You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/06/12 16:32:34 UTC
svn commit: r1861147 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/token/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/
ws-securit...
Author: coheigea
Date: Wed Jun 12 16:32:34 2019
New Revision: 1861147
URL: http://svn.apache.org/viewvc?rev=1861147&view=rev
Log:
WSS-651 - Incorrect signature if document has WSU_NS declared on SOAP Header or Envelope
Added:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java Wed Jun 12 16:32:34 2019
@@ -142,7 +142,7 @@ public class BinarySecurity {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSS4JConstants.WSU_PREFIX, WSS4JConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java Wed Jun 12 16:32:34 2019
@@ -117,7 +117,7 @@ public class SecurityTokenReference {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSS4JConstants.WSU_PREFIX, WSS4JConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java Wed Jun 12 16:32:34 2019
@@ -48,6 +48,7 @@ public class WSSecBase {
protected CallbackHandler attachmentCallbackHandler;
protected boolean storeBytesInAttachment;
protected boolean expandXopInclude;
+ protected boolean addWSUNamespace;
private WsuIdAllocator idAllocator;
private final List<WSEncryptionPart> parts = new ArrayList<>();
@@ -62,6 +63,9 @@ public class WSSecBase {
} else {
doc = null;
}
+
+ // Explicitly add the WSU Namespace if we already have a different prefix
+ addWSUNamespace = securityHeader.getWsuPrefix() != null && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
}
public WSSecBase(Document doc) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Wed Jun 12 16:32:34 2019
@@ -161,6 +161,9 @@ public class WSSecDKEncrypt extends WSSe
KeyInfo keyInfo = new KeyInfo(getDocument());
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
secToken.addWSSENamespace();
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
Reference ref = new Reference(getDocument());
ref.setURI("#" + getId());
String ns =
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java Wed Jun 12 16:32:34 2019
@@ -156,6 +156,9 @@ public class WSSecDKSign extends WSSecDe
secRef = new SecurityTokenReference(getDocument());
strUri = getIdAllocator().createSecureId("STR-", secRef);
secRef.setID(strUri);
+ if (addWSUNamespace) {
+ secRef.addWSUNamespace();
+ }
Reference ref = new Reference(getDocument());
ref.setURI("#" + getId());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java Wed Jun 12 16:32:34 2019
@@ -217,11 +217,17 @@ public abstract class WSSecDerivedKeyBas
dkt.setLength(length);
dkt.setNonce(XMLUtils.encodeToString(nonce));
dkt.setID(dktId);
+ if (addWSUNamespace) {
+ dkt.addWSUNamespace();
+ }
if (strElem == null) {
SecurityTokenReference secRef = new SecurityTokenReference(getDocument());
String strUri = getIdAllocator().createSecureId("STR-", secRef);
secRef.setID(strUri);
+ if (addWSUNamespace) {
+ secRef.addWSUNamespace();
+ }
X509Certificate[] certs = getSigningCerts();
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Wed Jun 12 16:32:34 2019
@@ -291,6 +291,9 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(getEncryptedKeyElement());
} else if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
if (customReferenceValue != null) {
secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
@@ -301,18 +304,27 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
secToken.setKeyIdentifier(WSConstants.WSS_SAML_KI_VALUE_TYPE, getId());
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, getId());
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
secToken.setKeyIdentifier(customReferenceValue, getId(), true);
@@ -325,6 +337,9 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(securityTokenReference.getElement());
} else if (getId() != null) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
Reference ref = new Reference(getDocument());
if (encKeyIdDirectId) {
@@ -344,6 +359,9 @@ public class WSSecEncrypt extends WSSecE
keyInfo.addUnknownElement(secToken.getElement());
} else if (!encryptSymmKey && keyIdentifierType == WSConstants.ISSUER_SERIAL) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
secToken.addWSSENamespace();
if (customReferenceValue != null) {
secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Wed Jun 12 16:32:34 2019
@@ -250,6 +250,9 @@ public class WSSecEncryptedKey extends W
encryptedKeyElement.appendChild(getDocument().adoptNode(customEKKeyInfoElement));
} else {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
@@ -385,6 +388,9 @@ public class WSSecEncryptedKey extends W
encryptedKeyElement.appendChild(getDocument().adoptNode(customEKKeyInfoElement));
} else {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+ if (addWSUNamespace) {
+ secToken.addWSUNamespace();
+ }
switch (keyIdentifierType) {
@@ -552,6 +558,9 @@ public class WSSecEncryptedKey extends W
bstAddedToSecurityHeader = false;
bstToken.setID(IDGenerator.generateID(null));
+ if (addWSUNamespace) {
+ bstToken.addWSUNamespace();
+ }
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java Wed Jun 12 16:32:34 2019
@@ -43,6 +43,8 @@ public class WSSecHeader {
private final Document doc;
+ private String wsuPrefix = WSConstants.WSU_PREFIX;
+
/**
* Constructor.
* @param doc The Document to use when creating the security header
@@ -92,7 +94,7 @@ public class WSSecHeader {
public void setMustUnderstand(boolean mu) {
mustunderstand = mu;
}
-
+
/**
* Get the security header document of this instance.
*
@@ -194,7 +196,7 @@ public class WSSecHeader {
mustUnderstandLocal
);
}
- XMLUtils.setNamespace(securityHeader, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ wsuPrefix = XMLUtils.setNamespace(securityHeader, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
return securityHeader;
}
@@ -218,4 +220,8 @@ public class WSSecHeader {
}
}
+ public String getWsuPrefix() {
+ return wsuPrefix;
+ }
+
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Wed Jun 12 16:32:34 2019
@@ -455,6 +455,9 @@ public class WSSecSignature extends WSSe
getDocument().createElementNS(WSS4JConstants.WSSE_NS, "wsse:BinarySecurityToken");
bstToken.setAttributeNS(null, "EncodingType", WSS4JConstants.BASE64_ENCODING);
bstToken.setAttributeNS(WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX + ":Id", certUri);
+ if (addWSUNamespace) {
+ bstToken.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
+ }
byte[] certBytes = null;
if (!useSingleCert) {
@@ -485,6 +488,9 @@ public class WSSecSignature extends WSSe
((X509Security) binarySecurity).setX509Certificate(certs[0]);
}
binarySecurity.setID(certUri);
+ if (addWSUNamespace) {
+ binarySecurity.addWSUNamespace();
+ }
bstToken = binarySecurity.getElement();
getWsDocInfo().addTokenElement(bstToken, false);
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java Wed Jun 12 16:32:34 2019
@@ -63,6 +63,9 @@ public class WSSecSignatureConfirmation
public void prepare() {
sc = new SignatureConfirmation(getDocument(), signatureValue);
sc.setID(getIdAllocator().createId("SC-", sc));
+ if (addWSUNamespace) {
+ sc.addWSUNamespace();
+ }
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java Wed Jun 12 16:32:34 2019
@@ -73,6 +73,9 @@ public class WSSecTimestamp extends WSSe
ts = new Timestamp(precisionInMilliSeconds, getDocument(), wsTimeSource, timeToLive);
String tsId = getIdAllocator().createId("TS-", ts);
ts.setID(tsId);
+ if (addWSUNamespace) {
+ ts.addWSUNamespace();
+ }
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java Wed Jun 12 16:32:34 2019
@@ -185,6 +185,9 @@ public class WSSecUsernameToken extends
ut.addCreated(precisionInMilliSeconds, wsTimeSource, getDocument());
}
ut.setID(getIdAllocator().createId("UsernameToken-", ut));
+ if (addWSUNamespace) {
+ ut.addWSUNamespace();
+ }
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java Wed Jun 12 16:32:34 2019
@@ -156,7 +156,7 @@ public class DerivedKeyToken {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java Wed Jun 12 16:32:34 2019
@@ -177,7 +177,7 @@ public class SecurityContextToken {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java Wed Jun 12 16:32:34 2019
@@ -88,7 +88,7 @@ public class SignatureConfirmation {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java Wed Jun 12 16:32:34 2019
@@ -119,12 +119,12 @@ public class Timestamp {
if (!ZoneOffset.UTC.equals(createdDateTime.getZone())) {
bspEnforcer.handleBSPRule(BSPRule.R3217);
}
-
+
created = createdDateTime.toInstant();
} catch (DateTimeParseException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
-
+
if (created.getNano() > 0) {
int milliseconds = created.get(ChronoField.MILLI_OF_SECOND);
if (milliseconds * 1000000 != created.getNano()) {
@@ -139,12 +139,12 @@ public class Timestamp {
if (!ZoneOffset.UTC.equals(expiresDateTime.getZone())) {
bspEnforcer.handleBSPRule(BSPRule.R3223);
}
-
+
expires = expiresDateTime.toInstant();
} catch (DateTimeParseException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
-
+
if (expires.getNano() > 0) {
int milliseconds = expires.get(ChronoField.MILLI_OF_SECOND);
if (milliseconds * 1000000 != expires.getNano()) {
@@ -185,13 +185,13 @@ public class Timestamp {
WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN
);
created = timeSource.now();
-
+
DateTimeFormatter formatter = DateUtil.getDateTimeFormatter(milliseconds);
elementCreated.appendChild(doc.createTextNode(created.atZone(ZoneOffset.UTC).format(formatter)));
-
+
element.appendChild(elementCreated);
if (ttl != 0) {
- expires = created.plusSeconds((long)ttl);
+ expires = created.plusSeconds(ttl);
Element elementExpires =
doc.createElementNS(
@@ -207,7 +207,7 @@ public class Timestamp {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1861147&r1=1861146&r2=1861147&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java Wed Jun 12 16:32:34 2019
@@ -282,7 +282,7 @@ public class UsernameToken {
* efficiency purposes.
*/
public void addWSUNamespace() {
- XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
/**
Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java?rev=1861147&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java Wed Jun 12 16:32:34 2019
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.message;
+
+import java.util.List;
+
+import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+
+/**
+ * Test signing with an existing wsu namespace defined with a different prefix to "wsu"
+ */
+public class SignatureWSS651Test {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SignatureWSS651Test.class);
+
+ private static final String SAMPLE_SOAP_MSG_WSU_NS =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope "
+ + "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
+ + "xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" "
+ + ">"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
+ + "<value xmlns=\"\">15</value>"
+ + "</add>"
+ + "</SOAP-ENV:Body>"
+ + "</SOAP-ENV:Envelope>";
+
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+ private Crypto crypto;
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ }
+
+ public SignatureWSS651Test() throws Exception {
+ WSSConfig.init();
+ crypto = CryptoFactory.getInstance();
+ }
+
+ @Test
+ public void testSignedTimestamp() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(SAMPLE_SOAP_MSG_WSU_NS);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecTimestamp timestamp = new WSSecTimestamp(secHeader);
+ timestamp.setTimeToLive(300);
+ timestamp.build();
+
+ WSSecSignature builder = new WSSecSignature(secHeader);
+ builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+
+ // builder.setAddInclusivePrefixes(false);
+
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "Timestamp",
+ WSConstants.WSU_NS,
+ "");
+ builder.getParts().add(encP);
+
+ builder.prepare(crypto);
+
+ List<javax.xml.crypto.dsig.Reference> referenceList =
+ builder.addReferencesToSign(builder.getParts());
+
+ builder.computeSignature(referenceList, false, null);
+
+ String outputString = XMLUtils.prettyDocumentToString(doc);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ LOG.debug(outputString);
+ }
+
+ verify(doc);
+
+ Document doc2 = SOAPUtil.toSOAPPart(outputString);
+ verify(doc2);
+ }
+
+ /**
+ * Verifies the soap envelope.
+ * This method verifies all the signature generated.
+ *
+ * @param env soap envelope
+ * @throws java.lang.Exception Thrown when there is a problem in verification
+ */
+ private WSHandlerResult verify(Document doc) throws Exception {
+ return secEngine.processSecurityHeader(doc, null, null, crypto);
+ }
+
+}
\ No newline at end of file