You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/06/17 18:03:17 UTC
svn commit: r1493827 - in
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax:
./ ext/ impl/processor/output/
Author: coheigea
Date: Mon Jun 17 16:03:17 2013
New Revision: 1493827
URL: http://svn.apache.org/r1493827
Log:
Support the ability to disable encrypting a symmetric key plus some misc stuff to support SymmetricBinding policies
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Mon Jun 17 16:03:17 2013
@@ -421,6 +421,10 @@ public final class ConfigurationConverte
boolean enableNonceCache =
decodeBooleanConfigValue(ConfigurationConstants.ENABLE_NONCE_CACHE, true, config);
properties.setEnableNonceReplayCache(enableNonceCache);
+
+ boolean encryptSymmetricEncryptionKey =
+ decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY, true, config);
+ properties.setEncryptSymmetricEncrytionKey(encryptSymmetricEncryptionKey);
}
private static void parseNonBooleanProperties(
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java Mon Jun 17 16:03:17 2013
@@ -139,12 +139,14 @@ public class WSSec {
if (securityProperties.getEncryptionUseThisCertificate() == null
&& securityProperties.getEncryptionKeyStore() == null
&& securityProperties.getEncryptionCryptoProperties() == null
- && !securityProperties.isUseReqSigCertForEncryption()) {
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "encryptionKeyStoreNotSet");
}
if (securityProperties.getEncryptionUser() == null
&& securityProperties.getEncryptionUseThisCertificate() == null
- && !securityProperties.isUseReqSigCertForEncryption()) {
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noEncryptionUser");
}
if (securityProperties.getEncryptionSymAlgorithm() == null) {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java Mon Jun 17 16:03:17 2013
@@ -152,12 +152,14 @@ public class OutboundWSSec {
initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
} else if (WSSConstants.ENCRYPT.equals(action)) {
- final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
+ if (securityProperties.isEncryptSymmetricEncrytionKey()) {
+ final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor, action);
- final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
+ final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor, action);
+ }
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor, action);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Mon Jun 17 16:03:17 2013
@@ -68,6 +68,7 @@ public class WSSSecurityProperties exten
private Integer derivedKeyIterations = 1000;
private boolean addUsernameTokenNonce;
private boolean addUsernameTokenCreated;
+ private boolean encryptSymmetricEncrytionKey = true;
/**
* This variable controls whether types other than PasswordDigest or PasswordText
@@ -156,6 +157,7 @@ public class WSSSecurityProperties exten
this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
+ this.encryptSymmetricEncrytionKey = wssSecurityProperties.encryptSymmetricEncrytionKey;
}
/**
@@ -839,5 +841,13 @@ public class WSSSecurityProperties exten
public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
this.enableNonceReplayCache = enableNonceReplayCache;
}
+
+ public boolean isEncryptSymmetricEncrytionKey() {
+ return encryptSymmetricEncrytionKey;
+ }
+
+ public void setEncryptSymmetricEncrytionKey(boolean encryptSymmetricEncrytionKey) {
+ this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java Mon Jun 17 16:03:17 2013
@@ -45,7 +45,8 @@ public class EncryptEndingOutputProcesso
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey()) {
WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
}
}
@@ -65,7 +66,8 @@ public class EncryptEndingOutputProcesso
case XMLStreamConstants.START_ELEMENT:
if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey()) {
WSSUtils.updateSecurityHeaderOrder(
outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList, getAction(), true);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java Mon Jun 17 16:03:17 2013
@@ -117,7 +117,7 @@ public class EncryptOutputProcessor exte
}
/**
- * Processor which handles the effective enryption of the data
+ * Processor which handles the effective encryption of the data
*/
class InternalEncryptionOutputProcessor extends AbstractInternalEncryptionOutputProcessor {
@@ -207,12 +207,17 @@ public class EncryptOutputProcessor exte
@Override
protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(
((WSSSecurityProperties) getSecurityProperties()).getEncryptionKeyIdentifier())) {
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
+
WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
} else {
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, attributes);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java Mon Jun 17 16:03:17 2013
@@ -111,7 +111,7 @@ public class SecurityHeaderReorderProces
subOutputProcessorChain.reset();
subOutputProcessorChain.processEvent(event);
}
- //remove the actual header so that it won't be outputted twice in the loop below
+ //remove the actual header so that it won't be output twice in the loop below
entryIterator.remove();
}
//... the action is encryption and...