You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/09/06 15:57:59 UTC
svn commit: r1381604 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/action/ src/org/apache/ws/security/handler/
test/wssec/
Author: coheigea
Date: Thu Sep 6 13:57:59 2012
New Revision: 1381604
URL: http://svn.apache.org/viewvc?rev=1381604&view=rev
Log:
[WSS-231] - Backmerging to 1.5.x-fixes
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java Thu Sep 6 13:57:59 2012
@@ -19,13 +19,22 @@
package org.apache.ws.security.action;
+import java.util.Vector;
+
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.util.WSSecurityUtil;
+
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
public class SignatureAction implements Action {
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
@@ -62,7 +71,59 @@ public class SignatureAction implements
}
try {
- wsSign.build(doc, reqData.getSigCrypto(), reqData.getSecHeader());
+ wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
+
+ Element siblingElementToPrepend = null;
+ Vector signatureParts = reqData.getSignatureParts();
+ if (signatureParts == null) {
+ signatureParts = new Vector();
+ SOAPConstants soapConstants =
+ WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ soapConstants.getBodyQName().getLocalPart(),
+ soapConstants.getEnvelopeURI(),
+ "Content"
+ );
+ signatureParts.add(encP);
+ } else if (reqData.isAppendSignatureAfterTimestamp() && signatureParts != null) {
+ for (int i = 0; i < signatureParts.size(); i++) {
+ WSEncryptionPart part =
+ (WSEncryptionPart)signatureParts.get(i);
+ if (WSConstants.WSU_NS.equals(part.getNamespace())
+ && "Timestamp".equals(part.getName())) {
+ Element timestampElement =
+ (Element)WSSecurityUtil.findElement(
+ doc.getDocumentElement(), part.getName(), part.getNamespace()
+ );
+ if (timestampElement != null) {
+ Node child = timestampElement.getNextSibling();
+ while (child != null && child.getNodeType() != Node.ELEMENT_NODE) {
+ child = child.getNextSibling();
+ }
+ siblingElementToPrepend = (Element)child;
+ }
+ }
+ }
+ }
+
+ wsSign.addReferencesToSign(signatureParts, reqData.getSecHeader());
+
+ if (reqData.isAppendSignatureAfterTimestamp()) {
+ if (siblingElementToPrepend == null) {
+ wsSign.appendToHeader(reqData.getSecHeader());
+ } else {
+ reqData.getSecHeader().getSecurityHeader().insertBefore(
+ wsSign.getSignatureElement(), siblingElementToPrepend
+ );
+ }
+ } else {
+ wsSign.prependToHeader(reqData.getSecHeader());
+ }
+
+ wsSign.prependBSTElementToHeader(reqData.getSecHeader());
+ wsSign.computeSignature();
+
reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("Error during Signature: ", e);
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java Thu Sep 6 13:57:59 2012
@@ -66,6 +66,7 @@ public class RequestData {
private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
private boolean useDerivedKeyForMAC = true;
private boolean useSingleCert = true;
+ private boolean appendSignatureAfterTimestamp;
public void clear() {
soapConstants = null;
@@ -85,6 +86,7 @@ public class RequestData {
derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
useDerivedKeyForMAC = true;
useSingleCert = true;
+ appendSignatureAfterTimestamp = false;
}
public Object getMsgContext() {
@@ -370,4 +372,12 @@ public class RequestData {
public boolean isUseSingleCert() {
return useSingleCert;
}
+
+ public boolean isAppendSignatureAfterTimestamp() {
+ return appendSignatureAfterTimestamp;
+ }
+
+ public void setAppendSignatureAfterTimestamp(boolean appendSignatureAfterTimestamp) {
+ this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
+ }
}
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java Thu Sep 6 13:57:59 2012
@@ -47,6 +47,7 @@ import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Arrays;
+import java.util.Collections;
import java.util.Calendar;
import java.util.Date;
import java.util.Hashtable;
@@ -185,13 +186,39 @@ public abstract class WSHandler {
wssConfig.getAction(WSConstants.SC).execute(this, WSConstants.SC, doc, reqData);
}
}
+
+ // See if the Signature and Timestamp actions (in that order) are defined, and if
+ // the Timestamp is to be signed. In this case we need to swap the actions, as the
+ // Timestamp must appear in the security header first for signature creation to work.
+ Vector actionsToPerform = actions;
+ if (actions.contains(new Integer(WSConstants.SIGN))
+ && actions.contains(new Integer(WSConstants.TS))
+ && (actions.indexOf(new Integer(WSConstants.SIGN))
+ < actions.indexOf(new Integer(WSConstants.TS)))) {
+ boolean signTimestamp = false;
+ for (int i = 0; i < reqData.getSignatureParts().size(); i++) {
+ WSEncryptionPart encP = (WSEncryptionPart)reqData.getSignatureParts().get(i);
+ if (WSConstants.WSU_NS.equals(encP.getNamespace())
+ && "Timestamp".equals(encP.getName())) {
+ signTimestamp = true;
+ }
+ }
+ if (signTimestamp) {
+ actionsToPerform = new Vector(actions);
+ Collections.copy(actionsToPerform, actions);
+ actionsToPerform.remove(actions.indexOf(new Integer(WSConstants.SIGN)));
+ actionsToPerform.add(new Integer(WSConstants.SIGN));
+ reqData.setAppendSignatureAfterTimestamp(true);
+ }
+ }
+
/*
* Here we have all necessary information to perform the requested
* action(s).
*/
- for (int i = 0; i < actions.size(); i++) {
+ for (int i = 0; i < actionsToPerform.size(); i++) {
- int actionToDo = ((Integer) actions.get(i)).intValue();
+ int actionToDo = ((Integer) actionsToPerform.get(i)).intValue();
if (doDebug) {
log.debug("Performing Action: " + actionToDo);
}
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java Thu Sep 6 13:57:59 2012
@@ -34,6 +34,8 @@ import org.apache.ws.security.WSEncrypti
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecSignature;
@@ -47,6 +49,7 @@ import javax.security.auth.callback.Unsu
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Vector;
/**
* WS-Security Test Case
@@ -267,7 +270,48 @@ public class TestWSSecurityNew3 extends
verify(doc);
}
+
+ /**
+ * A test for "There is an issue with the position of the <Timestamp> element in the
+ * <Security> header when using WSS4J calling .NET Web Services with WS-Security."
+ */
+ public void testWSS231() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN | WSConstants.TS;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map config = new java.util.TreeMap();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS + "}Timestamp"
+ );
+ reqData.setMsgContext(config);
+
+ final Vector actions = new Vector();
+ actions.add(new Integer(WSConstants.SIGN));
+ actions.add(new Integer(WSConstants.TS));
+ final Document doc = unsignedEnvelope.getAsDocument();
+ MyHandler handler = new MyHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ Vector results = verify(doc);
+ assertTrue(handler.checkResults(results, actions));
+ }
/**
* Verifies the soap envelope
@@ -276,8 +320,8 @@ public class TestWSSecurityNew3 extends
* @param env soap envelope
* @throws java.lang.Exception Thrown when there is a problem in verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, this, crypto, null);
+ private Vector verify(Document doc) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, this, crypto, null);
}
public void handle(Callback[] callbacks)