You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/07/07 18:28:09 UTC
svn commit: r1689711 -
/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Author: coheigea
Date: Tue Jul 7 16:28:09 2015
New Revision: 1689711
URL: http://svn.apache.org/r1689711
Log:
Refinement of previous commit
Conflicts:
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1689711&r1=1689710&r2=1689711&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java Tue Jul 7 16:28:09 2015
@@ -74,7 +74,6 @@ import org.apache.wss4j.dom.bsp.BSPEnfor
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.wss4j.dom.message.DOMCallbackLookup;
-import org.apache.wss4j.dom.message.token.BinarySecurity;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.Timestamp;
import org.apache.wss4j.dom.str.STRParser;
@@ -481,62 +480,24 @@ public class SignatureProcessor implemen
WSSecurityUtil.storeElementInContext(context, element);
}
}
- if (element != null && "BinarySecurityToken".equals(element.getLocalName())
- && WSConstants.WSSE_NS.equals(element.getNamespaceURI())
- && isXopInclude(element)) {
- // We don't write out the xop:Include bytes into the BinarySecurityToken by default
- // But if the BST is signed, then we have to, or else Signature validation fails...
- handleXopInclude(element, wsDocInfo);
- } else if (element != null) {
- // Handle EncryptedData children that might store the bytes in the attachment
- List<Element> encElements =
- WSSecurityUtil.findElements(element, "EncryptedData", WSConstants.ENC_NS);
- for (Element encElement : encElements) {
- Element xencCipherValue = EncryptionUtils.getCipherValueFromEncryptedData(encElement);
-
- String xopURI = EncryptionUtils.getXOPURIFromCipherValue(xencCipherValue);
+ if (element != null) {
+ // Look for xop:Include Nodes
+ List<Element> includeElements =
+ WSSecurityUtil.findElements(element, "Include", WSConstants.XOP_NS);
+ for (Element includeElement : includeElements) {
+ String xopURI = includeElement.getAttributeNS(null, "href");
if (xopURI != null) {
// Store the bytes in the attachment to calculate the signature
byte[] attachmentBytes = WSSecurityUtil.getBytesFromAttachment(xopURI, data);
String encodedBytes = Base64.encode(attachmentBytes);
- Element includeElement =
- WSSecurityUtil.getDirectChildElement(xencCipherValue, "Include", WSConstants.XOP_NS);
-
Node newCipherValueChild =
- encElement.getOwnerDocument().createTextNode(encodedBytes);
- xencCipherValue.replaceChild(newCipherValueChild, includeElement);
+ includeElement.getOwnerDocument().createTextNode(encodedBytes);
+ includeElement.getParentNode().replaceChild(newCipherValueChild, includeElement);
}
}
}
}
- }
-
- private boolean isXopInclude(Element element) {
- Element elementChild =
- WSSecurityUtil.getDirectChildElement(element, "Include", WSConstants.XOP_NS);
- if (elementChild != null && elementChild.hasAttributeNS(null, "href")) {
- String xopUri = elementChild.getAttributeNS(null, "href");
- if (xopUri != null && xopUri.startsWith("cid:")) {
- return true;
- }
- }
- return false;
- }
-
- private void handleXopInclude(Element element, WSDocInfo wsDocInfo) {
- List<WSSecurityEngineResult> actionResults = wsDocInfo.getResultsByTag(WSConstants.BST);
- if (actionResults != null) {
- for (WSSecurityEngineResult result : actionResults) {
- Element token = (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
- if (element.equals(token)) {
- BinarySecurity binarySecurity =
- (BinarySecurity)result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
- binarySecurity.encodeRawToken();
- return;
- }
- }
- }
}
/**