You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2005/09/05 20:36:42 UTC
svn commit: r278808 [2/3] - in
/webservices/wss4j/trunk/src/org/apache/ws/security: ./ handler/ message/
message/token/ transform/ util/
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java Mon Sep 5 11:36:22 2005
@@ -24,7 +24,6 @@
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
@@ -42,7 +41,6 @@
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
@@ -87,14 +85,7 @@
protected WSSAddUsernameToken usernameToken = null;
- static {
- Transform.init();
- try {
- Transform.register(STRTransform.implementedTransformURI,
- "org.apache.ws.security.transform.STRTransform");
- } catch (Exception ex) {
- }
- }
+ protected byte[] signatureValue = null;
/**
* Constructor.
@@ -103,7 +94,7 @@
}
/**
- * Constructor. <p/>
+ * Constructor.
*
* @param actor The actor name of the <code>wsse:Security</code> header
*/
@@ -112,7 +103,7 @@
}
/**
- * Constructor. <p/>
+ * Constructor.
*
* @param actor The actor name of the <code>wsse:Security</code> header
* @param mu Set <code>mustUnderstand</code> to true or false
@@ -122,18 +113,7 @@
}
/**
- * Constructor. <p/>
- *
- * @param wssConfig Configuration options for processing and building security headers
- * @param actor The actor name of the <code>wsse:Security</code> header
- * @param mu Set <code>mustUnderstand</code> to true or false
- */
- public WSSignEnvelope(WSSConfig wssConfig, String actor, boolean mu) {
- super(wssConfig, actor, mu);
- }
-
- /**
- * set the single cert flag. <p/>
+ * set the single cert flag.
*
* @param useSingleCert
*/
@@ -142,7 +122,7 @@
}
/**
- * Get the single cert flag. <p/>
+ * Get the single cert flag.
*
* @return
*/
@@ -151,11 +131,13 @@
}
/**
- * Set the name of the signature encryption algorithm to use <p/>If the
- * algorithm is not set then Triple RSA is used. Refer to WSConstants which
- * algorithms are supported. <p/>
- *
- * @param algo Is the name of the signature algorithm
+ * Set the name of the signature encryption algorithm to use.
+ *
+ * If the algorithm is not set then Triple RSA is used. Refer to WSConstants
+ * which algorithms are supported.
+ *
+ * @param algo
+ * Is the name of the signature algorithm
* @see WSConstants#RSA
* @see WSConstants#DSA
*/
@@ -164,22 +146,25 @@
}
/**
- * Get the name of the signature algorithm that is being used <p/>If the
- * algorithm is not set then RSA is default. <p/>
+ * Get the name of the signature algorithm that is being used.
+ *
+ * If the algorithm is not set then RSA is default.
*
- * @return
+ * @return the identifier URI of the signature algorithm
*/
public String getSignatureAlgorithm() {
return sigAlgo;
}
/**
- * Set the canonicalization method to use. <p/>If the canonicalization
- * method is not set then the recommended Exclusive XML Canonicalization is
- * used by default Refer to WSConstants which algorithms are supported.
- * <p/>
- *
- * @param algo Is the name of the signature algorithm
+ * Set the canonicalization method to use.
+ *
+ * If the canonicalization method is not set then the recommended Exclusive
+ * XML Canonicalization is used by default Refer to WSConstants which
+ * algorithms are supported.
+ *
+ * @param algo
+ * Is the name of the signature algorithm
* @see WSConstants#C14N_OMIT_COMMENTS
* @see WSConstants#C14N_WITH_COMMENTS
* @see WSConstants#C14N_EXCL_OMIT_COMMENTS
@@ -190,9 +175,11 @@
}
/**
- * Get the canonicalization method. <p/>If the canonicalization method was
- * not set then Exclusive XML Canonicalization is used by default. <p/>
- *
+ * Get the canonicalization method.
+ *
+ * If the canonicalization method was not set then Exclusive XML
+ * Canonicalization is used by default.
+ *
* @return
*/
public String getSigCanonicalization() {
@@ -205,8 +192,18 @@
public void setUsernameToken(WSSAddUsernameToken usernameToken) {
this.usernameToken = usernameToken;
}
+
+ /**
+ * @return Returns the signatureValue.
+ */
+ public byte[] getSignatureValue() {
+ return signatureValue;
+ }
+
/**
- * Builds a signed soap envelope. <p/>The method first gets an appropriate
+ * Builds a signed soap envelope.
+ *
+ * The method first gets an appropriate
* security header. According to the defined parameters for certificate
* handling the signature elements are constructed and inserted into the
* <code>wsse:Signature</code>
@@ -217,7 +214,7 @@
* @return A signed SOAP envelope as <code>Document</code>
* @throws WSSecurityException
*/
-public Document build(Document doc, Crypto crypto)
+ public Document build(Document doc, Crypto crypto)
throws WSSecurityException {
doDebug = log.isDebugEnabled();
@@ -249,8 +246,7 @@
certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidX509Data",
- new Object[]{"for Signature"});
+ "invalidX509Data", new Object[] { "for Signature" });
}
certUri = "CertId-" + certs[0].hashCode();
if (sigAlgo == null) {
@@ -261,43 +257,39 @@
} else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
} else {
- throw new WSSecurityException(WSSecurityException.FAILURE,
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
"invalidX509Data",
- new Object[]{"for Signature - unkown public key Algo"});
+ new Object[] { "for Signature - unkown public key Algo" });
}
}
}
XMLSignature sig = null;
if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
- Element canonElem = XMLUtils.createElementInSignatureSpace(
- doc,
- Constants._TAG_CANONICALIZATIONMETHOD);
-
- canonElem.setAttributeNS(
- null,
- Constants._ATT_ALGORITHM,
- canonAlgo);
+ Element canonElem = XMLUtils.createElementInSignatureSpace(doc,
+ Constants._TAG_CANONICALIZATIONMETHOD);
+
+ canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, canonAlgo);
if (wssConfig.isWsiBSPCompliant()) {
Set prefixes = getInclusivePrefixes(securityHeader, false);
- InclusiveNamespaces inclusiveNamespaces =
- new InclusiveNamespaces(doc, prefixes);
+ InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(
+ doc, prefixes);
canonElem.appendChild(inclusiveNamespaces.getElement());
}
try {
- SignatureAlgorithm signatureAlgorithm =
- new SignatureAlgorithm(doc, sigAlgo);
- sig = new XMLSignature(
- doc, null, signatureAlgorithm.getElement(), canonElem);
+ SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(
+ doc, sigAlgo);
+ sig = new XMLSignature(doc, null, signatureAlgorithm
+ .getElement(), canonElem);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig");
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig");
}
} else {
try {
@@ -305,8 +297,7 @@
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
- WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig");
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig");
}
}
/*
@@ -320,21 +311,19 @@
String keyInfoUri = "KeyId-" + info.hashCode();
info.setId(keyInfoUri);
- SecurityTokenReference secRef = new SecurityTokenReference(wssConfig, doc);
+ SecurityTokenReference secRef = new SecurityTokenReference(doc);
String strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
-
if (tlog.isDebugEnabled()) {
t1 = System.currentTimeMillis();
}
if (parts == null) {
parts = new Vector();
- WSEncryptionPart encP =
- new WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
- soapConstants.getEnvelopeURI(),
- "Content");
+ WSEncryptionPart encP = new WSEncryptionPart(soapConstants
+ .getBodyQName().getLocalPart(), soapConstants
+ .getEnvelopeURI(), "Content");
parts.add(encP);
}
@@ -357,171 +346,163 @@
try {
if (elemName.equals("Token")) {
transforms = new Transforms(doc);
- transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ transforms
+ .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
if (wssConfig.isWsiBSPCompliant()) {
- transforms.item(0).getElement().appendChild(
- new InclusiveNamespaces(
- doc, getInclusivePrefixes(
- securityHeader)).getElement());
+ transforms
+ .item(0)
+ .getElement()
+ .appendChild(
+ new InclusiveNamespaces(
+ doc,
+ getInclusivePrefixes(securityHeader))
+ .getElement());
}
sig.addDocument("#" + certUri, transforms);
} else {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
- new InclusiveNamespaces(
- doc, getInclusivePrefixes(
- info.getElement())).getElement());
+ new InclusiveNamespaces(doc,
+ getInclusivePrefixes(info
+ .getElement()))
+ .getElement());
}
sig.addDocument("#" + keyInfoUri, transforms);
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(doc);
transforms = new Transforms(doc);
- transforms.addTransform(STRTransform.implementedTransformURI,
- ctx);
+ transforms.addTransform(
+ STRTransform.implementedTransformURI, ctx);
sig.addDocument("#" + strUri, transforms);
} else if (elemName.equals("Assertion")) { // Assertion
- // Make the AssertionID the wsu:Id and the signature reference the same
- SAMLAssertion assertion;
-
- Element assertionElement =
- (Element) WSSecurityUtil.findElement(envelope,
- elemName,
- nmSpace);
-
- try {
- assertion = new SAMLAssertion(assertionElement);
- }
- catch (Exception e1) {
- log.error(e1);
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig", null, e1);
- }
-
- Element body =
- (Element) WSSecurityUtil.findElement(envelope,
- elemName,
- nmSpace);
- if (body == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noEncElement",
- new Object[]{nmSpace + ", " + elemName});
- }
- transforms = new Transforms(doc);
- transforms.addTransform(
- Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- if (wssConfig.isWsiBSPCompliant()) {
- transforms.item(0).getElement().appendChild(
- new InclusiveNamespaces(
- doc, getInclusivePrefixes(body)).getElement());
- }
- String prefix =
- WSSecurityUtil.setNamespace(body,
- wssConfig.getWsuNS(),
- WSConstants.WSU_PREFIX);
- body.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", assertion.getId());
- sig.addDocument("#" + assertion.getId(), transforms);
+ // Make the AssertionID the wsu:Id and the signature reference the same
+ SAMLAssertion assertion;
+
+ Element assertionElement = (Element) WSSecurityUtil
+ .findElement(envelope, elemName, nmSpace);
+
+ try {
+ assertion = new SAMLAssertion(assertionElement);
+ } catch (Exception e1) {
+ log.error(e1);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE,
+ "noXMLSig", null, e1);
+ }
+ Element body = (Element) WSSecurityUtil.findElement(
+ envelope, elemName, nmSpace);
+ if (body == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noEncElement",
+ new Object[] { nmSpace + ", " + elemName });
+ }
+ transforms = new Transforms(doc);
+ transforms
+ .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ if (wssConfig.isWsiBSPCompliant()) {
+ transforms.item(0).getElement().appendChild(
+ new InclusiveNamespaces(doc,
+ getInclusivePrefixes(body))
+ .getElement());
+ }
+ String prefix = WSSecurityUtil.setNamespace(body,
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id",
+ assertion.getId());
+ sig.addDocument("#" + assertion.getId(), transforms);
} else {
- Element body =
- (Element) WSSecurityUtil.findElement(envelope,
- elemName,
- nmSpace);
+ Element body = (Element) WSSecurityUtil.findElement(
+ envelope, elemName, nmSpace);
if (body == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noEncElement",
- new Object[]{nmSpace + ", " + elemName});
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noEncElement",
+ new Object[] { nmSpace + ", " + elemName });
}
transforms = new Transforms(doc);
- transforms.addTransform(
- Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ transforms
+ .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
- new InclusiveNamespaces(
- doc, getInclusivePrefixes(body)).getElement());
+ new InclusiveNamespaces(doc,
+ getInclusivePrefixes(body))
+ .getElement());
}
sig.addDocument("#" + setWsuId(body), transforms);
}
} catch (TransformationException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig",
- null,
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null,
e1);
} catch (XMLSignatureException e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- "noXMLSig",
- null,
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null,
e1);
}
}
- sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));
+ sig.addResourceResolver(EnvelopeIdResolver.getInstance());
- WSSecurityUtil.prependChildElement(doc,
- securityHeader,
- sig.getElement(),
- false);
+ WSSecurityUtil.prependChildElement(doc, securityHeader, sig
+ .getElement(), false);
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
}
byte[] secretKey = null;
switch (keyIdentifierType) {
- case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(wssConfig, doc);
- ref.setURI("#" + certUri);
- BinarySecurity bstToken = null;
- if (!useSingleCert) {
- bstToken = new PKIPathSecurity(wssConfig, doc);
- ((PKIPathSecurity) bstToken).setX509Certificates(certs,
- false,
- crypto);
- } else {
- bstToken = new X509Security(wssConfig, doc);
- ((X509Security) bstToken).setX509Certificate(certs[0]);
- }
- ref.setValueType(bstToken.getValueType());
- secRef.setReference(ref);
- bstToken.setID(certUri);
- WSSecurityUtil.prependChildElement(doc,
- securityHeader,
- bstToken.getElement(),
- false);
- wsDocInfo.setBst(bstToken.getElement());
- break;
+ case WSConstants.BST_DIRECT_REFERENCE:
+ Reference ref = new Reference(doc);
+ ref.setURI("#" + certUri);
+ BinarySecurity bstToken = null;
+ if (!useSingleCert) {
+ bstToken = new PKIPathSecurity(doc);
+ ((PKIPathSecurity) bstToken).setX509Certificates(certs, false,
+ crypto);
+ } else {
+ bstToken = new X509Security(doc);
+ ((X509Security) bstToken).setX509Certificate(certs[0]);
+ }
+ ref.setValueType(bstToken.getValueType());
+ secRef.setReference(ref);
+ bstToken.setID(certUri);
+ WSSecurityUtil.prependChildElement(doc, securityHeader, bstToken
+ .getElement(), false);
+ wsDocInfo.setBst(bstToken.getElement());
+ break;
- case WSConstants.ISSUER_SERIAL:
- XMLX509IssuerSerial data =
- new XMLX509IssuerSerial(doc, certs[0]);
- secRef.setX509IssuerSerial(data);
- break;
+ case WSConstants.ISSUER_SERIAL:
+ XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, certs[0]);
+ secRef.setX509IssuerSerial(data);
+ break;
- case WSConstants.X509_KEY_IDENTIFIER:
- secRef.setKeyIdentifier(certs[0]);
- break;
+ case WSConstants.X509_KEY_IDENTIFIER:
+ secRef.setKeyIdentifier(certs[0]);
+ break;
- case WSConstants.SKI_KEY_IDENTIFIER:
- secRef.setKeyIdentifierSKI(certs[0], crypto);
- break;
+ case WSConstants.SKI_KEY_IDENTIFIER:
+ secRef.setKeyIdentifierSKI(certs[0], crypto);
+ break;
- case WSConstants.UT_SIGNING:
- Reference refUt = new Reference(wssConfig, doc);
- refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
- String utId = usernameToken.getId();
- if (utId == null) {
- utId = "usernameTokenId-" + usernameToken.hashCode();
- usernameToken.setId(utId);
- }
- refUt.setURI("#" + utId);
- secRef.setReference(refUt);
- secretKey = usernameToken.getSecretKey();
- break;
+ case WSConstants.UT_SIGNING:
+ Reference refUt = new Reference(doc);
+ refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
+ String utId = usernameToken.getId();
+ if (utId == null) {
+ utId = "usernameTokenId-" + usernameToken.hashCode();
+ usernameToken.setId(utId);
+ }
+ refUt.setURI("#" + utId);
+ secRef.setReference(refUt);
+ secretKey = usernameToken.getSecretKey();
+ break;
- default :
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "unsupportedKeyId");
+ default:
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "unsupportedKeyId");
}
if (tlog.isDebugEnabled()) {
t3 = System.currentTimeMillis();
@@ -535,35 +516,28 @@
} else {
sig.sign(crypto.getPrivateKey(user, password));
}
+ signatureValue = sig.getSignatureValue();
} catch (XMLSignatureException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- null,
- null,
- e1);
+ null, null, e1);
} catch (Exception e1) {
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
- null,
- null,
- e1);
+ null, null, e1);
} finally {
WSDocInfoStore.delete(wsDocInfo);
}
if (tlog.isDebugEnabled()) {
t4 = System.currentTimeMillis();
- tlog.debug("SignEnvelope: cre-Sig= "
- + (t1 - t0)
- + " set transform= "
- + (t2 - t1)
- + " sec-ref= "
- + (t3 - t2)
- + " signature= "
- + (t4 - t3));
+ tlog.debug("SignEnvelope: cre-Sig= " + (t1 - t0)
+ + " set transform= " + (t2 - t1) + " sec-ref= " + (t3 - t2)
+ + " signature= " + (t4 - t3));
}
if (doDebug) {
log.debug("Signing complete.");
}
return (doc);
}
+
/**
* Builds a signed soap envelope with SAML token. <p/>The method first
* gets an appropriate security header. According to the defined parameters
@@ -710,8 +684,7 @@
String keyInfoUri = "KeyId-" + info.hashCode();
info.setId(keyInfoUri);
- SecurityTokenReference secRef = new SecurityTokenReference(wssConfig,
- doc);
+ SecurityTokenReference secRef = new SecurityTokenReference(doc);
String strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
@@ -743,11 +716,11 @@
try {
if (senderVouches) {
- secRefSaml = new SecurityTokenReference(wssConfig, doc);
+ secRefSaml = new SecurityTokenReference(doc);
String strSamlUri = "STRSAMLId-" + secRefSaml.hashCode();
secRefSaml.setID(strSamlUri);
// Decouple Refernce/KeyInfo setup - quick shot here
- Reference ref = new Reference(wssConfig, doc);
+ Reference ref = new Reference(doc);
ref.setURI("#" + assertion.getId());
ref.setValueType(WSConstants.WSS_SAML_NS
+ WSConstants.WSS_SAML_ASSERTION);
@@ -811,7 +784,7 @@
"noXMLSig", null, e1);
}
- sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));
+ sig.addResourceResolver(EnvelopeIdResolver.getInstance());
/*
* The order to prepend is:
@@ -829,11 +802,11 @@
}
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
- Reference ref = new Reference(wssConfig, doc);
+ Reference ref = new Reference(doc);
if (senderVouches) {
ref.setURI("#" + certUri);
BinarySecurity bstToken = null;
- bstToken = new X509Security(wssConfig, doc);
+ bstToken = new X509Security(doc);
((X509Security) bstToken).setX509Certificate(certs[0]);
bstToken.setID(certUri);
WSSecurityUtil.prependChildElement(doc, securityHeader,
@@ -897,6 +870,7 @@
} else {
sig.sign(userCrypto.getPrivateKey(user, password));
}
+ signatureValue = sig.getSignatureValue();
} catch (XMLSignatureException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
null, null, e1);
@@ -920,10 +894,10 @@
}
private Element createSTRParameter(Document doc) {
- Element transformParam = doc.createElementNS(wssConfig.getWsseNS(),
+ Element transformParam = doc.createElementNS(WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX + ":TransformationParameters");
- WSSecurityUtil.setNamespace(transformParam, wssConfig.getWsseNS(),
+ WSSecurityUtil.setNamespace(transformParam, WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX);
Element canonElem = doc.createElementNS(WSConstants.SIG_NS,
@@ -947,14 +921,14 @@
Node parent = target;
NamedNodeMap attributes;
Node attribute;
- while (! (parent.getParentNode() instanceof Document)) {
+ while (!(parent.getParentNode() instanceof Document)) {
parent = parent.getParentNode();
attributes = parent.getAttributes();
for (int i = 0; i < attributes.getLength(); i++) {
attribute = attributes.item(i);
- if (attribute.getNamespaceURI() != null &&
- attribute.getNamespaceURI().equals(
- org.apache.ws.security.WSConstants.XMLNS_NS)) {
+ if (attribute.getNamespaceURI() != null
+ && attribute.getNamespaceURI().equals(
+ org.apache.ws.security.WSConstants.XMLNS_NS)) {
if (attribute.getNodeName().equals("xmlns")) {
result.add("#default");
} else {
@@ -968,9 +942,9 @@
attributes = target.getAttributes();
for (int i = 0; i < attributes.getLength(); i++) {
attribute = attributes.item(i);
- if (attribute.getNamespaceURI() != null &&
- attribute.getNamespaceURI().equals(
- org.apache.ws.security.WSConstants.XMLNS_NS)) {
+ if (attribute.getNamespaceURI() != null
+ && attribute.getNamespaceURI().equals(
+ org.apache.ws.security.WSConstants.XMLNS_NS)) {
if (attribute.getNodeName().equals("xmlns")) {
result.remove("#default");
} else {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/BinarySecurity.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/BinarySecurity.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/BinarySecurity.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/BinarySecurity.java Mon Sep 5 11:36:22 2005
@@ -18,7 +18,6 @@
package org.apache.ws.security.message.token;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -33,45 +32,29 @@
/**
* Binary Security Token.
* <p/>
- *
+ *
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class BinarySecurity {
- public static final String BASE64_BINARY = "Base64Binary";
- private String base64Encoding;
+ public static final QName TOKEN = new QName(WSConstants.WSSE_NS, "BinarySecurityToken");
+ public static final QName TOKEN_KI = new QName(WSConstants.WSSE_NS, "KeyIdentifier");
+ public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
protected Element element = null;
- protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
- public static String TOKEN = "BinarySecurityToken";
/**
* Constructor.
* <p/>
- *
- * @param elem
- * @throws WSSecurityException
+ *
+ * @param elem
+ * @throws WSSecurityException
*/
- public BinarySecurity(WSSConfig wssConfig, Element elem) throws WSSecurityException {
+ public BinarySecurity(Element elem) throws WSSecurityException {
this.element = elem;
- this.wssConfig = wssConfig;
- base64Encoding = getBase64EncodingValue(wssConfig);
- boolean nsOK = false;
- if (wssConfig.getProcessNonCompliantMessages()) {
- for (int i = 0; i < WSConstants.WSSE_NS_ARRAY.length; ++i) {
- if (WSConstants.WSSE_NS_ARRAY[i].equals(element.getNamespaceURI())) {
- nsOK = true;
- break;
- }
- }
- } else if (wssConfig.getWsseNS().equals(element.getNamespaceURI())) {
- nsOK = true;
- }
- if (!nsOK ||
- !(element.getLocalName().equals(TOKEN) ||
- element.getLocalName().equals("KeyIdentifier"))) {
- QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
+ QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
+ if (!el.equals(TOKEN) && !el.equals(TOKEN_KI)) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType", new Object[]{el});
}
- if (!getEncodingType().endsWith(BASE64_BINARY)) {
+ if (!getEncodingType().equals(BASE64_ENCODING)) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badEncoding", new Object[]{getEncodingType()});
}
}
@@ -79,81 +62,61 @@
/**
* Constructor.
* <p/>
- *
- * @param doc
+ *
+ * @param doc
*/
- public BinarySecurity(WSSConfig wssConfig, Document doc) {
- this.wssConfig = wssConfig;
- base64Encoding = getBase64EncodingValue(wssConfig);
- this.element = doc.createElementNS(wssConfig.getWsseNS(), "wsse:BinarySecurityToken");
- WSSecurityUtil.setNamespace(this.element, wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX);
- setEncodingType(base64Encoding);
+ public BinarySecurity(Document doc) {
+ this.element = doc.createElementNS(WSConstants.WSSE_NS, "wsse:BinarySecurityToken");
+ WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
+ setEncodingType(BASE64_ENCODING);
this.element.appendChild(doc.createTextNode(""));
}
/**
* get the value type.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String getValueType() {
- String valueType = this.element.getAttribute("ValueType");
- if (valueType.length() == 0 &&
- (wssConfig.getProcessNonCompliantMessages() || wssConfig.isBSTAttributesQualified())) {
- valueType = WSSecurityUtil.getAttributeValueWSSE(element, "ValueType", null);
- }
- return valueType;
+ return this.element.getAttribute("ValueType");
}
/**
* set the value type.
* <p/>
- *
- * @param type
+ *
+ * @param type
*/
protected void setValueType(String type) {
- if (wssConfig.isBSTAttributesQualified()) {
- this.element.setAttributeNS(wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX + ":ValueType", type);
- } else {
- this.element.setAttributeNS(null, "ValueType", type);
- }
+ this.element.setAttributeNS(null, "ValueType", type);
}
/**
* get the encoding type.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String getEncodingType() {
- String encodingType = this.element.getAttribute("EncodingType");
- if (encodingType.length() == 0 &&
- (wssConfig.getProcessNonCompliantMessages() || wssConfig.isBSTAttributesQualified())) {
- encodingType = WSSecurityUtil.getAttributeValueWSSE(element, "EncodingType", null);
- }
- return encodingType;
+ return this.element.getAttribute("EncodingType");
}
/**
* set the encoding type.
* <p/>
- *
- * @param encoding
+ *
+ * @param encoding
*/
protected void setEncodingType(String encoding) {
- if (wssConfig.isBSTAttributesQualified()) {
- this.element.setAttributeNS(wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX + ":EncodingType", encoding);
- } else {
- this.element.setAttributeNS(null, "EncodingType", encoding);
- }
+ this.element.setAttributeNS(null, "EncodingType", encoding);
}
/**
* get the byte array containing token information.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public byte[] getToken() {
Text node = getFirstNode();
@@ -170,8 +133,8 @@
/**
* set the token information.
* <p/>
- *
- * @param data
+ *
+ * @param data
*/
protected void setToken(byte[] data) {
if (data == null) {
@@ -184,8 +147,8 @@
/**
* return the first text node.
* <p/>
- *
- * @return
+ *
+ * @return
*/
protected Text getFirstNode() {
Node node = this.element.getFirstChild();
@@ -195,8 +158,8 @@
/**
* return the dom element.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public Element getElement() {
return this.element;
@@ -205,39 +168,31 @@
/**
* get the id.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String getID() {
- return this.element.getAttributeNS(wssConfig.getWsuNS(), "Id");
+ return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
}
/**
* set the id.
* <p/>
- *
- * @param id
+ *
+ * @param id
*/
public void setID(String id) {
- String prefix = WSSecurityUtil.setNamespace(this.element, wssConfig.getWsuNS(), WSConstants.WSU_PREFIX);
- this.element.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", id);
+ String prefix = WSSecurityUtil.setNamespace(this.element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ this.element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
/**
* return the string representation of the token.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String toString() {
return DOM2Writer.nodeToString((Node) this.element);
- }
-
- public static String getBase64EncodingValue(WSSConfig wssConfig) {
- if (wssConfig.isBSTValuesPrefixed()) {
- return WSConstants.WSSE_PREFIX + ":" + BASE64_BINARY;
- } else {
- return WSConstants.SOAPMESSAGE_NS + "#" + BASE64_BINARY;
- }
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/PKIPathSecurity.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/PKIPathSecurity.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/PKIPathSecurity.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/PKIPathSecurity.java Mon Sep 5 11:36:22 2005
@@ -18,7 +18,6 @@
package org.apache.ws.security.message.token;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.w3c.dom.Document;
@@ -33,7 +32,7 @@
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class PKIPathSecurity extends BinarySecurity {
- public static final String X509PKI_PATH = "X509PKIPathv1";
+ private static final String type = WSConstants.X509TOKEN_NS + "#X509PKIPathv1";
/**
* Constructor.
@@ -41,14 +40,14 @@
*
* @throws WSSecurityException
*/
- public PKIPathSecurity(WSSConfig wssConfig, Element elem)
+ public PKIPathSecurity(Element elem)
throws WSSecurityException {
- super(wssConfig, elem);
- if (!getValueType().equals(getType(wssConfig))) {
+ super(elem);
+ if (!getValueType().equals(getType())) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidValueType",
- new Object[]{getType(wssConfig), getValueType()});
+ new Object[]{type, getValueType()});
}
}
@@ -56,9 +55,9 @@
* Constructor.
* <p/>
*/
- public PKIPathSecurity(WSSConfig wssConfig, Document doc) {
- super(wssConfig, doc);
- setValueType(getType(wssConfig));
+ public PKIPathSecurity(Document doc) {
+ super(doc);
+ setValueType(getType());
}
/**
@@ -102,7 +101,7 @@
setToken(data);
}
- public static String getType(WSSConfig wssConfig) {
- return WSConstants.X509TOKEN_NS + "#" + X509PKI_PATH;
+ public static String getType() {
+ return type;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Reference.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Reference.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Reference.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Reference.java Mon Sep 5 11:36:22 2005
@@ -18,9 +18,9 @@
package org.apache.ws.security.message.token;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.DOM2Writer;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -30,67 +30,57 @@
/**
* Reference.
* <p/>
- *
+ *
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class Reference {
- public static final String TOKEN_LNAME = "Reference";
+ public static final QName TOKEN =
+ new QName(WSConstants.WSSE_NS, "Reference");
protected Element element = null;
- protected WSSConfig wssConfig;
/**
* Constructor.
* <p/>
- *
- * @param wssConfig
- * @param elem
- * @throws WSSecurityException
+ *
+ * @param elem
+ * @throws WSSecurityException
*/
- public Reference(WSSConfig wssConfig, Element elem) throws WSSecurityException {
+ public Reference(Element elem) throws WSSecurityException {
if (elem == null) {
- throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
- "noReference");
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
+ "noReference");
}
this.element = elem;
- this.wssConfig = wssConfig;
- boolean nsOK = false;
- if (wssConfig.getProcessNonCompliantMessages()) {
- for (int i = 0; i < WSConstants.WSSE_NS_ARRAY.length; ++i) {
- if (WSConstants.WSSE_NS_ARRAY[i].equals(element.getNamespaceURI())) {
- nsOK = true;
- break;
- }
- }
- } else if (wssConfig.getWsseNS().equals(element.getNamespaceURI())) {
- nsOK = true;
- }
- if (!nsOK || !element.getLocalName().equals(TOKEN_LNAME)) {
- QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
- QName token = new QName(wssConfig.getWsseNS(), TOKEN_LNAME);
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "badElement",
- new Object[]{token, el});
+ QName el =
+ new QName(
+ this.element.getNamespaceURI(),
+ this.element.getLocalName());
+ if (!el.equals(TOKEN)) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE,
+ "badElement",
+ new Object[] { TOKEN, el });
}
}
/**
* Constructor.
* <p/>
- *
- * @param wssConfig
- * @param doc
+ *
+ * @param doc
*/
- public Reference(WSSConfig wssConfig, Document doc) {
- this.wssConfig = wssConfig;
+ public Reference(Document doc) {
this.element =
- doc.createElementNS(wssConfig.getWsseNS(), "wsse:" + TOKEN_LNAME);
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
+ WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
}
/**
* get the dom element.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public Element getElement() {
return this.element;
@@ -99,8 +89,8 @@
/**
* get the URI.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String getValueType() {
return this.element.getAttribute("ValueType");
@@ -109,8 +99,8 @@
/**
* get the URI.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String getURI() {
return this.element.getAttribute("URI");
@@ -119,7 +109,7 @@
/**
* set the Value type.
* <p/>
- *
+ *
* @param valueType
*/
public void setValueType(String valueType) {
@@ -129,8 +119,8 @@
/**
* set the URI.
* <p/>
- *
- * @param uri
+ *
+ * @param uri
*/
public void setURI(String uri) {
this.element.setAttribute("URI", uri);
@@ -139,8 +129,8 @@
/**
* return the string representation.
* <p/>
- *
- * @return
+ *
+ * @return
*/
public String toString() {
return DOM2Writer.nodeToString((Node) this.element);
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java Mon Sep 5 11:36:22 2005
@@ -21,7 +21,6 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.DOM2Writer;
@@ -46,13 +45,11 @@
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
public static final String SECURITY_TOKEN_REFERENCE = "SecurityTokenReference";
public static final String KEY_NAME = "KeyName";
- public static final String SKI_URI =
- WSConstants.X509TOKEN_NS + "#X509SubjectKeyIdentifier";
+ public static final String SKI_URI = WSConstants.X509TOKEN_NS + "#X509SubjectKeyIdentifier";
protected Element element = null;
private XMLX509IssuerSerial issuerSerial = null;
private byte[] skiBytes = null;
- protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
-
+
private static boolean doDebug = false;
/**
@@ -63,19 +60,12 @@
* @param elem
* @throws WSSecurityException
*/
- public SecurityTokenReference(WSSConfig wssConfig, Element elem) throws WSSecurityException {
+ public SecurityTokenReference(Element elem) throws WSSecurityException {
doDebug = log.isDebugEnabled();
this.element = elem;
- this.wssConfig = wssConfig;
boolean goodElement = false;
if (SECURITY_TOKEN_REFERENCE.equals(element.getLocalName())) {
- if (wssConfig.getProcessNonCompliantMessages()) {
- for (int i = 0; !goodElement && i < WSConstants.WSSE_NS_ARRAY.length; ++i) {
- goodElement = WSConstants.WSSE_NS_ARRAY[i].equals(element.getNamespaceURI());
- }
- } else {
- goodElement = wssConfig.getWsseNS().equals(element.getNamespaceURI());
- }
+ goodElement = WSConstants.WSSE_NS.equals(element.getNamespaceURI());
} else if (KEY_NAME.equals(element.getLocalName())) {
goodElement = WSConstants.SIG_NS.equals(element.getNamespaceURI());
}
@@ -93,12 +83,12 @@
* @param wssConfig
* @param doc
*/
- public SecurityTokenReference(WSSConfig wssConfig, Document doc) {
+ public SecurityTokenReference(Document doc) {
doDebug = log.isDebugEnabled();
- this.wssConfig = wssConfig;
this.element =
- doc.createElementNS(wssConfig.getWsseNS(),
+ doc.createElementNS(WSConstants.WSSE_NS,
"wsse:SecurityTokenReference");
+ WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
}
/*
@@ -130,7 +120,7 @@
*/
public Reference getReference() throws WSSecurityException {
Element elem = getFirstElement();
- return new Reference(wssConfig, elem);
+ return new Reference(elem);
}
/**
@@ -178,7 +168,7 @@
}
tokElement = sa;
} else {
- tokElement = WSSecurityUtil.getElementByWsuId(wssConfig, doc, uri);
+ tokElement = WSSecurityUtil.getElementByWsuId(doc, uri);
}
if (tokElement == null) {
throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
@@ -213,20 +203,9 @@
}
Text certText = doc.createTextNode(Base64.encode(data));
Element keyId =
- doc.createElementNS(wssConfig.getWsseNS(), "wsse:KeyIdentifier");
- if (wssConfig.isBSTAttributesQualified()) {
- keyId.setAttributeNS(wssConfig.getWsseNS(),
- WSConstants.WSSE_PREFIX + ":ValueType",
- X509Security.getType(wssConfig));
- keyId.setAttributeNS(wssConfig.getWsseNS(),
- WSConstants.WSSE_PREFIX + ":EncodingType",
- BinarySecurity.getBase64EncodingValue(wssConfig));
- } else {
- keyId.setAttributeNS(null, "ValueType", X509Security.getType(wssConfig));
- keyId.setAttributeNS(null,
- "EncodingType",
- BinarySecurity.getBase64EncodingValue(wssConfig));
- }
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+ keyId.setAttributeNS(null, "ValueType", X509Security.getType());
+ keyId.setAttributeNS(null, "EncodingType", BinarySecurity.BASE64_ENCODING);
keyId.appendChild(certText);
Element elem = getFirstElement();
if (elem != null) {
@@ -251,20 +230,12 @@
byte data[] = crypto.getSKIBytesFromCert(cert);
org.w3c.dom.Text skiText = doc.createTextNode(Base64.encode(data));
Element keyId =
- doc.createElementNS(wssConfig.getWsseNS(), "wsse:KeyIdentifier");
- if (wssConfig.isBSTAttributesQualified()) {
- keyId.setAttributeNS(wssConfig.getWsseNS(),
- WSConstants.WSSE_PREFIX + ":ValueType",
- SKI_URI);
- keyId.setAttributeNS(wssConfig.getWsseNS(),
- WSConstants.WSSE_PREFIX + ":EncodingType",
- BinarySecurity.getBase64EncodingValue(wssConfig));
- } else {
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
keyId.setAttributeNS(null, "ValueType", SKI_URI);
keyId.setAttributeNS(null,
"EncodingType",
- BinarySecurity.getBase64EncodingValue(wssConfig));
- }
+ BinarySecurity.BASE64_ENCODING);
+
keyId.appendChild(skiText);
Element elem = getFirstElement();
if (elem != null) {
@@ -278,8 +249,8 @@
throws WSSecurityException {
Document doc = this.element.getOwnerDocument();
Element keyId =
- doc.createElementNS(wssConfig.getWsseNS(), "wsse:KeyIdentifier");
- keyId.setAttributeNS(wssConfig.getWsseNS(),
+ doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+ keyId.setAttributeNS(WSConstants.WSSE_NS,
"ValueType",
"http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID");
keyId.appendChild(doc.createTextNode(keyIdVal));
@@ -303,14 +274,9 @@
X509Security token = null;
Element elem = getFirstElement();
String value = elem.getAttribute("ValueType");
- // attempt to get the attribute if it was qualified
- // NYI iterate through all the possible namespaces
- if (value.length() == 0 &&
- (wssConfig.getProcessNonCompliantMessages() || wssConfig.isBSTAttributesQualified())) {
- value = WSSecurityUtil.getAttributeValueWSSE(elem, "ValueType", null);
- }
- if (value.endsWith(X509Security.X509_V3)) {
- token = new X509Security(wssConfig, elem);
+
+ if (X509Security.getType().equals(value)) {
+ token = new X509Security(elem);
if (token != null) {
X509Certificate cert = token.getX509Certificate(crypto);
X509Certificate[] certs = new X509Certificate[1];
@@ -487,15 +453,7 @@
* the <code>SecurtityTokenReference</code>
*/
public int lengthReference() {
- if (wssConfig.getProcessNonCompliantMessages()) {
- int length = 0;
- for (int i = 0; length == 0 && i < WSConstants.WSSE_NS_ARRAY.length; ++i) {
- length = this.length(WSConstants.WSSE_NS_ARRAY[i], "Reference");
- }
- return length;
- } else {
- return this.length(wssConfig.getWsseNS(), "Reference");
- }
+ return this.length(WSConstants.WSSE_NS, "Reference");
}
/**
@@ -535,17 +493,7 @@
* the <code>SecurtityTokenReference</code>
*/
public int lengthKeyIdentifier() {
- if (wssConfig.getProcessNonCompliantMessages()) {
- for (int i = 0; i < WSConstants.WSSE_NS_ARRAY.length; ++i) {
- int len = this.length(WSConstants.WSSE_NS_ARRAY[i], "KeyIdentifier");
- if (len > 0) {
- return len;
- }
- }
- } else {
- return this.length(wssConfig.getWsseNS(), "KeyIdentifier");
- }
- return 0;
+ return this.length(WSConstants.WSSE_NS, "KeyIdentifier");
}
/**
@@ -596,9 +544,9 @@
public void setID(String id) {
String prefix =
WSSecurityUtil.setNamespace(this.element,
- wssConfig.getWsuNS(),
+ WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
- this.element.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", id);
+ this.element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java Mon Sep 5 11:36:22 2005
@@ -18,7 +18,6 @@
package org.apache.ws.security.message.token;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -53,8 +52,6 @@
protected Calendar created;
protected Calendar expires;
- protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
-
/**
* Constructs a <code>Timestamp</code> object and parses the
* <code>wsu:Timestamp</code> element to initialize it.
@@ -62,7 +59,7 @@
* @param elem the <code>wsu:Timestamp</code> element that
* contains the timestamp data
*/
- public Timestamp(WSSConfig wssConfig, Element element) throws WSSecurityException {
+ public Timestamp(Element element) throws WSSecurityException {
customElements = new Vector();
@@ -77,10 +74,10 @@
currentChild = currentChild.getNextSibling()) {
if (currentChild instanceof Element) {
if (WSConstants.CREATED_LN.equals(currentChild.getLocalName()) &&
- wssConfig.getWsuNS().equals(currentChild.getNamespaceURI())) {
+ WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
strCreated = ((Text) ((Element) currentChild).getFirstChild()).getData();
} else if (WSConstants.EXPIRES_LN.equals(currentChild.getLocalName()) &&
- wssConfig.getWsuNS().equals(currentChild.getNamespaceURI())) {
+ WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
strExpires = ((Text) ((Element) currentChild).getFirstChild()).getData();
} else {
customElements.add((Element) currentChild);
@@ -108,21 +105,21 @@
* @param doc the SOAP envelope as <code>Document</code>
* @param ttl the time to live (validity of the security semantics) in seconds
*/
- public Timestamp(WSSConfig wssConfig, Document doc, int ttl) {
+ public Timestamp(boolean milliseconds, Document doc, int ttl) {
customElements = new Vector();
element =
- doc.createElementNS(wssConfig.getWsuNS(),
+ doc.createElementNS(WSConstants.WSU_NS,
WSConstants.WSU_PREFIX
+ ":"
+ WSConstants.TIMESTAMP_TOKEN_LN);
WSSecurityUtil.setNamespace(element,
- wssConfig.getWsuNS(),
+ WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
DateFormat zulu = null;
- if (wssConfig.isPrecisionInMilliSeconds()) {
+ if (milliseconds) {
zulu = new XmlSchemaDateFormat();
}
else {
@@ -132,10 +129,10 @@
Calendar rightNow = Calendar.getInstance();
elementCreated =
- doc.createElementNS(wssConfig.getWsuNS(),
+ doc.createElementNS(WSConstants.WSU_NS,
WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN);
WSSecurityUtil.setNamespace(elementCreated,
- wssConfig.getWsuNS(),
+ WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
elementCreated.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
element.appendChild(elementCreated);
@@ -145,10 +142,10 @@
rightNow.setTime(new Date(currentTime));
elementExpires =
- doc.createElementNS(wssConfig.getWsuNS(),
+ doc.createElementNS(WSConstants.WSU_NS,
WSConstants.WSU_PREFIX + ":" + WSConstants.EXPIRES_LN);
WSSecurityUtil.setNamespace(elementExpires,
- wssConfig.getWsuNS(),
+ WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
elementExpires.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
element.appendChild(elementExpires);
@@ -215,9 +212,9 @@
* @param id
*/
public void setID(String id) {
- String prefix = WSSecurityUtil.setNamespace(this.element, wssConfig
- .getWsuNS(), WSConstants.WSU_PREFIX);
- this.element.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", id);
+ String prefix = WSSecurityUtil.setNamespace(this.element,
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ this.element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
/**
@@ -225,11 +222,7 @@
* @return
*/
public String getID() {
- if (wssConfig.getProcessNonCompliantMessages()) {
- return WSSecurityUtil.getAttributeValueWSU(element, "Id", null);
- } else {
- return WSSecurityUtil.getAttributeValueWSU(element, "Id", wssConfig.getWsuNS());
- }
+ return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java Mon Sep 5 11:36:22 2005
@@ -20,7 +20,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -52,7 +51,6 @@
public class UsernameToken {
private static Log log = LogFactory.getLog(UsernameToken.class.getName());
- public QName token;
public static final String PASSWORD_TYPE = "passwordType";
protected Element element = null;
@@ -63,9 +61,8 @@
protected String passwordType = null;
protected boolean hashed = true;
private static SecureRandom random = null;
- protected WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
- public static String TOKEN = "UsernameToken";
+ protected static final QName token = new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN);
static {
try {
@@ -84,30 +81,23 @@
* contains the UsernameToken data
* @throws WSSecurityException
*/
- public UsernameToken(WSSConfig wssConfig, Element elem) throws WSSecurityException {
+ public UsernameToken(Element elem) throws WSSecurityException {
this.element = elem;
- this.wssConfig = wssConfig;
- token = new QName(wssConfig.getWsseNS(), TOKEN);
QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
if (!el.equals(token)) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType00", new Object[]{el});
}
- if (wssConfig.getProcessNonCompliantMessages()) {
- elementUsername = (Element) WSSecurityUtil.getDirectChildWSSE(element, "Username");
- elementPassword = (Element) WSSecurityUtil.getDirectChildWSSE(element, "Password");
- elementNonce = (Element) WSSecurityUtil.getDirectChildWSSE(element, "Nonce");
- elementCreated = (Element) WSSecurityUtil.getDirectChildWSU(element, "Created");
- } else {
- elementUsername = (Element) WSSecurityUtil.getDirectChild(element, "Username", wssConfig.getWsseNS());
- elementPassword = (Element) WSSecurityUtil.getDirectChild(element, "Password", wssConfig.getWsseNS());
- elementNonce = (Element) WSSecurityUtil.getDirectChild(element, "Nonce", wssConfig.getWsseNS());
- elementCreated = (Element) WSSecurityUtil.getDirectChild(element, "Created", wssConfig.getWsuNS());
- }
+ elementUsername = (Element) WSSecurityUtil.getDirectChild(element, "Username", WSConstants.WSSE_NS);
+ elementPassword = (Element) WSSecurityUtil.getDirectChild(element, "Password", WSConstants.WSSE_NS);
+ elementNonce = (Element) WSSecurityUtil.getDirectChild(element, "Nonce", WSConstants.WSSE_NS);
+ elementCreated = (Element) WSSecurityUtil.getDirectChild(element, "Created", WSConstants.WSU_NS);
if (elementUsername == null) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType01", new Object[]{el});
}
hashed = false;
- passwordType = elementPassword.getAttribute("Type");
+ if (elementPassword != null) {
+ passwordType = elementPassword.getAttribute("Type");
+ }
if (passwordType != null && passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
hashed = true;
if (elementNonce == null || elementCreated == null) {
@@ -126,8 +116,8 @@
* @param wssConfig Configuration options for processing and building the <code>wsse:Security</code> header
* @param doc the SOAP envelope as <code>Document</code>
*/
- public UsernameToken(WSSConfig wssConfig, Document doc) {
- this(wssConfig, doc, WSConstants.PASSWORD_DIGEST);
+ public UsernameToken(boolean milliseconds, Document doc) {
+ this(milliseconds, doc, WSConstants.PASSWORD_DIGEST);
}
/**
@@ -141,18 +131,17 @@
* {@link WSConstants#PASSWORD_DIGEST} or
* {@link WSConstants#PASSWORD_TEXT}
*/
- public UsernameToken(WSSConfig wssConfig, Document doc, String pwType) {
- this.wssConfig = wssConfig;
- this.element = doc.createElementNS(wssConfig.getWsseNS(), "wsse:" + WSConstants.USERNAME_TOKEN_LN);
- WSSecurityUtil.setNamespace(this.element, wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX);
+ public UsernameToken(boolean milliseconds, Document doc, String pwType) {
+ this.element = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.USERNAME_TOKEN_LN);
+ WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
- this.elementUsername = doc.createElementNS(wssConfig.getWsseNS(), "wsse:" + WSConstants.USERNAME_LN);
- WSSecurityUtil.setNamespace(this.elementUsername, wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX);
+ this.elementUsername = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.USERNAME_LN);
+ WSSecurityUtil.setNamespace(this.elementUsername, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
this.elementUsername.appendChild(doc.createTextNode(""));
element.appendChild(elementUsername);
- this.elementPassword = doc.createElementNS(wssConfig.getWsseNS(), "wsse:" + WSConstants.PASSWORD_LN);
- WSSecurityUtil.setNamespace(this.elementPassword, wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX);
+ this.elementPassword = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.PASSWORD_LN);
+ WSSecurityUtil.setNamespace(this.elementPassword, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
this.elementPassword.appendChild(doc.createTextNode(""));
element.appendChild(elementPassword);
@@ -161,7 +150,7 @@
if (passwordType != null && passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
hashed = true;
addNonce(doc);
- addCreated(doc);
+ addCreated(milliseconds, doc);
}
}
@@ -174,8 +163,8 @@
}
byte[] nonceValue = new byte[16];
random.nextBytes(nonceValue);
- this.elementNonce = doc.createElementNS(wssConfig.getWsseNS(), "wsse:" + WSConstants.NONCE_LN);
- WSSecurityUtil.setNamespace(this.elementNonce, wssConfig.getWsseNS(), WSConstants.WSSE_PREFIX);
+ this.elementNonce = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.NONCE_LN);
+ WSSecurityUtil.setNamespace(this.elementNonce, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
this.elementNonce.appendChild(doc.createTextNode(Base64.encode(nonceValue)));
element.appendChild(elementNonce);
}
@@ -183,12 +172,12 @@
/**
* Creates and adds a Created element to this UsernameToken
*/
- public void addCreated(Document doc) {
+ public void addCreated(boolean milliseconds, Document doc) {
if (elementCreated != null) {
return;
}
DateFormat zulu = null;
- if (wssConfig.isPrecisionInMilliSeconds()) {
+ if (milliseconds) {
zulu = new XmlSchemaDateFormat();
}
else {
@@ -196,8 +185,8 @@
zulu.setTimeZone(TimeZone.getTimeZone("UTC"));
}
Calendar rightNow = Calendar.getInstance();
- this.elementCreated = doc.createElementNS(wssConfig.getWsuNS(), "wsu:" + WSConstants.CREATED_LN);
- WSSecurityUtil.setNamespace(this.elementCreated, wssConfig.getWsuNS(), WSConstants.WSU_PREFIX);
+ this.elementCreated = doc.createElementNS(WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN);
+ WSSecurityUtil.setNamespace(this.elementCreated, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
this.elementCreated.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
element.appendChild(elementCreated);
}
@@ -398,11 +387,7 @@
* username token
*/
public String getID() {
- if (wssConfig.getProcessNonCompliantMessages()) {
- return WSSecurityUtil.getAttributeValueWSU(element, "Id", null);
- } else {
- return WSSecurityUtil.getAttributeValueWSU(element, "Id", wssConfig.getWsuNS());
- }
+ return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
}
/**
@@ -412,9 +397,9 @@
* username token
*/
public void setID(String id) {
- String prefix = WSSecurityUtil.setNamespace(this.element, wssConfig
- .getWsuNS(), WSConstants.WSU_PREFIX);
- this.element.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", id);
+ String prefix = WSSecurityUtil.setNamespace(this.element,
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ this.element.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/X509Security.java Mon Sep 5 11:36:22 2005
@@ -18,7 +18,6 @@
package org.apache.ws.security.message.token;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.w3c.dom.Document;
@@ -35,9 +34,7 @@
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class X509Security extends BinarySecurity {
- private String type;
- public static final String X509_V3 = "X509v3";
-
+ private static final String type = WSConstants.X509TOKEN_NS + "#X509v3";
/*
* Stores the associated X.509 Certificate. This saves numerous
* crypto loadCertificate operations
@@ -52,14 +49,9 @@
* @param elem the element containing the X509 certificate data
* @throws WSSecurityException
*/
- public X509Security(WSSConfig wssConfig, Element elem) throws WSSecurityException {
- super(wssConfig, elem);
- if (wssConfig.isBSTValuesPrefixed()) {
- type = WSConstants.WSSE_PREFIX + ":" + X509_V3;
- } else {
- type = WSConstants.X509TOKEN_NS + "#" + X509_V3;
- }
- if (!getValueType().endsWith(X509_V3)) {
+ public X509Security(Element elem) throws WSSecurityException {
+ super(elem);
+ if (!getValueType().equals(type)) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{type, getValueType()});
}
}
@@ -69,13 +61,8 @@
*
* @param doc
*/
- public X509Security(WSSConfig wssConfig, Document doc) {
- super(wssConfig, doc);
- if (wssConfig.isBSTValuesPrefixed()) {
- type = WSConstants.WSSE_PREFIX + ":" + X509_V3;
- } else {
- type = WSConstants.X509TOKEN_NS + "#" + X509_V3;
- }
+ public X509Security(Document doc) {
+ super(doc);
setValueType(type);
}
@@ -126,11 +113,7 @@
}
}
- public static String getType(WSSConfig wssConfig) {
- if (wssConfig.isBSTValuesPrefixed()) {
- return WSConstants.WSSE_PREFIX + ":" + X509_V3;
- } else {
- return WSConstants.X509TOKEN_NS + "#" + X509_V3;
- }
+ public static String getType() {
+ return type;
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=278808&r1=278807&r2=278808&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Mon Sep 5 11:36:22 2005
@@ -22,7 +22,6 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -196,8 +195,7 @@
/*
* Third and forth step are performed by derefenceSTR()
*/
- SecurityTokenReference secRef = new SecurityTokenReference(
- WSSConfig.getDefaultWSConfig(), tmpEl);
+ SecurityTokenReference secRef = new SecurityTokenReference(tmpEl);
str = dereferenceSTR(thisDoc, secRef);
/*
@@ -390,7 +388,7 @@
prefix + ":BinarySecurityToken");
WSSecurityUtil.setNamespace(elem, WSConstants.WSSE_NS, prefix);
elem.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "");
- elem.setAttributeNS(null, "ValueType", X509Security.getType(WSSConfig.getDefaultWSConfig()));
+ elem.setAttributeNS(null, "ValueType", X509Security.getType());
Text certText = doc.createTextNode(Base64.encode(data, 0)); // no line wrap
elem.appendChild(certText);
return elem;
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org