You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by we...@apache.org on 2007/08/16 15:39:30 UTC

svn commit: r566708 - in /webservices/wss4j/trunk/src/org/apache/ws/security: message/token/UsernameToken.java processor/SignatureProcessor.java processor/UsernameTokenProcessor.java

Author: werner
Date: Thu Aug 16 06:39:29 2007
New Revision: 566708

URL: http://svn.apache.org/viewvc?view=rev&rev=566708
Log:
Enhance to use digest password type for UsernameToken signature, add
functions and enhancements to handle it on the server side as well.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java Thu Aug 16 06:39:29 2007
@@ -329,7 +329,7 @@
 
     /**
      * Gets the password string. This is the password as it is in the password
-     * element of a username, token. Thus it can be either plain text or the
+     * element of a username token. Thus it can be either plain text or the
      * password digest value.
      * 
      * @return the password string or <code>null</code> if no such node
@@ -418,6 +418,15 @@
         }
     }
 
+    /**
+     * Set the raw (plain text) password used to compute secret key.
+     * 
+     * @param raw_password the raw_password to set
+     */
+    public void setRawPassword(String raw_password) {
+        this.raw_password = raw_password;
+    }
+    
     public static String doPasswordDigest(String nonce, String created,
             String password) {
         String passwdDigest = null;

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Thu Aug 16 06:39:29 2007
@@ -203,14 +203,17 @@
                 QName el = new QName(token.getNamespaceURI(), token
                         .getLocalName());
                 if (el.equals(WSSecurityEngine.usernameToken)) {
-                    ut = new UsernameToken(token);
+                    String id = token.getAttributeNS(WSConstants.WSU_NS, "Id");
+                    UsernameTokenProcessor utProcessor = 
+                        (UsernameTokenProcessor) wsDocInfo.getProcessor(id);
+                    ut = utProcessor.getUt();
                     secretKey = ut.getSecretKey();
                 } else if(el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_02) ||
                         el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_12)) {
                     dkt = new DerivedKeyToken(token);
                     String id = dkt.getID();
-                    DerivedKeyTokenProcessor dktProcessor = (DerivedKeyTokenProcessor) wsDocInfo
-                            .getProcessor(id);
+                    DerivedKeyTokenProcessor dktProcessor = 
+                        (DerivedKeyTokenProcessor) wsDocInfo.getProcessor(id);
                     String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
                     int keyLength = (dkt.getLength() > 0) ? dkt.getLength() : 
                         WSSecurityUtil.getKeyLength(signatureMethodURI);

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?view=diff&rev=566708&r1=566707&r2=566708
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Thu Aug 16 06:39:29 2007
@@ -41,6 +41,7 @@
     private static Log log = LogFactory.getLog(UsernameTokenProcessor.class.getName());
 
     private String utId;
+    private UsernameToken ut;
     
     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
         if (log.isDebugEnabled()) {
@@ -75,7 +76,7 @@
      * @throws WSSecurityException
      */
     public WSUsernameTokenPrincipal handleUsernameToken(Element token, CallbackHandler cb) throws WSSecurityException {
-        UsernameToken ut = new UsernameToken(token);
+        ut = new UsernameToken(token);
         String user = ut.getName();
         String password = ut.getPassword();
         String nonce = ut.getNonce();
@@ -87,6 +88,8 @@
         }
 
         Callback[] callbacks = new Callback[1];
+        String origPassword = null;
+        
         if (ut.isHashed()) {
             if (cb == null) {
                 throw new WSSecurityException(WSSecurityException.FAILURE,
@@ -106,7 +109,7 @@
                         "noPassword",
                         new Object[]{user}, e);
             }
-            String origPassword = pwCb.getPassword();
+            origPassword = pwCb.getPassword();
             if (log.isDebugEnabled()) {
                 log.debug("UsernameToken callback password " + origPassword);
             }
@@ -120,6 +123,7 @@
                     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
                 }
             }
+            ut.setRawPassword(origPassword);
         } else if (cb != null) {
             WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
                     pwType, WSPasswordCallback.USERNAME_TOKEN_UNKNOWN);
@@ -133,8 +137,8 @@
                 throw new WSSecurityException(WSSecurityException.FAILURE,
                         "noPassword", new Object[]{user});
             }
+            ut.setRawPassword(password);
         }
-
         WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(user, ut.isHashed());
         principal.setNonce(nonce);
         principal.setPassword(password);
@@ -149,5 +153,14 @@
      */
     public String getId() {
     	return utId;
+    }
+
+    /**
+     * Get the processed USernameToken.
+     * 
+     * @return the ut
+     */
+    public UsernameToken getUt() {
+        return ut;
     }    
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org