You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2012/11/12 15:23:20 UTC
svn commit: r1408300 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/ws/security/common/saml/
ws-security-dom/src/main/java/org/apache/ws/security/dom/action/
ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/pr...
Author: giger
Date: Mon Nov 12 14:23:19 2012
New Revision: 1408300
URL: http://svn.apache.org/viewvc?rev=1408300&view=rev
Log:
WSS-354 - Add support for specifying different algs for sign or c14n a SAML Assertion in the streaming code.
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/AssertionWrapper.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/SAMLCallback.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SAMLTokenSignedAction.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/AssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/AssertionWrapper.java?rev=1408300&r1=1408299&r2=1408300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/AssertionWrapper.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/AssertionWrapper.java Mon Nov 12 14:23:19 2012
@@ -429,8 +429,12 @@ public class AssertionWrapper {
// Create the signature
//
Signature signature = OpenSAMLUtil.buildSignature();
- signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm);
- LOG.debug("Using Canonicalization algorithm " + canonicalizationAlgorithm);
+ String c14nAlgo = canonicalizationAlgorithm;
+ if (c14nAlgo == null) {
+ c14nAlgo = defaultCanonicalizationAlgorithm;
+ }
+ signature.setCanonicalizationAlgorithm(c14nAlgo);
+ LOG.debug("Using Canonicalization algorithm " + c14nAlgo);
// prepare to sign the SAML token
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(issuerKeyName);
@@ -442,6 +446,9 @@ public class AssertionWrapper {
}
String sigAlgo = signatureAlgorithm;
+ if (sigAlgo == null) {
+ sigAlgo = defaultRSASignatureAlgorithm;
+ }
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
if (LOG.isDebugEnabled()) {
LOG.debug("automatic sig algo detection: " + pubKeyAlgo);
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/SAMLCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/SAMLCallback.java?rev=1408300&r1=1408299&r2=1408300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/SAMLCallback.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/ws/security/common/saml/SAMLCallback.java Mon Nov 12 14:23:19 2012
@@ -91,6 +91,10 @@ public class SAMLCallback implements Cal
private boolean sendKeyValue;
+ private String canonicalizationAlgorithm;
+
+ private String signatureAlgorithm;
+
/**
* Constructor SAMLCallback creates a new SAMLCallback instance.
*/
@@ -294,4 +298,19 @@ public class SAMLCallback implements Cal
this.sendKeyValue = sendKeyValue;
}
+ public String getCanonicalizationAlgorithm() {
+ return canonicalizationAlgorithm;
+ }
+
+ public void setCanonicalizationAlgorithm(String canonicalizationAlgorithm) {
+ this.canonicalizationAlgorithm = canonicalizationAlgorithm;
+ }
+
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SAMLTokenSignedAction.java?rev=1408300&r1=1408299&r2=1408300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SAMLTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SAMLTokenSignedAction.java Mon Nov 12 14:23:19 2012
@@ -77,7 +77,9 @@ public class SAMLTokenSignedAction imple
samlCallback.getIssuerKeyName(),
samlCallback.getIssuerKeyPassword(),
samlCallback.getIssuerCrypto(),
- samlCallback.isSendKeyValue()
+ samlCallback.isSendKeyValue(),
+ samlCallback.getCanonicalizationAlgorithm(),
+ samlCallback.getSignatureAlgorithm()
);
}
WSSecSignatureSAML wsSign = new WSSecSignatureSAML(reqData.getWssConfig());
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1408300&r1=1408299&r2=1408300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/SAMLTokenOutputProcessor.java Mon Nov 12 14:23:19 2012
@@ -69,13 +69,14 @@ public class SAMLTokenOutputProcessor ex
SAMLUtil.doSAMLCallback(((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(), samlCallback);
AssertionWrapper samlAssertionWrapper = new AssertionWrapper(samlCallback);
- // todo support setting signature and c14n algorithms
if (samlCallback.isSignAssertion()) {
samlAssertionWrapper.signAssertion(
samlCallback.getIssuerKeyName(),
samlCallback.getIssuerKeyPassword(),
samlCallback.getIssuerCrypto(),
- samlCallback.isSendKeyValue()
+ samlCallback.isSendKeyValue(),
+ samlCallback.getCanonicalizationAlgorithm(),
+ samlCallback.getSignatureAlgorithm()
);
}