You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/19 13:57:38 UTC
svn commit: r776287 - in /webservices/wss4j/trunk: ./
src/org/apache/ws/security/ src/org/apache/ws/security/handler/
src/org/apache/ws/security/message/ src/org/apache/ws/security/saml/
src/org/apache/ws/security/transform/ src/org/apache/ws/security/...
Author: coheigea
Date: Tue May 19 11:57:37 2009
New Revision: 776287
URL: http://svn.apache.org/viewvc?rev=776287&view=rev
Log:
[WSS-40]
- Removed all Xalan dependencies from the EnvelopeIdResolver.
- Changed the dependency on Xalan in the pom from compile to provided.
- Refactored WSSecSignature, and changed WSSecDKSign to use some common code in WSSecSignature.
Modified:
webservices/wss4j/trunk/pom.xml
webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfoStore.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/pom.xml?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/pom.xml (original)
+++ webservices/wss4j/trunk/pom.xml Tue May 19 11:57:37 2009
@@ -380,8 +380,6 @@
</dependencies>
</profile>
</profiles>
-
-
<properties>
<xmlsec.version>1.4.2</xmlsec.version>
@@ -396,14 +394,18 @@
<junit.version>3.8.1</junit.version>
</properties>
-
-
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>${commons.logging.version}</version>
<scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>${xmlsec.version}</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-discovery</groupId>
@@ -416,18 +418,18 @@
<artifactId>commons-codec</artifactId>
<version>1.3</version>
<scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.santuario</groupId>
- <artifactId>xmlsec</artifactId>
- <version>${xmlsec.version}</version>
- <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
- <scope>compile</scope>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>xerces</groupId>
@@ -442,12 +444,6 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
<version>${opensaml.version}</version>
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfo.java Tue May 19 11:57:37 2009
@@ -46,7 +46,7 @@
public class WSDocInfo {
Document doc = null;
Crypto crypto = null;
- List bst = null;
+ List bstList = null;
Element assertion = null;
List processors = null;
@@ -60,14 +60,14 @@
public void clear() {
crypto = null;
assertion = null;
- if (bst != null && bst.size() > 0) {
- bst.clear();
+ if (bstList != null && bstList.size() > 0) {
+ bstList.clear();
}
if (processors != null && processors.size() > 0) {
processors.clear();
}
- bst = null;
+ bstList = null;
processors = null;
}
@@ -84,8 +84,8 @@
}
Element elem = null;
- if (bst != null) {
- for (Iterator iter = bst.iterator(); iter.hasNext();) {
+ if (bstList != null) {
+ for (Iterator iter = bstList.iterator(); iter.hasNext();) {
elem = (Element) iter.next();
String cId = elem.getAttribute("Id");
if (id.equals(cId)) {
@@ -151,10 +151,10 @@
* @param elem is the BinarySecurityToken to store
*/
public void setBst(Element elem) {
- if (bst == null) {
- bst = new Vector();
+ if (bstList == null) {
+ bstList = new Vector();
}
- bst.add(elem);
+ bstList.add(elem);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfoStore.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfoStore.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfoStore.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSDocInfoStore.java Tue May 19 11:57:37 2009
@@ -31,22 +31,23 @@
*/
import java.util.Hashtable;
+import java.util.Map;
import org.w3c.dom.Document;
public class WSDocInfoStore {
- static Hashtable storage = new Hashtable(10);
+ private static final Map STORAGE = new Hashtable(10);
public static WSDocInfo lookup(Document doc) {
- return (WSDocInfo) storage.get(doc);
+ return (WSDocInfo) STORAGE.get(doc);
}
public static boolean store(WSDocInfo info) {
- return storage.put(info.getDocument(), info) == null;
+ return STORAGE.put(info.getDocument(), info) == null;
}
public static void delete(WSDocInfo info) {
- storage.remove(info.getDocument());
+ STORAGE.remove(info.getDocument());
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Tue May 19 11:57:37 2009
@@ -283,7 +283,7 @@
Transform.init();
try {
Transform.register(
- STRTransform.implementedTransformURI,
+ STRTransform.TRANSFORM_URI,
"org.apache.ws.security.transform.STRTransform"
);
} catch (Exception ex) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Tue May 19 11:57:37 2009
@@ -47,6 +47,7 @@
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
import java.util.Vector;
@@ -62,7 +63,7 @@
public abstract class WSHandler {
private static Log log = LogFactory.getLog(WSHandler.class.getName());
protected WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
- protected Hashtable cryptos = new Hashtable(5);
+ protected Map cryptos = new Hashtable(5);
private boolean doDebug = log.isDebugEnabled();
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java Tue May 19 11:57:37 2009
@@ -26,7 +26,6 @@
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.apache.xml.utils.URI;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -34,7 +33,6 @@
/**
* XML-Security resolver that is used for resolving same-document URIs like URI="#id".
* It is designed to work only with SOAPEnvelopes.
- * <p/>
*
* @author Davanum Srinivas (dims@yahoo.com).
*/
@@ -44,11 +42,8 @@
private static EnvelopeIdResolver resolver = null;
- private boolean doDebug = false;
-
/**
* Singleton instance of the resolver.
- * <p/>
*
* @return TODO
*/
@@ -64,95 +59,79 @@
/**
* This is the workhorse method used to resolve resources.
- * <p/>
*
* @param uri
* @param BaseURI
* @return TODO
* @throws ResourceResolverException
*/
- public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
- throws ResourceResolverException {
-
- doDebug = log.isDebugEnabled();
+ public XMLSignatureInput engineResolve(Attr uri, String baseURI)
+ throws ResourceResolverException {
String uriNodeValue = uri.getNodeValue();
-
- if (doDebug) {
+ if (log.isDebugEnabled()) {
log.debug("enter engineResolve, look for: " + uriNodeValue);
}
-
- Document doc = uri.getOwnerDocument();
-
- /*
- * URI="#chapter1"
- * Identifies a node-set containing the element with ID attribute
- * value 'chapter1' of the XML resource containing the signature.
- * XML Signature (and its applications) modify this node-set to
- * include the element plus all descendants including namespaces and
- * attributes -- but not comments.
- */
+ //
+ // URI="#chapter1"
+ // Identifies a node-set containing the element with ID attribute
+ // value 'chapter1' of the XML resource containing the signature.
+ // XML Signature (and its applications) modify this node-set to
+ // include the element plus all descendants including namespaces and
+ // attributes -- but not comments.
+ //
- /*
- * First lookup the SOAP Body element (processed by default) and
- * check if it contains an Id and if it matches
- */
+ //
+ // First lookup the SOAP Body element (processed by default) and
+ // check if it contains an Id and if it matches
+ //
+ Document doc = uri.getOwnerDocument();
Element selectedElem = WSSecurityUtil.findBodyElement(doc);
if (selectedElem == null) {
throw new ResourceResolverException(
"generic.EmptyMessage",
new Object[]{"Body element not found"},
uri,
- BaseURI
+ baseURI
);
}
- String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- /*
- * If Body Id match fails, look for a generic Id (without a namespace)
- * that matches the URI. If that lookup fails, try to get a namespace
- * qualified Id that matches the URI.
- */
+ //
+ // If Body Id match fails, look for a generic Id (without a namespace)
+ // that matches the URI. If that lookup fails, try to get a namespace
+ // qualified Id that matches the URI.
+ //
String id = uriNodeValue;
if (id.charAt(0) == '#') {
id = id.substring(1);
}
+ String cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
if (!id.equals(cId)) {
- cId = null;
selectedElem = WSSecurityUtil.getElementByWsuId(doc, uriNodeValue);
if (selectedElem == null) {
selectedElem = WSSecurityUtil.getElementByGenId(doc, uriNodeValue);
- if (selectedElem != null) {
- cId = selectedElem.getAttribute("Id");
- }
- } else {
- cId = selectedElem.getAttributeNS(WSConstants.WSU_NS, "Id");
}
- if (cId == null) {
+ if (selectedElem == null) {
throw new ResourceResolverException(
- "generic.EmptyMessage", new Object[]{"Id not found"}, uri, BaseURI
+ "generic.EmptyMessage", new Object[]{"Id not found"}, uri, baseURI
);
}
}
XMLSignatureInput result = new XMLSignatureInput(selectedElem);
result.setMIMEType("text/xml");
- try {
- URI uriNew = new URI(new URI(BaseURI), uri.getNodeValue());
- result.setSourceURI(uriNew.toString());
- } catch (URI.MalformedURIException ex) {
- result.setSourceURI(BaseURI);
- }
- if (doDebug) {
+ result.setExcludeComments(true);
+ result.setSourceURI(uri.getNodeValue());
+
+ if (log.isDebugEnabled()) {
log.debug("exit engineResolve, result: " + result);
}
return result;
}
+
/**
* This method helps the ResourceResolver to decide whether a
* ResourceResolverSpi is able to perform the requested action.
- * <p/>
*
* @param uri
* @param BaseURI
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Tue May 19 11:57:37 2009
@@ -32,7 +32,6 @@
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
@@ -41,16 +40,9 @@
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-import java.util.HashSet;
import java.util.List;
-import java.util.Set;
import java.util.Vector;
/**
@@ -65,21 +57,14 @@
private static Log log = LogFactory.getLog(WSSecDKSign.class.getName());
protected String sigAlgo = XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
-
protected String canonAlgo = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
-
protected byte[] signatureValue = null;
private XMLSignature sig = null;
-
private KeyInfo keyInfo = null;
-
private String keyInfoUri = null;
-
private SecurityTokenReference secRef = null;
-
private String strUri = null;
-
private WSDocInfo wsDocInfo;
@@ -116,29 +101,13 @@
wsDocInfo = new WSDocInfo(doc);
//
- // Get and initialize a XMLSignature element.
+ // Get an initialized XMLSignature element.
//
- if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
- Element canonElem =
- XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
-
- canonElem.setAttribute(Constants._ATT_ALGORITHM, canonAlgo);
-
- if (wssConfig.isWsiBSPCompliant()) {
- Set prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
- InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(doc, prefixes);
- canonElem.appendChild(inclusiveNamespaces.getElement());
- }
-
- try {
- SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, sigAlgo);
- sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
- } catch (XMLSecurityException e) {
- log.error("", e);
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
+ if (wssConfig.isWsiBSPCompliant() && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+ sig =
+ WSSecSignature.createXMLSignatureInclusivePrefixes(
+ doc, secHeader.getSecurityHeader(), canonAlgo, sigAlgo
);
- }
} else {
try {
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
@@ -151,15 +120,15 @@
}
sig.addResourceResolver(EnvelopeIdResolver.getInstance());
- String sigUri = wssConfig.getIdAllocator().createId("Signature-", sig);
+ String sigUri = wssConfig.getIdAllocator().createId("Sig-", sig);
sig.setId(sigUri);
keyInfo = sig.getKeyInfo();
- keyInfoUri = wssConfig.getIdAllocator().createSecureId("KeyId-", keyInfo);
+ keyInfoUri = wssConfig.getIdAllocator().createSecureId("KI-", keyInfo);
keyInfo.setId(keyInfoUri);
secRef = new SecurityTokenReference(doc);
- strUri = wssConfig.getIdAllocator().createSecureId("STRId-", secRef);
+ strUri = wssConfig.getIdAllocator().createSecureId("STR-", secRef);
secRef.setID(strUri);
Reference refUt = new Reference(document);
@@ -170,64 +139,6 @@
}
- protected Set getInclusivePrefixes(Element target) {
- return getInclusivePrefixes(target, true);
- }
-
- protected Set getInclusivePrefixes(Element target, boolean excludeVisible) {
- Set result = new HashSet();
- Node parent = target;
- NamedNodeMap attributes;
- Node attribute;
- while (!(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
- parent = parent.getParentNode();
- attributes = parent.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- attribute = attributes.item(i);
- if (attribute.getNamespaceURI() != null
- && attribute.getNamespaceURI().equals(
- org.apache.ws.security.WSConstants.XMLNS_NS
- )
- ) {
- if (attribute.getNodeName().equals("xmlns")) {
- result.add("#default");
- } else {
- result.add(attribute.getLocalName());
- }
- }
- }
- }
-
- if (excludeVisible == true) {
- attributes = target.getAttributes();
- for (int i = 0; i < attributes.getLength(); i++) {
- attribute = attributes.item(i);
- if (attribute.getNamespaceURI() != null
- && attribute.getNamespaceURI().equals(
- org.apache.ws.security.WSConstants.XMLNS_NS
- )
- ) {
- if (attribute.getNodeName().equals("xmlns")) {
- result.remove("#default");
- } else {
- result.remove(attribute.getLocalName());
- }
- }
- if (attribute.getPrefix() != null) {
- result.remove(attribute.getPrefix());
- }
- }
-
- if (target.getPrefix() == null) {
- result.remove("#default");
- } else {
- result.remove(target.getPrefix());
- }
- }
-
- return result;
- }
-
/**
* This method adds references to the Signature.
*
@@ -279,7 +190,7 @@
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
- document, getInclusivePrefixes(toSignById)).getElement()
+ document, WSSecSignature.getInclusivePrefixes(toSignById)).getElement()
);
}
sig.addDocument("#" + idToSign, transforms);
@@ -288,13 +199,13 @@
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(document,
- getInclusivePrefixes(keyInfo.getElement())).getElement()
+ WSSecSignature.getInclusivePrefixes(keyInfo.getElement())).getElement()
);
}
sig.addDocument("#" + keyInfoUri, transforms);
} else if (elemName.equals("STRTransform")) { // STRTransform
- Element ctx = createSTRParameter(document);
- transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ Element ctx = WSSecSignature.createSTRParameter(document);
+ transforms.addTransform(STRTransform.TRANSFORM_URI, ctx);
sig.addDocument("#" + strUri, transforms);
} else if (elemName.equals("Assertion")) { // Assertion
String id = SAMLUtil.getAssertionId(envel, elemName, nmSpace);
@@ -312,7 +223,7 @@
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
- document, getInclusivePrefixes(body)).getElement()
+ document, WSSecSignature.getInclusivePrefixes(body)).getElement()
);
}
String prefix =
@@ -333,7 +244,7 @@
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
- document, getInclusivePrefixes(body)).getElement()
+ document, WSSecSignature.getInclusivePrefixes(body)).getElement()
);
}
sig.addDocument("#" + setWsuId(body), transforms);
@@ -350,23 +261,6 @@
}
}
- protected Element createSTRParameter(Document doc) {
- Element transformParam =
- doc.createElementNS(
- WSConstants.WSSE_NS,
- WSConstants.WSSE_PREFIX + ":TransformationParameters"
- );
-
- Element canonElem =
- doc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":CanonicalizationMethod"
- );
-
- canonElem.setAttribute("Algorithm", Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- transformParam.appendChild(canonElem);
- return transformParam;
- }
-
/**
* Prepends the Signature element to the elements already in the Security
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Tue May 19 11:57:37 2009
@@ -450,7 +450,7 @@
boolean content = modifier.equals("Content") ? true : false;
String xencEncryptedDataId =
- config.getIdAllocator().createId("EncDataId-", elementToEncrypt);
+ config.getIdAllocator().createId("ED-", elementToEncrypt);
encPart.setEncId(xencEncryptedDataId);
//
// Encrypt data, and set necessary attributes in xenc:EncryptedData
@@ -466,7 +466,7 @@
WSSecurityUtil.setNamespace(elem, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
elem.setAttributeNS(
WSConstants.WSU_NS, wsuPrefix + ":Id",
- config.getIdAllocator().createId("EncHeader-", elementToEncrypt)
+ config.getIdAllocator().createId("EH-", elementToEncrypt)
);
//
// Add the EncryptedHeader node to the element to be encrypted's parent
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Tue May 19 11:57:37 2009
@@ -241,7 +241,7 @@
//
encryptedKeyElement = createEncryptedKey(document, keyEncAlgo);
if (encKeyId == null || "".equals(encKeyId)) {
- encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
+ encKeyId = "EK-" + UUIDGenerator.getUUID();
}
encryptedKeyElement.setAttribute("Id", encKeyId);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Tue May 19 11:57:37 2009
@@ -82,180 +82,28 @@
private static Log log = LogFactory.getLog(WSSecSignature.class.getName());
protected boolean useSingleCert = true;
-
protected String sigAlgo = null;
-
protected String canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
-
protected byte[] signatureValue = null;
-
- /*
- * The following private variable are setup during prepare().
- */
protected Document document = null;
-
- private Crypto crypto = null;
-
protected WSDocInfo wsDocInfo = null;
-
protected String certUri = null;
-
protected XMLSignature sig = null;
-
protected KeyInfo keyInfo = null;
-
protected String keyInfoUri = null;
-
protected SecurityTokenReference secRef = null;
-
protected String strUri = null;
+ protected BinarySecurity bstToken = null;
private byte[] secretKey = null;
-
private String encrKeySha1value = null;
-
- protected BinarySecurity bstToken = null;
-
+ private Crypto crypto = null;
private String customTokenValueType;
-
private String customTokenId;
-
private String digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
-
private X509Certificate useThisCert = null;
- /**
- * set the single cert flag.
- *
- * @param useSingleCert
- */
- public void setUseSingleCertificate(boolean useSingleCert) {
- this.useSingleCert = useSingleCert;
- }
-
- /**
- * Get the single cert flag.
- *
- * @return A boolean if single certificate is set.
- */
- public boolean isUseSingleCertificate() {
- return useSingleCert;
- }
-
- /**
- * Set the name of the signature encryption algorithm to use.
- *
- * If the algorithm is not set then an automatic detection of the signature
- * algorithm to use is performed during the <code>prepare()</code>
- * method. Refer to WSConstants which algorithms are supported.
- *
- * @param algo Is the name of the signature algorithm
- * @see WSConstants#RSA
- * @see WSConstants#DSA
- */
- public void setSignatureAlgorithm(String algo) {
- sigAlgo = algo;
- }
-
- /**
- * Get the name of the signature algorithm that is being used.
- *
- * Call this method after <code>prepare</code> to get the information
- * which signature algorithm was automatically detected if no signature
- * algorithm was preset.
- *
- * @return the identifier URI of the signature algorithm
- */
- public String getSignatureAlgorithm() {
- return sigAlgo;
- }
-
- /**
- * Set the canonicalization method to use.
- *
- * If the canonicalization method is not set then the recommended Exclusive
- * XML Canonicalization is used by default Refer to WSConstants which
- * algorithms are supported.
- *
- * @param algo Is the name of the signature algorithm
- * @see WSConstants#C14N_OMIT_COMMENTS
- * @see WSConstants#C14N_WITH_COMMENTS
- * @see WSConstants#C14N_EXCL_OMIT_COMMENTS
- * @see WSConstants#C14N_EXCL_WITH_COMMENTS
- */
- public void setSigCanonicalization(String algo) {
- canonAlgo = algo;
- }
-
- /**
- * Get the canonicalization method.
- *
- * If the canonicalization method was not set then Exclusive XML
- * Canonicalization is used by default.
- *
- * @return The string describing the canonicalization algorithm.
- */
- public String getSigCanonicalization() {
- return canonAlgo;
- }
-
- /**
- * @return the digestAlgo
- */
- public String getDigestAlgo() {
- return digestAlgo;
- }
-
- /**
- * Set the string that defines which digest algorithm to use
- *
- * @param digestAlgo the digestAlgo to set
- */
- public void setDigestAlgo(String digestAlgo) {
- this.digestAlgo = digestAlgo;
- }
-
-
- /**
- * Returns the computed Signature value.
- *
- * Call this method after <code>computeSignature()</code> or <code>build()</code>
- * methods were called.
- *
- * @return Returns the signatureValue.
- */
- public byte[] getSignatureValue() {
- return signatureValue;
- }
-
- /**
- * Get the id generated during <code>prepare()</code>.
- *
- * Returns the the value of wsu:Id attribute of the Signature element.
- *
- * @return Return the wsu:Id of this token or null if <code>prepare()</code>
- * was not called before.
- */
- public String getId() {
- if (sig == null) {
- return null;
- }
- return sig.getId();
- }
-
- /**
- * Get the id of the BSt generated during <code>prepare()</code>.
- *
- * @return Returns the the value of wsu:Id attribute of the
- * BinaruSecurityToken element.
- */
- public String getBSTTokenId() {
- if (bstToken == null) {
- return null;
- }
- return bstToken.getID();
- }
-
+
/**
* Initialize a WSSec Signature.
*
@@ -284,71 +132,18 @@
wsDocInfo.setCrypto(cr);
//
- // At first get the security token (certificate) according to the
- // parameters.
+ // At first get the security token (certificate) according to the parameters.
//
- X509Certificate[] certs = null;
- if (!(keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING
- || keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING_DIRECT
- || keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER
- || keyIdentifierType == WSConstants.CUSTOM_KEY_IDENTIFIER)) {
- if (useThisCert == null) {
- certs = crypto.getCertificates(user);
- } else {
- certs = new X509Certificate[] {useThisCert};
- }
- if (certs == null || certs.length <= 0) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "noUserCertsFound",
- new Object[] { user, "signature" }
- );
- }
- certUri = wssConfig.getIdAllocator().createSecureId("CertId-", certs[0]);
- //
- // If no signature algorithm was set try to detect it according to the
- // data stored in the certificate.
- //
- if (sigAlgo == null) {
- String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
- log.debug("automatic sig algo detection: " + pubKeyAlgo);
- if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
- sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
- } else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
- sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
- } else {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "unknownSignatureAlgorithm",
- new Object[] {pubKeyAlgo}
- );
- }
- }
- }
+ X509Certificate[] certs = getSigningCerts();
//
// Get an initialized XMLSignature element.
//
- if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
- Element canonElem =
- XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
- canonElem.setAttribute(Constants._ATT_ALGORITHM, canonAlgo);
-
- if (wssConfig.isWsiBSPCompliant()) {
- Set prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
- InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(doc, prefixes);
- canonElem.appendChild(inclusiveNamespaces.getElement());
- }
-
- try {
- SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, sigAlgo);
- sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
- } catch (XMLSecurityException e) {
- log.error("", e);
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
+ if (wssConfig.isWsiBSPCompliant() && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+ sig =
+ createXMLSignatureInclusivePrefixes(
+ doc, secHeader.getSecurityHeader(), canonAlgo, sigAlgo
);
- }
} else {
try {
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
@@ -361,14 +156,14 @@
}
sig.addResourceResolver(EnvelopeIdResolver.getInstance());
- sig.setId(wssConfig.getIdAllocator().createId("Signature-", sig));
+ sig.setId(wssConfig.getIdAllocator().createId("Sig-", sig));
keyInfo = sig.getKeyInfo();
- keyInfoUri = wssConfig.getIdAllocator().createSecureId("KeyId-", keyInfo);
+ keyInfoUri = wssConfig.getIdAllocator().createSecureId("KI-", keyInfo);
keyInfo.setId(keyInfoUri);
secRef = new SecurityTokenReference(doc);
- strUri = wssConfig.getIdAllocator().createSecureId("STRId-", secRef);
+ strUri = wssConfig.getIdAllocator().createSecureId("STR-", secRef);
secRef.setID(strUri);
//
@@ -460,6 +255,60 @@
keyInfo.addUnknownElement(secRef.getElement());
}
}
+
+
+ /**
+ * Builds a signed soap envelope.
+ *
+ * This is a convenience method and for backward compatibility. The method
+ * creates a Signature and puts it into the Security header. It does so by
+ * calling the single functions in order to perform a <i>one shot signature</i>.
+ * This method is compatible with the build method of the previous version
+ * with the exception of the additional WSSecHeader parameter.
+ *
+ * @param doc The unsigned SOAP envelope as <code>Document</code>
+ * @param cr An instance of the Crypto API to handle keystore and certificates
+ * @param secHeader the security header element to hold the encrypted key element.
+ * @return A signed SOAP envelope as <code>Document</code>
+ * @throws WSSecurityException
+ */
+ public Document build(Document doc, Crypto cr, WSSecHeader secHeader)
+ throws WSSecurityException {
+ doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("Beginning signing...");
+ }
+
+ prepare(doc, cr, secHeader);
+ if (parts == null) {
+ parts = new Vector();
+ String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ }
+
+ addReferencesToSign(parts, secHeader);
+ prependToHeader(secHeader);
+
+ //
+ // if we have a BST prepend it in front of the Signature according to
+ // strict layout rules.
+ //
+ if (bstToken != null) {
+ prependBSTElementToHeader(secHeader);
+ }
+
+ computeSignature();
+
+ return doc;
+ }
+
/**
* This method adds references to the Signature.
@@ -490,7 +339,7 @@
// Set up the elements to sign. There are two reserved element
// names: "Token" and "STRTransform" "Token": Setup the Signature to
// either sign the information that points to the security token or
- // the token itself. If its a direct reference sign the token,
+ // the token itself. If it's a direct reference sign the token,
// otherwise sign the KeyInfo Element. "STRTransform": Setup the
// ds:Reference to use STR Transform
//
@@ -499,12 +348,12 @@
if (idToSign != null) {
Element toSignById =
WSSecurityUtil.findElementById(
- document.getDocumentElement(), idToSign, WSConstants.WSU_NS
+ envelope, idToSign, WSConstants.WSU_NS
);
if (toSignById == null) {
toSignById =
WSSecurityUtil.findElementById(
- document.getDocumentElement(), idToSign, null
+ envelope, idToSign, null
);
}
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
@@ -537,7 +386,7 @@
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(document);
- transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ transforms.addTransform(STRTransform.TRANSFORM_URI, ctx);
sig.addDocument("#" + strUri, transforms, digestAlgo);
} else if (elemName.equals("Assertion")) { // Assertion
String id = null;
@@ -581,13 +430,13 @@
}
sig.addDocument("#" + setWsuId(body), transforms, digestAlgo);
}
- } catch (TransformationException e1) {
+ } catch (TransformationException ex) {
throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
);
- } catch (XMLSignatureException e1) {
+ } catch (XMLSignatureException ex) {
throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
);
}
}
@@ -630,7 +479,7 @@
* This allows to insert the BST element at any position in the Security
* header.
*
- * @param secHeader The security header that holds the BST element.
+ * @param secHeader The security header
*/
public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
@@ -640,26 +489,9 @@
}
/**
- * Returns the SignatureElement.
- * The method can be called any time after <code>prepare()</code>.
- * @return The DOM Element of the signature.
+ * Append the BinarySecurityToken to the security header.
+ * @param secHeader The security header
*/
- public Element getSignatureElement() {
- return sig.getElement();
- }
-
- /**
- * Returns the BST Token element.
- * The method can be called any time after <code>prepare()</code>.
- * @return the BST Token element
- */
- public Element getBinarySecurityTokenElement() {
- if (bstToken != null) {
- return bstToken.getElement();
- }
- return null;
- }
-
public void appendBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
Element secHeaderElement = secHeader.getSecurityHeader();
@@ -680,23 +512,12 @@
public void computeSignature() throws WSSecurityException {
boolean remove = WSDocInfoStore.store(wsDocInfo);
try {
- if (keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING
- || keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING_DIRECT
- || keyIdentifierType == WSConstants.CUSTOM_KEY_IDENTIFIER
- || keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
- if (secretKey == null) {
- sig.sign(crypto.getPrivateKey(user, password));
- } else {
- sig.sign(sig.createSecretKey(secretKey));
- }
- } else {
+ if (secretKey == null) {
sig.sign(crypto.getPrivateKey(user, password));
+ } else {
+ sig.sign(sig.createSecretKey(secretKey));
}
signatureValue = sig.getSignatureValue();
- } catch (XMLSignatureException ex) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE, null, null, ex
- );
} catch (Exception ex) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, null, null, ex
@@ -709,59 +530,11 @@
}
+
/**
- * Builds a signed soap envelope.
- *
- * This is a convenience method and for backward compatibility. The method
- * creates a Signature and puts it into the Security header. It does so by
- * calling the single functions in order to perform a <i>one shot signature</i>.
- * This method is compatible with the build method of the previous version
- * with the exception of the additional WSSecHeader parameter.
- *
- * @param doc The unsigned SOAP envelope as <code>Document</code>
- * @param cr An instance of the Crypto API to handle keystore and certificates
- * @param secHeader the security header element to hold the encrypted key element.
- * @return A signed SOAP envelope as <code>Document</code>
- * @throws WSSecurityException
+ * Create an STRTransformationParameters element
*/
- public Document build(Document doc, Crypto cr, WSSecHeader secHeader)
- throws WSSecurityException {
- doDebug = log.isDebugEnabled();
-
- if (doDebug) {
- log.debug("Beginning signing...");
- }
-
- prepare(doc, cr, secHeader);
- if (parts == null) {
- parts = new Vector();
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- parts.add(encP);
- }
-
- addReferencesToSign(parts, secHeader);
- prependToHeader(secHeader);
-
- //
- // if we have a BST prepend it in front of the Signature according to
- // strict layout rules.
- //
- if (bstToken != null) {
- prependBSTElementToHeader(secHeader);
- }
-
- computeSignature();
-
- return doc;
- }
-
- protected Element createSTRParameter(Document doc) {
+ public static Element createSTRParameter(Document doc) {
Element transformParam =
doc.createElementNS(
WSConstants.WSSE_NS,
@@ -779,11 +552,54 @@
return transformParam;
}
- protected Set getInclusivePrefixes(Element target) {
+
+ /**
+ * Create a new XMLSignature object with inclusive prefixes
+ * @param doc The document that will own the signature
+ * @param securityHeader The security header in which to insert the signature
+ * @param c14nAlgorithm The canonicalization algorithm to use in SignedInfo
+ * @param signatureAlg The signature algorithm to use in SignedInfo
+ * @return A new XMLSignature object with inclusive prefixes
+ * @throws WSSecurityException
+ */
+ public static XMLSignature createXMLSignatureInclusivePrefixes(
+ Document doc,
+ Element securityHeader,
+ String c14nAlgorithm,
+ String signatureAlg
+ ) throws WSSecurityException {
+ Element canonElem =
+ XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
+ canonElem.setAttribute(Constants._ATT_ALGORITHM, c14nAlgorithm);
+
+ Set prefixes = getInclusivePrefixes(securityHeader, false);
+ InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(doc, prefixes);
+ canonElem.appendChild(inclusiveNamespaces.getElement());
+
+ try {
+ SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, signatureAlg);
+ return new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
+ } catch (XMLSecurityException e) {
+ log.error("", e);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
+ );
+ }
+ }
+
+
+ /**
+ * Get the set of inclusive prefixes from the DOM Element argument
+ */
+ public static Set getInclusivePrefixes(Element target) {
return getInclusivePrefixes(target, true);
}
-
- protected Set getInclusivePrefixes(Element target, boolean excludeVisible) {
+
+
+ /**
+ * Get the set of inclusive prefixes from the DOM Element argument
+ */
+ public static Set getInclusivePrefixes(Element target, boolean excludeVisible) {
Set result = new HashSet();
Node parent = target;
while (!(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
@@ -834,26 +650,201 @@
return result;
}
+
+
+ /**
+ * Set the single cert flag.
+ *
+ * @param useSingleCert
+ */
+ public void setUseSingleCertificate(boolean useSingleCert) {
+ this.useSingleCert = useSingleCert;
+ }
+
+ /**
+ * Get the single cert flag.
+ *
+ * @return A boolean if single certificate is set.
+ */
+ public boolean isUseSingleCertificate() {
+ return useSingleCert;
+ }
+
+ /**
+ * Set the name (uri) of the signature encryption algorithm to use.
+ *
+ * If the algorithm is not set then an automatic detection of the signature
+ * algorithm to use is performed during the <code>prepare()</code>
+ * method. Refer to WSConstants which algorithms are supported.
+ *
+ * @param algo the name of the signature algorithm
+ * @see WSConstants#RSA
+ * @see WSConstants#DSA
+ */
+ public void setSignatureAlgorithm(String algo) {
+ sigAlgo = algo;
+ }
+
+ /**
+ * Get the name (uri) of the signature algorithm that is being used.
+ *
+ * Call this method after <code>prepare</code> to get the information
+ * which signature algorithm was automatically detected if no signature
+ * algorithm was preset.
+ *
+ * @return the identifier URI of the signature algorithm
+ */
+ public String getSignatureAlgorithm() {
+ return sigAlgo;
+ }
+
+ /**
+ * Set the canonicalization method to use.
+ *
+ * If the canonicalization method is not set then the recommended Exclusive
+ * XML Canonicalization is used by default Refer to WSConstants which
+ * algorithms are supported.
+ *
+ * @param algo Is the name of the signature algorithm
+ * @see WSConstants#C14N_OMIT_COMMENTS
+ * @see WSConstants#C14N_WITH_COMMENTS
+ * @see WSConstants#C14N_EXCL_OMIT_COMMENTS
+ * @see WSConstants#C14N_EXCL_WITH_COMMENTS
+ */
+ public void setSigCanonicalization(String algo) {
+ canonAlgo = algo;
+ }
+ /**
+ * Get the canonicalization method.
+ *
+ * If the canonicalization method was not set then Exclusive XML
+ * Canonicalization is used by default.
+ *
+ * @return The string describing the canonicalization algorithm.
+ */
+ public String getSigCanonicalization() {
+ return canonAlgo;
+ }
+
+ /**
+ * @return the digestAlgo
+ */
+ public String getDigestAlgo() {
+ return digestAlgo;
+ }
+
+ /**
+ * Set the string that defines which digest algorithm to use
+ *
+ * @param digestAlgo the digestAlgo to set
+ */
+ public void setDigestAlgo(String digestAlgo) {
+ this.digestAlgo = digestAlgo;
+ }
+
+
+ /**
+ * Returns the computed Signature value.
+ *
+ * Call this method after <code>computeSignature()</code> or <code>build()</code>
+ * methods were called.
+ *
+ * @return Returns the signatureValue.
+ */
+ public byte[] getSignatureValue() {
+ return signatureValue;
+ }
+
+ /**
+ * Get the id generated during <code>prepare()</code>.
+ *
+ * Returns the the value of wsu:Id attribute of the Signature element.
+ *
+ * @return Return the wsu:Id of this token or null if <code>prepare()</code>
+ * was not called before.
+ */
+ public String getId() {
+ if (sig == null) {
+ return null;
+ }
+ return sig.getId();
+ }
+
+ /**
+ * Get the id of the BSt generated during <code>prepare()</code>.
+ *
+ * @return Returns the the value of wsu:Id attribute of the
+ * BinaruSecurityToken element.
+ */
+ public String getBSTTokenId() {
+ if (bstToken == null) {
+ return null;
+ }
+ return bstToken.getID();
+ }
+
+ /**
+ * Set the secret key to use
+ * @param secretKey the secret key to use
+ */
public void setSecretKey(byte[] secretKey) {
this.secretKey = secretKey;
}
+ /**
+ * Set the custom token value type to use
+ * @param customTokenValueType the custom token value type to use
+ */
public void setCustomTokenValueType(String customTokenValueType) {
this.customTokenValueType = customTokenValueType;
}
+ /**
+ * Set the custom token id
+ * @param customTokenId the custom token id
+ */
public void setCustomTokenId(String customTokenId) {
this.customTokenId = customTokenId;
}
+ /**
+ * Set the encrypted key sha1 value
+ * @param encrKeySha1value the encrypted key sha1 value
+ */
public void setEncrKeySha1value(String encrKeySha1value) {
this.encrKeySha1value = encrKeySha1value;
}
+
+ /**
+ * Set the X509 Certificate to use
+ * @param cer the X509 Certificate to use
+ */
public void setX509Certificate(X509Certificate cer) {
this.useThisCert = cer;
}
+ /**
+ * Returns the SignatureElement.
+ * The method can be called any time after <code>prepare()</code>.
+ * @return The DOM Element of the signature.
+ */
+ public Element getSignatureElement() {
+ return sig.getElement();
+ }
+
+ /**
+ * Returns the BST Token element.
+ * The method can be called any time after <code>prepare()</code>.
+ * @return the BST Token element
+ */
+ public Element getBinarySecurityTokenElement() {
+ if (bstToken != null) {
+ return bstToken.getElement();
+ }
+ return null;
+ }
+
private String getSHA1(byte[] input) throws WSSecurityException {
try {
MessageDigest sha = WSSecurityUtil.resolveMessageDigest();
@@ -869,4 +860,50 @@
}
}
+
+ /**
+ * Set up the X509 Certificate(s) for signing.
+ */
+ private X509Certificate[] getSigningCerts() throws WSSecurityException {
+ X509Certificate[] certs = null;
+ if (!(keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING
+ || keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING_DIRECT
+ || keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER
+ || keyIdentifierType == WSConstants.CUSTOM_KEY_IDENTIFIER)) {
+ if (useThisCert == null) {
+ certs = crypto.getCertificates(user);
+ } else {
+ certs = new X509Certificate[] {useThisCert};
+ }
+ if (certs == null || certs.length <= 0) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noUserCertsFound",
+ new Object[] { user, "signature" }
+ );
+ }
+ certUri = wssConfig.getIdAllocator().createSecureId("CertId-", certs[0]);
+ //
+ // If no signature algorithm was set try to detect it according to the
+ // data stored in the certificate.
+ //
+ if (sigAlgo == null) {
+ String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
+ log.debug("Automatic signature algorithm detection: " + pubKeyAlgo);
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ } else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ } else {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "unknownSignatureAlgorithm",
+ new Object[] {pubKeyAlgo}
+ );
+ }
+ }
+ }
+ return certs;
+ }
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Tue May 19 11:57:37 2009
@@ -377,7 +377,7 @@
Element ctx = createSTRParameter(doc);
transforms = new Transforms(doc);
- transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ transforms.addTransform(STRTransform.TRANSFORM_URI, ctx);
sig.addDocument("#" + strSamlUri, transforms);
}
} catch (TransformationException e1) {
@@ -555,7 +555,7 @@
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(document);
- transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ transforms.addTransform(STRTransform.TRANSFORM_URI, ctx);
sig.addDocument("#" + strUri, transforms);
} else {
Element body =
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Tue May 19 11:57:37 2009
@@ -54,10 +54,7 @@
*/
public class STRTransform extends TransformSpi {
- /**
- * Field implementedTransformURI
- */
- public static final String implementedTransformURI =
+ public static final String TRANSFORM_URI =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
private static Log log = LogFactory.getLog(STRTransform.class.getName());
@@ -88,7 +85,7 @@
* Method engineGetURI
*/
protected String engineGetURI() {
- return STRTransform.implementedTransformURI;
+ return STRTransform.TRANSFORM_URI;
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=776287&r1=776286&r2=776287&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Tue May 19 11:57:37 2009
@@ -699,6 +699,7 @@
return (SecretKey) keySpec;
}
+
/**
* Translate the "cipherAlgo" URI to a JCE ID, and return a javax.crypto.Cipher instance
* of this type.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org