You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/04/03 12:29:05 UTC
svn commit: r1828225 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/util/
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/
ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/
ws-security-stax/s...
Author: coheigea
Date: Tue Apr 3 12:29:05 2018
New Revision: 1828225
URL: http://svn.apache.org/viewvc?rev=1828225&view=rev
Log:
WSS-626 - Duplicates in the PrefixList
Added:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/resources/testdata/SignaturePrefixListMessage.xml
- copied, changed from r1827752, webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java?rev=1828225&r1=1828224&r2=1828225&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java Tue Apr 3 12:29:05 2018
@@ -21,6 +21,8 @@ package org.apache.wss4j.dom.util;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
@@ -71,7 +73,7 @@ public final class SignatureUtils {
* Get the List of inclusive prefixes from the DOM Element argument
*/
public static List<String> getInclusivePrefixes(Element target, boolean excludeVisible) {
- List<String> result = new ArrayList<>();
+ Set<String> result = new TreeSet<>();
Node parent = target;
while (parent.getParentNode() != null
&& !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
@@ -112,7 +114,7 @@ public final class SignatureUtils {
}
}
- return result;
+ return new ArrayList<String>(result);
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java?rev=1828225&r1=1828224&r2=1828225&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePrefixListTest.java Tue Apr 3 12:29:05 2018
@@ -20,12 +20,21 @@
package org.apache.wss4j.dom.message;
import java.io.InputStream;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.XMLValidateContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -34,9 +43,9 @@ import org.apache.wss4j.dom.engine.WSSCo
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE;
import org.junit.Test;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
@@ -89,11 +98,19 @@ public class SignaturePrefixListTest ext
WSSecurityEngineResult actionResult =
results.getActionResults().get(WSConstants.SIGN).get(0);
- assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
- assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
- REFERENCE_TYPE referenceType =
- (REFERENCE_TYPE)actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
- assertTrue(referenceType == REFERENCE_TYPE.ISSUER_SERIAL);
+ Element receivedSignature = (Element)actionResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+ assertNotNull(receivedSignature);
+
+ // Check PrefixList
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("16c73ab6-b892-458f-abf5-2f875f74882e");
+ XMLValidateContext context = new DOMValidateContext(crypto.getX509Certificates(cryptoType)[0].getPublicKey(), receivedSignature);
+ XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
+ XMLSignature xmlSignature = signatureFactory.unmarshalXMLSignature(context);
+
+ ExcC14NParameterSpec spec = (ExcC14NParameterSpec)xmlSignature.getSignedInfo().getCanonicalizationMethod().getParameterSpec();
+ List<String> expectedPrefixes = new ArrayList<>(Arrays.asList("S12", "ds", "eb", "ebbp", "ns5"));
+ assertEquals(expectedPrefixes, spec.getPrefixList());
}
private WSHandlerResult verify(Document doc) throws Exception {
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml?rev=1828225&r1=1828224&r2=1828225&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml Tue Apr 3 12:29:05 2018
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='utf-8'?>
<S12:Envelope xmlns:S12="http://www.w3.org/2003/05/soap-envelope" xmlns:ns5="http://www.w3.org/1999/xlink" xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0" xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <S12:Header>
+ <S12:Header xmlns:S12="http://www.w3.org/2003/05/soap-envelope">
<eb:Messaging S12:mustUnderstand="true">
<eb:UserMessage>
<eb:MessageInfo>
Added: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java?rev=1828225&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignaturePrefixListTest.java Tue Apr 3 12:29:05 2018
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.setup.OutboundWSSec;
+import org.apache.wss4j.stax.setup.WSSec;
+import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.junit.Assert;
+import org.junit.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * A test-case for WSS-626 - "Duplicates in the PrefixList".
+ */
+public class SignaturePrefixListTest extends AbstractTestBase {
+
+ @Test
+ public void testDuplicatePrefixListValues() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
+ actions.add(WSSConstants.SIGNATURE);
+ securityProperties.setActions(actions);
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/SignaturePrefixListMessage.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Reference.getNamespaceURI(), WSSConstants.TAG_dsig_Reference.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.NS_SOAP12, WSSConstants.TAG_SOAP_BODY_LN);
+ Assert.assertEquals(nodeList.getLength(), 1);
+ String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_WSU_ID.getNamespaceURI(), WSSConstants.ATT_WSU_ID.getLocalPart());
+ Assert.assertNotNull(idAttrValue);
+ Assert.assertTrue(idAttrValue.length() > 0);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 2);
+
+ String parsedPrefixes = ((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_PrefixList.getLocalPart());
+ assertEquals(parsedPrefixes.split(" ").length, 5);
+ }
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE;
+ doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
+}
\ No newline at end of file
Copied: webservices/wss4j/trunk/ws-security-stax/src/test/resources/testdata/SignaturePrefixListMessage.xml (from r1827752, webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/resources/testdata/SignaturePrefixListMessage.xml?p2=webservices/wss4j/trunk/ws-security-stax/src/test/resources/testdata/SignaturePrefixListMessage.xml&p1=webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml&r1=1827752&r2=1828225&rev=1828225&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/resources/org/apache/wss4j/dom/message/SignaturePrefixListMessage.xml (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/resources/testdata/SignaturePrefixListMessage.xml Tue Apr 3 12:29:05 2018
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='utf-8'?>
<S12:Envelope xmlns:S12="http://www.w3.org/2003/05/soap-envelope" xmlns:ns5="http://www.w3.org/1999/xlink" xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0" xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <S12:Header>
+ <S12:Header xmlns:S12="http://www.w3.org/2003/05/soap-envelope">
<eb:Messaging S12:mustUnderstand="true">
<eb:UserMessage>
<eb:MessageInfo>