You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/03/09 11:46:36 UTC
svn commit: r1665180 - in
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom:
message/ saml/ util/
Author: coheigea
Date: Mon Mar 9 10:46:36 2015
New Revision: 1665180
URL: http://svn.apache.org/r1665180
Log:
More WSS4J refactoring
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Mon Mar 9 10:46:36 2015
@@ -73,15 +73,7 @@ public class WSSecDKEncrypt extends WSSe
public Element encrypt() throws WSSecurityException {
if (getParts().isEmpty()) {
- String soapNamespace =
- WSSecurityUtil.getSOAPNamespace(document.getDocumentElement());
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- getParts().add(encP);
+ getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
}
return encryptForExternalRef(null, getParts());
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java Mon Mar 9 10:46:36 2015
@@ -98,15 +98,8 @@ public class WSSecDKSign extends WSSecDe
public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
prepare(doc, secHeader);
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
if (getParts().isEmpty()) {
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- getParts().add(encP);
+ getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
} else {
for (WSEncryptionPart part : getParts()) {
if ("STRTransform".equals(part.getName()) && part.getId() == null) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Mon Mar 9 10:46:36 2015
@@ -201,15 +201,7 @@ public class WSSecEncrypt extends WSSecE
public Element encrypt() throws WSSecurityException {
if (getParts().isEmpty()) {
- String soapNamespace =
- WSSecurityUtil.getSOAPNamespace(document.getDocumentElement());
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- getParts().add(encP);
+ getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
}
return encryptForRef(null, getParts());
@@ -420,16 +412,12 @@ public class WSSecEncrypt extends WSSecE
WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
);
}
- String attachmentEncryptedDataType;
+ String attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY;
if ("Element".equals(encPart.getEncModifier())) {
attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE;
- } else {
- attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY;
}
- List<Attachment> attachments = attachmentRequestCallback.getAttachments();
- for (int i = 0; i < attachments.size(); i++) {
- Attachment attachment = attachments.get(i);
+ for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
final String attachmentId = attachment.getId();
String encEncryptedDataId = config.getIdAllocator().createId("ED-", attachmentId);
@@ -488,8 +476,7 @@ public class WSSecEncrypt extends WSSecE
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
}
- Map<String, String> headers = new HashMap<>();
- headers.putAll(attachment.getHeaders());
+ Map<String, String> headers = new HashMap<>(attachment.getHeaders());
resultAttachment.setSourceStream(
AttachmentUtils.setupAttachmentEncryptionStream(
cipher,
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Mon Mar 9 10:46:36 2015
@@ -368,17 +368,10 @@ public class WSSecSignature extends WSSe
prepare(doc, cr, secHeader);
if (getParts().isEmpty()) {
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
- WSEncryptionPart encP =
- new WSEncryptionPart(
- WSConstants.ELEM_BODY,
- soapNamespace,
- "Content"
- );
- getParts().add(encP);
+ getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
} else {
for (WSEncryptionPart part : getParts()) {
- if ("STRTransform".equals(part.getName()) && part.getId() == null) {
+ if (part.getId() == null && "STRTransform".equals(part.getName())) {
part.setId(strUri);
}
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java Mon Mar 9 10:46:36 2015
@@ -99,75 +99,9 @@ public class WSSecSignatureBase extends
//create separate list for attachment and append it after same document references
//are processed.
- List<javax.xml.crypto.dsig.Reference> attachmentReferenceList = new ArrayList<>();
-
- for (WSEncryptionPart encPart : references) {
- if (encPart.getId() != null && encPart.getId().startsWith("cid:")) {
-
- if (attachmentCallbackHandler == null) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE,
- "empty", "no attachment callbackhandler supplied"
- );
- }
-
- AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
- //no mime type must be set for signature:
- //attachmentCallback.setResultingMimeType(null);
- String id = encPart.getId().substring(4);
- attachmentRequestCallback.setAttachmentId(id);
- try {
- attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
- } catch (Exception e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, e
- );
- }
- List<Attachment> attachments = attachmentRequestCallback.getAttachments();
- for (int i = 0; i < attachments.size(); i++) {
- Attachment attachment = attachments.get(i);
-
- try {
- List<Transform> transforms = new ArrayList<>();
-
- AttachmentTransformParameterSpec attachmentTransformParameterSpec =
- new AttachmentTransformParameterSpec(
- attachmentCallbackHandler,
- attachment
- );
-
- String attachmentSignatureTransform;
- if ("Element".equals(encPart.getEncModifier())) {
- attachmentSignatureTransform = WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS;
- } else {
- attachmentSignatureTransform = WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS;
- }
-
- transforms.add(
- signatureFactory.newTransform(
- attachmentSignatureTransform,
- attachmentTransformParameterSpec)
- );
-
- javax.xml.crypto.dsig.Reference reference =
- signatureFactory.newReference("cid:" + attachment.getId(),
- digestMethod,
- transforms,
- null,
- null
- );
-
- attachmentReferenceList.add(reference);
- } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- }
- break;
- }
- }
-
+ List<javax.xml.crypto.dsig.Reference> attachmentReferenceList = null;
List<javax.xml.crypto.dsig.Reference> referenceList = new ArrayList<>();
-
+
for (WSEncryptionPart encPart : references) {
String idToSign = encPart.getId();
String elemName = encPart.getName();
@@ -178,8 +112,9 @@ public class WSSecSignatureBase extends
// names: "STRTransform": Setup the ds:Reference to use STR Transform
//
try {
- //attachments are already processed in the above loop
- if ("cid:Attachments".equals(idToSign)) {
+ if ("cid:Attachments".equals(idToSign) && attachmentReferenceList == null) {
+ attachmentReferenceList =
+ addAttachmentReferences(encPart, digestMethod, signatureFactory);
continue;
}
if (idToSign != null) {
@@ -276,11 +211,72 @@ public class WSSecSignatureBase extends
);
}
}
+
//append attachment references now
- referenceList.addAll(attachmentReferenceList);
+ if (attachmentReferenceList != null) {
+ referenceList.addAll(attachmentReferenceList);
+ }
return referenceList;
}
+ private List<javax.xml.crypto.dsig.Reference> addAttachmentReferences(
+ WSEncryptionPart encPart,
+ DigestMethod digestMethod,
+ XMLSignatureFactory signatureFactory
+ ) throws WSSecurityException {
+
+ if (attachmentCallbackHandler == null) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE,
+ "empty", "no attachment callbackhandler supplied"
+ );
+ }
+
+ AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
+ //no mime type must be set for signature:
+ //attachmentCallback.setResultingMimeType(null);
+ String id = encPart.getId().substring(4);
+ attachmentRequestCallback.setAttachmentId(id);
+ try {
+ attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+
+ List<javax.xml.crypto.dsig.Reference> attachmentReferenceList = new ArrayList<>();
+ for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
+ try {
+ List<Transform> transforms = new ArrayList<>();
+
+ AttachmentTransformParameterSpec attachmentTransformParameterSpec =
+ new AttachmentTransformParameterSpec(
+ attachmentCallbackHandler, attachment
+ );
+
+ String attachmentSignatureTransform = WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS;
+ if ("Element".equals(encPart.getEncModifier())) {
+ attachmentSignatureTransform = WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS;
+ }
+
+ transforms.add(
+ signatureFactory.newTransform(
+ attachmentSignatureTransform, attachmentTransformParameterSpec)
+ );
+
+ javax.xml.crypto.dsig.Reference reference =
+ signatureFactory.newReference(
+ "cid:" + attachment.getId(), digestMethod, transforms, null, null
+ );
+
+ attachmentReferenceList.add(reference);
+ } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+
+ return attachmentReferenceList;
+ }
+
/**
* Get the List of inclusive prefixes from the DOM Element argument
*/
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java Mon Mar 9 10:46:36 2015
@@ -120,11 +120,8 @@ public class WSSecSignatureSAML extends
prepare(doc, uCrypto, samlAssertion, iCrypto, iKeyName, iKeyPW, secHeader);
- String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
if (getParts().isEmpty()) {
- WSEncryptionPart encP =
- new WSEncryptionPart(WSConstants.ELEM_BODY, soapNamespace, "Content");
- getParts().add(encP);
+ getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
} else {
for (WSEncryptionPart part : getParts()) {
if ("STRTransform".equals(part.getName()) && part.getId() == null) {
@@ -138,6 +135,8 @@ public class WSSecSignatureSAML extends
// if it exists
//
if (secRefID != null) {
+ String soapNamespace =
+ WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
WSEncryptionPart encP =
new WSEncryptionPart("STRTransform", soapNamespace, "Content");
encP.setId(secRefID);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1665180&r1=1665179&r2=1665180&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Mon Mar 9 10:46:36 2015
@@ -544,6 +544,15 @@ public final class WSSecurityUtil {
}
return null;
}
+
+ /**
+ * Get the default encryption part - the SOAP Body of type "Content".
+ */
+ public static WSEncryptionPart getDefaultEncryptionPart(Document doc) {
+ String soapNamespace =
+ WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ return new WSEncryptionPart(WSConstants.ELEM_BODY, soapNamespace, "Content");
+ }
/**
* Turn a reference (eg "#5") into an ID (eg "5").