You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/25 14:44:19 UTC
svn commit: r1475728 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/
ws-security-common/src/main/java/org/apache/wss4j/common/util/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src...
Author: coheigea
Date: Thu Apr 25 12:44:18 2013
New Revision: 1475728
URL: http://svn.apache.org/r1475728
Log:
Part I of a merge to be able to configure the StaX code via the same approach as WSHandler in the DOM layer
Added:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
- copied, changed from r1471340, webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/StringUtil.java
- copied, changed from r1471340, webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/StringUtil.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Removed:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/StringUtil.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
Copied: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java (from r1471340, webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?p2=webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java&p1=webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java&r1=1471340&r2=1475728&rev=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java Thu Apr 25 12:44:18 2013
@@ -16,45 +16,33 @@
* specific language governing permissions and limitations
* under the License.
*/
-
-package org.apache.wss4j.dom.handler;
-
-import org.apache.wss4j.dom.WSConstants;
-
-import java.util.HashMap;
-import java.util.Map;
+package org.apache.wss4j.common;
/**
- * This class defines the names, actions, and other string for the deployment
- * data of the WS handler.
+ * This class defines Configuration Constants that are shared between the DOM + StAX code. This
+ * allows a user to configure both layers in the same way (e.g. via a Map).
*/
-public final class WSHandlerConstants {
+public final class ConfigurationConstants {
+
+ private ConfigurationConstants() {
+ // complete
+ }
//
// Action configuration tags
//
- private WSHandlerConstants() {
- // Complete
- }
-
/**
- * The action parameter. The handlers use the value of this parameter to determine how
- * to process the SOAP Envelope. It is a blank separated list of actions to perform.
+ * The action parameter. It is a blank separated list of actions to perform.
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
+ * call.setProperty(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN);
* </pre>
*/
public static final String ACTION = "action";
/**
- * Perform no action.
- */
- public static final String NO_SECURITY = "NoSecurity";
-
- /**
* Perform a UsernameToken action.
*/
public static final String USERNAME_TOKEN = "UsernameToken";
@@ -109,7 +97,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ACTOR, "ActorName");
+ * call.setProperty(ConfigurationConstants.ACTOR, "ActorName");
* </pre>
*/
public static final String ACTOR = "actor";
@@ -145,7 +133,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENCRYPTION_USER, "encryptionUser");
+ * call.setProperty(ConfigurationConstants.ENCRYPTION_USER, "encryptionUser");
* </pre>
*/
public static final String ENCRYPTION_USER = "encryptionUser";
@@ -159,7 +147,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.SIGNATURE_USER, "signatureUser");
+ * call.setProperty(ConfigurationConstants.SIGNATURE_USER, "signatureUser");
* </pre>
*/
public static final String SIGNATURE_USER = "signatureUser";
@@ -173,7 +161,6 @@ public final class WSHandlerConstants {
* a large extend.
*/
public static final String USE_REQ_SIG_CERT = "useReqSigCert";
-
//
// Callback class and property file properties
@@ -193,7 +180,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "PWCallbackClass");
+ * call.setProperty(ConfigurationConstants.PW_CALLBACK_CLASS, "PWCallbackClass");
* </pre>
*/
public static final String PW_CALLBACK_CLASS = "passwordCallbackClass";
@@ -257,7 +244,7 @@ public final class WSHandlerConstants {
* </p>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.SIG_PROP_FILE, "myCrypto.properties");
+ * call.setProperty(ConfigurationConstants.SIG_PROP_FILE, "myCrypto.properties");
* </pre>
*/
public static final String SIG_PROP_FILE = "signaturePropFile";
@@ -299,7 +286,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.DEC_PROP_FILE, "myCrypto.properties");
+ * call.setProperty(ConfigurationConstants.DEC_PROP_FILE, "myCrypto.properties");
* </pre>
*/
public static final String DEC_PROP_FILE = "decryptionPropFile";
@@ -322,7 +309,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENC_PROP_FILE, "myCrypto.properties");
+ * call.setProperty(ConfigurationConstants.ENC_PROP_FILE, "myCrypto.properties");
* </pre>
*/
public static final String ENC_PROP_FILE = "encryptionPropFile";
@@ -353,7 +340,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");
+ * call.setProperty(ConfigurationConstants.MUST_UNDERSTAND, "false");
* </pre>
*/
public static final String MUST_UNDERSTAND = "mustUnderstand";
@@ -364,7 +351,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
+ * call.setProperty(ConfigurationConstants.IS_BSP_COMPLIANT, "false");
* </pre>
*/
public static final String IS_BSP_COMPLIANT = "isBSPCompliant";
@@ -417,18 +404,6 @@ public final class WSHandlerConstants {
public static final String ENABLE_REVOCATION = "enableRevocation";
/**
- * Set the value of this parameter to true to treat passwords as binary values
- * for Username Tokens. The default value is "false".
- *
- * This is needed to properly handle password equivalence for UsernameToken
- * passwords. Binary passwords are Base64 encoded so they can be treated as
- * strings in most places, but when the password digest is calculated or a key
- * is derived from the password, the password will be Base64 decoded before
- * being used. This is most useful for hashed passwords as password equivalents.
- */
- public static final String USE_ENCODED_PASSWORDS = "useEncodedPasswords";
-
- /**
* This parameter sets whether to use a single certificate or a whole certificate
* chain when constructing a BinarySecurityToken used for direct reference in
* signature. The default is "true", meaning that only a single certificate is used.
@@ -465,7 +440,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
+ * call.setProperty(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
* </pre>
*/
public static final String ENC_SYM_ENC_KEY = "encryptSymmetricEncryptionKey";
@@ -496,11 +471,6 @@ public final class WSHandlerConstants {
//
/**
- * Text of the embedded key name to be sent in the KeyInfo for encryption.
- */
- public static final String ENC_KEY_NAME = "embeddedKeyName";
-
- /**
* Specific parameter for UsernameTokens to define the encoding of the password. It can
* be used on either the outbound or inbound side. The valid values are:
*
@@ -527,7 +497,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+ * call.setProperty(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
* </pre>
*/
public static final String SIG_KEY_ID = "signatureKeyIdentifier";
@@ -543,7 +513,7 @@ public final class WSHandlerConstants {
* The application may set this parameter using the following method:
* <pre>
* call.setProperty(
- * WSHandlerConstants.SIG_ALGO,
+ * ConfigurationConstants.SIG_ALGO,
* "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
* );
* </pre>
@@ -559,7 +529,7 @@ public final class WSHandlerConstants {
* The application may set this parameter using the following method:
* <pre>
* call.setProperty(
- * WSHandlerConstants.SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256"
+ * ConfigurationConstants.SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256"
* );
* </pre>
*/
@@ -606,7 +576,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENC_KEY_ID, "X509KeyIdentifier");
+ * call.setProperty(ConfigurationConstants.ENC_KEY_ID, "X509KeyIdentifier");
* </pre>
*/
public static final String ENC_KEY_ID = "encryptionKeyIdentifier";
@@ -624,7 +594,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENC_SYM_ALGO, WSConstants.AES_256);
+ * call.setProperty(ConfigurationConstants.ENC_SYM_ALGO, WSConstants.AES_256);
* </pre>
*/
public static final String ENC_SYM_ALGO = "encryptionSymAlgorithm";
@@ -638,7 +608,7 @@ public final class WSHandlerConstants {
* <p/>
* The application may set this parameter using the following method:
* <pre>
- * call.setProperty(WSHandlerConstants.ENC_KEY_TRANSPORT, WSConstants.KEYTRANSPORT_RSA15);
+ * call.setProperty(ConfigurationConstants.ENC_KEY_TRANSPORT, WSConstants.KEYTRANSPORT_RSA15);
* </pre>
*/
public static final String ENC_KEY_TRANSPORT = "encryptionKeyTransportAlgorithm";
@@ -693,7 +663,7 @@ public final class WSHandlerConstants {
* The application may set this parameter using the following method:
* <pre>
* call.setProperty(
- * WSHandlerConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256"
+ * ConfigurationConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256"
* );
* </pre>
*/
@@ -706,7 +676,7 @@ public final class WSHandlerConstants {
* The application may set this parameter using the following method:
* <pre>
* call.setProperty(
- * WSHandlerConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha256"
+ * ConfigurationConstants.ENC_MGF_ALGO, "http://www.w3.org/2009/xmlenc11#mgf1sha256"
* );
* </pre>
*/
@@ -760,77 +730,5 @@ public final class WSHandlerConstants {
public static final String TTL_FUTURE_TIMESTAMP = "futureTimeToLive";
- //
- // Internal storage constants
- //
-
- /**
- * The WSHandler stores a result <code>List</code> in this property.
- */
- public static final String RECV_RESULTS = "RECV_RESULTS";
-
- /**
- * internally used property names to store values inside the message context
- * that must have the same lifetime as a message (request/response model).
- */
- public static final String SEND_SIGV = "_sendSignatureValues_";
-
- /**
- *
- */
- public static final String SIG_CONF_DONE = "_sigConfDone_";
-
-
- /**
- * Define the parameter values to set the key identifier types. These are:
- * <ul>
- * <li><code>DirectReference</code> for {@link WSConstants#BST_DIRECT_REFERENCE}
- * </li>
- * <li><code>IssuerSerial</code> for {@link WSConstants#ISSUER_SERIAL}
- * </li>
- * <li><code>X509KeyIdentifier</code> for {@link WSConstants#X509_KEY_IDENTIFIER}
- * </li>
- * <li><code>SKIKeyIdentifier</code> for {@link WSConstants#SKI_KEY_IDENTIFIER}
- * </li>
- * <li><code>EmbeddedKeyName</code> for {@link WSConstants#EMBEDDED_KEYNAME}
- * </li>
- * <li><code>Thumbprint</code> for {@link WSConstants#THUMBPRINT}
- * </li>
- * <li><code>EncryptedKeySHA1</code> for {@link WSConstants#ENCRYPTED_KEY_SHA1_IDENTIFIER}
- * </li>
- * </ul>
- * See {@link #SIG_KEY_ID} {@link #ENC_KEY_ID}.
- */
- private static Map<String, Integer> keyIdentifier = new HashMap<String, Integer>();
-
- static {
- keyIdentifier.put("DirectReference", WSConstants.BST_DIRECT_REFERENCE);
- keyIdentifier.put("IssuerSerial", WSConstants.ISSUER_SERIAL);
- keyIdentifier.put("X509KeyIdentifier", WSConstants.X509_KEY_IDENTIFIER);
- keyIdentifier.put("SKIKeyIdentifier", WSConstants.SKI_KEY_IDENTIFIER);
- keyIdentifier.put("EmbeddedKeyName", WSConstants.EMBEDDED_KEYNAME);
- keyIdentifier.put("Thumbprint", WSConstants.THUMBPRINT_IDENTIFIER);
- keyIdentifier.put("EncryptedKeySHA1", WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- keyIdentifier.put("KeyValue", WSConstants.KEY_VALUE);
- }
-
- /**
- * Get the key identifier type corresponding to the parameter. This is intended for internal
- * use only. Valid values for "parameter" are:
- * - "IssuerSerial"
- * - "DirectReference"
- * - "X509KeyIdentifier"
- * - "Thumbprint"
- * - "SKIKeyIdentifier"
- * - "KeyValue"
- * - "EmbeddedKeyName"
- * - "EncryptedKeySHA1"
- *
- * @param parameter
- * @return the key identifier type corresponding to the parameter
- */
- public static Integer getKeyIdentifier(String parameter) {
- return keyIdentifier.get(parameter);
- }
}
Copied: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/StringUtil.java (from r1471340, webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/StringUtil.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/StringUtil.java?p2=webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/StringUtil.java&p1=webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/StringUtil.java&r1=1471340&r2=1475728&rev=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/StringUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/StringUtil.java Thu Apr 25 12:44:18 2013
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.wss4j.dom.util;
+package org.apache.wss4j.common.util;
import java.util.ArrayList;
import java.util.List;
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1475728&r1=1475727&r2=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Thu Apr 25 12:44:18 2013
@@ -46,9 +46,9 @@ import org.apache.wss4j.common.crypto.Cr
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.StringUtil;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.token.SignatureConfirmation;
-import org.apache.wss4j.dom.util.StringUtil;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1475728&r1=1475727&r2=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Thu Apr 25 12:44:18 2013
@@ -19,6 +19,7 @@
package org.apache.wss4j.dom.handler;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.dom.WSConstants;
import java.util.HashMap;
@@ -47,7 +48,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
* </pre>
*/
- public static final String ACTION = "action";
+ public static final String ACTION = ConfigurationConstants.ACTION;
/**
* Perform no action.
@@ -57,44 +58,46 @@ public final class WSHandlerConstants {
/**
* Perform a UsernameToken action.
*/
- public static final String USERNAME_TOKEN = "UsernameToken";
+ public static final String USERNAME_TOKEN = ConfigurationConstants.USERNAME_TOKEN;
/**
* Perform a UsernameTokenSignature action.
*/
- public static final String USERNAME_TOKEN_SIGNATURE = "UsernameTokenSignature";
+ public static final String USERNAME_TOKEN_SIGNATURE =
+ ConfigurationConstants.USERNAME_TOKEN_SIGNATURE;
/**
* Perform a UsernameToken action with no password.
*/
- public static final String USERNAME_TOKEN_NO_PASSWORD = "UsernameTokenNoPassword";
+ public static final String USERNAME_TOKEN_NO_PASSWORD =
+ ConfigurationConstants.USERNAME_TOKEN_NO_PASSWORD;
/**
* Perform an unsigned SAML Token action.
*/
- public static final String SAML_TOKEN_UNSIGNED = "SAMLTokenUnsigned";
+ public static final String SAML_TOKEN_UNSIGNED = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
/**
* Perform a signed SAML Token action.
*/
- public static final String SAML_TOKEN_SIGNED = "SAMLTokenSigned";
+ public static final String SAML_TOKEN_SIGNED = ConfigurationConstants.SAML_TOKEN_SIGNED;
/**
* Perform a Signature action. The signature specific parameters define how
* to sign, which keys to use, and so on.
*/
- public static final String SIGNATURE = "Signature";
+ public static final String SIGNATURE = ConfigurationConstants.SIGNATURE;
/**
* Perform an Encryption action. The encryption specific parameters define how
* to encrypt, which keys to use, and so on.
*/
- public static final String ENCRYPT = "Encrypt";
+ public static final String ENCRYPT = ConfigurationConstants.ENCRYPT;
/**
* Add a timestamp to the security header.
*/
- public static final String TIMESTAMP = "Timestamp";
+ public static final String TIMESTAMP = ConfigurationConstants.TIMESTAMP;
//
// User properties
@@ -112,7 +115,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ACTOR, "ActorName");
* </pre>
*/
- public static final String ACTOR = "actor";
+ public static final String ACTOR = ConfigurationConstants.ACTOR;
/**
* The user's name. It is used differently by each of the WS-Security functions.
@@ -130,7 +133,7 @@ public final class WSHandlerConstants {
* </li>
* </ul>
*/
- public static final String USER = "user";
+ public static final String USER = ConfigurationConstants.USER;
/**
* The user's name for encryption. The encryption functions use the public key of
@@ -148,7 +151,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENCRYPTION_USER, "encryptionUser");
* </pre>
*/
- public static final String ENCRYPTION_USER = "encryptionUser";
+ public static final String ENCRYPTION_USER = ConfigurationConstants.ENCRYPTION_USER;
/**
* The user's name for signature. This name is used as the alias name in the keystore
@@ -162,7 +165,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.SIGNATURE_USER, "signatureUser");
* </pre>
*/
- public static final String SIGNATURE_USER = "signatureUser";
+ public static final String SIGNATURE_USER = ConfigurationConstants.SIGNATURE_USER;
/**
* Specifying this name as {@link #ENCRYPTION_USER}
@@ -172,7 +175,7 @@ public final class WSHandlerConstants {
* way to define an encryption key simplifies certificate management to
* a large extend.
*/
- public static final String USE_REQ_SIG_CERT = "useReqSigCert";
+ public static final String USE_REQ_SIG_CERT = ConfigurationConstants.USE_REQ_SIG_CERT;
//
@@ -196,7 +199,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "PWCallbackClass");
* </pre>
*/
- public static final String PW_CALLBACK_CLASS = "passwordCallbackClass";
+ public static final String PW_CALLBACK_CLASS = ConfigurationConstants.PW_CALLBACK_CLASS;
/**
* This tag refers to the CallbackHandler implementation object used to obtain
@@ -206,35 +209,35 @@ public final class WSHandlerConstants {
* Refer to {@link #PW_CALLBACK_CLASS} for further information about password callback
* handling.
*/
- public static final String PW_CALLBACK_REF = "passwordCallbackRef";
+ public static final String PW_CALLBACK_REF = ConfigurationConstants.PW_CALLBACK_REF;
/**
* This tag refers to the SAML CallbackHandler implementation class used to construct
* SAML Assertions. The value of this tag must be the class name of a
* {@link javax.security.auth.callback.CallbackHandler} instance.
*/
- public static final String SAML_CALLBACK_CLASS = "samlCallbackClass";
+ public static final String SAML_CALLBACK_CLASS = ConfigurationConstants.SAML_CALLBACK_CLASS;
/**
* This tag refers to the SAML CallbackHandler implementation object used to construct
* SAML Assertions. The value of this tag must be a
* {@link javax.security.auth.callback.CallbackHandler} instance.
*/
- public static final String SAML_CALLBACK_REF = "samlCallbackRef";
+ public static final String SAML_CALLBACK_REF = ConfigurationConstants.SAML_CALLBACK_REF;
/**
* This tag refers to the CallbackHandler implementation class used to get the key
* associated with a key name. The value of this tag must be the class name of a
* {@link javax.security.auth.callback.CallbackHandler} instance.
*/
- public static final String ENC_CALLBACK_CLASS = "embeddedKeyCallbackClass";
+ public static final String ENC_CALLBACK_CLASS = ConfigurationConstants.ENC_CALLBACK_CLASS;
/**
* This tag refers to the CallbackHandler implementation object used to get the key
* associated with a key name. The value of this tag must be a
* {@link javax.security.auth.callback.CallbackHandler} instance.
*/
- public static final String ENC_CALLBACK_REF = "embeddedKeyCallbackRef";
+ public static final String ENC_CALLBACK_REF = ConfigurationConstants.ENC_CALLBACK_REF;
/**
* The path of the crypto property file to use for Signature creation. The classloader
@@ -260,7 +263,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.SIG_PROP_FILE, "myCrypto.properties");
* </pre>
*/
- public static final String SIG_PROP_FILE = "signaturePropFile";
+ public static final String SIG_PROP_FILE = ConfigurationConstants.SIG_PROP_FILE;
/**
* The key that holds a reference to the object holding complete information about
@@ -271,7 +274,7 @@ public final class WSHandlerConstants {
*
* Refer to documentation of {@link #SIG_PROP_FILE}.
*/
- public static final String SIG_PROP_REF_ID = "signaturePropRefId";
+ public static final String SIG_PROP_REF_ID = ConfigurationConstants.SIG_PROP_REF_ID;
/**
* The path of the crypto property file to use for Signature verification. The
@@ -279,7 +282,7 @@ public final class WSHandlerConstants {
* <p/>
* Refer to documentation of {@link #SIG_PROP_FILE}.
*/
- public static final String SIG_VER_PROP_FILE = "signatureVerificationPropFile";
+ public static final String SIG_VER_PROP_FILE = ConfigurationConstants.SIG_VER_PROP_FILE;
/**
* The key that holds a reference to the object holding complete information about
@@ -290,7 +293,7 @@ public final class WSHandlerConstants {
*
* Refer to documentation of {@link #SIG_VER_PROP_FILE}.
*/
- public static final String SIG_VER_PROP_REF_ID = "signatureVerificationPropRefId";
+ public static final String SIG_VER_PROP_REF_ID = ConfigurationConstants.SIG_VER_PROP_REF_ID;
/**
* The path of the crypto property file to use for Decryption. The classloader loads this
@@ -302,7 +305,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.DEC_PROP_FILE, "myCrypto.properties");
* </pre>
*/
- public static final String DEC_PROP_FILE = "decryptionPropFile";
+ public static final String DEC_PROP_FILE = ConfigurationConstants.DEC_PROP_FILE;
/**
* The key that holds a reference to the object holding complete information about
@@ -313,7 +316,7 @@ public final class WSHandlerConstants {
*
* Refer to documentation of {@link #DEC_PROP_FILE}.
*/
- public static final String DEC_PROP_REF_ID = "decryptionPropRefId";
+ public static final String DEC_PROP_REF_ID = ConfigurationConstants.DEC_PROP_REF_ID;
/**
* The path of the crypto property file to use for Encryption. The classloader loads this
@@ -325,7 +328,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENC_PROP_FILE, "myCrypto.properties");
* </pre>
*/
- public static final String ENC_PROP_FILE = "encryptionPropFile";
+ public static final String ENC_PROP_FILE = ConfigurationConstants.ENC_PROP_FILE;
/**
* The key that holds a reference to the object holding complete information about
@@ -336,7 +339,7 @@ public final class WSHandlerConstants {
*
* Refer to documentation of {@link #ENC_PROP_FILE}.
*/
- public static final String ENC_PROP_REF_ID = "encryptionPropRefId";
+ public static final String ENC_PROP_REF_ID = ConfigurationConstants.ENC_PROP_REF_ID;
//
// Boolean configuration tags, e.g. the value should be "true" or "false".
@@ -345,7 +348,8 @@ public final class WSHandlerConstants {
/**
* Whether to enable signatureConfirmation or not. The default value is "false".
*/
- public static final String ENABLE_SIGNATURE_CONFIRMATION = "enableSignatureConfirmation";
+ public static final String ENABLE_SIGNATURE_CONFIRMATION =
+ ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION;
/**
* Whether to set the mustUnderstand flag on an outbound message or not. The default
@@ -356,7 +360,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");
* </pre>
*/
- public static final String MUST_UNDERSTAND = "mustUnderstand";
+ public static final String MUST_UNDERSTAND = ConfigurationConstants.MUST_UNDERSTAND;
/**
* Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The
@@ -367,54 +371,59 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
* </pre>
*/
- public static final String IS_BSP_COMPLIANT = "isBSPCompliant";
+ public static final String IS_BSP_COMPLIANT = ConfigurationConstants.IS_BSP_COMPLIANT;
/**
* Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
* child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
* The default is true.
*/
- public static final String ADD_INCLUSIVE_PREFIXES = "addInclusivePrefixes";
+ public static final String ADD_INCLUSIVE_PREFIXES =
+ ConfigurationConstants.ADD_INCLUSIVE_PREFIXES;
/**
* Whether to add a Nonce Element to a UsernameToken. This only applies when the
* password type is of type "text". A Nonce is automatically added for the "digest"
* case. The default is false.
*/
- public static final String ADD_USERNAMETOKEN_NONCE = "addUsernameTokenNonce";
+ public static final String ADD_USERNAMETOKEN_NONCE =
+ ConfigurationConstants.ADD_USERNAMETOKEN_NONCE;
/**
* Whether to add a Created Element to a UsernameToken. This only applies when the
* password type is of type "text". A Created is automatically added for the "digest"
* case. The default is false.
*/
- public static final String ADD_USERNAMETOKEN_CREATED = "addUsernameTokenCreated";
+ public static final String ADD_USERNAMETOKEN_CREATED =
+ ConfigurationConstants.ADD_USERNAMETOKEN_CREATED;
/**
* This variable controls whether types other than PasswordDigest or PasswordText
* are allowed when processing UsernameTokens. The default value is "false".
*/
- public static final String HANDLE_CUSTOM_PASSWORD_TYPES = "handleCustomPasswordTypes";
+ public static final String HANDLE_CUSTOM_PASSWORD_TYPES =
+ ConfigurationConstants.HANDLE_CUSTOM_PASSWORD_TYPES;
/**
* This variable controls whether a UsernameToken with no password element is allowed.
* The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens
* or to support UsernameTokens for purposes other than authentication.
*/
- public static final String ALLOW_USERNAMETOKEN_NOPASSWORD = "allowUsernameTokenNoPassword";
+ public static final String ALLOW_USERNAMETOKEN_NOPASSWORD =
+ ConfigurationConstants.ALLOW_USERNAMETOKEN_NOPASSWORD;
/**
* This variable controls whether (wsse) namespace qualified password types are
* accepted when processing UsernameTokens. The default value is "false".
*/
public static final String ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
- = "allowNamespaceQualifiedPasswordTypes";
+ = ConfigurationConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES;
/**
* This variable controls whether to enable Certificate Revocation List (CRL) checking
* or not when verifying trust in a certificate. The default value is "false".
*/
- public static final String ENABLE_REVOCATION = "enableRevocation";
+ public static final String ENABLE_REVOCATION = ConfigurationConstants.ENABLE_REVOCATION;
/**
* Set the value of this parameter to true to treat passwords as binary values
@@ -433,19 +442,19 @@ public final class WSHandlerConstants {
* chain when constructing a BinarySecurityToken used for direct reference in
* signature. The default is "true", meaning that only a single certificate is used.
*/
- public static final String USE_SINGLE_CERTIFICATE = "useSingleCertificate";
+ public static final String USE_SINGLE_CERTIFICATE = ConfigurationConstants.USE_SINGLE_CERTIFICATE;
/**
* This parameter sets whether to use the Username Token derived key for a MAC
* or not. The default is "true".
*/
- public static final String USE_DERIVED_KEY_FOR_MAC = "useDerivedKeyForMAC";
+ public static final String USE_DERIVED_KEY_FOR_MAC = ConfigurationConstants.USE_DERIVED_KEY_FOR_MAC;
/**
* Set whether Timestamps have precision in milliseconds. This applies to the
* creation of Timestamps only. The default value is "true".
*/
- public static final String TIMESTAMP_PRECISION = "precisionInMilliseconds";
+ public static final String TIMESTAMP_PRECISION = ConfigurationConstants.TIMESTAMP_PRECISION;
/**
* Set the value of this parameter to true to enable strict timestamp
@@ -455,7 +464,7 @@ public final class WSHandlerConstants {
* an <code>Expires</code> element and the semantics of the request are
* expired, i.e. the current time at the receiver is past the expires time.
*/
- public static final String TIMESTAMP_STRICT = "timestampStrict";
+ public static final String TIMESTAMP_STRICT = ConfigurationConstants.TIMESTAMP_STRICT;
/**
* Defines whether to encrypt the symmetric encryption key or not. If true
@@ -468,7 +477,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
* </pre>
*/
- public static final String ENC_SYM_ENC_KEY = "encryptSymmetricEncryptionKey";
+ public static final String ENC_SYM_ENC_KEY = ConfigurationConstants.ENC_SYM_ENC_KEY;
/**
* Whether the engine needs to enforce EncryptedData elements are
@@ -476,20 +485,22 @@ public final class WSHandlerConstants {
* some wrapping based attacks when encrypt-before-sign token
* protection is selected.
*/
- public static final String REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS = "requireSignedEncryptedDataElements";
+ public static final String REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS =
+ ConfigurationConstants.REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS;
/**
* Whether to allow the RSA v1.5 Key Transport Algorithm or not. Use of this algorithm
* is discouraged, and so the default is "false".
*/
- public static final String ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM = "allowRSA15KeyTransportAlgorithm";
+ public static final String ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM =
+ ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM;
/**
* Whether to validate the SubjectConfirmation requirements of a received SAML Token
* (sender-vouches or holder-of-key). The default is true.
*/
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION =
- "validateSamlSubjectConfirmation";
+ ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION;
//
// (Non-boolean) Configuration parameters for the actions/processors
@@ -513,7 +524,7 @@ public final class WSHandlerConstants {
* the received UsernameToken must match the specified type, or an exception will be
* thrown.
*/
- public static final String PASSWORD_TYPE = "passwordType";
+ public static final String PASSWORD_TYPE = ConfigurationConstants.PASSWORD_TYPE;
/**
* Defines which key identifier type to use for signature. The WS-Security specifications
@@ -530,7 +541,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
* </pre>
*/
- public static final String SIG_KEY_ID = "signatureKeyIdentifier";
+ public static final String SIG_KEY_ID = ConfigurationConstants.SIG_KEY_ID;
/**
* Defines which signature algorithm to use. The default is set by the data in the
@@ -548,7 +559,7 @@ public final class WSHandlerConstants {
* );
* </pre>
*/
- public static final String SIG_ALGO = "signatureAlgorithm";
+ public static final String SIG_ALGO = ConfigurationConstants.SIG_ALGO;
/**
* Defines which signature digest algorithm to use. The default is:
@@ -563,7 +574,7 @@ public final class WSHandlerConstants {
* );
* </pre>
*/
- public static final String SIG_DIGEST_ALGO = "signatureDigestAlgorithm";
+ public static final String SIG_DIGEST_ALGO = ConfigurationConstants.SIG_DIGEST_ALGO;
/**
* Parameter to define which parts of the request shall be signed.
@@ -585,13 +596,13 @@ public final class WSHandlerConstants {
* <code>Body</code> then the SOAP namespace identifier can be empty
* (<code>{}</code>).
*/
- public static final String SIGNATURE_PARTS = "signatureParts";
+ public static final String SIGNATURE_PARTS = ConfigurationConstants.SIGNATURE_PARTS;
/**
* This parameter sets the number of iterations to use when deriving a key
* from a Username Token. The default is 1000.
*/
- public static final String DERIVED_KEY_ITERATIONS = "derivedKeyIterations";
+ public static final String DERIVED_KEY_ITERATIONS = ConfigurationConstants.DERIVED_KEY_ITERATIONS;
/**
* Defines which key identifier type to use for encryption. The WS-Security specifications
@@ -609,7 +620,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENC_KEY_ID, "X509KeyIdentifier");
* </pre>
*/
- public static final String ENC_KEY_ID = "encryptionKeyIdentifier";
+ public static final String ENC_KEY_ID = ConfigurationConstants.ENC_KEY_ID;
/**
* Defines which symmetric encryption algorithm to use. WSS4J supports the
@@ -627,7 +638,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENC_SYM_ALGO, WSConstants.AES_256);
* </pre>
*/
- public static final String ENC_SYM_ALGO = "encryptionSymAlgorithm";
+ public static final String ENC_SYM_ALGO = ConfigurationConstants.ENC_SYM_ALGO;
/**
* Defines which algorithm to use to encrypt the generated symmetric key.
@@ -641,7 +652,7 @@ public final class WSHandlerConstants {
* call.setProperty(WSHandlerConstants.ENC_KEY_TRANSPORT, WSConstants.KEYTRANSPORT_RSA15);
* </pre>
*/
- public static final String ENC_KEY_TRANSPORT = "encryptionKeyTransportAlgorithm";
+ public static final String ENC_KEY_TRANSPORT = ConfigurationConstants.ENC_KEY_TRANSPORT;
/**
* Parameter to define which parts of the request shall be encrypted.
@@ -684,7 +695,7 @@ public final class WSHandlerConstants {
* If no list is specified, the handler encrypts the SOAP Body in
* <code>Content</code> mode by default.
*/
- public static final String ENCRYPTION_PARTS = "encryptionParts";
+ public static final String ENCRYPTION_PARTS = ConfigurationConstants.ENCRYPTION_PARTS;
/**
* Defines which encryption digest algorithm to use with the RSA OAEP Key Transport
@@ -697,7 +708,7 @@ public final class WSHandlerConstants {
* );
* </pre>
*/
- public static final String ENC_DIGEST_ALGO = "encryptionDigestAlgorithm";
+ public static final String ENC_DIGEST_ALGO = ConfigurationConstants.ENC_DIGEST_ALGO;
/**
* Defines which encryption mgf algorithm to use with the RSA OAEP Key Transport
@@ -710,7 +721,7 @@ public final class WSHandlerConstants {
* );
* </pre>
*/
- public static final String ENC_MGF_ALGO = "encryptionMGFAlgorithm";
+ public static final String ENC_MGF_ALGO = ConfigurationConstants.ENC_MGF_ALGO;
/**
* Time-To-Live is the time difference between creation and expiry time in
@@ -721,7 +732,7 @@ public final class WSHandlerConstants {
* zero, or an illegal format the handlers use a default TTL of
* 300 seconds (5 minutes).
*/
- public static final String TTL_USERNAMETOKEN = "utTimeToLive";
+ public static final String TTL_USERNAMETOKEN = ConfigurationConstants.TTL_USERNAMETOKEN;
/**
* This configuration tag specifies the time in seconds in the future within which
@@ -729,7 +740,7 @@ public final class WSHandlerConstants {
* to avoid problems where clocks are slightly askew. To reject all future-created
* UsernameTokens, set this value to "0".
*/
- public static final String TTL_FUTURE_USERNAMETOKEN = "utFutureTimeToLive";
+ public static final String TTL_FUTURE_USERNAMETOKEN = ConfigurationConstants.TTL_FUTURE_USERNAMETOKEN;
/**
* This configuration tag is a comma separated String of regular expressions which
@@ -738,7 +749,7 @@ public final class WSHandlerConstants {
* certificate. These constraints are not used when the certificate is contained in
* the keystore (direct trust).
*/
- public static final String SIG_SUBJECT_CERT_CONSTRAINTS = "sigSubjectCertConstraints";
+ public static final String SIG_SUBJECT_CERT_CONSTRAINTS = ConfigurationConstants.SIG_SUBJECT_CERT_CONSTRAINTS;
/**
* Time-To-Live is the time difference between creation and expiry time in
@@ -749,7 +760,7 @@ public final class WSHandlerConstants {
* zero, or an illegal format the handlers use a default TTL of
* 300 seconds (5 minutes).
*/
- public static final String TTL_TIMESTAMP = "timeToLive";
+ public static final String TTL_TIMESTAMP = ConfigurationConstants.TTL_TIMESTAMP;
/**
* This configuration tag specifies the time in seconds in the future within which
@@ -757,7 +768,7 @@ public final class WSHandlerConstants {
* to avoid problems where clocks are slightly askew. To reject all future-created
* Timestamps, set this value to "0".
*/
- public static final String TTL_FUTURE_TIMESTAMP = "futureTimeToLive";
+ public static final String TTL_FUTURE_TIMESTAMP = ConfigurationConstants.TTL_FUTURE_TIMESTAMP;
//
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1475728&r1=1475727&r2=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Thu Apr 25 12:44:18 2013
@@ -28,6 +28,7 @@ import org.apache.wss4j.dom.WSEncryption
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.StringUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
Added: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1475728&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Thu Apr 25 12:44:18 2013
@@ -0,0 +1,394 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.util.StringUtil;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.Action;
+
+/**
+ * This utility class converts between a Map<String, Object> and a WSSSecurityProperties class
+ */
+public final class ConfigurationConverter {
+
+ private ConfigurationConverter() {
+ // complete
+ }
+
+ public static WSSSecurityProperties convert(Map<String, Object> config) {
+ WSSSecurityProperties properties = new WSSSecurityProperties();
+
+ if (config == null) {
+ return properties;
+ }
+
+ parseActions(config, properties);
+ parseUserProperties(config, properties);
+ // parseCallbackCrypto(config, properties);
+ parseBooleanProperties(config, properties);
+ parseNonBooleanProperties(config, properties);
+
+ return properties;
+ }
+
+ private static void parseActions(
+ Map<String, Object> config,
+ WSSSecurityProperties properties
+ ) {
+ String action = getString(ConfigurationConstants.ACTION, config);
+
+ if (action == null) {
+ return;
+ }
+
+ String single[] = StringUtil.split(action, ' ');
+ List<Action> actions = new ArrayList<Action>();
+ for (int i = 0; i < single.length; i++) {
+ if (single[i].equals(ConfigurationConstants.USERNAME_TOKEN)) {
+ actions.add(WSSConstants.USERNAMETOKEN);
+ } /* else if (single[i].equals(ConfigurationConstants.USERNAME_TOKEN_NO_PASSWORD)) {
+ actions.add(WSConstants.UT_NOPASSWORD);
+ } */else if (single[i].equals(ConfigurationConstants.SIGNATURE)) {
+ actions.add(WSSConstants.SIGNATURE);
+ } else if (single[i].equals(ConfigurationConstants.ENCRYPT)) {
+ actions.add(WSSConstants.ENCRYPT);
+ } else if (single[i].equals(ConfigurationConstants.SAML_TOKEN_UNSIGNED)) {
+ actions.add(WSSConstants.SAML_TOKEN_UNSIGNED);
+ } else if (single[i].equals(ConfigurationConstants.SAML_TOKEN_SIGNED)) {
+ actions.add(WSSConstants.SAML_TOKEN_SIGNED);
+ } else if (single[i].equals(ConfigurationConstants.TIMESTAMP)) {
+ actions.add(WSSConstants.TIMESTAMP);
+ } else if (single[i].equals(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE)) {
+ actions.add(WSSConstants.USERNAMETOKEN_SIGNED);
+ }
+ }
+
+ Action[] actionArray = new Action[actions.size()];
+ properties.setOutAction(actions.toArray(actionArray));
+ }
+
+ private static void parseUserProperties(
+ Map<String, Object> config,
+ WSSSecurityProperties properties
+ ) {
+ String user = getString(ConfigurationConstants.USER, config);
+ properties.setTokenUser(user);
+
+ String actor = getString(ConfigurationConstants.ACTOR, config);
+ properties.setActor(actor);
+
+ String encUser = getString(ConfigurationConstants.ENCRYPTION_USER, config);
+ properties.setEncryptionUser(encUser);
+ if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encUser)) {
+ properties.setUseReqSigCertForEncryption(true);
+ }
+
+ String sigUser = getString(ConfigurationConstants.SIGNATURE_USER, config);
+ properties.setSignatureUser(sigUser);
+ }
+
+ // TODO
+ /*
+ private static void parseCallbackCrypto(
+ Map<String, Object> config,
+ WSSSecurityProperties properties
+ ) {
+ String sigPropRef = getString(ConfigurationConstants.SIG_PROP_REF_ID, config);
+ if (sigPropRef != null) {
+
+ }
+
+ String sigPropFile = getString(ConfigurationConstants.SIG_PROP_FILE, config);
+ if (sigPropFile != null) {
+
+ }
+ }
+ */
+
+ private static void parseBooleanProperties(
+ Map<String, Object> config,
+ WSSSecurityProperties properties
+ ) {
+ boolean sigConf =
+ decodeBooleanConfigValue(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, false, config);
+ properties.setEnableSignatureConfirmation(sigConf);
+ // TODO verification as well?
+
+ boolean bspCompliant =
+ decodeBooleanConfigValue(ConfigurationConstants.IS_BSP_COMPLIANT, true, config);
+ properties.setDisableBSPEnforcement(!bspCompliant);
+
+ boolean inclPrefixes =
+ decodeBooleanConfigValue(ConfigurationConstants.ADD_INCLUSIVE_PREFIXES, true, config);
+ properties.setAddExcC14NInclusivePrefixes(inclPrefixes);
+
+ boolean nonce =
+ decodeBooleanConfigValue(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, false, config);
+ properties.setAddUsernameTokenNonce(nonce);
+
+ boolean created =
+ decodeBooleanConfigValue(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, false, config);
+ properties.setAddUsernameTokenCreated(created);
+
+ boolean customPasswordTypes =
+ decodeBooleanConfigValue(ConfigurationConstants.HANDLE_CUSTOM_PASSWORD_TYPES, false, config);
+ properties.setHandleCustomPasswordTypes(customPasswordTypes);
+
+ boolean allowNoPassword =
+ decodeBooleanConfigValue(ConfigurationConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, false, config);
+ properties.setAllowUsernameTokenNoPassword(allowNoPassword);
+
+ boolean enableRevocation =
+ decodeBooleanConfigValue(ConfigurationConstants.ENABLE_REVOCATION, false, config);
+ properties.setEnableRevocation(enableRevocation);
+
+ boolean singleCert =
+ decodeBooleanConfigValue(ConfigurationConstants.USE_SINGLE_CERTIFICATE, true, config);
+ properties.setUseSingleCert(singleCert);
+
+ boolean derivedKeyMAC =
+ decodeBooleanConfigValue(ConfigurationConstants.USE_DERIVED_KEY_FOR_MAC, true, config);
+ properties.setUseDerivedKeyForMAC(derivedKeyMAC);
+
+ boolean timestampStrict =
+ decodeBooleanConfigValue(ConfigurationConstants.TIMESTAMP_STRICT, true, config);
+ properties.setStrictTimestampCheck(timestampStrict);
+
+ boolean allowRSA15 =
+ decodeBooleanConfigValue(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, false, config);
+ properties.setAllowRSA15KeyTransportAlgorithm(allowRSA15);
+
+ boolean validateSamlSubjectConf =
+ decodeBooleanConfigValue(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true, config);
+ properties.setValidateSamlSubjectConfirmation(validateSamlSubjectConf);
+ }
+
+ private static void parseNonBooleanProperties(
+ Map<String, Object> config,
+ WSSSecurityProperties properties
+ ) {
+ String pwType = getString(ConfigurationConstants.PASSWORD_TYPE, config);
+ if ("PasswordDigest".equals(pwType)) {
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
+ } else if ("PasswordText".equals(pwType)) {
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
+ } else if ("PasswordNone".equals(pwType)) {
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
+ }
+
+ String signatureKeyIdentifier = getString(ConfigurationConstants.SIG_KEY_ID, config);
+ WSSecurityTokenConstants.KeyIdentifier convSigKeyIdentifier =
+ convertKeyIdentifier(signatureKeyIdentifier);
+ if (convSigKeyIdentifier != null) {
+ properties.setSignatureKeyIdentifier(convSigKeyIdentifier);
+ }
+
+ String sigAlgo = getString(ConfigurationConstants.SIG_ALGO, config);
+ properties.setSignatureAlgorithm(sigAlgo);
+
+ String sigDigestAlgo = getString(ConfigurationConstants.SIG_DIGEST_ALGO, config);
+ properties.setSignatureDigestAlgorithm(sigDigestAlgo);
+
+ String sigParts = getString(ConfigurationConstants.SIGNATURE_PARTS, config);
+ if (sigParts != null) {
+ List<SecurePart> parts = new ArrayList<SecurePart>();
+ // TODO Soap NS
+ splitEncParts(sigParts, parts, "http://schemas.xmlsoap.org/soap/envelope/");
+ for (SecurePart part : parts) {
+ properties.addSignaturePart(part);
+ }
+ }
+
+ String iterations = getString(ConfigurationConstants.DERIVED_KEY_ITERATIONS, config);
+ if (iterations != null) {
+ int iIterations = Integer.parseInt(iterations);
+ properties.setDerivedKeyIterations(iIterations);
+ }
+
+ String encKeyIdentifier = getString(ConfigurationConstants.ENC_KEY_ID, config);
+ WSSecurityTokenConstants.KeyIdentifier convEncKeyIdentifier =
+ convertKeyIdentifier(encKeyIdentifier);
+ if (convEncKeyIdentifier != null) {
+ properties.setEncryptionKeyIdentifier(convEncKeyIdentifier);
+ }
+
+ String encParts = getString(ConfigurationConstants.ENCRYPTION_PARTS, config);
+ if (encParts != null) {
+ List<SecurePart> parts = new ArrayList<SecurePart>();
+ // TODO Soap NS
+ splitEncParts(encParts, parts, "http://schemas.xmlsoap.org/soap/envelope/");
+ for (SecurePart part : parts) {
+ properties.addEncryptionPart(part);
+ }
+ }
+
+ String encSymcAlgo = getString(ConfigurationConstants.ENC_SYM_ALGO, config);
+ properties.setEncryptionSymAlgorithm(encSymcAlgo);
+
+ String encKeyTransport = getString(ConfigurationConstants.ENC_KEY_TRANSPORT, config);
+ properties.setEncryptionKeyTransportAlgorithm(encKeyTransport);
+
+ String encDigestAlgo = getString(ConfigurationConstants.ENC_DIGEST_ALGO, config);
+ properties.setEncryptionKeyTransportDigestAlgorithm(encDigestAlgo);
+
+ String encMGFAlgo = getString(ConfigurationConstants.ENC_MGF_ALGO, config);
+ properties.setEncryptionKeyTransportMGFAlgorithm(encMGFAlgo);
+
+ // TODO SIG_SUBJECT_CERT_CONSTRAINTS
+
+ properties.setUtTTL(decodeTimeToLive(config, false));
+ properties.setUtFutureTTL(decodeFutureTimeToLive(config, false));
+ properties.setTimestampTTL(decodeTimeToLive(config, true));
+ properties.setTimeStampFutureTTL(decodeFutureTimeToLive(config, true));
+ }
+
+ private static WSSecurityTokenConstants.KeyIdentifier convertKeyIdentifier(String keyIdentifier) {
+ if ("IssuerSerial".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_IssuerSerial;
+ } else if ("DirectReference".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference;
+ } else if ("X509KeyIdentifier".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier;
+ } else if ("Thumbprint".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier;
+ } else if ("SKIKeyIdentifier".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier;
+ } else if ("EncryptedKeySHA1".equals(keyIdentifier)) {
+ return WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier;
+ }
+ return null;
+ }
+
+ private static int decodeTimeToLive(Map<String, Object> config, boolean timestamp) {
+ String tag = ConfigurationConstants.TTL_TIMESTAMP;
+ if (!timestamp) {
+ tag = ConfigurationConstants.TTL_USERNAMETOKEN;
+ }
+ String ttl = getString(tag, config);
+ int defaultTimeToLive = 300;
+ if (ttl != null) {
+ try {
+ int ttlI = Integer.parseInt(ttl);
+ if (ttlI < 0) {
+ return defaultTimeToLive;
+ }
+ return ttlI;
+ } catch (NumberFormatException e) {
+ return defaultTimeToLive;
+ }
+ }
+ return defaultTimeToLive;
+ }
+
+ private static int decodeFutureTimeToLive(Map<String, Object> config, boolean timestamp) {
+ String tag = ConfigurationConstants.TTL_FUTURE_TIMESTAMP;
+ if (!timestamp) {
+ tag = ConfigurationConstants.TTL_FUTURE_USERNAMETOKEN;
+ }
+ String ttl = getString(tag, config);
+ int defaultFutureTimeToLive = 60;
+ if (ttl != null) {
+ try {
+ int ttlI = Integer.parseInt(ttl);
+ if (ttlI < 0) {
+ return defaultFutureTimeToLive;
+ }
+ return ttlI;
+ } catch (NumberFormatException e) {
+ return defaultFutureTimeToLive;
+ }
+ }
+ return defaultFutureTimeToLive;
+ }
+
+ private static String getString(String tag, Map<String, Object> config) {
+ Object value = config.get(tag);
+ if (value instanceof String) {
+ return (String)value;
+ }
+ return null;
+ }
+
+ private static boolean decodeBooleanConfigValue(
+ String tag, boolean defaultToTrue, Map<String, Object> config
+ ) {
+ String value = getString(tag, config);
+
+ if ("0".equals(value) || "false".equals(value)) {
+ return false;
+ }
+ if ("1".equals(value) || "true".equals(value)) {
+ return true;
+ }
+
+ return defaultToTrue;
+ }
+
+ private static void splitEncParts(String tmpS, List<SecurePart> parts, String soapNS) {
+ SecurePart encPart = null;
+ String[] rawParts = StringUtil.split(tmpS, ';');
+
+ for (int i = 0; i < rawParts.length; i++) {
+ String[] partDef = StringUtil.split(rawParts[i], '}');
+
+ if (partDef.length == 1) {
+ QName qname = new QName(soapNS, partDef[0].trim());
+ encPart = new SecurePart(qname, SecurePart.Modifier.Content);
+ } else if (partDef.length == 3) {
+ String mode = partDef[0].trim();
+ if (mode.length() <= 1) {
+ mode = "Content";
+ } else {
+ mode = mode.substring(1);
+ }
+ String nmSpace = partDef[1].trim();
+ if (nmSpace.length() <= 1) {
+ nmSpace = soapNS;
+ } else {
+ nmSpace = nmSpace.substring(1);
+ if ("Null".equals(nmSpace)) {
+ nmSpace = null;
+ }
+ }
+ String element = partDef[2].trim();
+
+ QName qname = new QName(nmSpace, element);
+ if ("Content".equals(mode)) {
+ encPart = new SecurePart(qname, SecurePart.Modifier.Content);
+ } else {
+ encPart = new SecurePart(qname, SecurePart.Modifier.Element);
+ }
+ }
+
+ parts.add(encPart);
+ }
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1475728&r1=1475727&r2=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java Thu Apr 25 12:44:18 2013
@@ -19,6 +19,7 @@
package org.apache.wss4j.stax;
import java.net.URISyntaxException;
+import java.util.Map;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -67,6 +68,26 @@ public class WSSec {
securityProperties = validateAndApplyDefaultsToOutboundSecurityProperties(securityProperties);
return new OutboundWSSec(securityProperties);
}
+
+ /**
+ * Creates and configures an outbound streaming security engine
+ *
+ * @param config The user-defined security configuration
+ * @return A new OutboundWSSec
+ * @throws WSSecurityException
+ * if the initialisation failed
+ * @throws org.apache.wss4j.stax.ext.WSSConfigurationException
+ * if the configuration is invalid
+ */
+ public static OutboundWSSec getOutboundWSSec(Map<String, Object> config) throws WSSecurityException {
+ if (config == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "missingSecurityProperties");
+ }
+
+ WSSSecurityProperties securityProperties = ConfigurationConverter.convert(config);
+ securityProperties = validateAndApplyDefaultsToOutboundSecurityProperties(securityProperties);
+ return new OutboundWSSec(securityProperties);
+ }
/**
* Creates and configures an inbound streaming security engine
@@ -86,6 +107,26 @@ public class WSSec {
securityProperties = validateAndApplyDefaultsToInboundSecurityProperties(securityProperties);
return new InboundWSSec(securityProperties);
}
+
+ /**
+ * Creates and configures an inbound streaming security engine
+ *
+ * @param config The user-defined security configuration
+ * @return A new InboundWSSec
+ * @throws WSSecurityException
+ * if the initialisation failed
+ * @throws org.apache.wss4j.stax.ext.WSSConfigurationException
+ * if the configuration is invalid
+ */
+ public static InboundWSSec getInboundWSSec(Map<String, Object> config) throws WSSecurityException {
+ if (config == null) {
+ throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "missingSecurityProperties");
+ }
+
+ WSSSecurityProperties securityProperties = ConfigurationConverter.convert(config);
+ securityProperties = validateAndApplyDefaultsToInboundSecurityProperties(securityProperties);
+ return new InboundWSSec(securityProperties);
+ }
/**
* Validates the user supplied configuration and applies default values as apropriate for the outbound security engine
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1475728&r1=1475727&r2=1475728&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Thu Apr 25 12:44:18 2013
@@ -18,6 +18,7 @@
*/
package org.apache.wss4j.stax.ext;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.util.ConcreteLSInput;
import org.w3c.dom.ls.LSInput;
@@ -268,15 +269,15 @@ public class WSSConstants extends XMLSec
public static final String PROP_TIMESTAMP_SECURITYEVENT = "PROP_TIMESTAMP";
- public static final Action TIMESTAMP = new Action("TIMESTAMP");
- public static final Action USERNAMETOKEN = new Action("USERNAMETOKEN");
- public static final Action USERNAMETOKEN_SIGNED = new Action("USERNAMETOKEN_SIGNED");
- public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SIGNATURE_WITH_DERIVED_KEY");
- public static final Action ENCRYPT_WITH_DERIVED_KEY = new Action("ENCRYPT_WITH_DERIVED_KEY");
- public static final Action SAML_TOKEN_SIGNED = new Action("SAML_TOKEN_SIGNED");
- public static final Action SAML_TOKEN_UNSIGNED = new Action("SAML_TOKEN_UNSIGNED");
- public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SIGNATURE_WITH_KERBEROS_TOKEN");
- public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("ENCRYPT_WITH_KERBEROS_TOKEN");
+ public static final Action TIMESTAMP = new Action(ConfigurationConstants.TIMESTAMP);
+ public static final Action USERNAMETOKEN = new Action(ConfigurationConstants.USERNAME_TOKEN);
+ public static final Action USERNAMETOKEN_SIGNED = new Action(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE);
+ public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SignatureWithDerivedKey");
+ public static final Action ENCRYPT_WITH_DERIVED_KEY = new Action("EncryptWithDerivedKey");
+ public static final Action SAML_TOKEN_SIGNED = new Action(ConfigurationConstants.SAML_TOKEN_SIGNED);
+ public static final Action SAML_TOKEN_UNSIGNED = new Action(ConfigurationConstants.SAML_TOKEN_UNSIGNED);
+ public static final Action SIGNATURE_WITH_KERBEROS_TOKEN = new Action("SignatureWithKerberosToken");
+ public static final Action ENCRYPT_WITH_KERBEROS_TOKEN = new Action("EncryptWithKerberosToken");
public static final AlgorithmUsage Comp_Key = new AlgorithmUsage("Comp_Key");
public static final AlgorithmUsage Enc_KD = new AlgorithmUsage("Enc_KD");