ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1124291 - in /webservices/wss4j/trunk: contrib/wss4j-release.sh src/main/java/org/apache/ws/security/message/WSSecSignature.java src/test/java/org/apache/ws/security/message/SignatureTest.java
Date Wed, 18 May 2011 14:55:21 GMT
Author: coheigea
Date: Wed May 18 14:55:21 2011
New Revision: 1124291

URL: http://svn.apache.org/viewvc?rev=1124291&view=rev
Log:
Added the ability to set the SecurityTokenReference when creating a signature.

Modified:
    webservices/wss4j/trunk/contrib/wss4j-release.sh
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java

Modified: webservices/wss4j/trunk/contrib/wss4j-release.sh
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/contrib/wss4j-release.sh?rev=1124291&r1=1124290&r2=1124291&view=diff
==============================================================================
--- webservices/wss4j/trunk/contrib/wss4j-release.sh (original)
+++ webservices/wss4j/trunk/contrib/wss4j-release.sh Wed May 18 14:55:21 2011
@@ -46,7 +46,6 @@ mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/a
 cd ${WSS4J_SRC_ROOT}
 mvn clean || exit 1
 mvn -Prelease,jdk15 install || exit 1
-mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/
 cp -r ${M2_REPO}/org/apache/ws/security/wss4j/${WSS4J_VERSION} ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j
 #
 # Build and stage the distribution using ant

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1124291&r1=1124290&r2=1124291&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Wed May 18 14:55:21 2011
@@ -106,6 +106,7 @@ public class WSSecSignature extends WSSe
     private String digestAlgo = WSConstants.SHA1;
     private X509Certificate useThisCert = null;
     private Element securityHeader = null;
+    private boolean useCustomSecRef;
 
     public WSSecSignature() {
         super();
@@ -164,132 +165,135 @@ public class WSSecSignature extends WSSe
         }
 
         keyInfoUri = getWsConfig().getIdAllocator().createSecureId("KI-", keyInfo);
-        secRef = new SecurityTokenReference(doc);
-        strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef);
-        secRef.setID(strUri);
-        
-        //
-        // Get an initialized XMLSignature element.
-        //
-        
-        //
-        // Prepare and setup the token references for this Signature
-        //
-        switch (keyIdentifierType) {
-        case WSConstants.BST_DIRECT_REFERENCE:
-            Reference ref = new Reference(document);
-            ref.setURI("#" + certUri);
-            if (!useSingleCert) {
-                bstToken = new PKIPathSecurity(document);
-                ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
-                secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
-            } else {
-                bstToken = new X509Security(document);
-                ((X509Security) bstToken).setX509Certificate(certs[0]);
-            }
-            ref.setValueType(bstToken.getValueType());
-            secRef.setReference(ref);
-            bstToken.setID(certUri);
-            wsDocInfo.addTokenElement(bstToken.getElement());
-            break;
-
-        case WSConstants.ISSUER_SERIAL:
-            String issuer = certs[0].getIssuerX500Principal().getName();
-            java.math.BigInteger serialNumber = certs[0].getSerialNumber();
-            DOMX509IssuerSerial domIssuerSerial = 
-                new DOMX509IssuerSerial(doc, issuer, serialNumber);
-            DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
-            secRef.setX509Data(domX509Data);
-            break;
-
-        case WSConstants.X509_KEY_IDENTIFIER:
-            secRef.setKeyIdentifier(certs[0]);
-            break;
-
-        case WSConstants.SKI_KEY_IDENTIFIER:
-            secRef.setKeyIdentifierSKI(certs[0], crypto);
-            break;
-
-        case WSConstants.THUMBPRINT_IDENTIFIER:
-            secRef.setKeyIdentifierThumb(certs[0]);
-            break;
+        if (!useCustomSecRef) {
+            secRef = new SecurityTokenReference(doc);
+            strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef);
+            secRef.setID(strUri);
             
-        case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
-            if (encrKeySha1value != null) {
-                secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
-            } else {
-                byte[] digestBytes = WSSecurityUtil.generateDigest(secretKey);
-                secRef.setKeyIdentifierEncKeySHA1(Base64.encode(digestBytes));
-            }
-            secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-            break;
-
-        case WSConstants.CUSTOM_SYMM_SIGNING :
-            Reference refCust = new Reference(document);
-            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-                refCust.setValueType(customTokenValueType);
-            } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
-                secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-            } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-                refCust.setValueType(customTokenValueType);
-            } else {
-                refCust.setValueType(customTokenValueType);
-            }
-            refCust.setURI("#" + customTokenId);
-            secRef.setReference(refCust);
-            break;
-
-        case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
-            Reference refCustd = new Reference(document);
-            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-                refCustd.setValueType(customTokenValueType);
-            } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
-                secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-            } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-                refCustd.setValueType(customTokenValueType);
-            } else {
-                refCustd.setValueType(customTokenValueType);
-            }
-            refCustd.setURI(customTokenId);
-            secRef.setReference(refCustd);
-            break;
+            //
+            // Get an initialized XMLSignature element.
+            //
             
-        case WSConstants.CUSTOM_KEY_IDENTIFIER:
-            secRef.setKeyIdentifier(customTokenValueType, customTokenId);
-            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-            } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
-                secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-            } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
-                secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-            } else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customTokenValueType))
{
+            //
+            // Prepare and setup the token references for this Signature
+            //
+            switch (keyIdentifierType) {
+            case WSConstants.BST_DIRECT_REFERENCE:
+                Reference ref = new Reference(document);
+                ref.setURI("#" + certUri);
+                if (!useSingleCert) {
+                    bstToken = new PKIPathSecurity(document);
+                    ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
+                    secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
+                } else {
+                    bstToken = new X509Security(document);
+                    ((X509Security) bstToken).setX509Certificate(certs[0]);
+                }
+                ref.setValueType(bstToken.getValueType());
+                secRef.setReference(ref);
+                bstToken.setID(certUri);
+                wsDocInfo.addTokenElement(bstToken.getElement());
+                break;
+    
+            case WSConstants.ISSUER_SERIAL:
+                String issuer = certs[0].getIssuerX500Principal().getName();
+                java.math.BigInteger serialNumber = certs[0].getSerialNumber();
+                DOMX509IssuerSerial domIssuerSerial = 
+                    new DOMX509IssuerSerial(doc, issuer, serialNumber);
+                DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
+                secRef.setX509Data(domX509Data);
+                break;
+    
+            case WSConstants.X509_KEY_IDENTIFIER:
+                secRef.setKeyIdentifier(certs[0]);
+                break;
+    
+            case WSConstants.SKI_KEY_IDENTIFIER:
+                secRef.setKeyIdentifierSKI(certs[0], crypto);
+                break;
+    
+            case WSConstants.THUMBPRINT_IDENTIFIER:
+                secRef.setKeyIdentifierThumb(certs[0]);
+                break;
+                
+            case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
+                if (encrKeySha1value != null) {
+                    secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
+                } else {
+                    byte[] digestBytes = WSSecurityUtil.generateDigest(secretKey);
+                    secRef.setKeyIdentifierEncKeySHA1(Base64.encode(digestBytes));
+                }
                 secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-            }
-            break;
-            
-        case WSConstants.KEY_VALUE:
-            java.security.PublicKey publicKey = certs[0].getPublicKey();
-            
-            try {
-                KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey);
-                keyInfo = 
-                    keyInfoFactory.newKeyInfo(
-                        java.util.Collections.singletonList(keyValue), keyInfoUri
+                break;
+    
+            case WSConstants.CUSTOM_SYMM_SIGNING :
+                Reference refCust = new Reference(document);
+                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
+                    secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+                    refCust.setValueType(customTokenValueType);
+                } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+                } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+                    refCust.setValueType(customTokenValueType);
+                } else {
+                    refCust.setValueType(customTokenValueType);
+                }
+                refCust.setURI("#" + customTokenId);
+                secRef.setReference(refCust);
+                break;
+    
+            case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
+                Reference refCustd = new Reference(document);
+                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
+                    secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+                    refCustd.setValueType(customTokenValueType);
+                } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+                } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+                    refCustd.setValueType(customTokenValueType);
+                } else {
+                    refCustd.setValueType(customTokenValueType);
+                }
+                refCustd.setURI(customTokenId);
+                secRef.setReference(refCustd);
+                break;
+                
+            case WSConstants.CUSTOM_KEY_IDENTIFIER:
+                secRef.setKeyIdentifier(customTokenValueType, customTokenId);
+                if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
+                    secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+                } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+                } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+                } else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customTokenValueType))
{
+                    secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+                }
+                break;
+                
+            case WSConstants.KEY_VALUE:
+                java.security.PublicKey publicKey = certs[0].getPublicKey();
+                
+                try {
+                    KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey);
+                    keyInfo = 
+                        keyInfoFactory.newKeyInfo(
+                            java.util.Collections.singletonList(keyValue), keyInfoUri
+                        );
+                } catch (java.security.KeyException ex) {
+                    log.error("", ex);
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
                     );
-            } catch (java.security.KeyException ex) {
-                log.error("", ex);
-                throw new WSSecurityException(
-                    WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
-                );
+                }
+                break;
+            default:
+                throw new WSSecurityException(WSSecurityException.FAILURE, "unsupportedKeyId");
             }
-            break;
-        default:
-            throw new WSSecurityException(WSSecurityException.FAILURE, "unsupportedKeyId");
         }
+        
         if (keyIdentifierType != WSConstants.KEY_VALUE) {
             XMLStructure structure = new DOMStructure(secRef.getElement());
             wsDocInfo.addTokenElement(secRef.getElement());
@@ -645,7 +649,7 @@ public class WSSecSignature extends WSSe
     }
     
     /**
-     * Get the id of the BSt generated  during <code>prepare()</code>.
+     * Get the id of the BST generated  during <code>prepare()</code>.
      * 
      * @return Returns the the value of wsu:Id attribute of the 
      * BinaruSecurityToken element.
@@ -718,12 +722,20 @@ public class WSSecSignature extends WSSe
     }
     
     /**
-     * @return the SecurityTokenReference (must be called after 
-     * {@link #prepare(Document, Crypto, WSSecHeader)}
+     * Get the SecurityTokenReference to be used in the KeyInfo element.
      */
     public SecurityTokenReference getSecurityTokenReference() {
         return secRef;
     }
+    
+    /**
+     * Set the SecurityTokenReference to be used in the KeyInfo element. If this
+     * method is not called, a SecurityTokenRefence will be generated.
+     */
+    public void setSecurityTokenReference(SecurityTokenReference secRef) {
+        useCustomSecRef = true;
+        this.secRef = secRef;
+    }
 
     /**
      * Set up the X509 Certificate(s) for signing.

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1124291&r1=1124290&r2=1124291&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureTest.java
Wed May 18 14:55:21 2011
@@ -36,6 +36,8 @@ import org.apache.ws.security.components
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -586,6 +588,34 @@ public class SignatureTest extends org.j
         
         verify(signedDoc);
     }
+    
+    /**
+     * Create a signature that uses a custom SecurityTokenReference.
+     */
+    @org.junit.Test
+    public void testCustomSTR() throws Exception {
+        WSSecSignature builder = new WSSecSignature();
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+        LOG.info("Before Signing IS....");
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        SecurityTokenReference secRef = new SecurityTokenReference(doc);
+        Reference ref = new Reference(doc);
+        ref.setURI("custom-uri");
+        secRef.setReference(ref);
+        builder.setSecurityTokenReference(secRef);
+        
+        Document signedDoc = builder.build(doc, crypto, secHeader);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+    }
 
     /**
      * Verifies the soap envelope.



Mime
View raw message