You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2010/01/20 12:46:03 UTC
svn commit: r901147 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/action/SAMLTokenSignedAction.java
src/org/apache/ws/security/saml/WSSecSignatureSAML.java
test/wssec/TestWSSecurityNewST3.java
Author: coheigea
Date: Wed Jan 20 11:46:02 2010
New Revision: 901147
URL: http://svn.apache.org/viewvc?rev=901147&view=rev
Log:
[WSS-224] - SAMLTokenSignedAction and WSSecSignatureSAML do not honor signature algorithm or digest algorithm from WSSHandler configuration
- Patch applied, thanks.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SAMLTokenSignedAction.java?rev=901147&r1=901146&r2=901147&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SAMLTokenSignedAction.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SAMLTokenSignedAction.java Wed Jan 20 11:46:02 2010
@@ -84,6 +84,12 @@
if (reqData.getSigKeyId() != 0) {
wsSign.setKeyIdentifierType(reqData.getSigKeyId());
}
+ if (reqData.getSigAlgorithm() != null) {
+ wsSign.setSignatureAlgorithm(reqData.getSigAlgorithm());
+ }
+ if (reqData.getSigDigestAlgorithm() != null) {
+ wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
+ }
/*
* required to add support for the
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=901147&r1=901146&r2=901147&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Wed Jan 20 11:46:02 2010
@@ -532,7 +532,7 @@
getInclusivePrefixes(toSignById)
).getElement());
}
- sig.addDocument("#" + idToSign, transforms);
+ sig.addDocument("#" + idToSign, transforms, this.getDigestAlgo());
} else if (elemName.equals("Token")) {
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
@@ -543,7 +543,7 @@
getInclusivePrefixes(secHeader.getSecurityHeader())
).getElement());
}
- sig.addDocument("#" + certUri, transforms);
+ sig.addDocument("#" + certUri, transforms, this.getDigestAlgo());
} else {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
@@ -552,12 +552,12 @@
getInclusivePrefixes(keyInfo.getElement())
).getElement());
}
- sig.addDocument("#" + keyInfoUri, transforms);
+ sig.addDocument("#" + keyInfoUri, transforms, this.getDigestAlgo());
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(document);
transforms.addTransform(STRTransform.implementedTransformURI, ctx);
- sig.addDocument("#" + strUri, transforms);
+ sig.addDocument("#" + strUri, transforms, this.getDigestAlgo());
} else {
Element body =
(Element) WSSecurityUtil.findElement(envelope, elemName, nmSpace);
@@ -575,7 +575,7 @@
getInclusivePrefixes(body)
).getElement());
}
- sig.addDocument("#" + setWsuId(body), transforms);
+ sig.addDocument("#" + setWsuId(body), transforms, this.getDigestAlgo());
}
} catch (TransformationException e1) {
throw new WSSecurityException(
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java?rev=901147&r1=901146&r2=901147&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java Wed Jan 20 11:46:02 2010
@@ -135,6 +135,8 @@
SAMLAssertion assertion = saml.newAssertion();
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+ wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
+ wsSign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
wsSign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
@@ -149,12 +151,14 @@
Document signedDoc = wsSign.build(doc, crypto, assertion, null, null, null, secHeader);
LOG.info("After SAMLSignedKeyHolder....");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("Signed SAML message (key holder):");
- String outputString =
- org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
+ assertTrue(outputString.indexOf("http://www.w3.org/2001/04/xmlenc#sha256") != -1);
+ assertTrue(outputString.indexOf("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") != -1);
Vector results = verify(signedDoc);
WSSecurityEngineResult actionResult =
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org