You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/09/18 15:47:44 UTC
svn commit: r998467 - in /webservices/wss4j/trunk: ./
src/org/apache/ws/security/message/ test/wssec/
Author: coheigea
Date: Sat Sep 18 13:47:44 2010
New Revision: 998467
URL: http://svn.apache.org/viewvc?rev=998467&view=rev
Log:
[WSS-242] - Patch applied
- I removed all of the static methods from WSSecSignature, and put them in a new file WSSecSignatureBase instead.
- Maven plugin verisons added back into the pom.
Added:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureBase.java
Modified:
webservices/wss4j/trunk/pom.xml
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew6.java
Modified: webservices/wss4j/trunk/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/pom.xml?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/pom.xml (original)
+++ webservices/wss4j/trunk/pom.xml Sat Sep 18 13:47:44 2010
@@ -149,6 +149,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
+ <version>2.5</version>
<configuration>
<linkXRef>false</linkXRef>
<failOnViolation>true</failOnViolation>
@@ -172,6 +173,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
+ <version>2.1.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
@@ -228,6 +230,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
+ <version>2.6</version>
<configuration>
<reportFormat>brief</reportFormat>
<useFile>false</useFile>
@@ -242,6 +245,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
+ <version>2.0</version>
<configuration>
<tagBase>
https://svn.apache.org/repos/asf/webservices/wss4j/tags/
@@ -251,6 +255,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
+ <version>2.3.2</version>
<configuration>
<source>1.3</source>
<target>1.3</target>
@@ -262,6 +267,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
+ <version>2.1.2</version>
<executions>
<execution>
<goals>
@@ -276,6 +282,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.7</version>
<executions>
<execution>
<goals>
@@ -290,6 +297,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
+ <version>2.1</version>
<configuration>
<descriptors>
<descriptor>assembly/bin.xml</descriptor>
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecBase.java Sat Sep 18 13:47:44 2010
@@ -46,7 +46,7 @@ public class WSSecBase {
protected boolean doDebug = false;
protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
-
+
/**
* Set which parts of the message to encrypt/sign. <p/>
*
@@ -118,11 +118,26 @@ public class WSSecBase {
protected String setWsuId(Element bodyElement) {
String id = bodyElement.getAttributeNS(WSConstants.WSU_NS, "Id");
+ String newAttrNs = WSConstants.WSU_NS;
+ String newAttrPrefix = WSConstants.WSU_PREFIX;
+
+ if ((id == null || id.length() == 0)
+ && WSConstants.ENC_NS.equals(bodyElement.getNamespaceURI())
+ && (WSConstants.ENC_DATA_LN.equals(bodyElement.getLocalName())
+ || WSConstants.ENC_KEY_LN.equals(bodyElement.getLocalName()))
+ ) {
+ // If it is an XML-Enc derived element, it may already have an ID,
+ // plus it is not schema valid to add an additional ID.
+ id = bodyElement.getAttribute("Id");
+ newAttrPrefix = WSConstants.ENC_PREFIX;
+ newAttrNs = WSConstants.ENC_NS;
+ }
+
if ((id == null) || (id.length() == 0)) {
id = wssConfig.getIdAllocator().createId("id-", bodyElement);
String prefix =
- WSSecurityUtil.setNamespace(bodyElement, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
- bodyElement.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
+ WSSecurityUtil.setNamespace(bodyElement, newAttrNs, newAttrPrefix);
+ bodyElement.setAttributeNS(newAttrNs, prefix + ":Id", id);
}
return id;
}
@@ -143,4 +158,5 @@ public class WSSecBase {
this.user = user;
this.password = password;
}
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Sat Sep 18 13:47:44 2010
@@ -118,8 +118,7 @@ public class WSSecDKSign extends WSSecDe
try {
C14NMethodParameterSpec c14nSpec = null;
if (wssConfig.isWsiBSPCompliant() && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
- List prefixes =
- WSSecSignature.getInclusivePrefixes(secHeader.getSecurityHeader(), false);
+ List prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
c14nSpec = new ExcC14NParameterSpec(prefixes);
}
@@ -160,7 +159,7 @@ public class WSSecDKSign extends WSSecDe
public List addReferencesToSign(List references, WSSecHeader secHeader)
throws WSSecurityException {
return
- WSSecSignature.addReferencesToSign(
+ addReferencesToSign(
document,
references,
signatureFactory,
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDerivedKeyBase.java Sat Sep 18 13:47:44 2010
@@ -41,7 +41,7 @@ import java.io.UnsupportedEncodingExcept
* @author Davanum Srinivas (dims@yahoo.com)
* @author Werner Dittmann (werner@apache.org)
*/
-public abstract class WSSecDerivedKeyBase extends WSSecBase {
+public abstract class WSSecDerivedKeyBase extends WSSecSignatureBase {
protected Document document;
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Sat Sep 18 13:47:44 2010
@@ -25,7 +25,6 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
@@ -35,29 +34,23 @@ import org.apache.ws.security.message.to
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
-import org.apache.ws.security.transform.STRApacheTransform;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
-import java.util.Collections;
import java.util.List;
import java.util.Vector;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.XMLSignContext;
@@ -67,7 +60,6 @@ import javax.xml.crypto.dsig.keyinfo.Key
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
/**
@@ -83,7 +75,7 @@ import javax.xml.crypto.dsig.spec.Transf
* @author Davanum Srinivas (dims@yahoo.com)
* @author Werner Dittmann (werner@apache.org)
*/
-public class WSSecSignature extends WSSecBase {
+public class WSSecSignature extends WSSecSignatureBase {
private static Log log = LogFactory.getLog(WSSecSignature.class.getName());
@@ -342,142 +334,6 @@ public class WSSecSignature extends WSSe
/**
- * This method adds references to the Signature.
- *
- * @param doc The parent document
- * @param references The list of references to sign
- * @param sig The XMLSignature object
- * @param secHeader The Security Header
- * @param wssConfig The WSSConfig
- * @param digestAlgo The digest algorithm to use
- * @throws WSSecurityException
- */
- public static List addReferencesToSign(
- Document doc,
- List references,
- XMLSignatureFactory signatureFactory,
- WSSecHeader secHeader,
- WSSConfig wssConfig,
- String digestAlgo
- ) throws WSSecurityException {
- Element envelope = doc.getDocumentElement();
-
- DigestMethod digestMethod;
- try {
- digestMethod = signatureFactory.newDigestMethod(digestAlgo, null);
- } catch (Exception ex) {
- log.error("", ex);
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
- );
- }
-
- List referenceList = new Vector();
-
- for (int part = 0; part < references.size(); part++) {
- WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
-
- String idToSign = encPart.getId();
- String elemName = encPart.getName();
-
- //
- // Set up the elements to sign. There is one reserved element
- // names: "STRTransform": Setup the ds:Reference to use STR Transform
- //
- try {
- if (idToSign != null && !"STRTransform".equals(elemName)) {
- Element toSignById =
- WSSecurityUtil.findElementById(
- envelope, idToSign, WSConstants.WSU_NS, false
- );
- if (toSignById == null) {
- toSignById =
- WSSecurityUtil.findElementById(
- envelope, idToSign, null, false
- );
- }
- TransformParameterSpec transformSpec = null;
- if (wssConfig.isWsiBSPCompliant()) {
- List prefixes = getInclusivePrefixes(toSignById);
- transformSpec = new ExcC14NParameterSpec(prefixes);
- }
- Transform transform =
- signatureFactory.newTransform(
- WSConstants.C14N_EXCL_OMIT_COMMENTS,
- transformSpec
- );
- javax.xml.crypto.dsig.Reference reference =
- signatureFactory.newReference(
- "#" + idToSign,
- digestMethod,
- Collections.singletonList(transform),
- null,
- null
- );
- referenceList.add(reference);
- } else if (idToSign != null && elemName.equals("STRTransform")) {
- Element ctx = createSTRParameter(doc);
-
- XMLStructure structure = new DOMStructure(ctx);
- Transform transform =
- signatureFactory.newTransform(
- STRApacheTransform.TRANSFORM_URI,
- structure
- );
-
- javax.xml.crypto.dsig.Reference reference =
- signatureFactory.newReference(
- "#" + idToSign,
- digestMethod,
- Collections.singletonList(transform),
- null,
- null
- );
- referenceList.add(reference);
- } else {
- String nmSpace = encPart.getNamespace();
- Element elementToSign =
- (Element)WSSecurityUtil.findElement(envelope, elemName, nmSpace);
- if (elementToSign == null) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "noEncElement",
- new Object[] {nmSpace + ", " + elemName}
- );
- }
- TransformParameterSpec transformSpec = null;
- if (wssConfig.isWsiBSPCompliant()) {
- List prefixes = getInclusivePrefixes(elementToSign);
- transformSpec = new ExcC14NParameterSpec(prefixes);
- }
- Transform transform =
- signatureFactory.newTransform(
- WSConstants.C14N_EXCL_OMIT_COMMENTS,
- transformSpec
- );
- javax.xml.crypto.dsig.Reference reference =
- signatureFactory.newReference(
- "#" + setWsuId(elementToSign, wssConfig),
- digestMethod,
- Collections.singletonList(transform),
- null,
- null
- );
- referenceList.add(reference);
- }
- } catch (Exception ex) {
- log.error("", ex);
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
- );
- }
- }
-
- return referenceList;
- }
-
-
- /**
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
*
@@ -571,99 +427,6 @@ public class WSSecSignature extends WSSe
}
}
-
-
- /**
- * Set the wsu:Id on the element argument
- */
- public static String setWsuId(Element element, WSSConfig wssConfig) {
- String id = element.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if ((id == null) || (id.length() == 0)) {
- id = wssConfig.getIdAllocator().createId("id-", element);
- String prefix =
- WSSecurityUtil.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
- element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
- }
- return id;
- }
-
- /**
- * Create an STRTransformationParameters element
- */
- public static Element createSTRParameter(Document doc) {
- Element transformParam =
- doc.createElementNS(
- WSConstants.WSSE_NS,
- WSConstants.WSSE_PREFIX + ":TransformationParameters"
- );
-
- Element canonElem =
- doc.createElementNS(
- WSConstants.SIG_NS,
- WSConstants.SIG_PREFIX + ":CanonicalizationMethod"
- );
-
- canonElem.setAttributeNS(null, "Algorithm", WSConstants.C14N_EXCL_OMIT_COMMENTS);
- transformParam.appendChild(canonElem);
- return transformParam;
- }
-
-
- /**
- * Get the List of inclusive prefixes from the DOM Element argument
- */
- public static List getInclusivePrefixes(Element target) {
- return getInclusivePrefixes(target, true);
- }
-
-
- /**
- * Get the List of inclusive prefixes from the DOM Element argument
- */
- public static List getInclusivePrefixes(Element target, boolean excludeVisible) {
- List result = new Vector();
- Node parent = target;
- while (!(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
- parent = parent.getParentNode();
- NamedNodeMap attributes = parent.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- Node attribute = attributes.item(i);
- if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
- if ("xmlns".equals(attribute.getNodeName())) {
- result.add("#default");
- } else {
- result.add(attribute.getLocalName());
- }
- }
- }
- }
-
- if (excludeVisible == true) {
- NamedNodeMap attributes = target.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- Node attribute = attributes.item(i);
- if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
- if ("xmlns".equals(attribute.getNodeName())) {
- result.remove("#default");
- } else {
- result.remove(attribute.getLocalName());
- }
- }
- if (attribute.getPrefix() != null) {
- result.remove(attribute.getPrefix());
- }
- }
-
- if (target.getPrefix() == null) {
- result.remove("#default");
- } else {
- result.remove(target.getPrefix());
- }
- }
-
- return result;
- }
/**
Added: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureBase.java?rev=998467&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureBase.java (added)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignatureBase.java Sat Sep 18 13:47:44 2010
@@ -0,0 +1,266 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.transform.STRApacheTransform;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Vector;
+
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+/**
+ * This is the base class for WS Security messages that are used for signature generation or
+ * verification.
+ */
+public class WSSecSignatureBase extends WSSecBase {
+
+ private static Log log = LogFactory.getLog(WSSecSignatureBase.class.getName());
+
+ /**
+ * This method adds references to the Signature.
+ *
+ * @param doc The parent document
+ * @param references The list of references to sign
+ * @param sig The XMLSignature object
+ * @param secHeader The Security Header
+ * @param wssConfig The WSSConfig
+ * @param digestAlgo The digest algorithm to use
+ * @throws WSSecurityException
+ */
+ public List addReferencesToSign(
+ Document doc,
+ List references,
+ XMLSignatureFactory signatureFactory,
+ WSSecHeader secHeader,
+ WSSConfig wssConfig,
+ String digestAlgo
+ ) throws WSSecurityException {
+ Element envelope = doc.getDocumentElement();
+
+ DigestMethod digestMethod;
+ try {
+ digestMethod = signatureFactory.newDigestMethod(digestAlgo, null);
+ } catch (Exception ex) {
+ log.error("", ex);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
+ );
+ }
+
+ List referenceList = new Vector();
+
+ for (int part = 0; part < references.size(); part++) {
+ WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
+
+ String idToSign = encPart.getId();
+ String elemName = encPart.getName();
+
+ //
+ // Set up the elements to sign. There is one reserved element
+ // names: "STRTransform": Setup the ds:Reference to use STR Transform
+ //
+ try {
+ if (idToSign != null && !"STRTransform".equals(elemName)) {
+ Element toSignById =
+ WSSecurityUtil.findElementById(
+ envelope, idToSign, WSConstants.WSU_NS, false
+ );
+ if (toSignById == null) {
+ toSignById =
+ WSSecurityUtil.findElementById(
+ envelope, idToSign, null, false
+ );
+ }
+ TransformParameterSpec transformSpec = null;
+ if (wssConfig.isWsiBSPCompliant()) {
+ List prefixes = getInclusivePrefixes(toSignById);
+ transformSpec = new ExcC14NParameterSpec(prefixes);
+ }
+ Transform transform =
+ signatureFactory.newTransform(
+ WSConstants.C14N_EXCL_OMIT_COMMENTS,
+ transformSpec
+ );
+ javax.xml.crypto.dsig.Reference reference =
+ signatureFactory.newReference(
+ "#" + idToSign,
+ digestMethod,
+ Collections.singletonList(transform),
+ null,
+ null
+ );
+ referenceList.add(reference);
+ } else if (idToSign != null && elemName.equals("STRTransform")) {
+ Element ctx = createSTRParameter(doc);
+
+ XMLStructure structure = new DOMStructure(ctx);
+ Transform transform =
+ signatureFactory.newTransform(
+ STRApacheTransform.TRANSFORM_URI,
+ structure
+ );
+
+ javax.xml.crypto.dsig.Reference reference =
+ signatureFactory.newReference(
+ "#" + idToSign,
+ digestMethod,
+ Collections.singletonList(transform),
+ null,
+ null
+ );
+ referenceList.add(reference);
+ } else {
+ String nmSpace = encPart.getNamespace();
+ Element elementToSign =
+ (Element)WSSecurityUtil.findElement(envelope, elemName, nmSpace);
+ if (elementToSign == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noEncElement",
+ new Object[] {nmSpace + ", " + elemName}
+ );
+ }
+ TransformParameterSpec transformSpec = null;
+ if (wssConfig.isWsiBSPCompliant()) {
+ List prefixes = getInclusivePrefixes(elementToSign);
+ transformSpec = new ExcC14NParameterSpec(prefixes);
+ }
+ Transform transform =
+ signatureFactory.newTransform(
+ WSConstants.C14N_EXCL_OMIT_COMMENTS,
+ transformSpec
+ );
+ javax.xml.crypto.dsig.Reference reference =
+ signatureFactory.newReference(
+ "#" + setWsuId(elementToSign),
+ digestMethod,
+ Collections.singletonList(transform),
+ null,
+ null
+ );
+ referenceList.add(reference);
+ }
+ } catch (Exception ex) {
+ log.error("", ex);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
+ );
+ }
+ }
+
+ return referenceList;
+ }
+
+ /**
+ * Get the List of inclusive prefixes from the DOM Element argument
+ */
+ public List getInclusivePrefixes(Element target) {
+ return getInclusivePrefixes(target, true);
+ }
+
+
+ /**
+ * Get the List of inclusive prefixes from the DOM Element argument
+ */
+ public List getInclusivePrefixes(Element target, boolean excludeVisible) {
+ List result = new Vector();
+ Node parent = target;
+ while (!(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
+ parent = parent.getParentNode();
+ NamedNodeMap attributes = parent.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Node attribute = attributes.item(i);
+ if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
+ if ("xmlns".equals(attribute.getNodeName())) {
+ result.add("#default");
+ } else {
+ result.add(attribute.getLocalName());
+ }
+ }
+ }
+ }
+
+ if (excludeVisible == true) {
+ NamedNodeMap attributes = target.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Node attribute = attributes.item(i);
+ if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
+ if ("xmlns".equals(attribute.getNodeName())) {
+ result.remove("#default");
+ } else {
+ result.remove(attribute.getLocalName());
+ }
+ }
+ if (attribute.getPrefix() != null) {
+ result.remove(attribute.getPrefix());
+ }
+ }
+
+ if (target.getPrefix() == null) {
+ result.remove("#default");
+ } else {
+ result.remove(target.getPrefix());
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Create an STRTransformationParameters element
+ */
+ public Element createSTRParameter(Document doc) {
+ Element transformParam =
+ doc.createElementNS(
+ WSConstants.WSSE_NS,
+ WSConstants.WSSE_PREFIX + ":TransformationParameters"
+ );
+
+ Element canonElem =
+ doc.createElementNS(
+ WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX + ":CanonicalizationMethod"
+ );
+
+ canonElem.setAttributeNS(null, "Algorithm", WSConstants.C14N_EXCL_OMIT_COMMENTS);
+ transformParam.appendChild(canonElem);
+ return transformParam;
+ }
+
+}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew6.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew6.java?rev=998467&r1=998466&r2=998467&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew6.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew6.java Sat Sep 18 13:47:44 2010
@@ -24,14 +24,18 @@ import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import javax.security.auth.callback.Callback;
@@ -125,6 +129,91 @@ public class TestWSSecurityNew6 extends
/**
+ * Test that encrypts and then signs a WS-Security envelope (including the
+ * encrypted element), then performs verification and decryption <p/>
+ *
+ * @throws Exception
+ * Thrown when there is any problem in signing, encryption,
+ * decryption, or verification
+ */
+ public void testEncryptionElementSigning() throws Exception {
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ WSSecSignature sign = new WSSecSignature();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ LOG.info("Before Encryption....");
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ List encParts = new Vector();
+ encParts.add(
+ new WSEncryptionPart(
+ "add",
+ "http://ws.apache.org/counter/counter_port_type",
+ "Element"));
+ encrypt.setParts(encParts);
+
+ Document encryptedDoc = encrypt.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Encryption....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
+ LOG.debug(outputString);
+ }
+
+ List sigParts = new Vector();
+ sigParts.add(
+ new WSEncryptionPart(
+ WSConstants.ENC_DATA_LN,
+ WSConstants.ENC_NS,
+ "Element"));
+ sign.setParts(sigParts);
+
+ Document encryptedSignedDoc = sign.build(encryptedDoc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("After Signing....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
+ LOG.debug(outputString);
+ }
+
+ Vector results = verify(encryptedSignedDoc);
+
+ Vector sigSecEngResults = new Vector();
+ WSSecurityUtil.fetchAllActionResults(results,
+ WSConstants.SIGN, sigSecEngResults);
+
+ Vector encSecEngResults = new Vector();
+ WSSecurityUtil.fetchAllActionResults(results,
+ WSConstants.ENCR, encSecEngResults);
+
+ assertEquals(1, sigSecEngResults.size());
+ assertEquals(1, encSecEngResults.size());
+
+ List sigDataRefs = (List) ((WSSecurityEngineResult) sigSecEngResults.get(0))
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ List encDataRefs = (List) ((WSSecurityEngineResult) encSecEngResults.get(0))
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ assertNotNull(sigDataRefs);
+ assertNotNull(encDataRefs);
+ assertEquals(1, sigDataRefs.size());
+ assertEquals(1, encDataRefs.size());
+
+ assertNull(((WSDataRef) sigDataRefs.get(0))
+ .getProtectedElement().getAttributeNodeNS(WSConstants.WSU_NS, "Id"));
+
+ assertTrue(((WSDataRef) sigDataRefs.get(0)).getWsuId().contains(
+ ((WSDataRef) encDataRefs.get(0)).getWsuId()));
+ }
+
+
+ /**
* Test that signs and then encrypts a WS-Security envelope, then performs
* decryption and verification <p/>
*
@@ -191,16 +280,21 @@ public class TestWSSecurityNew6 extends
* Verifies the soap envelope <p/>
*
* @param envelope
+ *
+ * @return the <code>WSSecurityEngineResult</code>s from processing
+ *
* @throws Exception
* Thrown when there is a problem in verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, this, crypto);
+ private Vector verify(Document doc) throws Exception {
+ List resultList = secEngine.processSecurityHeader(doc, null, this, crypto);
if (LOG.isDebugEnabled()) {
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+
+ return new Vector(resultList);
}
public void handle(Callback[] callbacks) throws IOException,
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org