You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/07/01 12:40:10 UTC
svn commit: r790106 - in /webservices/wss4j/branches/1_5_x-fixes:
src/org/apache/ws/security/ src/org/apache/ws/security/processor/ test/wssec/
Author: coheigea
Date: Wed Jul 1 10:40:09 2009
New Revision: 790106
URL: http://svn.apache.org/viewvc?rev=790106&view=rev
Log:
[WSS-198] - Applied patch from Stefan Vladov
- I made some minor changes to the patch and added a basic test.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSEncryptionPart.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java?rev=790106&r1=790105&r2=790106&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java Wed Jul 1 10:40:09 2009
@@ -51,6 +51,13 @@
*/
private QName name;
+ /**
+ * An xpath expression pointing to the data element
+ */
+ private String xpath;
+
+ private boolean content;
+
/**
* @param dataref reference by which the Encrypted Data was referred
@@ -147,5 +154,32 @@
return protectedElement;
}
+ /**
+ * @return the xpath
+ */
+ public String getXpath() {
+ return xpath;
+ }
+
+ /**
+ * @param xpath the xpath to set
+ */
+ public void setXpath(String xpath) {
+ this.xpath = xpath;
+ }
+
+ /**
+ * @return the content
+ */
+ public boolean isContent() {
+ return content;
+ }
+
+ /**
+ * @param content the content to set
+ */
+ public void setContent(boolean content) {
+ this.content = content;
+ }
}
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSEncryptionPart.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSEncryptionPart.java?rev=790106&r1=790105&r2=790106&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSEncryptionPart.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSEncryptionPart.java Wed Jul 1 10:40:09 2009
@@ -29,6 +29,13 @@
private String id;
/**
+ * An xpath expression pointing to the data element
+ * that may be specified in case the encryption part is of type
+ * <code>org.apache.ws.security.WSConstants.PART_TYPE_ELEMENT</code>
+ */
+ private String xpath;
+
+ /**
* Types of WSEncryptionPart
* <code>org.apache.ws.security.WSConstants.PART_TYPE_HEADER</code>
* <code>org.apache.ws.security.WSConstants.PART_TYPE_BODY</code>
@@ -188,5 +195,18 @@
public void setType(int type) {
this.type = type;
}
-
+
+ /**
+ * @return the xpath
+ */
+ public String getXpath() {
+ return xpath;
+ }
+
+ /**
+ * @param xpath the xpath to set
+ */
+ public void setXpath(String xpath) {
+ this.xpath = xpath;
+ }
}
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=790106&r1=790105&r2=790106&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java Wed Jul 1 10:40:09 2009
@@ -41,6 +41,7 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -225,6 +226,8 @@
WSDataRef dataRef = new WSDataRef(dataRefURI);
dataRef.setWsuId(dataRefURI);
boolean content = X509Util.isContent(encData);
+ dataRef.setContent(content);
+
Node parent = encData.getParentNode();
Node previousSibling = encData.getPreviousSibling();
if (content) {
@@ -246,8 +249,10 @@
parent.getParentNode().appendChild(decryptedHeaderClone);
parent.getParentNode().removeChild(parent);
dataRef.setProtectedElement(decryptedHeaderClone);
+ dataRef.setXpath(getXPath(decryptedHeader));
} else if (content) {
dataRef.setProtectedElement(encData);
+ dataRef.setXpath(getXPath(encData));
} else {
Node decryptedNode;
if (previousSibling == null) {
@@ -258,6 +263,7 @@
if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType()) {
dataRef.setProtectedElement((Element)decryptedNode);
}
+ dataRef.setXpath(getXPath(decryptedNode));
}
return dataRef;
@@ -374,4 +380,53 @@
return null;
}
+
+ /**
+ * @param decryptedNode the decrypted node
+ * @return a fully built xpath
+ * (eg. "/soapenv:Envelope/soapenv:Body/ns:decryptedElement")
+ * if the decryptedNode is an Element or an Attr node and is not detached
+ * from the document. <code>null</code> otherwise
+ */
+ private static String getXPath(Node decryptedNode) {
+ if (decryptedNode == null) {
+ return null;
+ }
+
+ String result = "";
+ if (Node.ELEMENT_NODE == decryptedNode.getNodeType()) {
+ result = decryptedNode.getNodeName();
+ result = prependFullPath(result, decryptedNode.getParentNode());
+ } else if (Node.ATTRIBUTE_NODE == decryptedNode.getNodeType()) {
+ result = "@" + decryptedNode.getNodeName();
+ result = prependFullPath(result, ((Attr)decryptedNode).getOwnerElement());
+ } else {
+ return null;
+ }
+
+ return result;
+ }
+
+
+ /**
+ * Recursively build an absolute xpath (starting with the root "/")
+ *
+ * @param xpath the xpath expression built so far
+ * @param node the current node whose name is to be prepended
+ * @return a fully built xpath
+ */
+ private static String prependFullPath(String xpath, Node node) {
+ if (node == null) {
+ // probably a detached node... not really useful
+ return null;
+ } else if (Node.ELEMENT_NODE == node.getNodeType()) {
+ xpath = node.getNodeName() + "/" + xpath;
+ return prependFullPath(xpath, node.getParentNode());
+ } else if (Node.DOCUMENT_NODE == node.getNodeType()) {
+ return "/" + xpath;
+ } else {
+ return prependFullPath(xpath, node.getParentNode());
+ }
+ }
+
}
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java?rev=790106&r1=790105&r2=790106&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityEncryptionParts.java Wed Jul 1 10:40:09 2009
@@ -28,15 +28,18 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -145,7 +148,17 @@
LOG.debug(outputString);
}
- verify(encryptedDoc);
+ Vector results = verify(encryptedDoc);
+
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
+ assertTrue(actionResult != null);
+ final java.util.List refs =
+ (java.util.List) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ assertTrue(actionResult != null && !actionResult.isEmpty());
+ WSDataRef wsDataRef = (WSDataRef)refs.get(0);
+ String xpath = wsDataRef.getXpath();
+ assertEquals("/soapenv:Envelope/soapenv:Header/foo:foobar", xpath);
}
@@ -298,14 +311,15 @@
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
- private void verify(Document doc) throws Exception {
- secEngine.processSecurityHeader(doc, null, this, crypto);
+ private Vector verify(Document doc) throws Exception {
+ Vector results = secEngine.processSecurityHeader(doc, null, this, crypto);
if (LOG.isDebugEnabled()) {
LOG.debug("Verified and decrypted message:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+ return results;
}
public void handle(Callback[] callbacks)
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org