You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by we...@apache.org on 2007/08/17 13:40:42 UTC
svn commit: r567027 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
action/UsernameTokenSignedAction.java message/WSSecSignature.java
Author: werner
Date: Fri Aug 17 04:40:41 2007
New Revision: 567027
URL: http://svn.apache.org/viewvc?view=rev&rev=567027
Log:
More flexible handling of username token signature action. Now the
signature may contain the username token that is used to create the
signature key.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?view=diff&rev=567027&r1=567026&r2=567027
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java Fri Aug 17 04:40:41 2007
@@ -17,15 +17,22 @@
package org.apache.ws.security.action;
+import java.util.Vector;
+
+import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
* Sign a request using a secret key derived from UsernameToken data.
@@ -52,24 +59,60 @@
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
+
+ // Now prepare to sign.
+ // First step: Get a WS Signature object and set config parameters
+ // second step: set user data and algorithm parameters. This
+ // _must_ be done before we "prepare"
+ // third step: Call "prepare". This creates the internal WS Signature
+ // data structures, XML element, fills in the algorithms
+ // and other data.
+ // fourth step: Get the references. These references identify the parts
+ // of the document that will be included into the
+ // signature. If no references are given sign the message
+ // body by default.
+ // fifth step: compute the signature
+ //
+ // after "prepare" the Signature XML element is ready and may prepend
+ // this to the security header.
WSSecSignature sign = new WSSecSignature();
sign.setWsConfig(reqData.getWssConfig());
- if (reqData.getSignatureParts().size() > 0) {
- sign.setParts(reqData.getSignatureParts());
- }
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ sign.prepare(doc, null, reqData.getSecHeader());
+
+ // prepend in this order: first the Signature Element and then the
+ // UsernameToken Element. This way the server gets the UsernameToken
+ // first, can check it and are prepared to compute the Signature key.
+ sign.prependToHeader(reqData.getSecHeader());
+ builder.prependToHeader(reqData.getSecHeader());
+
+ Vector parts = null;
+ if (reqData.getSignatureParts().size() > 0) {
+ parts = reqData.getSignatureParts();
+ }
+ else {
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+ .getDocumentElement());
+
+ parts = new Vector();
+ WSEncryptionPart encP = new WSEncryptionPart(soapConstants
+ .getBodyQName().getLocalPart(), soapConstants
+ .getEnvelopeURI(), "Content");
+ parts.add(encP);
+ }
+ sign.addReferencesToSign(parts, reqData.getSecHeader());
+
try {
-
- sign.build(doc, null, reqData.getSecHeader());
+ sign.computeSignature();
reqData.getSignatureValues().add(sign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException("WSHandler: Error during Signature with UsernameToken secret"
+ e);
}
- builder.prependToHeader(reqData.getSecHeader());
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?view=diff&rev=567027&r1=567026&r2=567027
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Fri Aug 17 04:40:41 2007
@@ -710,8 +710,6 @@
log.debug("Beginning signing...");
}
- Element securityHeader = secHeader.getSecurityHeader();
-
prepare(doc, cr, secHeader);
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org