You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/02/27 13:48:56 UTC
svn commit: r748498 [3/3] - in /webservices/wss4j/trunk: keys/
src/org/apache/ws/security/message/ src/org/apache/ws/security/message/token/
src/org/apache/ws/security/processor/ src/org/apache/ws/security/transform/
test/ test/wssec/
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java?rev=748498&r1=748497&r2=748498&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java Fri Feb 27 12:48:54 2009
@@ -36,40 +36,40 @@
private static Log log = LogFactory.getLog(X509Util.class.getName());
public static boolean isContent(Node encBodyData) {
- /*
- * Depending on the encrypted data type (Content or Element) the encBodyData either
- * holds the element whose contents where encrypted, e.g. soapenv:Body, or the
- * xenc:EncryptedData element (in case of Element encryption). In either case we need
- * to get the xenc:EncryptedData element. So get it. The findElement method returns
- * immediately if its already the correct element.
- * Then we can get the Type attribute.
- */
-
- Element tmpE = (Element) WSSecurityUtil.findElement(encBodyData,
- "EncryptedData", WSConstants.ENC_NS);
- String typeStr = null;
- boolean content = true;
+ //
+ // Depending on the encrypted data type (Content or Element) the encBodyData either
+ // holds the element whose contents where encrypted, e.g. soapenv:Body, or the
+ // xenc:EncryptedData element (in case of Element encryption). In either case we need
+ // to get the xenc:EncryptedData element. So get it. The findElement method returns
+ // immediately if its already the correct element.
+ // Then we can get the Type attribute.
+ //
+ Element tmpE =
+ (Element) WSSecurityUtil.findElement(
+ encBodyData, "EncryptedData", WSConstants.ENC_NS
+ );
if (tmpE != null) {
- typeStr = tmpE.getAttribute("Type");
- }
- if (typeStr != null) {
- content = typeStr.equals(WSConstants.ENC_NS + "Content") ? true : false;
+ String typeStr = tmpE.getAttribute("Type");
+ if (typeStr != null) {
+ return typeStr.equals(WSConstants.ENC_NS + "Content");
+ }
}
- return content;
+ return true;
}
public static String getEncAlgo(Node encBodyData) throws WSSecurityException {
- Element tmpE = (Element) WSSecurityUtil.findElement(encBodyData,
- "EncryptionMethod", WSConstants.ENC_NS);
-
+ Element tmpE =
+ (Element) WSSecurityUtil.findElement(
+ encBodyData, "EncryptionMethod", WSConstants.ENC_NS
+ );
String symEncAlgo = null;
if (tmpE != null) {
symEncAlgo = tmpE.getAttribute("Algorithm");
- }
- if (symEncAlgo == null) {
- throw new WSSecurityException
- (WSSecurityException.UNSUPPORTED_ALGORITHM,
- "noEncAlgo");
+ if (symEncAlgo == null) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, "noEncAlgo"
+ );
+ }
}
if (log.isDebugEnabled()) {
log.debug("Sym Enc Algo: " + symEncAlgo);
@@ -77,47 +77,53 @@
return symEncAlgo;
}
- protected static SecretKey getSharedKey(Element keyInfoElem,
- String algorithm,
- CallbackHandler cb)
- throws WSSecurityException {
+ protected static SecretKey getSharedKey(
+ Element keyInfoElem,
+ String algorithm,
+ CallbackHandler cb
+ ) throws WSSecurityException {
String keyName = null;
- Element keyNmElem =
- (Element) WSSecurityUtil.getDirectChild(keyInfoElem,
- "KeyName",
- WSConstants.SIG_NS);
+ Element keyNmElem =
+ (Element) WSSecurityUtil.getDirectChild(
+ keyInfoElem, "KeyName", WSConstants.SIG_NS
+ );
if (keyNmElem != null) {
keyNmElem.normalize();
- Node tmpN;
- if ((tmpN = keyNmElem.getFirstChild()) != null
- && tmpN.getNodeType() == Node.TEXT_NODE) {
+ Node tmpN = keyNmElem.getFirstChild();
+ if (tmpN != null && tmpN.getNodeType() == Node.TEXT_NODE) {
keyName = tmpN.getNodeValue();
}
}
if (keyName == null) {
- throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
- "noKeyname");
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyname");
}
- WSPasswordCallback pwCb = new WSPasswordCallback(
- keyName, WSPasswordCallback.KEY_NAME);
+ WSPasswordCallback pwCb = new WSPasswordCallback(keyName, WSPasswordCallback.KEY_NAME);
Callback[] callbacks = new Callback[1];
callbacks[0] = pwCb;
try {
cb.handle(callbacks);
} catch (IOException e) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noPassword",
- new Object[]{keyName}, e);
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noPassword",
+ new Object[]{keyName},
+ e
+ );
} catch (UnsupportedCallbackException e) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noPassword",
- new Object[]{keyName}, e);
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noPassword",
+ new Object[]{keyName},
+ e
+ );
}
byte[] decryptedData = pwCb.getKey();
if (decryptedData == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noPassword",
- new Object[]{keyName});
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "noPassword",
+ new Object[]{keyName}
+ );
}
return WSSecurityUtil.prepareSecretKey(algorithm, decryptedData);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=748498&r1=748497&r2=748498&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Fri Feb 27 12:48:54 2009
@@ -95,9 +95,7 @@
* @throws InvalidCanonicalizerException
*/
protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input)
- throws IOException, CanonicalizationException,
- InvalidCanonicalizerException {
-
+ throws IOException, CanonicalizationException, InvalidCanonicalizerException {
doDebug = log.isDebugEnabled();
if (doDebug) {
@@ -105,45 +103,47 @@
}
try {
-
- /*
- * Get the main document, that is the complete SOAP request document
- */
+ //
+ // Get the main document, that is the complete SOAP request document
+ //
Document thisDoc = this._transformObject.getDocument();
int docHash = thisDoc.hashCode();
if (doDebug) {
log.debug("doc: " + thisDoc.toString() + ", " + docHash);
}
-
- /*
- * Here we get some information about the document that is being
- * processed, in particular the crypto implementation, and already
- * detected BST that may be used later during dereferencing.
- */
+ //
+ // Here we get some information about the document that is being
+ // processed, in particular the crypto implementation, and already
+ // detected BST that may be used later during dereferencing.
+ //
wsDocInfo = WSDocInfoStore.lookup(docHash);
if (wsDocInfo == null) {
throw (new CanonicalizationException("no WSDocInfo found"));
}
-
- /*
- * According to the OASIS WS Specification "Web Services Security:
- * SOAP Message Security 1.0" Monday, 19 January 2004, chapter 8.3
- * describes that the input node set must be processed by the c14n
- * that is specified in the argument element of the STRTransform
- * element.
- *
- * First step: Get the required c14n argument and get the specified
- * Canonicalizer
- */
-
+ //
+ // According to the OASIS WS Specification "Web Services Security:
+ // SOAP Message Security 1.0" Monday, 19 January 2004, chapter 8.3
+ // describes that the input node set must be processed by the c14n
+ // that is specified in the argument element of the STRTransform
+ // element.
+ //
+ // First step: Get the required c14n argument and get the specified
+ // Canonicalizer
+ //
String canonAlgo = null;
- if (this._transformObject.length(WSConstants.WSSE_NS,
- "TransformationParameters") == 1) {
- Element tmpE = XMLUtils.selectNode(this._transformObject
- .getElement().getFirstChild(), WSConstants.WSSE_NS,
- "TransformationParameters", 0);
- Element canonElem = (Element) WSSecurityUtil.getDirectChild(
- tmpE, "CanonicalizationMethod", WSConstants.SIG_NS);
+ if (this._transformObject.length(
+ WSConstants.WSSE_NS, "TransformationParameters") == 1) {
+ Element tmpE =
+ XMLUtils.selectNode(
+ this._transformObject.getElement().getFirstChild(),
+ WSConstants.WSSE_NS,
+ "TransformationParameters",
+ 0
+ );
+ Element canonElem =
+ (Element) WSSecurityUtil.getDirectChild(
+ tmpE, "CanonicalizationMethod", WSConstants.SIG_NS
+ );
canonAlgo = canonElem.getAttribute("Algorithm");
if (doDebug) {
log.debug("CanonAlgo: " + canonAlgo);
@@ -160,35 +160,36 @@
log.debug("canon bos: " + bos.toString());
}
- /*
- * Get the input (node) to transform. Currently we support only an
- * Element as input format. If other formats are required we must
- * get it as bytes and probably reparse it into a DOM tree (How to
- * work with nodesets? how to select the right node from a nodeset?)
- */
+ //
+ // Get the input (node) to transform. Currently we support only an
+ // Element as input format. If other formats are required we must
+ // get it as bytes and probably reparse it into a DOM tree (How to
+ // work with nodesets? how to select the right node from a nodeset?)
+ //
Element str = null;
if (input.isElement()) {
str = (Element) input.getSubNode();
} else {
- throw (new CanonicalizationException(
- "Wrong input format - only element input supported"));
+ throw new CanonicalizationException(
+ "Wrong input format - only element input supported"
+ );
}
if (doDebug) {
log.debug("STR: " + str.toString());
}
- /*
- * The element to transform MUST be a SecurityTokenReference
- * element.
- */
+ //
+ // The element to transform MUST be a SecurityTokenReference
+ // element.
+ //
SecurityTokenReference secRef = new SecurityTokenReference(str);
- /*
- * Third and forth step are performed by derefenceSTR()
- */
+ //
+ // Third and forth step are performed by derefenceSTR()
+ //
Element dereferencedToken = dereferenceSTR(thisDoc, secRef);
- /*
- * C14n with specified algorithm. According to WSS Specification.
- */
+ //
+ // C14n with specified algorithm. According to WSS Specification.
+ //
buf = canon.canonicalizeSubtree(dereferencedToken, "#default");
if (doDebug) {
bos = new ByteArrayOutputStream(buf.length);
@@ -196,15 +197,15 @@
log.debug("after c14n: " + bos.toString());
}
- /*
- * Alert: Hacks ahead According to WSS spec an Apex node must
- * contain a default namespace. If none is availabe in the first
- * node of the c14n output (this is the apex element) then we do
- * some editing to insert an empty default namespace
- *
- * TODO: Rework theses hacks after c14n was updated and can be
- * instructed to insert empty default namespace if required
- */
+ //
+ // Alert: Hacks ahead According to WSS spec an Apex node must
+ // contain a default namespace. If none is availabe in the first
+ // node of the c14n output (this is the apex element) then we do
+ // some editing to insert an empty default namespace
+ //
+ // TODO: Rework theses hacks after c14n was updated and can be
+ // instructed to insert empty default namespace if required
+ //
// If the problem with c14n method is solved then just do:
// return new XMLSignatureInput(buf);
@@ -212,19 +213,19 @@
StringBuffer bf = new StringBuffer(new String(buf));
String bf1 = bf.toString();
- /*
- * Find start and end of first element <....>, this is the Apex node
- */
+ //
+ // Find start and end of first element <....>, this is the Apex node
+ //
int gt = bf1.indexOf(">");
- /*
- * Lookup the default namespace
- */
+ //
+ // Lookup the default namespace
+ //
int idx = bf1.indexOf(XMLNS);
- /*
- * If none found or if it is outside of this (Apex) element look for
- * first blank in, insert default namespace there (this is the
- * correct place according to c14n specification)
- */
+ //
+ // If none found or if it is outside of this (Apex) element look for
+ // first blank in, insert default namespace there (this is the
+ // correct place according to c14n specification)
+ //
if (idx < 0 || idx > gt) {
idx = bf1.indexOf(" ");
bf.insert(idx + 1, "xmlns=\"\" ");
@@ -239,67 +240,64 @@
// End of HACK
catch (WSSecurityException ex) {
throw (new CanonicalizationException("WS Security Exception", ex));
-
}
}
private Element dereferenceSTR(Document doc, SecurityTokenReference secRef)
- throws WSSecurityException {
-
- /*
- * Third step: locate the security token referenced by the STR element.
- * Either the Token is contained in the document as a
- * BinarySecurityToken or stored in some key storage.
- *
- * Forth step: after security token was located, prepare it. If its
- * reference via a direct reference, i.e. a relative URI that references
- * the BST directly in the message then just return that element.
- * Otherwise wrap the located token in a newly created BST element as
- * described in WSS Specification.
- *
- */
+ throws WSSecurityException {
+ //
+ // Third step: locate the security token referenced by the STR element.
+ // Either the Token is contained in the document as a
+ // BinarySecurityToken or stored in some key storage.
+ //
+ // Fourth step: after security token was located, prepare it. If its
+ // reference via a direct reference, i.e. a relative URI that references
+ // the BST directly in the message then just return that element.
+ // Otherwise wrap the located token in a newly created BST element as
+ // described in WSS Specification.
+ //
+ //
Element tokElement = null;
- /*
- * First case: direct reference, according to chap 7.2 of OASIS WS
- * specification (main document). Only in this case return a true
- * reference to the BST. Copying is done by the caller.
- */
+ //
+ // First case: direct reference, according to chap 7.2 of OASIS WS
+ // specification (main document). Only in this case return a true
+ // reference to the BST. Copying is done by the caller.
+ //
if (secRef.containsReference()) {
if (doDebug) {
log.debug("STR: Reference");
}
tokElement = secRef.getTokenElement(doc, wsDocInfo, null);
}
- /*
- * second case: IssuerSerial, lookup in keystore, wrap in BST according
- * to specification
- */
+ //
+ // second case: IssuerSerial, lookup in keystore, wrap in BST according
+ // to specification
+ //
else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
if (doDebug) {
log.debug("STR: IssuerSerial");
}
X509Certificate cert = null;
- X509Certificate[] certs = secRef.getX509IssuerSerial(wsDocInfo
- .getCrypto());
+ X509Certificate[] certs =
+ secRef.getX509IssuerSerial(wsDocInfo.getCrypto());
if (certs == null || certs.length == 0 || certs[0] == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
cert = certs[0];
tokElement = createBSTX509(doc, cert, secRef.getElement());
}
- /*
- * third case: KeyIdentifier, must be SKI, lookup in keystore, wrap in
- * BST according to specification. No other KeyIdentifier type handled
- * here - just SKI
- */
+ //
+ // third case: KeyIdentifier, must be SKI, lookup in keystore, wrap in
+ // BST according to specification. No other KeyIdentifier type handled
+ // here - just SKI
+ //
else if (secRef.containsKeyIdentifier()) {
if (doDebug) {
log.debug("STR: KeyIdentifier");
}
X509Certificate cert = null;
- X509Certificate[] certs = secRef.getKeyIdentifier(wsDocInfo
- .getCrypto());
+ X509Certificate[] certs = secRef.getKeyIdentifier(wsDocInfo.getCrypto());
if (certs == null || certs.length == 0 || certs[0] == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
@@ -309,9 +307,8 @@
return (Element) tokElement;
}
- private Element createBSTX509(Document doc, X509Certificate cert,
- Element secRefE) throws WSSecurityException {
-
+ private Element createBSTX509(Document doc, X509Certificate cert, Element secRefE)
+ throws WSSecurityException {
byte data[];
try {
data = cert.getEncoded();
@@ -320,20 +317,14 @@
WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e
);
}
- String prefix = WSSecurityUtil
- .getPrefixNS(WSConstants.WSSE_NS, secRefE);
- Element elem = doc.createElementNS(WSConstants.WSSE_NS, prefix
- + ":BinarySecurityToken");
+ String prefix = WSSecurityUtil.getPrefixNS(WSConstants.WSSE_NS, secRefE);
+ Element elem = doc.createElementNS(WSConstants.WSSE_NS, prefix + ":BinarySecurityToken");
WSSecurityUtil.setNamespace(elem, WSConstants.WSSE_NS, prefix);
// elem.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "");
- if (cert.getVersion() == 1) {
- elem.setAttributeNS(null, "ValueType", X509Security.X509_V1_TYPE);
- } else {
- elem.setAttributeNS(null, "ValueType", X509Security.X509_V3_TYPE);
- }
- Text certText = doc.createTextNode(Base64.encode(data)); // no line
- // wrap
+ elem.setAttributeNS(null, "ValueType", X509Security.X509_V3_TYPE);
+ Text certText = doc.createTextNode(Base64.encode(data)); // no line wrap
elem.appendChild(certText);
return elem;
}
+
}
Modified: webservices/wss4j/trunk/test/wssec/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/PackageTests.java?rev=748498&r1=748497&r2=748498&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/PackageTests.java (original)
+++ webservices/wss4j/trunk/test/wssec/PackageTests.java Fri Feb 27 12:48:54 2009
@@ -71,7 +71,6 @@
suite.addTestSuite(TestWSSecurityNewST3.class);
suite.addTestSuite(TestWSSecurityNewDK.class);
suite.addTestSuite(TestWSSecurityNewSCT.class);
- suite.addTestSuite(TestWSSecurityX509v1.class);
suite.addTestSuite(TestWSSecurityUserProcessor.class);
suite.addTestSuite(TestWSSecurityFaultCodes.class);
suite.addTestSuite(TestWSSecurityUTDK.class);
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org