You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/11/02 12:40:55 UTC
svn commit: r1196546 [1/2] - in /webservices/wss4j/branches/swssf:
streaming-ws-security/src/main/java/org/swssf/wss/ext/
streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/
streaming-xml-security/src/main/java/org/swssf/xmlsec/ext...
Author: giger
Date: Wed Nov 2 11:40:54 2011
New Revision: 1196546
URL: http://svn.apache.org/viewvc?rev=1196546&view=rev
Log:
refactoring to use (again) a common methods for token structure creation
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureOutputProcessor.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java Wed Nov 2 11:40:54 2011
@@ -19,15 +19,24 @@
package org.swssf.wss.ext;
import org.apache.commons.codec.binary.Base64;
-import org.swssf.xmlsec.ext.XMLSecurityUtils;
+import org.swssf.xmlsec.crypto.Merlin;
+import org.swssf.xmlsec.ext.*;
import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.EndElement;
import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.util.Iterator;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.*;
/**
* @author $Author$
@@ -89,4 +98,235 @@ public class WSSUtils extends XMLSecurit
return responsibleActor.equals(actor);
}
}
+
+ public static void flushBufferAndCallbackAfterTokenID(OutputProcessorChain outputProcessorChain,
+ AbstractBufferingOutputProcessor abstractBufferingOutputProcessor,
+ Deque<XMLEvent> xmlEventDeque)
+ throws XMLStreamException, XMLSecurityException {
+
+ //loop until we reach our security header and set flag
+ Iterator<XMLEvent> xmlEventIterator = xmlEventDeque.descendingIterator();
+ while (xmlEventIterator.hasNext()) {
+ XMLEvent xmlEvent = xmlEventIterator.next();
+ if (xmlEvent.isStartElement()) {
+ StartElement startElement = xmlEvent.asStartElement();
+ if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
+ && isResponsibleActorOrRole(
+ startElement,
+ ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
+ ((WSSSecurityProperties) abstractBufferingOutputProcessor.getSecurityProperties()).getActor())) {
+ ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+ break;
+ }
+ }
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+ }
+
+ final String appendAfterThisTokenId = abstractBufferingOutputProcessor.getAppendAfterThisTokenId();
+ //append current header
+ if (appendAfterThisTokenId == null) {
+ abstractBufferingOutputProcessor.processHeaderEvent(outputProcessorChain);
+ } else {
+ //we have a dependent token. so we have to append the current header after the token
+ boolean found = false;
+ while (xmlEventIterator.hasNext() && !found) {
+ XMLEvent xmlEvent = xmlEventIterator.next();
+
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+
+ //search for an element with a matching wsu:Id. this is our token
+ if (xmlEvent.isStartElement()) {
+ StartElement startElement = xmlEvent.asStartElement();
+ QName matchingElementName;
+
+ @SuppressWarnings("unchecked")
+ Iterator<Attribute> attributeIterator = startElement.getAttributes();
+ while (attributeIterator.hasNext() && !found) {
+ Attribute attribute = attributeIterator.next();
+ final QName attributeName = attribute.getName();
+ final String attributeValue = attribute.getValue();
+ if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+ || (WSSConstants.ATT_NULL_Id.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+ || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+ || (WSSConstants.ATT_NULL_ID.equals(attributeName) && appendAfterThisTokenId.endsWith(attributeValue))) {
+ matchingElementName = startElement.getName();
+ //we found the token and...
+ int level = 0;
+ while (xmlEventIterator.hasNext() && !found) {
+ xmlEvent = xmlEventIterator.next();
+
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+
+ //loop until we reach the token end element
+ if (xmlEvent.isEndElement()) {
+ EndElement endElement = xmlEvent.asEndElement();
+ if (level == 0 && endElement.getName().equals(matchingElementName)) {
+ found = true;
+ //output now the current header
+ abstractBufferingOutputProcessor.processHeaderEvent(outputProcessorChain);
+ }
+ level--;
+ } else if (xmlEvent.isStartElement()) {
+ level++;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ //loop until our security header end element and unset the flag
+ while (xmlEventIterator.hasNext()) {
+ XMLEvent xmlEvent = xmlEventIterator.next();
+ if (xmlEvent.isEndElement()) {
+ EndElement endElement = xmlEvent.asEndElement();
+ if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
+ ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+ break;
+ }
+ }
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+ }
+ //loop throug the rest of the document
+ while (xmlEventIterator.hasNext()) {
+ XMLEvent xmlEvent = xmlEventIterator.next();
+ outputProcessorChain.reset();
+ outputProcessorChain.processEvent(xmlEvent);
+ }
+ outputProcessorChain.reset();
+ }
+
+ public static void createBinarySecurityTokenStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ String valueType;
+ if (useSingleCertificate) {
+ valueType = WSSConstants.NS_X509_V3_TYPE;
+ } else {
+ valueType = WSSConstants.NS_X509PKIPathv1;
+ }
+ attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
+ attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
+ try {
+ if (useSingleCertificate) {
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+ } else {
+ try {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
+ List<X509Certificate> certificates = Arrays.asList(x509Certificates);
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
+ } catch (CertificateException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ } catch (NoSuchProviderException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+ }
+ }
+ } catch (CertificateEncodingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ }
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
+ }
+
+ public static void createX509SubjectKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
+ // As per the 1.1 specification, SKI can only be used for a V3 certificate
+ if (x509Certificates[0].getVersion() != 3) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
+ }
+
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+ byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+ }
+
+ public static void createX509KeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+ try {
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+ } catch (CertificateEncodingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ }
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+ }
+
+ public static void createThumbprintKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+ try {
+ MessageDigest sha;
+ sha = MessageDigest.getInstance("SHA-1");
+ sha.reset();
+ sha.update(x509Certificates[0].getEncoded());
+ byte[] data = sha.digest();
+
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+ } catch (CertificateEncodingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+ }
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+ }
+
+ public static void createBSTReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ String valueType;
+ if (useSingleCertificate) {
+ valueType = WSSConstants.NS_X509_V3_TYPE;
+ } else {
+ valueType = WSSConstants.NS_X509PKIPathv1;
+ }
+ attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+ if (embed) {
+ WSSUtils.createBinarySecurityTokenStructure(abstractOutputProcessor, outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
+ }
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+ }
+
+ //todo I think this is not spec conform and can be dropped
+ public static void createEmbeddedSecurityTokenReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+ }
+
+ public static void createEmbeddedKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, XMLSecurityConstants.TokenType tokenType, String referenceId) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ if (tokenType.equals(WSSConstants.Saml10Token) || tokenType.equals(WSSConstants.Saml11Token)) {
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE);
+ } else if (tokenType.equals(WSSConstants.Saml20Token)) {
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE);
+ }
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+ abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+ }
+
+ public static void createUsernameTokenReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, XMLSecurityException {
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(WSSConstants.ATT_NULL_URI, "#" + tokenId);
+ attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
+ abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+ abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+ }
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -18,7 +18,6 @@
*/
package org.swssf.wss.impl.processor.output;
-import org.apache.commons.codec.binary.Base64;
import org.swssf.wss.ext.*;
import org.swssf.wss.impl.securityToken.DelegatingSecurityToken;
import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
@@ -28,18 +27,14 @@ import org.swssf.wss.securityEvent.Signa
import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.ext.*;
-import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.security.Key;
-import java.security.NoSuchProviderException;
import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.List;
+import java.util.UUID;
/**
* @author $Author$
@@ -249,44 +244,11 @@ public class BinarySecurityTokenOutputPr
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
boolean useSingleCertificate = getSecurityProperties().isUseSingleCert();
- createBinarySecurityTokenStructure(subOutputProcessorChain, securityToken.getId(), securityToken.getX509Certificates(), useSingleCertificate);
+ WSSUtils.createBinarySecurityTokenStructure(this, subOutputProcessorChain, securityToken.getId(), securityToken.getX509Certificates(), useSingleCertificate);
outputProcessorChain.removeProcessor(this);
}
}
}
-
- //todo common method
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
- }
}
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -26,7 +26,6 @@ import org.swssf.wss.impl.derivedKey.Der
import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
import org.swssf.xmlsec.crypto.Crypto;
-import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.ext.*;
import javax.crypto.spec.SecretKeySpec;
@@ -35,12 +34,13 @@ import javax.xml.stream.XMLStreamExcepti
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.io.UnsupportedEncodingException;
-import java.security.*;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.security.Key;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.UUID;
/**
* @author $Author$
@@ -281,132 +281,21 @@ public class DerivedKeyTokenOutputProces
if (keyIdentifierType == WSSConstants.KeyIdentifierType.ISSUER_SERIAL) {
createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_EMBEDDED) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+ WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
} else {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
}
createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
}
-
- //todo common method
- protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
- // As per the 1.1 specification, SKI can only be used for a V3 certificate
- if (x509Certificates[0].getVersion() != 3) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
- }
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common methdod
- protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- MessageDigest sha;
- sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(x509Certificates[0].getEncoded());
- byte[] data = sha.digest();
-
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- if (embed) {
- createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method
- protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
- }
}
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -19,7 +19,6 @@
package org.swssf.wss.impl.processor.output;
import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSUtils;
import org.swssf.xmlsec.ext.OutputProcessorChain;
@@ -27,13 +26,7 @@ import org.swssf.xmlsec.ext.XMLSecurityC
import org.swssf.xmlsec.ext.XMLSecurityException;
import org.swssf.xmlsec.impl.processor.output.AbstractEncryptEndingOutputProcessor;
-import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.EndElement;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
-import java.util.Iterator;
/**
* Processor buffers encrypted XMLEvents and forwards them when final is called
@@ -50,7 +43,7 @@ public class EncryptEndingOutputProcesso
}
@Override
- protected void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+ public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
if (getAction() == WSSConstants.ENCRYPT_WITH_DERIVED_KEY) {
createReferenceListStructure(subOutputProcessorChain);
@@ -59,107 +52,8 @@ public class EncryptEndingOutputProcesso
@Override
public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
-
- //todo replace this and in EncryptEndingOutputProcessor with a common method somewhere
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-
- //loop until we reach our security header and set flag
- Iterator<XMLEvent> xmlEventIterator = getXmlEventBuffer().descendingIterator();
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
- && WSSUtils.isResponsibleActorOrRole(
- startElement,
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
- ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
-
- //append current header
- if (getAppendAfterThisTokenId() == null) {
- processHeaderEvent(subOutputProcessorChain);
- } else {
- //we have a dependent token. so we have to append the current header after the token
- boolean found = false;
- while (xmlEventIterator.hasNext() && !found) {
- XMLEvent xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //search for an element with a matching wsu:Id. this is our token
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- QName matchingElementName;
-
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = startElement.getAttributes();
- while (attributeIterator.hasNext() && !found) {
- Attribute attribute = attributeIterator.next();
- final QName attributeName = attribute.getName();
- final String attributeValue = attribute.getValue();
- if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_ID.equals(attributeName) && getAppendAfterThisTokenId().endsWith(attributeValue))) {
- matchingElementName = startElement.getName();
- //we found the token and...
- int level = 0;
- while (xmlEventIterator.hasNext() && !found) {
- xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //loop until we reach the token end element
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (level == 0 && endElement.getName().equals(matchingElementName)) {
- found = true;
- //output now the current header
- processHeaderEvent(subOutputProcessorChain);
- }
- level--;
- } else if (xmlEvent.isStartElement()) {
- level++;
- }
- }
- }
- }
- }
- }
- }
- //loop until our security header end element and unset the flag
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- //loop throug the rest of the document
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- subOutputProcessorChain.reset();
+ WSSUtils.flushBufferAndCallbackAfterTokenID(subOutputProcessorChain, this, getXmlEventBuffer());
//call final on the rest of the chain
subOutputProcessorChain.doFinal();
//this processor is now finished and we can remove it now
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -59,7 +59,7 @@ public class EncryptOutputProcessor exte
//avoid double encryption when child elements matches too
if (getActiveInternalEncryptionOutputProcessor() == null) {
- SecurePart securePart = securePartMatches(startElement, outputProcessorChain);
+ SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getEncryptionSecureParts());
if (securePart != null) {
logger.debug("Matched securePart for encryption");
InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -19,14 +19,10 @@
package org.swssf.wss.impl.processor.output;
import org.apache.commons.codec.binary.Base64;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.ext.*;
import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
import org.swssf.xmlsec.config.JCEAlgorithmMapper;
import org.swssf.xmlsec.crypto.Crypto;
-import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.ext.*;
import javax.crypto.*;
@@ -34,12 +30,14 @@ import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
-import java.security.*;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
/**
* @author $Author$
@@ -292,132 +290,21 @@ public class EncryptedKeyOutputProcessor
if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.ISSUER_SERIAL.name())) {
createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER.name())) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER.name())) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER.name())) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.BST_EMBEDDED.name())) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE.name())) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
} else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF.name())) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+ WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
} else {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
}
createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
}
-
- //todo common method
- protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
- // As per the 1.1 specification, SKI can only be used for a V3 certificate
- if (x509Certificates[0].getVersion() != 3) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
- }
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common methdod
- protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- MessageDigest sha;
- sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(x509Certificates[0].getEncoded());
- byte[] data = sha.digest();
-
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- if (embed) {
- createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method
- protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
- }
}
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -18,7 +18,6 @@
*/
package org.swssf.wss.impl.processor.output;
-import org.apache.commons.codec.binary.Base64;
import org.opensaml.common.SAMLVersion;
import org.swssf.wss.ext.*;
import org.swssf.wss.impl.saml.OpenSAMLUtil;
@@ -38,14 +37,13 @@ import javax.xml.stream.XMLStreamExcepti
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import java.security.Key;
-import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
/**
* @author $Author$
@@ -230,39 +228,6 @@ public class SAMLTokenOutputProcessor ex
outputProcessorChain.processEvent(xmlEvent);
}
- //todo common method
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
- }
-
class FinalSAMLTokenOutputProcessor extends AbstractOutputProcessor {
private SecurityToken securityToken;
@@ -294,7 +259,7 @@ public class SAMLTokenOutputProcessor ex
if (((WSSDocumentContext) outputProcessorChain.getDocumentContext()).isInSecurityHeader() && startElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
if (senderVouches && ((WSSSecurityProperties) getSecurityProperties()).getSignatureKeyIdentifierType() == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- outputBinarySecurityToken(outputProcessorChain, binarySecurityTokenReferenceId, securityToken.getX509Certificates(), getSecurityProperties().isUseSingleCert());
+ WSSUtils.createBinarySecurityTokenStructure(this, outputProcessorChain, binarySecurityTokenReferenceId, securityToken.getX509Certificates(), getSecurityProperties().isUseSingleCert());
}
outputSamlAssertion(samlAssertionWrapper.toDOM(null), subOutputProcessorChain);
if (senderVouches) {
@@ -327,10 +292,6 @@ public class SAMLTokenOutputProcessor ex
createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
}
- private void outputBinarySecurityToken(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
- }
-
//todo serialize directly from SAML XMLObject?
private void outputSamlAssertion(Element element, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -18,8 +18,10 @@
*/
package org.swssf.wss.impl.processor.output;
-import org.apache.commons.codec.binary.Base64;
-import org.swssf.wss.ext.*;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.wss.ext.WSSUtils;
+import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.securityEvent.SignatureValueSecurityEvent;
import org.swssf.xmlsec.ext.OutputProcessorChain;
@@ -32,18 +34,10 @@ import org.swssf.xmlsec.impl.processor.o
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.EndElement;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
/**
* @author $Author$
@@ -62,107 +56,8 @@ public class SignatureEndingOutputProces
@Override
public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
setAppendAfterThisTokenId(outputProcessorChain.getSecurityContext().<String>get(WSSConstants.PROP_APPEND_SIGNATURE_ON_THIS_ID));
-
- //todo replace this and in EncryptEndingOutputProcessor with a common method somewhere
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-
- //loop until we reach our security header and set flag
- Iterator<XMLEvent> xmlEventIterator = getXmlEventBuffer().descendingIterator();
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
- && WSSUtils.isResponsibleActorOrRole(
- startElement,
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
- ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
-
- //append current header
- if (getAppendAfterThisTokenId() == null) {
- processHeaderEvent(subOutputProcessorChain);
- } else {
- //we have a dependent token. so we have to append the current header after the token
- boolean found = false;
- while (xmlEventIterator.hasNext() && !found) {
- XMLEvent xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //search for an element with a matching wsu:Id. this is our token
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
- QName matchingElementName;
-
- @SuppressWarnings("unchecked")
- Iterator<Attribute> attributeIterator = startElement.getAttributes();
- while (attributeIterator.hasNext() && !found) {
- Attribute attribute = attributeIterator.next();
- final QName attributeName = attribute.getName();
- final String attributeValue = attribute.getValue();
- if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
- || (WSSConstants.ATT_NULL_ID.equals(attributeName) && getAppendAfterThisTokenId().endsWith(attributeValue))) {
- matchingElementName = startElement.getName();
- //we found the token and...
- int level = 0;
- while (xmlEventIterator.hasNext() && !found) {
- xmlEvent = xmlEventIterator.next();
-
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
-
- //loop until we reach the token end element
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (level == 0 && endElement.getName().equals(matchingElementName)) {
- found = true;
- //output now the current header
- processHeaderEvent(subOutputProcessorChain);
- }
- level--;
- } else if (xmlEvent.isStartElement()) {
- level++;
- }
- }
- }
- }
- }
- }
- }
- //loop until our security header end element and unset the flag
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- if (xmlEvent.isEndElement()) {
- EndElement endElement = xmlEvent.asEndElement();
- if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
- ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- break;
- }
- }
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- //loop throug the rest of the document
- while (xmlEventIterator.hasNext()) {
- XMLEvent xmlEvent = xmlEventIterator.next();
- subOutputProcessorChain.reset();
- subOutputProcessorChain.processEvent(xmlEvent);
- }
- subOutputProcessorChain.reset();
+ WSSUtils.flushBufferAndCallbackAfterTokenID(subOutputProcessorChain, this, getXmlEventBuffer());
//call final on the rest of the chain
subOutputProcessorChain.doFinal();
//this processor is now finished and we can remove it now
@@ -177,7 +72,7 @@ public class SignatureEndingOutputProces
}
@Override
- protected void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+ public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
super.processHeaderEvent(outputProcessorChain);
SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent(SecurityEvent.Event.SignatureValue);
@@ -214,160 +109,27 @@ public class SignatureEndingOutputProces
if (keyIdentifierType == WSSConstants.KeyIdentifierType.ISSUER_SERIAL) {
createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
- createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
- createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
- createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+ WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_EMBEDDED) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
- createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+ WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
- createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+ WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMEDDED_KEYIDENTIFIER_REF) {
- createEmbeddedKeyIdentifierStructure(outputProcessorChain, securityToken.getTokenType(), tokenId);
+ WSSUtils.createEmbeddedKeyIdentifierStructure(this, outputProcessorChain, securityToken.getTokenType(), tokenId);
} else if (keyIdentifierType == WSSConstants.KeyIdentifierType.USERNAMETOKEN_REFERENCE) {
- createUsernameTokenReferenceStructure(outputProcessorChain, tokenId);
+ WSSUtils.createUsernameTokenReferenceStructure(this, outputProcessorChain, tokenId);
} else {
throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedSecurityToken", keyIdentifierType.name());
}
createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
}
- //todo common method
- protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
- // As per the 1.1 specification, SKI can only be used for a V3 certificate
- if (x509Certificates[0].getVersion() != 3) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
- }
-
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- byte data[] = getSecurityProperties().getSignatureCrypto().getSKIBytesFromCert(x509Certificates[0]);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common methdod
- protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- try {
- MessageDigest sha;
- sha = MessageDigest.getInstance("SHA-1");
- sha.reset();
- sha.update(x509Certificates[0].getEncoded());
- byte[] data = sha.digest();
-
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- if (embed) {
- createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method
- protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- String valueType;
- if (useSingleCertificate) {
- valueType = WSSConstants.NS_X509_V3_TYPE;
- } else {
- valueType = WSSConstants.NS_X509PKIPathv1;
- }
- attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
- attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
- attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
- try {
- if (useSingleCertificate) {
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
- } else {
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
- List<X509Certificate> certificates = Arrays.asList(x509Certificates);
- createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
- } catch (CertificateException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- } catch (NoSuchProviderException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
- }
- }
- } catch (CertificateEncodingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
- }
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
- }
-
- //todo common method
- protected void createEmbeddedKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, XMLSecurityConstants.TokenType tokenType, String referenceId) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- if (tokenType.equals(WSSConstants.Saml10Token) || tokenType.equals(WSSConstants.Saml11Token)) {
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE);
- } else if (tokenType.equals(WSSConstants.Saml20Token)) {
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE);
- }
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
- createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
- }
-
- //todo common method
- protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
- //todo common method:
- protected void createUsernameTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, XMLSecurityException {
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(WSSConstants.ATT_NULL_URI, "#" + tokenId);
- attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
- createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
- }
-
protected void createTransformsStructureForSignature(OutputProcessorChain subOutputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
Map<QName, String> attributes;
if (signaturePartDef.getTransformAlgo() != null) {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -57,7 +57,7 @@ public class SignatureOutputProcessor ex
//avoid double signature when child elements matches too
if (getActiveInternalSignatureOutputProcessor() == null) {
- SecurePart securePart = securePartMatches(startElement, outputProcessorChain);
+ SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getSignatureSecureParts());
if (securePart != null) {
logger.debug("Matched securePart for signature");
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java Wed Nov 2 11:40:54 2011
@@ -21,6 +21,7 @@ package org.swssf.xmlsec.ext;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.XMLEvent;
import java.util.ArrayDeque;
+import java.util.Deque;
/**
* An abstract OutputProcessor class for reusabilty
@@ -37,15 +38,15 @@ public abstract class AbstractBufferingO
super(securityProperties, action);
}
- public ArrayDeque<XMLEvent> getXmlEventBuffer() {
+ public Deque<XMLEvent> getXmlEventBuffer() {
return xmlEventBuffer;
}
- protected String getAppendAfterThisTokenId() {
+ public String getAppendAfterThisTokenId() {
return appendAfterThisTokenId;
}
- protected void setAppendAfterThisTokenId(String appendAfterThisTokenId) {
+ public void setAppendAfterThisTokenId(String appendAfterThisTokenId) {
this.appendAfterThisTokenId = appendAfterThisTokenId;
}
@@ -57,5 +58,5 @@ public abstract class AbstractBufferingO
@Override
public abstract void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
- protected abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
+ public abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
}