You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ru...@apache.org on 2007/03/25 14:54:38 UTC
svn commit: r522256 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
WSSecurityEngineResult.java processor/EncryptedKeyProcessor.java
processor/SignatureProcessor.java processor/UsernameTokenProcessor.java
Author: ruchithf
Date: Sun Mar 25 05:54:37 2007
New Revision: 522256
URL: http://svn.apache.org/viewvc?view=rev&rev=522256
Log:
- Applied WSS-57 Patch
- Updated UsernameTokenProcessor to add the exception that caused the WSSecurityException
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?view=diff&rev=522256&r1=522255&r2=522256
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java Sun Mar 25 05:54:37 2007
@@ -26,149 +26,323 @@
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.List;
import java.util.Set;
/**
* @author Werner Dittmann (Werner.Dittmann@t-online.de)
*/
-public class WSSecurityEngineResult {
+public class WSSecurityEngineResult extends java.util.HashMap {
- private int action;
- private Principal principal;
- private X509Certificate cert;
- private SAMLAssertion assertion;
- private Timestamp timestamp;
- private SecurityContextToken securityContextToken;
- private Set signedElements;
- private byte[] signatureValue = null;
- private SignatureConfirmation sigConf = null;
- private byte[] decryptedKey = null;
- private String encryptedKeyId = null;
- private ArrayList dataRefUris = null;
-
- public WSSecurityEngineResult(int act, SAMLAssertion ass) {
- principal = null;
- cert = null;
- action = act;
- assertion = ass;
- }
-
- public WSSecurityEngineResult(int act, Principal princ,
- X509Certificate certificate, Set elements, byte[] sv) {
- principal = princ;
- action = act;
- cert = certificate;
- signedElements = elements;
- signatureValue = sv;
- }
-
- public WSSecurityEngineResult(int act, byte[] decryptedKey,
- String encyptedKeyId, ArrayList dataRefUris) {
- action = act;
- this.decryptedKey = decryptedKey;
- this.encryptedKeyId = encyptedKeyId;
- this.dataRefUris = dataRefUris;
+ /**
+ * Tag denoting the cryptographic operation performed
+ *
+ * The value under this tag is of type java.lang.Integer
+ */
+ public static final java.lang.String TAG_ACTION =
+ "action";
+
+ /**
+ * Tag denoting the security principal found, if applicable.
+ *
+ * The value under this tag is of type java.security.Principal.
+ */
+ public static final java.lang.String TAG_PRINCIPAL =
+ "principal";
+
+ /**
+ * Tag denoting the X.509 certificate found, if applicable.
+ *
+ * The value under this tag is of type java.security.cert.X509Certificate.
+ */
+ public static final java.lang.String TAG_X509_CERTIFICATE =
+ "x509-certificate";
+
+ /**
+ * Tag denoting the SAML Assertion found, if applicable.
+ *
+ * The value under this tag is of type org.opensaml.SAMLAssertion.
+ */
+ public static final java.lang.String TAG_SAML_ASSERTION =
+ "saml-assertion";
+
+ /**
+ * Tag denoting the timestamp found, if applicable.
+ *
+ * The value under this tag is of type
+ * org.apache.ws.security.message.token.Timestamp.
+ */
+ public static final java.lang.String TAG_TIMESTAMP =
+ "timestamp";
+
+ /**
+ * Tag denoting the wsu:Ids of signed elements, if applicable.
+ *
+ * The value under this tag is of type java.util.Set, where
+ * each element of the set is of type java.lang.String.
+ */
+ public static final java.lang.String TAG_SIGNED_ELEMENT_IDS =
+ "signed-element-ids";
+
+ /**
+ * Tag denoting the signature value of a signed element, if applicable.
+ *
+ * The value under this tag is of type byte[].
+ */
+ public static final java.lang.String TAG_SIGNATURE_VALUE =
+ "signature-value";
+
+ /**
+ * Tag denoting the signature confirmation of a signed element,
+ * if applicable.
+ *
+ * The value under this tag is of type
+ * org.apache.ws.security.message.token.SignatureConfirmation.
+ */
+ public static final java.lang.String TAG_SIGNATURE_CONFIRMATION =
+ "signature-confirmation";
+
+ /**
+ * Tag denoting references to the DOM elements that have been
+ * cryptographically protected.
+ *
+ * The value under this tag is of type java.util.Set, where
+ * each element in the set is of type org.w3c.dom.Element.
+ */
+ public static final java.lang.String TAG_PROTECTED_ELEMENTS =
+ "protected-elements";
+
+ /**
+ * Tag denoting references to the DOM elements that have been
+ * cryptographically protected.
+ *
+ * The value under this tag is of type SecurityContextToken.
+ */
+ public static final java.lang.String TAG_SECURITY_CONTEXT_TOKEN =
+ "security-context-token";
+
+ /**
+ * Tag denoting a reference to the decrypted key
+ *
+ * The value under this tag is of type byte[].
+ */
+ public static final java.lang.String TAG_DECRYPTED_KEY =
+ "decrypted-key";
+
+ /**
+ * Tag denoting references to the encrypted key id.
+ *
+ * The value under this tag is of type String.
+ */
+ public static final java.lang.String TAG_ENCRYPTED_KEY_ID =
+ "encrypted-key-id";
+
+ /**
+ * Tag denoting references to a List of Data ref URIs.
+ *
+ * The value under this tag is of type List.
+ */
+ public static final java.lang.String TAG_DATA_REF_URIS =
+ "data-ref-uris";
+
+
+
+ public WSSecurityEngineResult(
+ int act,
+ SAMLAssertion ass
+ ) {
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_SAML_ASSERTION, ass);
+ }
+
+ public WSSecurityEngineResult(
+ int act,
+ Principal princ,
+ X509Certificate certificate,
+ Set elements,
+ byte[] sv
+ ) {
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_PRINCIPAL, princ);
+ put(TAG_X509_CERTIFICATE, certificate);
+ put(TAG_SIGNED_ELEMENT_IDS, elements);
+ put(TAG_SIGNATURE_VALUE, sv);
+ }
+
+ public
+ WSSecurityEngineResult(
+ int act,
+ Principal princ,
+ X509Certificate certificate,
+ Set elements,
+ Set protectedElements,
+ byte[] sv
+ ) {
+ this(act, princ, certificate, elements, sv);
+ put(TAG_PROTECTED_ELEMENTS, protectedElements);
+ }
+
+ public WSSecurityEngineResult(
+ int act,
+ byte[] decryptedKey,
+ String encyptedKeyId,
+ List dataRefUris
+ ) {
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_DECRYPTED_KEY, decryptedKey);
+ put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
+ put(TAG_DATA_REF_URIS, dataRefUris);
}
public WSSecurityEngineResult(int act, ArrayList dataRefUris) {
- action = act;
- this.dataRefUris = dataRefUris;
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_DATA_REF_URIS, dataRefUris);
}
public WSSecurityEngineResult(int act, Timestamp tstamp) {
- action = act;
- timestamp = tstamp;
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_TIMESTAMP, tstamp);
}
public WSSecurityEngineResult(int act, SecurityContextToken sct) {
- action = act;
- this.securityContextToken = sct;
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_SECURITY_CONTEXT_TOKEN, sct);
}
public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
- action = act;
- sigConf = sc;
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_SIGNATURE_CONFIRMATION, sc);
}
+
/**
* @return the actions vector. These actions were performed by the the
* security engine.
+ *
+ * @deprecated use ((java.lang.Integer) #get(#TAG_ACTION)).intValue()
+ * instead
*/
public int getAction() {
- return action;
+ return ((java.lang.Integer) get(TAG_ACTION)).intValue();
}
/**
* @return the principals found if UsernameToken or Signature
* processing were done
+ *
+ * @deprecated use (Principal) #get(#TAG_PRINCIPAL) instead
*/
public Principal getPrincipal() {
- return principal;
+ return (Principal) get(TAG_PRINCIPAL);
}
/**
* @return the Certificate found if Signature
* processing were done
+ *
+ * @deprecated use (X509Certificate)
+ * #get(#TAG_X509_CERTIFICATE) instead
*/
public X509Certificate getCertificate() {
- return cert;
+ return (X509Certificate) get(TAG_X509_CERTIFICATE);
}
/**
* @return Returns the assertion.
+ *
+ * @deprecated use (SAMLAssertion)
+ * #get(#TAG_SAML_ASSERTION) instead
*/
public SAMLAssertion getAssertion() {
- return assertion;
+ return (SAMLAssertion) get(TAG_SAML_ASSERTION);
}
/**
* @return the timestamp found
+ *
+ * @deprecated use (Timestamp)
+ * #get(#TAG_TIMESTAMP) instead
*/
public Timestamp getTimestamp() {
- return timestamp;
+ return (Timestamp) get(TAG_TIMESTAMP);
}
/**
* @return Returns the signedElements.
+ *
+ * @deprecated use (java.util.Set)
+ * #get(#TAG_SIGNED_ELEMENT_IDS) instead
*/
public Set getSignedElements() {
- return signedElements;
+ return (java.util.Set) get(TAG_SIGNED_ELEMENT_IDS);
}
/**
* @return Returns the signatureValue.
+ *
+ * @deprecated use (byte[])
+ * #get(#TAG_SIGNATURE_VALUE) instead
*/
public byte[] getSignatureValue() {
- return signatureValue;
+ return (byte[]) get(TAG_SIGNATURE_VALUE);
}
/**
* @return Returns the sigConf.
+ *
+ * @deprecated use (SignatureConfirmation)
+ * #get(#TAG_SIGNATURE_CONFIRMATION) instead
*/
public SignatureConfirmation getSigConf() {
- return sigConf;
+ return (SignatureConfirmation) get(TAG_SIGNATURE_CONFIRMATION);
}
/**
* @param signatureValue The signatureValue to set.
+ *
+ * @deprecated use put(#TAG_SIGNATURE_VALUE, signatureValue) instead
*/
public void setSignatureValue(byte[] signatureValue) {
- this.signatureValue = signatureValue;
+ put(TAG_SIGNATURE_VALUE, signatureValue);
}
+ /**
+ * @return the security context token acquired off the message
+ *
+ * @deprecated use
+ * #get(#TAG_SECURITY_CONTEXT_TOKEN) instead
+ */
public SecurityContextToken getSecurityContextToken() {
- return securityContextToken;
+ return (SecurityContextToken) get(TAG_SECURITY_CONTEXT_TOKEN);
}
+ /**
+ * @return the decrypted key
+ *
+ * @deprecated use
+ * #get(#TAG_DECRYPTED_KEY) instead
+ */
public byte[] getDecryptedKey() {
- return decryptedKey;
+ return (byte[]) get(TAG_DECRYPTED_KEY);
}
+ /**
+ * @return the encrypted key id
+ *
+ * @deprecated use
+ * #get(#TAG_ENCRYPTED_KEY) instead
+ */
public String getEncryptedKeyId() {
- return encryptedKeyId;
+ return (String) get(TAG_ENCRYPTED_KEY_ID);
}
+ /**
+ * @return the list of data ref URIs
+ *
+ * @deprecated use
+ * #get(#TAG_DATA_REF_URIS) instead
+ */
public ArrayList getDataRefUris() {
- return dataRefUris;
+ return (ArrayList) get(TAG_DATA_REF_URIS);
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?view=diff&rev=522256&r1=522255&r2=522256
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java Sun Mar 25 05:54:37 2007
@@ -367,7 +367,7 @@
return Base64.decode(encodedData);
}
- private void decryptDataRef(Document doc, String dataRefURI, byte[] decryptedData) throws WSSecurityException {
+ private Element decryptDataRef(Document doc, String dataRefURI, byte[] decryptedData) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("found data refernce: " + dataRefURI);
}
@@ -406,11 +406,96 @@
if (content) {
encBodyData = (Element) encBodyData.getParentNode();
}
+ final Node parent = encBodyData.getParentNode();
+ final java.util.List before_peers = listChildren(parent);
try {
xmlCipher.doFinal(doc, encBodyData, content);
} catch (Exception e1) {
throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e1);
}
+ final java.util.List after_peers = listChildren(parent);
+ final java.util.List new_nodes = newNodes(before_peers, after_peers);
+ for (
+ final java.util.Iterator pos = new_nodes.iterator();
+ pos.hasNext();
+ ) {
+ Node node = (Node) pos.next();
+ if (node instanceof Element) {
+ return (Element) node;
+ }
+ }
+ return encBodyData;
+ }
+
+ /**
+ * @return a list of Nodes, representing the
+ */
+ private static java.util.List
+ listChildren(
+ final Node parent
+ ) {
+ if (parent == null) {
+ return java.util.Collections.EMPTY_LIST;
+ }
+ final java.util.List ret = new java.util.ArrayList();
+ if (parent.hasChildNodes()) {
+ final NodeList children = parent.getChildNodes();
+ if (children != null) {
+ for (int i = 0, n = children.getLength(); i < n; ++i) {
+ ret.add(children.item(i));
+ }
+ }
+ }
+ return ret;
+ }
+
+ /**
+ * @return a list of Nodes in b that are not in a
+ */
+ private static java.util.List
+ newNodes(
+ final java.util.List a,
+ final java.util.List b
+ ) {
+ if (a.size() == 0) {
+ return b;
+ }
+ if (b.size() == 0) {
+ return java.util.Collections.EMPTY_LIST;
+ }
+ final java.util.List ret = new java.util.ArrayList();
+ for (
+ final java.util.Iterator bpos = b.iterator();
+ bpos.hasNext();
+ ) {
+ final Node bnode = (Node) bpos.next();
+ final java.lang.String bns = bnode.getNamespaceURI();
+ final java.lang.String bln = bnode.getLocalName();
+ boolean found = false;
+ for (
+ final java.util.Iterator apos = a.iterator();
+ apos.hasNext();
+ ) {
+ final Node anode = (Node) apos.next();
+ final java.lang.String ans = anode.getNamespaceURI();
+ final java.lang.String aln = anode.getLocalName();
+ final boolean nsmatch =
+ ans == null
+ ? ((bns == null) ? true : false)
+ : ((bns == null) ? false : ans.equals(bns));
+ final boolean lnmatch =
+ aln == null
+ ? ((bln == null) ? true : false)
+ : ((bln == null) ? false : aln.equals(bln));
+ if (nsmatch && lnmatch) {
+ found = true;
+ }
+ }
+ if (!found) {
+ ret.add(bnode);
+ }
+ }
+ return ret;
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=522256&r1=522255&r2=522256
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Sun Mar 25 05:54:37 2007
@@ -73,11 +73,12 @@
WSDocInfoStore.store(wsDocInfo);
X509Certificate[] returnCert = new X509Certificate[1];
Set returnElements = new HashSet();
+ Set protectedElements = new java.util.TreeSet();
byte[][] signatureValue = new byte[1][];
Principal lastPrincipalFound = null;
try {
lastPrincipalFound = verifyXMLSignature((Element) elem,
- crypto, returnCert, returnElements, signatureValue);
+ crypto, returnCert, returnElements, protectedElements, signatureValue);
} catch (WSSecurityException ex) {
throw ex;
} finally {
@@ -86,12 +87,12 @@
if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
returnResults.add(0, new WSSecurityEngineResult(
WSConstants.UT_SIGN, lastPrincipalFound, null,
- returnElements, signatureValue[0]));
+ returnElements, protectedElements, signatureValue[0]));
} else {
returnResults.add(0, new WSSecurityEngineResult(
WSConstants.SIGN, lastPrincipalFound,
- returnCert[0], returnElements, signatureValue[0]));
+ returnCert[0], returnElements, protectedElements, signatureValue[0]));
}
signatureId = elem.getAttributeNS(null, "Id");
}
@@ -137,6 +138,7 @@
Crypto crypto,
X509Certificate[] returnCert,
Set returnElements,
+ Set protectedElements,
byte[][] signatureValue)
throws WSSecurityException {
if (log.isDebugEnabled()) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?view=diff&rev=522256&r1=522255&r2=522256
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java Sun Mar 25 05:54:37 2007
@@ -100,11 +100,11 @@
} catch (IOException e) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noPassword",
- new Object[]{user});
+ new Object[]{user}, e);
} catch (UnsupportedCallbackException e) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noPassword",
- new Object[]{user});
+ new Object[]{user}, e);
}
String origPassword = pwCb.getPassword();
if (log.isDebugEnabled()) {
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org