = new RelTokenSecurityEvent();
- } else if (tokenType == WSSConstants.HttpsToken) {
+ } else if (WSSecurityTokenConstants.HttpsToken.equals(tokenType)) {
tokenSecurityEvent = new HttpsTokenSecurityEvent();
- } else if (tokenType == WSSConstants.KeyValueToken) {
+ } else if (WSSecurityTokenConstants.KeyValueToken.equals(tokenType)) {
tokenSecurityEvent = new KeyValueTokenSecurityEvent();
- } else if (tokenType == WSSConstants.DerivedKeyToken) {
+ } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(tokenType)) {
tokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- } else if (tokenType == WSSConstants.EncryptedKeyToken) {
+ } else if (WSSecurityTokenConstants.EncryptedKeyToken.equals(tokenType)) {
tokenSecurityEvent = new EncryptedKeyTokenSecurityEvent();
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN);
}
- tokenSecurityEvent.setSecurityToken(securityToken);
+ tokenSecurityEvent.setSecurityToken(inboundSecurityToken);
tokenSecurityEvent.setCorrelationID(correlationID);
return tokenSecurityEvent;
}
Copied: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (from r1460765, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?p2=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java&p1=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java&r1=1460765&r2=1463136&rev=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Mon Apr 1 13:57:32 2013
@@ -18,18 +18,20 @@
*/
package org.apache.wss4j.stax.impl;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSUtils;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.ConfigurationProperties;
-import org.apache.xml.security.stax.ext.SecurityToken;
+import org.apache.xml.security.stax.impl.InboundSecurityContextImpl;
import org.apache.xml.security.stax.securityEvent.*;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityToken;
import javax.xml.namespace.QName;
import java.util.*;
@@ -37,10 +39,12 @@ import java.util.*;
/**
* Concrete security context implementation
*/
-public class InboundWSSecurityContextImpl extends WSSecurityContextImpl {
+public class InboundWSSecurityContextImpl extends InboundSecurityContextImpl implements WSInboundSecurityContext {
- private static final transient Log logger = LogFactory.getLog(WSSecurityContextImpl.class);
- private static final Boolean allowRSA15KeyTransportAlgorithm = Boolean.valueOf(ConfigurationProperties.getProperty("AllowRSA15KeyTransportAlgorithm"));
+ private static final transient org.slf4j.Logger logger =
+ org.slf4j.LoggerFactory.getLogger(InboundWSSecurityContextImpl.class);
+ private static final Boolean allowRSA15KeyTransportAlgorithm =
+ Boolean.valueOf(ConfigurationProperties.getProperty("AllowRSA15KeyTransportAlgorithm"));
private final Deque<SecurityEvent> securityEventQueue = new ArrayDeque<SecurityEvent>();
private boolean operationSecurityEventOccured = false;
@@ -51,7 +55,7 @@ public class InboundWSSecurityContextImp
@Override
public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.AlgorithmSuite) {
+ if (WSSecurityEventConstants.AlgorithmSuite.equals(securityEvent.getSecurityEventType())) {
//do not cache AlgorithmSuite securityEvents and forward them directly to allow
//the user to check them before they are used internally.
forwardSecurityEvent(securityEvent);
@@ -61,15 +65,19 @@ public class InboundWSSecurityContextImp
if (operationSecurityEventOccured) {
if (!this.messageEncryptionTokenOccured
&& (securityEvent instanceof TokenSecurityEvent)) {
- TokenSecurityEvent tokenSecurityEvent = ((TokenSecurityEvent) securityEvent);
- if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(SecurityToken.TokenUsage.Encryption)) {
- SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
+ @SuppressWarnings("unchecked")
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
+ ((TokenSecurityEvent<? extends InboundSecurityToken>) securityEvent);
+
+ if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
+ InboundSecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
while (securityToken.getKeyWrappingToken() != null) {
securityToken = securityToken.getKeyWrappingToken();
}
- TokenSecurityEvent newTokenSecurityEvent = WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
- setTokenUsage(newTokenSecurityEvent, SecurityToken.TokenUsage.MainEncryption);
+ TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
+ WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
+ setTokenUsage(newTokenSecurityEvent, WSSecurityTokenConstants.TokenUsage_MainEncryption);
securityEvent = newTokenSecurityEvent;
this.messageEncryptionTokenOccured = true;
}
@@ -79,7 +87,7 @@ public class InboundWSSecurityContextImp
return;
}
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.Operation) {
+ if (WSSecurityEventConstants.Operation.equals(securityEvent.getSecurityEventType())) {
operationSecurityEventOccured = true;
identifySecurityTokenDepenedenciesAndUsage(securityEventQueue);
@@ -122,45 +130,50 @@ public class InboundWSSecurityContextImp
private void identifySecurityTokenDepenedenciesAndUsage(
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
- List<TokenSecurityEvent> messageSignatureTokens = Collections.emptyList();
- List<TokenSecurityEvent> messageEncryptionTokens = Collections.emptyList();
- List<TokenSecurityEvent> supportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> signedSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> endorsingSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> signedEndorsingSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> signedEncryptedSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> encryptedSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> endorsingEncryptedSupportingTokens = Collections.emptyList();
- List<TokenSecurityEvent> signedEndorsingEncryptedSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> messageSignatureTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> messageEncryptionTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> endorsingSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEndorsingSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEncryptedSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> encryptedSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> endorsingEncryptedSupportingTokens = Collections.emptyList();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEndorsingEncryptedSupportingTokens = Collections.emptyList();
HttpsTokenSecurityEvent httpsTokenSecurityEvent = null;
- List<TokenSecurityEvent> tokenSecurityEvents = new ArrayList<TokenSecurityEvent>();
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEvents =
+ new ArrayList<TokenSecurityEvent<? extends InboundSecurityToken>>();
Iterator<SecurityEvent> securityEventIterator = securityEventDeque.iterator();
while (securityEventIterator.hasNext()) {
SecurityEvent securityEvent = securityEventIterator.next();
if (securityEvent instanceof TokenSecurityEvent) {
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.HttpsToken) {
- HttpsTokenSecurityEvent actHttpsTokenSecurityEvent = (HttpsTokenSecurityEvent) securityEvent;
+ @SuppressWarnings("unchecked")
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
+ (TokenSecurityEvent<? extends InboundSecurityToken>)securityEvent;
+
+ if (WSSecurityEventConstants.HttpsToken.equals(securityEvent.getSecurityEventType())) {
+ HttpsTokenSecurityEvent actHttpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
actHttpsTokenSecurityEvent.getSecurityToken().getTokenUsages().clear();
- actHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+ actHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
messageSignatureTokens = addTokenSecurityEvent(actHttpsTokenSecurityEvent, messageSignatureTokens);
HttpsTokenSecurityEvent clonedHttpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
clonedHttpsTokenSecurityEvent.setAuthenticationType(actHttpsTokenSecurityEvent.getAuthenticationType());
clonedHttpsTokenSecurityEvent.setIssuerName(actHttpsTokenSecurityEvent.getIssuerName());
clonedHttpsTokenSecurityEvent.setSecurityToken(actHttpsTokenSecurityEvent.getSecurityToken());
- clonedHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+ clonedHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainEncryption);
messageEncryptionTokens = addTokenSecurityEvent(actHttpsTokenSecurityEvent, messageEncryptionTokens);
httpsTokenSecurityEvent = clonedHttpsTokenSecurityEvent;
continue;
}
- tokenSecurityEvents.add((TokenSecurityEvent) securityEvent);
+ tokenSecurityEvents.add(tokenSecurityEvent);
}
}
//search for the root tokens...
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
if (securityToken.getKeyWrappingToken() == null && !containsSecurityToken(supportingTokens, securityToken)) {
supportingTokens = addTokenSecurityEvent(tokenSecurityEvent, supportingTokens);
@@ -168,14 +181,15 @@ public class InboundWSSecurityContextImp
}
//...and then for the intermediare tokens and create new TokenSecurityEvents if not already there
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
- SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
+ InboundSecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
if (securityToken.getKeyWrappingToken() != null) {
while (securityToken.getKeyWrappingToken() != null) {
securityToken = securityToken.getKeyWrappingToken();
}
if (!containsSecurityToken(supportingTokens, securityToken)) {
- TokenSecurityEvent newTokenSecurityEvent = WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
+ TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
+ WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
securityEventDeque.offer(newTokenSecurityEvent);
}
@@ -184,10 +198,10 @@ public class InboundWSSecurityContextImp
}
}
- Iterator<TokenSecurityEvent> supportingTokensIterator = supportingTokens.iterator();
+ Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokensIterator = supportingTokens.iterator();
while (supportingTokensIterator.hasNext()) {
- TokenSecurityEvent tokenSecurityEvent = supportingTokensIterator.next();
- List<SecurityToken> signingSecurityTokens = isSignedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = supportingTokensIterator.next();
+ List<InboundSecurityToken> signingSecurityTokens = isSignedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);
List<QName> signatureElementPath = new ArrayList<QName>(4);
signatureElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
@@ -213,10 +227,10 @@ public class InboundWSSecurityContextImp
boolean transportSecurityActive = Boolean.TRUE == get(WSSConstants.TRANSPORT_SECURITY_ACTIVE);
- List<SecurityToken> encryptingSecurityTokens = isEncryptedToken(tokenSecurityEvent, securityEventDeque);
+ List<InboundSecurityToken> encryptingSecurityTokens = isEncryptedToken(tokenSecurityEvent, securityEventDeque);
- boolean signatureUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(SecurityToken.TokenUsage.Signature);
- boolean encryptionUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(SecurityToken.TokenUsage.Encryption);
+ boolean signatureUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature);
+ boolean encryptionUsage = tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption);
if (!transportSecurityActive && signsSignatureConfirmation && signsTimestamp && !signsSignature) {
supportingTokensIterator.remove();
@@ -268,14 +282,15 @@ public class InboundWSSecurityContextImp
}
if (messageSignatureTokens.isEmpty()) {
- SecurityToken messageSignatureToken = getSupportingTokenSigningToken(
+ InboundSecurityToken messageSignatureToken = getSupportingTokenSigningToken(
signedSupportingTokens,
signedEndorsingSupportingTokens,
signedEncryptedSupportingTokens,
signedEndorsingEncryptedSupportingTokens,
securityEventDeque);
- TokenSecurityEvent tokenSecurityEvent = getTokenSecurityEvent(messageSignatureToken, tokenSecurityEvents);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
+ getTokenSecurityEvent(messageSignatureToken, tokenSecurityEvents);
if (tokenSecurityEvent != null) {
supportingTokens.remove(tokenSecurityEvent);
signedSupportingTokens.remove(tokenSecurityEvent);
@@ -290,9 +305,9 @@ public class InboundWSSecurityContextImp
}
if (messageSignatureTokens.isEmpty()) {
- for (Iterator<TokenSecurityEvent> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
- TokenSecurityEvent supportingToken = iterator.next();
- if (supportingToken.getSecurityToken().getTokenUsages().contains(SecurityToken.TokenUsage.Signature)) {
+ for (Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
+ TokenSecurityEvent<? extends InboundSecurityToken> supportingToken = iterator.next();
+ if (supportingToken.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature)) {
iterator.remove();
messageSignatureTokens = addTokenSecurityEvent(supportingToken, messageSignatureTokens);
break;
@@ -301,9 +316,9 @@ public class InboundWSSecurityContextImp
}
if (messageEncryptionTokens.isEmpty()) {
- for (Iterator<TokenSecurityEvent> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
- TokenSecurityEvent supportingToken = iterator.next();
- if (supportingToken.getSecurityToken().getTokenUsages().contains(SecurityToken.TokenUsage.Encryption)) {
+ for (Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> iterator = supportingTokens.iterator(); iterator.hasNext(); ) {
+ TokenSecurityEvent<? extends InboundSecurityToken> supportingToken = iterator.next();
+ if (supportingToken.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
iterator.remove();
messageEncryptionTokens = addTokenSecurityEvent(supportingToken, messageEncryptionTokens);
break;
@@ -315,27 +330,29 @@ public class InboundWSSecurityContextImp
this.messageEncryptionTokenOccured = true;
}
- setTokenUsage(messageSignatureTokens, SecurityToken.TokenUsage.MainSignature);
- setTokenUsage(messageEncryptionTokens, SecurityToken.TokenUsage.MainEncryption);
- setTokenUsage(supportingTokens, SecurityToken.TokenUsage.SupportingTokens);
- setTokenUsage(signedSupportingTokens, SecurityToken.TokenUsage.SignedSupportingTokens);
- setTokenUsage(endorsingSupportingTokens, SecurityToken.TokenUsage.EndorsingSupportingTokens);
- setTokenUsage(signedEndorsingSupportingTokens, SecurityToken.TokenUsage.SignedEndorsingSupportingTokens);
- setTokenUsage(signedEncryptedSupportingTokens, SecurityToken.TokenUsage.SignedEncryptedSupportingTokens);
- setTokenUsage(encryptedSupportingTokens, SecurityToken.TokenUsage.EncryptedSupportingTokens);
- setTokenUsage(endorsingEncryptedSupportingTokens, SecurityToken.TokenUsage.EndorsingEncryptedSupportingTokens);
- setTokenUsage(signedEndorsingEncryptedSupportingTokens, SecurityToken.TokenUsage.SignedEndorsingEncryptedSupportingTokens);
- }
-
- private List<TokenSecurityEvent> addTokenSecurityEvent(TokenSecurityEvent tokenSecurityEvent, List<TokenSecurityEvent> tokenSecurityEventList) {
- if (tokenSecurityEventList == Collections.<TokenSecurityEvent>emptyList()) {
- tokenSecurityEventList = new ArrayList<TokenSecurityEvent>();
+ setTokenUsage(messageSignatureTokens, WSSecurityTokenConstants.TokenUsage_MainSignature);
+ setTokenUsage(messageEncryptionTokens, WSSecurityTokenConstants.TokenUsage_MainEncryption);
+ setTokenUsage(supportingTokens, WSSecurityTokenConstants.TokenUsage_SupportingTokens);
+ setTokenUsage(signedSupportingTokens, WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens);
+ setTokenUsage(endorsingSupportingTokens, WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens);
+ setTokenUsage(signedEndorsingSupportingTokens, WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens);
+ setTokenUsage(signedEncryptedSupportingTokens, WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens);
+ setTokenUsage(encryptedSupportingTokens, WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens);
+ setTokenUsage(endorsingEncryptedSupportingTokens, WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens);
+ setTokenUsage(signedEndorsingEncryptedSupportingTokens, WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens);
+ }
+
+ private List<TokenSecurityEvent<? extends InboundSecurityToken>> addTokenSecurityEvent(
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent,
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEventList) {
+ if (tokenSecurityEventList == Collections.<TokenSecurityEvent<? extends InboundSecurityToken>>emptyList()) {
+ tokenSecurityEventList = new ArrayList<TokenSecurityEvent<? extends InboundSecurityToken>>();
}
tokenSecurityEventList.add(tokenSecurityEvent);
return tokenSecurityEventList;
}
- private boolean containsSecurityToken(List<TokenSecurityEvent> supportingTokens, SecurityToken securityToken) {
+ private boolean containsSecurityToken(List<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokens, SecurityToken securityToken) {
for (int i = 0; i < supportingTokens.size(); i++) {
TokenSecurityEvent tokenSecurityEvent = supportingTokens.get(i);
if (tokenSecurityEvent.getSecurityToken() == securityToken) {
@@ -345,9 +362,11 @@ public class InboundWSSecurityContextImp
return false;
}
- private TokenSecurityEvent getTokenSecurityEvent(SecurityToken securityToken, List<TokenSecurityEvent> tokenSecurityEvents) throws XMLSecurityException {
+ private TokenSecurityEvent<? extends InboundSecurityToken> getTokenSecurityEvent(
+ InboundSecurityToken securityToken,
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEvents) throws XMLSecurityException {
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
if (tokenSecurityEvent.getSecurityToken() == securityToken) {
return tokenSecurityEvent;
}
@@ -355,39 +374,39 @@ public class InboundWSSecurityContextImp
return null;
}
- private SecurityToken getSupportingTokenSigningToken(
- List<TokenSecurityEvent> signedSupportingTokens,
- List<TokenSecurityEvent> signedEndorsingSupportingTokens,
- List<TokenSecurityEvent> signedEncryptedSupportingTokens,
- List<TokenSecurityEvent> signedEndorsingEncryptedSupportingTokens,
+ private InboundSecurityToken getSupportingTokenSigningToken(
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedSupportingTokens,
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEndorsingSupportingTokens,
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEncryptedSupportingTokens,
+ List<TokenSecurityEvent<? extends InboundSecurityToken>> signedEndorsingEncryptedSupportingTokens,
Deque<SecurityEvent> securityEventDeque
) throws XMLSecurityException {
//todo we have to check if the signingTokens also cover the other supporting tokens!
for (int i = 0; i < signedSupportingTokens.size(); i++) {
- TokenSecurityEvent tokenSecurityEvent = signedSupportingTokens.get(i);
- List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = signedSupportingTokens.get(i);
+ List<? extends InboundSecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
if (signingSecurityTokens.size() == 1) {
return signingSecurityTokens.get(0);
}
}
for (int i = 0; i < signedEndorsingSupportingTokens.size(); i++) {
TokenSecurityEvent tokenSecurityEvent = signedEndorsingSupportingTokens.get(i);
- List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
+ List<InboundSecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
if (signingSecurityTokens.size() == 1) {
return signingSecurityTokens.get(0);
}
}
for (int i = 0; i < signedEncryptedSupportingTokens.size(); i++) {
TokenSecurityEvent tokenSecurityEvent = signedEncryptedSupportingTokens.get(i);
- List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
+ List<InboundSecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
if (signingSecurityTokens.size() == 1) {
return signingSecurityTokens.get(0);
}
}
for (int i = 0; i < signedEndorsingEncryptedSupportingTokens.size(); i++) {
TokenSecurityEvent tokenSecurityEvent = signedEndorsingEncryptedSupportingTokens.get(i);
- List<SecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
+ List<InboundSecurityToken> signingSecurityTokens = getSigningToken(tokenSecurityEvent, securityEventDeque);
if (signingSecurityTokens.size() == 1) {
return signingSecurityTokens.get(0);
}
@@ -395,78 +414,77 @@ public class InboundWSSecurityContextImp
return null;
}
- private List<SecurityToken> getSigningToken(TokenSecurityEvent tokenSecurityEvent, Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
- List<SecurityToken> signingSecurityTokens = new ArrayList<SecurityToken>();
+ private List<InboundSecurityToken> getSigningToken(TokenSecurityEvent tokenSecurityEvent, Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
+ List<InboundSecurityToken> signingSecurityTokens = new ArrayList<InboundSecurityToken>();
for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
SecurityEvent securityEvent = iterator.next();
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignedElement) {
+ if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
if (signedElementSecurityEvent.isSigned()
- && WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), tokenSecurityEvent.getSecurityToken().getElementPath(), true, false)) {
- signingSecurityTokens.add(signedElementSecurityEvent.getSecurityToken());
+ && WSSUtils.pathMatches(
+ signedElementSecurityEvent.getElementPath(),
+ tokenSecurityEvent.getSecurityToken().getElementPath(), true, false)
+ ) {
+ signingSecurityTokens.add((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken());
}
}
}
return signingSecurityTokens;
}
- private void setTokenUsage(List<TokenSecurityEvent> tokenSecurityEvents, SecurityToken.TokenUsage tokenUsage) throws XMLSecurityException {
+ private void setTokenUsage(List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEvents, WSSecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
- TokenSecurityEvent tokenSecurityEvent = tokenSecurityEvents.get(i);
+ TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
setTokenUsage(tokenSecurityEvent, tokenUsage);
}
}
- private void setTokenUsage(TokenSecurityEvent tokenSecurityEvent, SecurityToken.TokenUsage tokenUsage) throws XMLSecurityException {
- //if (tokenUsage == SecurityToken.TokenUsage.MainSignature) {
- tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(SecurityToken.TokenUsage.SupportingTokens);
- //} else if (tokenUsage == SecurityToken.TokenUsage.MainEncryption) {
- tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(SecurityToken.TokenUsage.SupportingTokens);
- //}
- tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(SecurityToken.TokenUsage.Signature);
- tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(SecurityToken.TokenUsage.Encryption);
+ private void setTokenUsage(TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent, WSSecurityTokenConstants.TokenUsage tokenUsage) throws XMLSecurityException {
+ tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_SupportingTokens);
+ tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Signature);
+ tokenSecurityEvent.getSecurityToken().getTokenUsages().remove(WSSecurityTokenConstants.TokenUsage_Encryption);
tokenSecurityEvent.getSecurityToken().addTokenUsage(tokenUsage);
}
- private List<SecurityToken> isSignedToken(TokenSecurityEvent tokenSecurityEvent,
+ private List<InboundSecurityToken> isSignedToken(TokenSecurityEvent tokenSecurityEvent,
Deque<SecurityEvent> securityEventDeque,
HttpsTokenSecurityEvent httpsTokenSecurityEvent) throws XMLSecurityException {
- List<SecurityToken> securityTokenList = new ArrayList<SecurityToken>();
+ List<InboundSecurityToken> securityTokenList = new ArrayList<InboundSecurityToken>();
if (httpsTokenSecurityEvent != null) {
securityTokenList.add(httpsTokenSecurityEvent.getSecurityToken());
return securityTokenList;
}
for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
SecurityEvent securityEvent = iterator.next();
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignedElement) {
+ if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
if (signedElementSecurityEvent.isSigned()
&& tokenSecurityEvent.getSecurityToken() != null
&& signedElementSecurityEvent.getXmlSecEvent() != null
&& signedElementSecurityEvent.getXmlSecEvent() == tokenSecurityEvent.getSecurityToken().getXMLSecEvent()
- && !securityTokenList.contains(signedElementSecurityEvent.getSecurityToken())) {
- securityTokenList.add(signedElementSecurityEvent.getSecurityToken());
+ && !securityTokenList.contains((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken())) {
+ securityTokenList.add((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken());
}
}
}
return securityTokenList;
}
- private List<SecurityToken> isEncryptedToken(TokenSecurityEvent tokenSecurityEvent,
+ private List<InboundSecurityToken> isEncryptedToken(TokenSecurityEvent tokenSecurityEvent,
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
- List<SecurityToken> securityTokenList = new ArrayList<SecurityToken>();
+ List<InboundSecurityToken> securityTokenList = new ArrayList<InboundSecurityToken>();
for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
SecurityEvent securityEvent = iterator.next();
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.EncryptedElement) {
+ if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
if (encryptedElementSecurityEvent.isEncrypted()
&& tokenSecurityEvent.getSecurityToken() != null
&& encryptedElementSecurityEvent.getXmlSecEvent() != null
&& encryptedElementSecurityEvent.getXmlSecEvent() == tokenSecurityEvent.getSecurityToken().getXMLSecEvent()
- && !securityTokenList.contains(encryptedElementSecurityEvent.getSecurityToken())) {
- securityTokenList.add(encryptedElementSecurityEvent.getSecurityToken());
+ && !securityTokenList.contains((InboundSecurityToken)encryptedElementSecurityEvent.getSecurityToken())) {
+ securityTokenList.add((InboundSecurityToken)encryptedElementSecurityEvent.getSecurityToken());
}
}
}
@@ -477,7 +495,7 @@ public class InboundWSSecurityContextImp
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
SecurityEvent securityEvent = iterator.next();
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignedElement) {
+ if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
if (signedElementSecurityEvent.isSigned()
&& signedElementSecurityEvent.getSecurityToken() == tokenSecurityEvent.getSecurityToken()
@@ -493,14 +511,14 @@ public class InboundWSSecurityContextImp
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
for (Iterator<SecurityEvent> iterator = securityEventDeque.iterator(); iterator.hasNext(); ) {
SecurityEvent securityEvent = iterator.next();
- if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.EncryptedElement) {
+ if (WSSecurityEventConstants.EncryptedElement.equals(securityEvent.getSecurityEventType())) {
EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
if (encryptedElementSecurityEvent.isEncrypted()
&& encryptedElementSecurityEvent.getSecurityToken() == tokenSecurityEvent.getSecurityToken()
&& WSSUtils.pathMatches(elementPath, encryptedElementSecurityEvent.getElementPath(), true, false)) {
return true;
}
- } else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.ContentEncrypted) {
+ } else if (WSSecurityEventConstants.ContentEncrypted.equals(securityEvent.getSecurityEventType())) {
ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
if (contentEncryptedElementSecurityEvent.isEncrypted()
&& contentEncryptedElementSecurityEvent.getSecurityToken() == tokenSecurityEvent.getSecurityToken()
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/BinarySecurityTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/BinarySecurityTokenInputHandler.java?rev=1463136&r1=1463135&r2=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/BinarySecurityTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/BinarySecurityTokenInputHandler.java Mon Apr 1 13:57:32 2013
@@ -21,10 +21,13 @@ package org.apache.wss4j.stax.impl.proce
import org.apache.wss4j.binding.wss10.BinarySecurityTokenType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.ext.WSSecurityContext;
+import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
+import org.apache.wss4j.stax.securityToken.X509SecurityToken;
import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
+import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.wss4j.stax.validate.BinarySecurityTokenValidator;
import org.apache.wss4j.stax.validate.BinarySecurityTokenValidatorImpl;
import org.apache.wss4j.stax.validate.TokenContext;
@@ -33,7 +36,8 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
-import org.apache.xml.security.stax.securityEvent.X509TokenSecurityEvent;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -58,24 +62,24 @@ public class BinarySecurityTokenInputHan
binarySecurityTokenType.setId(IDGenerator.generateID(null));
}
- final WSSecurityContext wsSecurityContext = (WSSecurityContext) inputProcessorChain.getSecurityContext();
+ final WSInboundSecurityContext wsInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
final WSSSecurityProperties wssSecurityProperties = (WSSSecurityProperties) securityProperties;
final List<QName> elementPath = getElementPath(eventQueue);
final List<XMLSecEvent> xmlSecEvents = getResponsibleXMLSecEvents(eventQueue, index);
- final TokenContext tokenContext = new TokenContext(wssSecurityProperties, wsSecurityContext, xmlSecEvents, elementPath);
+ final TokenContext tokenContext = new TokenContext(wssSecurityProperties, wsInboundSecurityContext, xmlSecEvents, elementPath);
BinarySecurityTokenValidator binarySecurityTokenValidator =
wssSecurityProperties.getValidator(WSSConstants.TAG_wsse_BinarySecurityToken);
if (binarySecurityTokenValidator == null) {
binarySecurityTokenValidator = new BinarySecurityTokenValidatorImpl();
}
- final SecurityToken binarySecurityToken =
+ final InboundSecurityToken binarySecurityToken =
binarySecurityTokenValidator.validate(binarySecurityTokenType, tokenContext);
- SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
+ SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() {
@Override
- public SecurityToken getSecurityToken() throws XMLSecurityException {
+ public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
return binarySecurityToken;
}
@@ -85,28 +89,31 @@ public class BinarySecurityTokenInputHan
}
};
- wsSecurityContext.registerSecurityTokenProvider(binarySecurityTokenType.getId(), securityTokenProvider);
+ wsInboundSecurityContext.registerSecurityTokenProvider(binarySecurityTokenType.getId(), securityTokenProvider);
TokenSecurityEvent tokenSecurityEvent;
//fire a tokenSecurityEvent
if (binarySecurityTokenType.getValueType().startsWith(WSSConstants.NS_X509TOKEN_PROFILE)) {
- tokenSecurityEvent = new X509TokenSecurityEvent();
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ x509TokenSecurityEvent.setSecurityToken((X509SecurityToken) binarySecurityToken);
+ tokenSecurityEvent = x509TokenSecurityEvent;
} else if (binarySecurityTokenType.getValueType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
- tokenSecurityEvent = new KerberosTokenSecurityEvent();
+ KerberosTokenSecurityEvent kerberosTokenSecurityEvent = new KerberosTokenSecurityEvent();
+ kerberosTokenSecurityEvent.setSecurityToken((KerberosServiceSecurityToken)binarySecurityToken);
+ tokenSecurityEvent = kerberosTokenSecurityEvent;
} else {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "invalidValueType",
binarySecurityTokenType.getValueType());
}
- tokenSecurityEvent.setSecurityToken((SecurityToken) binarySecurityToken);
tokenSecurityEvent.setCorrelationID(binarySecurityTokenType.getId());
- wsSecurityContext.registerSecurityEvent(tokenSecurityEvent);
+ wsInboundSecurityContext.registerSecurityEvent(tokenSecurityEvent);
}
private void checkBSPCompliance(InputProcessorChain inputProcessorChain, BinarySecurityTokenType binarySecurityTokenType)
throws WSSecurityException {
- final WSSecurityContext securityContext = (WSSecurityContext) inputProcessorChain.getSecurityContext();
+ final WSInboundSecurityContext securityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
if (binarySecurityTokenType.getEncodingType() == null) {
securityContext.handleBSPRule(BSPRule.R3029);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java?rev=1463136&r1=1463135&r2=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java Mon Apr 1 13:57:32 2013
@@ -30,6 +30,8 @@ import javax.xml.namespace.QName;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmldsig.TransformType;
import org.apache.xml.security.binding.xmldsig.TransformsType;
@@ -49,8 +51,8 @@ import org.apache.xml.security.stax.secu
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.ext.WSSUtils;
-import org.apache.wss4j.stax.ext.WSSecurityContext;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
/**
* Processor for decryption of EncryptedData XML structures
@@ -61,14 +63,14 @@ public class DecryptInputProcessor exten
Long.valueOf(ConfigurationProperties.getProperty("MaximumAllowedDecompressedBytes"));
public DecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList referenceList,
- WSSSecurityProperties securityProperties, WSSecurityContext securityContext)
+ WSSSecurityProperties securityProperties, WSInboundSecurityContext securityContext)
throws XMLSecurityException {
super(keyInfoType, referenceList, securityProperties);
checkBSPCompliance(keyInfoType, referenceList, securityContext, BSPRule.R3006);
}
- private void checkBSPCompliance(KeyInfoType keyInfoType, ReferenceList referenceList, WSSecurityContext securityContext,
+ private void checkBSPCompliance(KeyInfoType keyInfoType, ReferenceList referenceList, WSInboundSecurityContext securityContext,
BSPRule bspRule) throws WSSecurityException {
if (keyInfoType != null) {
if (keyInfoType.getContent().size() != 1) {
@@ -131,21 +133,21 @@ public class DecryptInputProcessor exten
@Override
protected void handleEncryptedContent(
InputProcessorChain inputProcessorChain, XMLSecStartElement parentStartXMLEvent,
- SecurityToken securityToken, EncryptedDataType encryptedDataType) throws XMLSecurityException {
+ InboundSecurityToken inboundSecurityToken, EncryptedDataType encryptedDataType) throws XMLSecurityException {
final DocumentContext documentContext = inputProcessorChain.getDocumentContext();
List<QName> elementPath = parentStartXMLEvent.getElementPath();
if (elementPath.size() == 2 && WSSUtils.isInSOAPBody(elementPath)) {
//soap:body content encryption counts as EncryptedPart
EncryptedPartSecurityEvent encryptedPartSecurityEvent =
- new EncryptedPartSecurityEvent(securityToken, true, documentContext.getProtectionOrder());
+ new EncryptedPartSecurityEvent(inboundSecurityToken, true, documentContext.getProtectionOrder());
encryptedPartSecurityEvent.setElementPath(elementPath);
encryptedPartSecurityEvent.setXmlSecEvent(parentStartXMLEvent);
encryptedPartSecurityEvent.setCorrelationID(encryptedDataType.getId());
inputProcessorChain.getSecurityContext().registerSecurityEvent(encryptedPartSecurityEvent);
} else {
ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent =
- new ContentEncryptedElementSecurityEvent(securityToken, true, documentContext.getProtectionOrder());
+ new ContentEncryptedElementSecurityEvent(inboundSecurityToken, true, documentContext.getProtectionOrder());
contentEncryptedElementSecurityEvent.setElementPath(elementPath);
contentEncryptedElementSecurityEvent.setXmlSecEvent(parentStartXMLEvent);
contentEncryptedElementSecurityEvent.setCorrelationID(encryptedDataType.getId());
@@ -156,7 +158,7 @@ public class DecryptInputProcessor exten
@Override
protected AbstractDecryptedEventReaderInputProcessor newDecryptedEventReaderInputProcessor(
boolean encryptedHeader, XMLSecStartElement xmlSecStartElement, EncryptedDataType encryptedDataType,
- SecurityToken securityToken, SecurityContext securityContext) throws XMLSecurityException {
+ InboundSecurityToken inboundSecurityToken, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {
String encryptionAlgorithm = encryptedDataType.getEncryptionMethod().getAlgorithm();
if (!WSSConstants.NS_XENC_TRIPLE_DES.equals(encryptionAlgorithm)
@@ -164,20 +166,20 @@ public class DecryptInputProcessor exten
&& !WSSConstants.NS_XENC11_AES128_GCM.equals(encryptionAlgorithm)
&& !WSSConstants.NS_XENC_AES256.equals(encryptionAlgorithm)
&& !WSSConstants.NS_XENC11_AES256_GCM.equals(encryptionAlgorithm)) {
- ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R5620);
+ ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R5620);
}
return new DecryptedEventReaderInputProcessor(getSecurityProperties(),
SecurePart.Modifier.getModifier(encryptedDataType.getType()),
- encryptedHeader, xmlSecStartElement, encryptedDataType, this, securityToken);
+ encryptedHeader, xmlSecStartElement, encryptedDataType, this, inboundSecurityToken);
}
@Override
- protected void handleSecurityToken(SecurityToken securityToken, SecurityContext securityContext,
+ protected void handleSecurityToken(InboundSecurityToken inboundSecurityToken, InboundSecurityContext inboundSecurityContext,
EncryptedDataType encryptedDataType) throws XMLSecurityException {
- securityToken.addTokenUsage(SecurityToken.TokenUsage.Encryption);
- TokenSecurityEvent tokenSecurityEvent = WSSUtils.createTokenSecurityEvent(securityToken, encryptedDataType.getId());
- securityContext.registerSecurityEvent(tokenSecurityEvent);
+ inboundSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
+ TokenSecurityEvent tokenSecurityEvent = WSSUtils.createTokenSecurityEvent(inboundSecurityToken, encryptedDataType.getId());
+ inboundSecurityContext.registerSecurityEvent(tokenSecurityEvent);
}
/*
@@ -207,30 +209,30 @@ public class DecryptInputProcessor exten
boolean encryptedHeader, XMLSecStartElement xmlSecStartElement,
EncryptedDataType encryptedDataType,
DecryptInputProcessor decryptInputProcessor,
- SecurityToken securityToken
+ InboundSecurityToken inboundSecurityToken
) {
super(securityProperties, encryptionModifier, encryptedHeader, xmlSecStartElement,
- encryptedDataType, decryptInputProcessor, securityToken);
+ encryptedDataType, decryptInputProcessor, inboundSecurityToken);
}
@Override
protected void handleEncryptedElement(
InputProcessorChain inputProcessorChain, XMLSecStartElement xmlSecStartElement,
- SecurityToken securityToken, EncryptedDataType encryptedDataType) throws XMLSecurityException {
+ InboundSecurityToken inboundSecurityToken, EncryptedDataType encryptedDataType) throws XMLSecurityException {
//fire a SecurityEvent:
final DocumentContext documentContext = inputProcessorChain.getDocumentContext();
List<QName> elementPath = xmlSecStartElement.getElementPath();
if (elementPath.size() == 3 && WSSUtils.isInSOAPHeader(elementPath)) {
EncryptedPartSecurityEvent encryptedPartSecurityEvent =
- new EncryptedPartSecurityEvent(securityToken, true, documentContext.getProtectionOrder());
+ new EncryptedPartSecurityEvent(inboundSecurityToken, true, documentContext.getProtectionOrder());
encryptedPartSecurityEvent.setElementPath(elementPath);
encryptedPartSecurityEvent.setXmlSecEvent(xmlSecStartElement);
encryptedPartSecurityEvent.setCorrelationID(encryptedDataType.getId());
inputProcessorChain.getSecurityContext().registerSecurityEvent(encryptedPartSecurityEvent);
} else {
EncryptedElementSecurityEvent encryptedElementSecurityEvent =
- new EncryptedElementSecurityEvent(securityToken, true, documentContext.getProtectionOrder());
+ new EncryptedElementSecurityEvent(inboundSecurityToken, true, documentContext.getProtectionOrder());
encryptedElementSecurityEvent.setElementPath(elementPath);
encryptedElementSecurityEvent.setXmlSecEvent(xmlSecStartElement);
encryptedElementSecurityEvent.setCorrelationID(encryptedDataType.getId());
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java?rev=1463136&r1=1463135&r2=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java Mon Apr 1 13:57:32 2013
@@ -21,19 +21,25 @@ package org.apache.wss4j.stax.impl.proce
import org.apache.wss4j.binding.wssc.AbstractDerivedKeyTokenType;
import org.apache.wss4j.common.derivedKey.DerivedKeyUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.ext.WSSecurityContext;
-import org.apache.wss4j.stax.impl.securityToken.InboundSecurityTokenImpl;
+import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl;
-import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.securityEvent.DerivedKeyTokenSecurityEvent;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
-import org.apache.xml.security.stax.ext.*;
+import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
+import org.apache.xml.security.stax.ext.InputProcessorChain;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
+import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBElement;
@@ -64,26 +70,25 @@ public class DerivedKeyTokenInputHandler
final List<QName> elementPath = getElementPath(eventQueue);
final XMLSecEvent responsibleXMLSecStartXMLEvent = getResponsibleStartXMLEvent(eventQueue, index);
- SecurityTokenProvider securityTokenProvider = new SecurityTokenProvider() {
+ SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() {
- private InboundSecurityTokenImpl derivedKeySecurityToken = null;
+ private AbstractInboundSecurityToken derivedKeySecurityToken = null;
- @SuppressWarnings("unchecked")
@Override
- public SecurityToken getSecurityToken() throws XMLSecurityException {
+ public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
if (this.derivedKeySecurityToken != null) {
return this.derivedKeySecurityToken;
}
//todo implement interface to access all derivedKeys? The same would be needed in UserNameToken
- this.derivedKeySecurityToken = new InboundSecurityTokenImpl(
- (WSSecurityContext) inputProcessorChain.getSecurityContext(),
+ this.derivedKeySecurityToken = new AbstractInboundSecurityToken(
+ (WSInboundSecurityContext) inputProcessorChain.getSecurityContext(),
derivedKeyTokenType.getId(), null) {
- private SecurityToken referencedSecurityToken = null;
+ private InboundSecurityToken referencedSecurityToken = null;
- private SecurityToken getReferencedSecurityToken() throws XMLSecurityException {
+ private InboundSecurityToken getReferencedSecurityToken() throws XMLSecurityException {
if (this.referencedSecurityToken != null) {
return referencedSecurityToken;
}
@@ -100,16 +105,16 @@ public class DerivedKeyTokenInputHandler
}
@Override
- protected Key getKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage,
+ protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
String correlationID) throws XMLSecurityException {
byte[] secret;
- SecurityToken referencedSecurityToken = getReferencedSecurityToken();
+ InboundSecurityToken referencedSecurityToken = getReferencedSecurityToken();
if (referencedSecurityToken != null) {
if (referencedSecurityToken instanceof UsernameSecurityToken) {
UsernameSecurityToken usernameSecurityToken = (UsernameSecurityToken) referencedSecurityToken;
secret = usernameSecurityToken.generateDerivedKey();
} else {
- secret = referencedSecurityToken.getSecretKey(algorithmURI, keyUsage, correlationID).getEncoded();
+ secret = referencedSecurityToken.getSecretKey(algorithmURI, algorithmUsage, correlationID).getEncoded();
}
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedKeyId");
@@ -130,15 +135,15 @@ public class DerivedKeyTokenInputHandler
nonce,
derivedKeyTokenType.getOffset().intValue()
);
- XMLSecurityConstants.KeyUsage derivedKeyUsage;
- if (WSSConstants.Enc.equals(keyUsage)) {
- derivedKeyUsage = WSSConstants.Enc_KD;
+ XMLSecurityConstants.AlgorithmUsage derivedKeyAlgoryithmUsage;
+ if (WSSConstants.Enc.equals(algorithmUsage)) {
+ derivedKeyAlgoryithmUsage = WSSConstants.Enc_KD;
} else {
- derivedKeyUsage = WSSConstants.Sig_KD;
+ derivedKeyAlgoryithmUsage = WSSConstants.Sig_KD;
}
AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
algorithmSuiteSecurityEvent.setAlgorithmURI(derivedKeyAlgorithm);
- algorithmSuiteSecurityEvent.setKeyUsage(derivedKeyUsage);
+ algorithmSuiteSecurityEvent.setAlgorithmUsage(derivedKeyAlgoryithmUsage);
algorithmSuiteSecurityEvent.setKeyLength(keyBytes.length * 8);
algorithmSuiteSecurityEvent.setCorrelationID(correlationID);
inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
@@ -148,13 +153,13 @@ public class DerivedKeyTokenInputHandler
}
@Override
- public SecurityToken getKeyWrappingToken() throws XMLSecurityException {
+ public InboundSecurityToken getKeyWrappingToken() throws XMLSecurityException {
return getReferencedSecurityToken();
}
@Override
- public WSSConstants.TokenType getTokenType() {
- return WSSConstants.DerivedKeyToken;
+ public WSSecurityTokenConstants.TokenType getTokenType() {
+ return WSSecurityTokenConstants.DerivedKeyToken;
}
};
this.derivedKeySecurityToken.setElementPath(elementPath);
@@ -171,7 +176,7 @@ public class DerivedKeyTokenInputHandler
//fire a tokenSecurityEvent
DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
- derivedKeyTokenSecurityEvent.setSecurityToken((SecurityToken) securityTokenProvider.getSecurityToken());
+ derivedKeyTokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
derivedKeyTokenSecurityEvent.setCorrelationID(derivedKeyTokenType.getId());
inputProcessorChain.getSecurityContext().registerSecurityEvent(derivedKeyTokenSecurityEvent);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/ReferenceListInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/ReferenceListInputHandler.java?rev=1463136&r1=1463135&r2=1463136&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/ReferenceListInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/ReferenceListInputHandler.java Mon Apr 1 13:57:32 2013
@@ -18,9 +18,9 @@
*/
package org.apache.wss4j.stax.impl.processor.input;
+import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.xml.security.binding.xmlenc.ReferenceList;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.ext.WSSecurityContext;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
@@ -43,6 +43,6 @@ public class ReferenceListInputHandler e
//instantiate a new DecryptInputProcessor and add it to the chain
inputProcessorChain.addProcessor(
new DecryptInputProcessor(null, referenceList, (WSSSecurityProperties) securityProperties,
- (WSSecurityContext) inputProcessorChain.getSecurityContext()));
+ (WSInboundSecurityContext) inputProcessorChain.getSecurityContext()));
}
}