You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/05 18:12:11 UTC
cxf git commit: Add support to disable inclusive prefixes with
WS-SecurityPolicy
Repository: cxf
Updated Branches:
refs/heads/master e9fa213b9 -> 698a3ca50
Add support to disable inclusive prefixes with WS-SecurityPolicy
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/698a3ca5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/698a3ca5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/698a3ca5
Branch: refs/heads/master
Commit: 698a3ca50a686eb72521f2ae5f8fe919b03be37e
Parents: e9fa213
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 5 17:11:37 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 5 17:12:07 2016 +0100
----------------------------------------------------------------------
.../cxf/ws/security/SecurityConstants.java | 6 ++++
.../policyhandlers/AbstractBindingBuilder.java | 7 +++++
.../AbstractStaxBindingHandler.java | 5 ++++
.../AsymmetricBindingHandler.java | 7 +++++
.../policyhandlers/SymmetricBindingHandler.java | 15 ++++++++++
.../cxf/systest/ws/x509/X509TokenTest.java | 29 ++++++++++++++++++++
6 files changed, 69 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index f431a14..e13dff3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -139,6 +139,12 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
* hence set this configuration option to "false" in this case.
*/
public static final String USE_STR_TRANSFORM = "ws-security.use.str.transform";
+
+ /**
+ * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating
+ * Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".
+ */
+ public static final String ADD_INCLUSIVE_PREFIXES = "ws-security.add.inclusive.prefixes";
//
// Non-boolean WS-Security Configuration parameters
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 4d2f2c5..27254df 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1808,6 +1808,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+ boolean includePrefixes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+ );
+ sig.setAddInclusivePrefixes(includePrefixes);
+
try {
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
} catch (WSSecurityException e) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 70d377f..4b71628 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -548,6 +548,11 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
properties.setSignatureDigestAlgorithm(algType.getDigest());
// sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+ boolean includePrefixes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+ );
+ properties.setAddExcC14NInclusivePrefixes(includePrefixes);
}
protected WSSecurityTokenConstants.KeyIdentifier getKeyIdentifierType(
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ea62f2d..963b4db 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -38,6 +38,7 @@ import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -650,6 +651,12 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
+ boolean includePrefixes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+ );
+ dkSign.setAddInclusivePrefixes(includePrefixes);
+
try {
dkSign.prepare(saaj.getSOAPPart(), secHeader);
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index bbdbd69..46e5301 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -35,6 +35,7 @@ import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
@@ -700,6 +701,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDigestAlgorithm(algType.getDigest());
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
+
+ boolean includePrefixes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+ );
+ dkSign.setAddInclusivePrefixes(includePrefixes);
+
if (tok.getSHA1() != null) {
//Set the value type of the reference
String tokenType = tok.getTokenType();
@@ -858,6 +866,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+
+ boolean includePrefixes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+ );
+ sig.setAddInclusivePrefixes(includePrefixes);
+
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
http://git-wip-us.apache.org/repos/asf/cxf/blob/698a3ca5/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 4fb6422..7e250e9 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -284,6 +284,35 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testKeyIdentifierInclusivePrefixes() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, test.getPort());
+
+ ((BindingProvider)x509Port).getRequestContext().put(SecurityConstants.ADD_INCLUSIVE_PREFIXES, "false");
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(x509Port);
+ }
+
+ x509Port.doubleIt(25);
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testIntermediary() throws Exception {
if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {