You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/11/21 18:19:15 UTC
svn commit: r1412202 - in /webservices/wss4j/trunk/ws-security-dom/src:
main/java/org/apache/ws/security/dom/handler/
main/java/org/apache/ws/security/dom/processor/
main/java/org/apache/ws/security/dom/saml/
test/java/org/apache/ws/security/dom/saml/
Author: coheigea
Date: Wed Nov 21 17:19:15 2012
New Revision: 1412202
URL: http://svn.apache.org/viewvc?rev=1412202&view=rev
Log:
[WSS-406] - Refining the previous commit a bit
Conflicts:
src/main/java/org/apache/ws/security/saml/SAMLUtil.java
ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java
ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SignatureProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/saml/WSSSAMLKeyInfoProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java Wed Nov 21 17:19:15 2012
@@ -25,7 +25,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
-import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.callback.CallbackHandler;
@@ -95,7 +94,7 @@ public class RequestData {
private final List<BSPRule> ignoredBSPRules = new LinkedList<BSPRule>();
private boolean appendSignatureAfterTimestamp;
private AlgorithmSuite algorithmSuite;
- private Map<QName, AlgorithmSuite> algorithmSuiteMap = Collections.emptyMap();
+ private AlgorithmSuite samlAlgorithmSuite;
public void clear() {
soapConstants = null;
@@ -124,7 +123,7 @@ public class RequestData {
ignoredBSPRules.clear();
appendSignatureAfterTimestamp = false;
algorithmSuite = null;
- algorithmSuiteMap.clear();
+ samlAlgorithmSuite = null;
}
public Object getMsgContext() {
@@ -565,14 +564,6 @@ public class RequestData {
this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
}
- public Map<QName, AlgorithmSuite> getAlgorithmSuiteMap() {
- return algorithmSuiteMap;
- }
-
- public void setAlgorithmSuiteMap(Map<QName, AlgorithmSuite> algorithmSuiteMap) {
- this.algorithmSuiteMap = algorithmSuiteMap;
- }
-
public AlgorithmSuite getAlgorithmSuite() {
return algorithmSuite;
}
@@ -580,5 +571,13 @@ public class RequestData {
public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
this.algorithmSuite = algorithmSuite;
}
+
+ public AlgorithmSuite getSamlAlgorithmSuite() {
+ return samlAlgorithmSuite;
+ }
+
+ public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
+ this.samlAlgorithmSuite = samlAlgorithmSuite;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java Wed Nov 21 17:19:15 2012
@@ -540,13 +540,13 @@ public abstract class WSHandler {
}
protected void decodeAlgorithmSuite(RequestData reqData) throws WSSecurityException {
- AlgorithmSuite algorithmSuite = new AlgorithmSuite();
-
Object mc = reqData.getMsgContext();
- if (mc == null) {
+ if (mc == null || reqData.getAlgorithmSuite() != null) {
return;
}
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+
String signatureAlgorithm = getString(WSHandlerConstants.SIG_ALGO, mc);
if (signatureAlgorithm != null && !"".equals(signatureAlgorithm)) {
algorithmSuite.addSignatureMethod(signatureAlgorithm);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SAMLTokenProcessor.java Wed Nov 21 17:19:15 2012
@@ -35,7 +35,6 @@ import org.w3c.dom.Element;
import org.apache.ws.security.dom.SAMLTokenPrincipal;
import org.apache.ws.security.dom.WSConstants;
import org.apache.ws.security.dom.WSDocInfo;
-import org.apache.ws.security.dom.WSSecurityEngine;
import org.apache.ws.security.dom.WSSecurityEngineResult;
import org.apache.ws.security.common.crypto.AlgorithmSuite;
import org.apache.ws.security.common.crypto.AlgorithmSuiteValidator;
@@ -147,12 +146,7 @@ public class SAMLTokenProcessor implemen
}
// Check for compliance against the defined AlgorithmSuite
- AlgorithmSuite algorithmSuite = null;
- if (assertion.getSaml2() != null) {
- algorithmSuite = data.getAlgorithmSuiteMap().get(WSSecurityEngine.SAML2_TOKEN);
- } else {
- algorithmSuite = data.getAlgorithmSuiteMap().get(WSSecurityEngine.SAML_TOKEN);
- }
+ AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SignatureProcessor.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/processor/SignatureProcessor.java Wed Nov 21 17:19:15 2012
@@ -203,7 +203,7 @@ public class SignatureProcessor implemen
// Check for compliance against the defined AlgorithmSuite
AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
- if (algorithmSuite != null ) {
+ if (algorithmSuite != null) {
AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/saml/WSSSAMLKeyInfoProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/saml/WSSSAMLKeyInfoProcessor.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/saml/WSSSAMLKeyInfoProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/saml/WSSSAMLKeyInfoProcessor.java Wed Nov 21 17:19:15 2012
@@ -19,14 +19,18 @@
package org.apache.ws.security.dom.saml;
+import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import javax.xml.namespace.QName;
+import org.apache.ws.security.dom.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.dom.WSDocInfo;
import org.apache.ws.security.dom.WSSecurityEngine;
import org.apache.ws.security.dom.WSSecurityEngineResult;
+import org.apache.ws.security.common.crypto.AlgorithmSuite;
+import org.apache.ws.security.common.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.common.ext.WSSecurityException;
import org.apache.ws.security.common.saml.SAMLKeyInfo;
import org.apache.ws.security.common.saml.SAMLKeyInfoProcessor;
@@ -73,7 +77,7 @@ public class WSSSAMLKeyInfoProcessor imp
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
List<WSSecurityEngineResult> result =
- proc.handleToken((Element)node, data, docInfo);
+ proc.handleToken((Element)node, data, docInfo, data.getSamlAlgorithmSuite());
byte[] secret =
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
@@ -95,6 +99,23 @@ public class WSSSAMLKeyInfoProcessor imp
SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(strParser.getCertificates());
samlKeyInfo.setPublicKey(strParser.getPublicKey());
samlKeyInfo.setSecret(strParser.getSecretKey());
+
+ Principal principal = strParser.getPrincipal();
+
+ // Check for compliance against the defined AlgorithmSuite
+ AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
+ if (algorithmSuite != null && principal instanceof WSDerivedKeyTokenPrincipal) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
+ AlgorithmSuiteValidator(algorithmSuite);
+
+ algorithmSuiteValidator.checkDerivedKeyAlgorithm(
+ ((WSDerivedKeyTokenPrincipal)principal).getAlgorithm()
+ );
+ algorithmSuiteValidator.checkSignatureDerivedKeyLength(
+ ((WSDerivedKeyTokenPrincipal)principal).getLength()
+ );
+ }
+
return samlKeyInfo;
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java?rev=1412202&r1=1412201&r2=1412202&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/saml/SamlAlgorithmSuiteTest.java Wed Nov 21 17:19:15 2012
@@ -207,13 +207,7 @@ public class SamlAlgorithmSuiteTest exte
WSSecurityEngine secEngine = new WSSecurityEngine();
RequestData data = new RequestData();
data.setSigVerCrypto(sigVerCrypto);
- Map<QName, AlgorithmSuite> algorithmSuiteMap = new HashMap<QName, AlgorithmSuite>();
- if (saml2) {
- algorithmSuiteMap.put(WSSecurityEngine.SAML2_TOKEN, algorithmSuite);
- } else {
- algorithmSuiteMap.put(WSSecurityEngine.SAML_TOKEN, algorithmSuite);
- }
- data.setAlgorithmSuiteMap(algorithmSuiteMap);
+ data.setSamlAlgorithmSuite(algorithmSuite);
return secEngine.processSecurityHeader(securityHeader, data);
}