You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2010/11/08 14:01:08 UTC
Re: svn commit: r1031652 - in /cxf/sandbox/wss4j-1.6-port: ./
rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org
Hi Dan,
> Is it possible to get these lists to be typed in WSS4J...
Yep, absolutely. My immediate priority is to get the CXF branch I
committed to the sandbox to work with WSS4J 1.6-SNAPSHOT. I want to go
through the rt/ws/security module in detail then to take
changes/optimisations in WSS4J into account.
Colm.
On Fri, Nov 5, 2010 at 4:50 PM, Daniel Kulp <dk...@apache.org> wrote:
>
> Colm,
>
>
>> final WSDocInfo wsDocInfo,
>> - final java.util.Vector returnResults,
>> + final java.util.List returnResults,
>> final WSSConfig config
>
> Is it possible to get these lists to be typed in WSS4J or do they have to be
> List<Obejct>? For example:
>
> List<WSResult>
>
> or similar?
>
> It would make the code much more readable.
>
> Dan
>
>
>
>
> On Friday 05 November 2010 12:07:12 pm coheigea@apache.org wrote:
>> Author: coheigea
>> Date: Fri Nov 5 16:07:11 2010
>> New Revision: 1031652
>>
>> URL: http://svn.apache.org/viewvc?rev=1031652&view=rev
>> Log:
>> Adding a branch of the WSS4J 1.6 port to sandbox.
>> - An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT.
>> - All the unit tests pass, 13 system tests are failing.
>> - WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but
>> will be shortly when I set up the hudson build.
>>
>> Added:
>> cxf/sandbox/wss4j-1.6-port/
>> - copied from r1031553, cxf/trunk/
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
>>
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java
>>
>> Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom
>> .xml?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original)
>> +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov 5 16:07:11
>> 2010 @@ -91,7 +91,7 @@
>> <dependency>
>> <groupId>org.apache.ws.security</groupId>
>> <artifactId>wss4j</artifactId>
>> - <version>1.5.9</version>
>> + <version>1.6-SNAPSHOT</version>
>> <exclusions>
>> <exclusion>
>> <groupId>axis</groupId>
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterc
>> eptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
>> +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Nov 5
>> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic
>>
>> import java.util.Arrays;
>> import java.util.Collection;
>> +import java.util.List;
>> import java.util.Vector;
>>
>>
>> @@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults =
>> rResult.getResults(); + List wsSecEngineResults
>> = rResult.getResults();
>>
>> for (int j = 0; j < wsSecEngineResults.size();
>> j++) { //WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversatio
>> nInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java
>> (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java Fri Nov
>> 5 16:07:11 2010 @@ -455,7 +455,7 @@ class SecureConversationInInterceptor
>> ex
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>>
>> for (int j = 0; j < wsSecEngineResults.size(); j++) {
>> WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthentica
>> tingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
>> (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Fri Nov
>> 5 16:07:11 2010 @@ -224,7 +224,7 @@ public abstract class
>> AbstractUsernameTo
>> if (c instanceof WSPasswordCallback) {
>> WSPasswordCallback pc = (WSPasswordCallback)c;
>> if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType())
>> - && pc.getUsage() ==
>> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { + &&
>> pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
>> AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
>> pc.getIdentifier(), pc.getPassword(), false, null, null); }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=103
>> 1652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java Fri Nov 5 16:07:11 2010 @@ -82,9
>> +82,9 @@ public final class CryptoCoverageUtil {
>> final WSDataRef signedRef = signedRefsIt.next();
>>
>> if (isSignedEncryptionRef(encryptedRef, signedRef)) {
>> -
>> - final WSDataRef encryptedSignedRef =
>> - new WSDataRef(signedRef.getDataref());
>> +
>> + final WSDataRef encryptedSignedRef = new WSDataRef();
>> + encryptedSignedRef.setWsuId(signedRef.getWsuId());
>>
>> encryptedSignedRef.setContent(false);
>> encryptedSignedRef.setName(encryptedRef.getName());
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.j
>> ava?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Nov 5 16:07:11 2010
>> @@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept
>> }
>>
>> protected void doResults(SoapMessage msg, String actor,
>> - SOAPMessage doc, Vector results, boolean
>> utWithCallbacks) + SOAPMessage doc, List
>> results, boolean utWithCallbacks) throws SOAPException,
>> XMLStreamException, WSSecurityException {
>>
>> AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCa
>> llbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Fri Nov 5
>> 16:07:11 2010 @@ -20,7 +20,7 @@
>> package org.apache.cxf.ws.security.wss4j;
>>
>> import java.security.Principal;
>> -import java.util.Vector;
>> +import java.util.List;
>> import java.util.logging.Level;
>> import java.util.logging.Logger;
>>
>> @@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho
>>
>> @SuppressWarnings("unchecked")
>> public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
>> CallbackHandler cb, - WSDocInfo wsDocInfo, Vector returnResults,
>> WSSConfig wsc) throws WSSecurityException { + WSDocInfo wsDocInfo,
>> List returnResults, WSSConfig wsc) throws WSSecurityException { if
>> (LOG.isLoggable(Level.FINE)) {
>> LOG.fine("Found UsernameToken list element");
>> }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=103
>> 1652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java Fri Nov 5 16:07:11 2010 @@ -192,7
>> +192,7 @@ public class WSS4JInInterceptor extends
>> try {
>> reqData.setMsgContext(msg);
>> computeAction(msg, reqData);
>> - Vector actions = new Vector();
>> + List actions = new Vector();
>> String action = getAction(msg, version);
>>
>> int doAction = WSSecurityUtil.decodeAction(action, actions);
>> @@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends
>> */
>> doReceiverAction(doAction, reqData);
>>
>> - Vector wsResult = null;
>> + List wsResult = null;
>> if (doTimeLog) {
>> t1 = System.currentTimeMillis();
>> }
>> @@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends
>> }
>> }
>>
>> - private void checkActions(SoapMessage msg, RequestData reqData, Vector
>> wsResult, Vector actions) + private void checkActions(SoapMessage msg,
>> RequestData reqData, List wsResult, List actions) throws
>> WSSecurityException {
>> /*
>> * now check the security actions: do they match, in any order?
>> @@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends
>> throw new
>> WSSecurityException(WSSecurityException.INVALID_SECURITY); }
>> }
>> - private void checkSignatures(SoapMessage msg, RequestData reqData,
>> Vector wsResult) + private void checkSignatures(SoapMessage msg,
>> RequestData reqData, List wsResult) throws WSSecurityException {
>> /*
>> * Now we can check the certificate used to sign the message. In
>> the @@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends
>> */
>>
>> // Extract the signature action result from the action vector
>> - Vector signatureResults = new Vector();
>> + List signatureResults = new Vector();
>> signatureResults =
>> WSSecurityUtil.fetchAllActionResults(wsResult,
>> WSConstants.SIGN, signatureResults);
>>
>> @@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends
>> }
>> }
>>
>> - protected void checkTimestamps(SoapMessage msg, RequestData reqData,
>> Vector wsResult) + protected void checkTimestamps(SoapMessage msg,
>> RequestData reqData, List wsResult) throws WSSecurityException {
>> /*
>> * Perform further checks on the timestamp that was transmitted in
>> @@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends
>> * other validation algorithms for subclasses.
>> */
>> // Extract the timestamp action result from the action vector
>> - Vector timestampResults = new Vector();
>> + List timestampResults = new Vector();
>> timestampResults =
>> WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS,
>> timestampResults);
>>
>> @@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends
>>
>> }
>>
>> - protected void doResults(SoapMessage msg, String actor, SOAPMessage
>> doc, Vector wsResult) + protected void doResults(SoapMessage msg,
>> String actor, SOAPMessage doc, List wsResult) throws SOAPException,
>> XMLStreamException, WSSecurityException { doResults(msg, actor, doc,
>> wsResult, false);
>> }
>>
>> - protected void doResults(SoapMessage msg, String actor, SOAPMessage
>> doc, Vector wsResult, + protected void doResults(SoapMessage msg,
>> String actor, SOAPMessage doc, List wsResult, boolean utWithCallbacks)
>> throws SOAPException, XMLStreamException, WSSecurityException { /*
>> * All ok up to this point. Now construct and setup the security
>> result
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingB
>> uilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Nov 5
>> 16:07:11 2010 @@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j
>> import java.io.IOException;
>> import java.io.InputStream;
>> import java.net.URL;
>> +import java.security.InvalidAlgorithmParameterException;
>> import java.security.KeyStoreException;
>> +import java.security.NoSuchAlgorithmException;
>> import java.security.cert.X509Certificate;
>> import java.util.ArrayList;
>> import java.util.Collection;
>> +import java.util.Collections;
>> import java.util.Enumeration;
>> import java.util.HashMap;
>> import java.util.HashSet;
>> @@ -40,6 +43,10 @@ import java.util.logging.Level;
>> import java.util.logging.Logger;
>>
>> import javax.security.auth.callback.CallbackHandler;
>> +import javax.xml.crypto.XMLStructure;
>> +import javax.xml.crypto.dom.DOMStructure;
>> +import javax.xml.crypto.dsig.DigestMethod;
>> +import javax.xml.crypto.dsig.Transform;
>> import javax.xml.namespace.QName;
>> import javax.xml.soap.SOAPException;
>> import javax.xml.soap.SOAPHeader;
>> @@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS
>> import org.apache.ws.security.message.token.SecurityTokenReference;
>> import org.apache.ws.security.transform.STRTransform;
>> import org.apache.ws.security.util.WSSecurityUtil;
>> -import org.apache.xml.security.signature.XMLSignatureException;
>> -import org.apache.xml.security.transforms.TransformationException;
>> -import org.apache.xml.security.transforms.Transforms;
>>
>> /**
>> *
>> */
>> public abstract class AbstractBindingBuilder {
>> public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
>> - private static final Logger LOG =
>> LogUtils.getL7dLogger(AbstractBindingBuilder.class); + protected static
>> final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
>>
>>
>> protected SPConstants.ProtectionOrder protectionOrder =
>> SPConstants.ProtectionOrder.SignBeforeEncrypting; @@ -569,8 +573,7 @@
>> public abstract class AbstractBindingBui
>> // coupled with WSSecSignatureHelper. This approach is
>> used so that // we can force WSS4J to sign the assertion through a STR
>> that // WSS4J did not create during message signature creation. -
>> part = new WSEncryptionPart(tempSig.getStrUri(),
>> "ExternalSTRTransform", "Element", -
>> WSConstants.PART_TYPE_ELEMENT);
>> + part = new WSEncryptionPart(tempSig.getStrUri(),
>> "ExternalSTRTransform", "Element");
>>
>> } else {
>> if (tempSig.getBSTTokenId() != null) {
>> @@ -922,13 +925,11 @@ public abstract class AbstractBindingBui
>> if (sign) {
>> result.add(new WSEncryptionPart(
>> id,
>> - "Element",
>> - WSConstants.PART_TYPE_BODY));
>> + "Element"));
>> } else {
>> result.add(new WSEncryptionPart(
>> id,
>> - "Content",
>> - WSConstants.PART_TYPE_BODY));
>> + "Content"));
>> }
>> }
>>
>> @@ -958,8 +959,7 @@ public abstract class AbstractBindingBui
>> final String id = this.addWsuIdToElement(el);
>> result.add(new WSEncryptionPart(
>> id,
>> - part.getEncModifier(),
>> - WSConstants.PART_TYPE_HEADER));
>> + part.getEncModifier()));
>> }
>> }
>> }
>> @@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui
>>
>> WSEncryptionPart part = new WSEncryptionPart(
>> id,
>> - encryptionModifier,
>> - WSConstants.PART_TYPE_ELEMENT);
>> + encryptionModifier);
>> part.setXpath(expression);
>>
>> /**
>> @@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>> /*
>> * Scan the results for the first Signature action. Use the
>> * certificate of this Signature to set the certificate for the
>> @@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>> /*
>> * Scan the results for a username token. Use the username
>> * of this token to set the alias for the encryption user
>> @@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui
>> sigParts.add(new
>> WSEncryptionPart(sig.getBSTTokenId())); }
>> try {
>> - sig.addReferencesToSign(sigParts, secHeader);
>> - sig.computeSignature();
>> - sig.appendToHeader(secHeader);
>> + List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); + sig.computeSignature(referenceList,
>> false, null);
>>
>> signatures.add(sig.getSignatureValue());
>> if (isSigProtect) {
>> @@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui
>>
>> dkSign.setParts(sigParts);
>>
>> - dkSign.addReferencesToSign(sigParts, secHeader);
>> + List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>> - //Do signature
>> - dkSign.computeSignature();
>> -
>> //Add elements to header
>> addSupportingElement(dkSign.getdktElement());
>> -
>> secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement()); +
>> + //Do signature
>> + dkSign.computeSignature(referenceList, false, null);
>>
>> signatures.add(dkSign.getSignatureValue());
>> }
>> @@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui
>> sig.prepare(doc, getSignatureCrypto(null), secHeader);
>>
>> sig.setParts(sigParts);
>> - sig.addReferencesToSign(sigParts, secHeader);
>> + List referenceList = sig.addReferencesToSign(sigParts, secHeader);
>>
>> //Do signature
>> - sig.computeSignature();
>> + sig.computeSignature(referenceList, false, null);
>> signatures.add(sig.getSignatureValue());
>> -
>> -
>> secHeader.getSecurityHeader().appendChild(sig.getSignatureElement()); }
>> protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
>>
>> assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING
>> _TOKENS)); @@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui
>> signedEncryptedParts.add(
>> new WSEncryptionPart(
>> encryptedPart.getEncId(),
>> - encryptedPart.getEncModifier(),
>> - encryptedPart.getType()));
>> + encryptedPart.getEncModifier()));
>> }
>> }
>> }
>> @@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui
>> }
>>
>> @Override
>> - public void addReferencesToSign(Vector references,
>> + public List addReferencesToSign(List references,
>> WSSecHeader secHeader) throws WSSecurityException {
>> final Vector<Object> unalteredReferences = new
>> Vector<Object>();
>>
>> + List uberReferences = new Vector();
>> try {
>> + DigestMethod digestMethod;
>> + try {
>> + digestMethod =
>> signatureFactory.newDigestMethod(this.getDigestAlgo(), null); +
>> } catch (Exception ex) {
>> + throw new WSSecurityException(
>> + WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, ex + );
>> + }
>> +
>> for (int part = 0; part < references.size(); part++) {
>> final WSEncryptionPart encPart = (WSEncryptionPart)
>> references.get(part);
>>
>> final String elemName = encPart.getName();
>> - final Transforms transforms = new
>> Transforms(document);
>>
>> if (elemName != null &&
>> "ExternalSTRTransform".equals(encPart.getNamespace())) { final Element ctx
>> = this.createSTRParameter(document); -
>> transforms.addTransform(STRTransform.implementedTransformURI, ctx); -
>> this.sig.addDocument("#" + elemName, transforms,
>> this.getDigestAlgo()); +
>> + XMLStructure structure = new DOMStructure(ctx);
>> + Transform transform =
>> + signatureFactory.newTransform(
>> + STRTransform.TRANSFORM_URI,
>> + structure
>> + );
>> +
>> + javax.xml.crypto.dsig.Reference reference =
>> + signatureFactory.newReference(
>> + "#" + elemName,
>> + digestMethod,
>> + Collections.singletonList(transform),
>> + null,
>> + null
>> + );
>> + uberReferences.add(reference);
>> } else {
>> unalteredReferences.add(encPart);
>> }
>> }
>> - } catch (TransformationException e1) {
>> + } catch (NoSuchAlgorithmException e1) {
>> throw new WSSecurityException(
>> WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, e1 );
>> - } catch (XMLSignatureException e1) {
>> + } catch (InvalidAlgorithmParameterException e1) {
>> throw new WSSecurityException(
>> WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, e1 );
>> }
>>
>> - super.addReferencesToSign(unalteredReferences, secHeader);
>> + List newReferences =
>> super.addReferencesToSign(unalteredReferences, secHeader); +
>> uberReferences.addAll(newReferences);
>> + return uberReferences;
>> }
>> }
>>
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindin
>> gHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Nov 5
>> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
>>
>>
>> import java.util.Collection;
>> +import java.util.List;
>> import java.util.Vector;
>> import java.util.logging.Level;
>> import java.util.logging.Logger;
>> @@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex
>>
>> dkSign.setParts(sigParts);
>>
>> - dkSign.addReferencesToSign(sigParts, secHeader);
>> -
>> - // Do signature
>> - dkSign.computeSignature();
>> - signatures.add(dkSign.getSignatureValue());
>> + List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>> // Add elements to header
>> addDerivedKeyElement(dkSign.getdktElement());
>> - insertBeforeBottomUp(dkSign.getSignatureElement());
>> - mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); +
>> + //Do signature
>> + if (bottomUpElement == null) {
>> + dkSign.computeSignature(referenceList, false, null);
>> + } else {
>> + dkSign.computeSignature(referenceList, true,
>> bottomUpElement); + }
>> + bottomUpElement = dkSign.getSignatureElement();
>> + signatures.add(dkSign.getSignatureValue());
>> +
>> + // TODO mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); +
>> mainSigId = dkSign.getId();
>> } catch (Exception e) {
>> //REVISIT
>> e.printStackTrace();
>> @@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex
>> }
>>
>> sig.prependBSTElementToHeader(secHeader);
>> - insertBeforeBottomUp(sig.getSignatureElement());
>> sigParts.addAll(this.getSignedParts());
>>
>> - sig.addReferencesToSign(sigParts, secHeader);
>> - sig.computeSignature();
>> + List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); + //Do signature
>> + if (bottomUpElement == null) {
>> + sig.computeSignature(referenceList, false, null);
>> + } else {
>> + sig.computeSignature(referenceList, true,
>> bottomUpElement); + }
>> + bottomUpElement = sig.getSignatureElement();
>> +
>> signatures.add(sig.getSignatureValue());
>>
>> - mainSigId = addWsuIdToElement(sig.getSignatureElement());
>> + //TODO mainSigId =
>> addWsuIdToElement(sig.getSignatureElement()); + mainSigId =
>> sig.getId();
>> }
>> }
>>
>> @@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>> /*
>> * Scan the results for the first Signature action. Use the
>> * certificate of this Signature to set the certificate for the
>> @@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>> /*
>> * Scan the results for the first Signature action. Use the
>> * certificate of this Signature to set the certificate for the
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBinding
>> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Nov 5
>> 16:07:11 2010 @@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j
>> import java.security.MessageDigest;
>> import java.security.NoSuchAlgorithmException;
>> import java.util.Calendar;
>> +import java.util.List;
>> import java.util.Vector;
>> +import java.util.logging.Level;
>>
>> import javax.xml.soap.SOAPMessage;
>>
>> @@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext
>>
>> if (!isRequestor()) {
>> if (encrTok.getSHA1() != null) {
>> - encr.setUseKeyIdentifier(true);
>>
>> encr.setCustomReferenceValue(encrTok.getSHA1());
>> encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); }
>> else {
>> - encr.setUseKeyIdentifier(true);
>>
>> encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF); }
>> } else {
>> if (encrToken instanceof IssuedToken) {
>> - encr.setUseKeyIdentifier(true);
>>
>> encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
>> encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); }
>> @@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext
>> }
>>
>> dkSign.setParts(sigs);
>> - dkSign.addReferencesToSign(sigs, secHeader);
>> + List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
>>
>> - //Do signature
>> - dkSign.computeSignature();
>> -
>> //Add elements to header
>> Element el = dkSign.getdktElement();
>> - addDerivedKeyElement(el);
>> - insertBeforeBottomUp(dkSign.getSignatureElement());
>> - this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
>> + addDerivedKeyElement(el);
>> +
>> + //Do signature
>> + if (bottomUpElement == null) {
>> + dkSign.computeSignature(referenceList, false, null);
>> + } else {
>> + dkSign.computeSignature(referenceList, true, bottomUpElement);
>> + }
>> + bottomUpElement = dkSign.getSignatureElement();
>> +
>> + // TODO this.mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); + this.mainSigId =
>> dkSign.getId();
>>
>> return dkSign.getSignatureValue();
>> }
>> @@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext
>> }
>>
>> this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO,
>> crypto); sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
>> + String soap =
>> org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart()); +
>> LOG.log(Level.FINE, "SOAP: " + soap);
>> sig.setParts(sigs);
>> - sig.addReferencesToSign(sigs, secHeader);
>> + List referenceList = sig.addReferencesToSign(sigs, secHeader);
>>
>> //Do signature
>> - sig.computeSignature();
>> + if (bottomUpElement == null) {
>> + sig.computeSignature(referenceList, false, null);
>> + } else {
>> + sig.computeSignature(referenceList, true,
>> bottomUpElement); + }
>> + bottomUpElement = sig.getSignatureElement();
>>
>> - Element mainSigElement = sig.getSignatureElement();
>> - insertBeforeBottomUp(mainSigElement);
>> - mainSigId = addWsuIdToElement(mainSigElement);
>> + // TODO mainSigId = addWsuIdToElement(mainSigElement);
>> + this.mainSigId = sig.getId();
>> return sig.getSignatureValue();
>> }
>> }
>> @@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext
>>
>> private String getEncryptedKey() {
>>
>> - Vector results = (Vector)message.getExchange().getInMessage()
>> + List results = (List)message.getExchange().getInMessage()
>> .get(WSHandlerConstants.RECV_RESULTS);
>>
>> for (int i = 0; i < results.size(); i++) {
>> WSHandlerResult rResult =
>> (WSHandlerResult) results.get(i);
>>
>> - Vector wsSecEngineResults = rResult.getResults();
>> + List wsSecEngineResults = rResult.getResults();
>>
>> for (int j = 0; j < wsSecEngineResults.size(); j++) {
>> WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBinding
>> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java Fri Nov 5
>> 16:07:11 2010 @@ -20,6 +20,7 @@
>> package org.apache.cxf.ws.security.wss4j.policyhandlers;
>>
>> import java.util.Collection;
>> +import java.util.List;
>> import java.util.Vector;
>>
>> import javax.xml.soap.SOAPMessage;
>> @@ -262,13 +263,11 @@ public class TransportBindingHandler ext
>> */
>>
>> dkSig.setParts(sigParts);
>> - dkSig.addReferencesToSign(sigParts, secHeader);
>> + List referenceList = dkSig.addReferencesToSign(sigParts,
>> secHeader);
>>
>> //Do signature
>> - dkSig.computeSignature();
>> -
>> dkSig.appendDKElementToHeader(secHeader);
>> - dkSig.appendSigToHeader(secHeader);
>> + dkSig.computeSignature(referenceList, false, null);
>>
>> return dkSig.getSignatureValue();
>> } else {
>> @@ -276,10 +275,14 @@ public class TransportBindingHandler ext
>> if (sig != null) {
>> sig.prependBSTElementToHeader(secHeader);
>>
>> - sig.addReferencesToSign(sigParts, secHeader);
>> - insertBeforeBottomUp(sig.getSignatureElement());
>> -
>> - sig.computeSignature();
>> + List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); +
>> + if (bottomUpElement == null) {
>> + sig.computeSignature(referenceList, false, null);
>> + } else {
>> + sig.computeSignature(referenceList, true,
>> bottomUpElement); + }
>> + bottomUpElement = sig.getSignatureElement();
>>
>> return sig.getSignatureValue();
>> } else {
>> @@ -375,12 +378,10 @@ public class TransportBindingHandler ext
>> addDerivedKeyElement(dkSign.getdktElement());
>>
>> dkSign.setParts(sigParts);
>> - dkSign.addReferencesToSign(sigParts, secHeader);
>> + List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>> //Do signature
>> - dkSign.computeSignature();
>> -
>> - dkSign.appendSigToHeader(secHeader);
>> + dkSign.computeSignature(referenceList, false, null);
>>
>> return dkSign.getSignatureValue();
>> } else {
>> @@ -425,14 +426,16 @@ public class TransportBindingHandler ext
>> sig.prepare(doc, crypto, secHeader);
>>
>> sig.setParts(sigParts);
>> - sig.addReferencesToSign(sigParts, secHeader);
>> + List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader);
>>
>> //Do signature
>> - sig.computeSignature();
>> -
>> - //Add elements to header
>> - insertBeforeBottomUp(sig.getSignatureElement());
>> -
>> + if (bottomUpElement == null) {
>> + sig.computeSignature(referenceList, false, null);
>> + } else {
>> + sig.computeSignature(referenceList, true,
>> bottomUpElement); + }
>> + bottomUpElement = sig.getSignatureElement();
>> +
>> return sig.getSignatureValue();
>> }
>> }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=103165
>> 2&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java Fri Nov 5 16:07:11 2010 @@ -40,7 +40,7
>> @@ public class CustomProcessor implements
>> final Crypto decCrypto,
>> final javax.security.auth.callback.CallbackHandler cb,
>> final WSDocInfo wsDocInfo,
>> - final java.util.Vector returnResults,
>> + final java.util.List returnResults,
>> final WSSConfig config
>> ) throws WSSecurityException {
>> final java.util.Map result =
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
>