ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1196546 [1/2] - in /webservices/wss4j/branches/swssf: streaming-ws-security/src/main/java/org/swssf/wss/ext/ streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/ streaming-xml-security/src/main/java/org/swssf/xmlsec/ext...
Date Wed, 02 Nov 2011 11:40:55 GMT
Author: giger
Date: Wed Nov  2 11:40:54 2011
New Revision: 1196546

URL: http://svn.apache.org/viewvc?rev=1196546&view=rev
Log:
refactoring to use (again) a common methods for token structure creation

Modified:
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptEndingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureOutputProcessor.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java Wed Nov  2 11:40:54 2011
@@ -19,15 +19,24 @@
 package org.swssf.wss.ext;
 
 import org.apache.commons.codec.binary.Base64;
-import org.swssf.xmlsec.ext.XMLSecurityUtils;
+import org.swssf.xmlsec.crypto.Merlin;
+import org.swssf.xmlsec.ext.*;
 
 import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.EndElement;
 import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Iterator;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.*;
 
 /**
  * @author $Author$
@@ -89,4 +98,235 @@ public class WSSUtils extends XMLSecurit
             return responsibleActor.equals(actor);
         }
     }
+
+    public static void flushBufferAndCallbackAfterTokenID(OutputProcessorChain outputProcessorChain,
+                                                          AbstractBufferingOutputProcessor abstractBufferingOutputProcessor,
+                                                          Deque<XMLEvent> xmlEventDeque)
+            throws XMLStreamException, XMLSecurityException {
+
+        //loop until we reach our security header and set flag
+        Iterator<XMLEvent> xmlEventIterator = xmlEventDeque.descendingIterator();
+        while (xmlEventIterator.hasNext()) {
+            XMLEvent xmlEvent = xmlEventIterator.next();
+            if (xmlEvent.isStartElement()) {
+                StartElement startElement = xmlEvent.asStartElement();
+                if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
+                        && isResponsibleActorOrRole(
+                        startElement,
+                        ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
+                        ((WSSSecurityProperties) abstractBufferingOutputProcessor.getSecurityProperties()).getActor())) {
+                    ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
+                    outputProcessorChain.reset();
+                    outputProcessorChain.processEvent(xmlEvent);
+                    break;
+                }
+            }
+            outputProcessorChain.reset();
+            outputProcessorChain.processEvent(xmlEvent);
+        }
+
+        final String appendAfterThisTokenId = abstractBufferingOutputProcessor.getAppendAfterThisTokenId();
+        //append current header
+        if (appendAfterThisTokenId == null) {
+            abstractBufferingOutputProcessor.processHeaderEvent(outputProcessorChain);
+        } else {
+            //we have a dependent token. so we have to append the current header after the token
+            boolean found = false;
+            while (xmlEventIterator.hasNext() && !found) {
+                XMLEvent xmlEvent = xmlEventIterator.next();
+
+                outputProcessorChain.reset();
+                outputProcessorChain.processEvent(xmlEvent);
+
+                //search for an element with a matching wsu:Id. this is our token
+                if (xmlEvent.isStartElement()) {
+                    StartElement startElement = xmlEvent.asStartElement();
+                    QName matchingElementName;
+
+                    @SuppressWarnings("unchecked")
+                    Iterator<Attribute> attributeIterator = startElement.getAttributes();
+                    while (attributeIterator.hasNext() && !found) {
+                        Attribute attribute = attributeIterator.next();
+                        final QName attributeName = attribute.getName();
+                        final String attributeValue = attribute.getValue();
+                        if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+                                || (WSSConstants.ATT_NULL_Id.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+                                || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && appendAfterThisTokenId.equals(attributeValue))
+                                || (WSSConstants.ATT_NULL_ID.equals(attributeName) && appendAfterThisTokenId.endsWith(attributeValue))) {
+                            matchingElementName = startElement.getName();
+                            //we found the token and...
+                            int level = 0;
+                            while (xmlEventIterator.hasNext() && !found) {
+                                xmlEvent = xmlEventIterator.next();
+
+                                outputProcessorChain.reset();
+                                outputProcessorChain.processEvent(xmlEvent);
+
+                                //loop until we reach the token end element
+                                if (xmlEvent.isEndElement()) {
+                                    EndElement endElement = xmlEvent.asEndElement();
+                                    if (level == 0 && endElement.getName().equals(matchingElementName)) {
+                                        found = true;
+                                        //output now the current header
+                                        abstractBufferingOutputProcessor.processHeaderEvent(outputProcessorChain);
+                                    }
+                                    level--;
+                                } else if (xmlEvent.isStartElement()) {
+                                    level++;
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        //loop until our security header end element and unset the flag
+        while (xmlEventIterator.hasNext()) {
+            XMLEvent xmlEvent = xmlEventIterator.next();
+            if (xmlEvent.isEndElement()) {
+                EndElement endElement = xmlEvent.asEndElement();
+                if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
+                    ((WSSDocumentContext) outputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
+                    outputProcessorChain.reset();
+                    outputProcessorChain.processEvent(xmlEvent);
+                    break;
+                }
+            }
+            outputProcessorChain.reset();
+            outputProcessorChain.processEvent(xmlEvent);
+        }
+        //loop throug the rest of the document
+        while (xmlEventIterator.hasNext()) {
+            XMLEvent xmlEvent = xmlEventIterator.next();
+            outputProcessorChain.reset();
+            outputProcessorChain.processEvent(xmlEvent);
+        }
+        outputProcessorChain.reset();
+    }
+
+    public static void createBinarySecurityTokenStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        String valueType;
+        if (useSingleCertificate) {
+            valueType = WSSConstants.NS_X509_V3_TYPE;
+        } else {
+            valueType = WSSConstants.NS_X509PKIPathv1;
+        }
+        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
+        attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
+        try {
+            if (useSingleCertificate) {
+                abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+            } else {
+                try {
+                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
+                    List<X509Certificate> certificates = Arrays.asList(x509Certificates);
+                    abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
+                } catch (CertificateException e) {
+                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+                } catch (NoSuchProviderException e) {
+                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+                }
+            }
+        } catch (CertificateEncodingException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
+    }
+
+    public static void createX509SubjectKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
+        // As per the 1.1 specification, SKI can only be used for a V3 certificate
+        if (x509Certificates[0].getVersion() != 3) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
+        }
+
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+        byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
+        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+    }
+
+    public static void createX509KeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+        try {
+            abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+        } catch (CertificateEncodingException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+    }
+
+    public static void createThumbprintKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+        try {
+            MessageDigest sha;
+            sha = MessageDigest.getInstance("SHA-1");
+            sha.reset();
+            sha.update(x509Certificates[0].getEncoded());
+            byte[] data = sha.digest();
+
+            abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+        } catch (CertificateEncodingException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+    }
+
+    public static void createBSTReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        String valueType;
+        if (useSingleCertificate) {
+            valueType = WSSConstants.NS_X509_V3_TYPE;
+        } else {
+            valueType = WSSConstants.NS_X509PKIPathv1;
+        }
+        attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+        if (embed) {
+            WSSUtils.createBinarySecurityTokenStructure(abstractOutputProcessor, outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
+        }
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+    }
+
+    //todo I think this is not spec conform and can be dropped
+    public static void createEmbeddedSecurityTokenReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+    }
+
+    public static void createEmbeddedKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, XMLSecurityConstants.TokenType tokenType, String referenceId) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        if (tokenType.equals(WSSConstants.Saml10Token) || tokenType.equals(WSSConstants.Saml11Token)) {
+            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE);
+        } else if (tokenType.equals(WSSConstants.Saml20Token)) {
+            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE);
+        }
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
+        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
+    }
+
+    public static void createUsernameTokenReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, XMLSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(WSSConstants.ATT_NULL_URI, "#" + tokenId);
+        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
+        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
+        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -18,7 +18,6 @@
  */
 package org.swssf.wss.impl.processor.output;
 
-import org.apache.commons.codec.binary.Base64;
 import org.swssf.wss.ext.*;
 import org.swssf.wss.impl.securityToken.DelegatingSecurityToken;
 import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
@@ -28,18 +27,14 @@ import org.swssf.wss.securityEvent.Signa
 import org.swssf.xmlsec.crypto.Crypto;
 import org.swssf.xmlsec.ext.*;
 
-import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
 import java.security.Key;
-import java.security.NoSuchProviderException;
 import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.List;
+import java.util.UUID;
 
 /**
  * @author $Author$
@@ -249,44 +244,11 @@ public class BinarySecurityTokenOutputPr
                     OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
 
                     boolean useSingleCertificate = getSecurityProperties().isUseSingleCert();
-                    createBinarySecurityTokenStructure(subOutputProcessorChain, securityToken.getId(), securityToken.getX509Certificates(), useSingleCertificate);
+                    WSSUtils.createBinarySecurityTokenStructure(this, subOutputProcessorChain, securityToken.getId(), securityToken.getX509Certificates(), useSingleCertificate);
 
                     outputProcessorChain.removeProcessor(this);
                 }
             }
         }
-
-        //todo common method
-        protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            String valueType;
-            if (useSingleCertificate) {
-                valueType = WSSConstants.NS_X509_V3_TYPE;
-            } else {
-                valueType = WSSConstants.NS_X509PKIPathv1;
-            }
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-            attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
-            try {
-                if (useSingleCertificate) {
-                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-                } else {
-                    try {
-                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
-                        List<X509Certificate> certificates = Arrays.asList(x509Certificates);
-                        createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
-                    } catch (CertificateException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    } catch (NoSuchProviderException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    }
-                }
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
-        }
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/DerivedKeyTokenOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -26,7 +26,6 @@ import org.swssf.wss.impl.derivedKey.Der
 import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
 import org.swssf.xmlsec.config.JCEAlgorithmMapper;
 import org.swssf.xmlsec.crypto.Crypto;
-import org.swssf.xmlsec.crypto.Merlin;
 import org.swssf.xmlsec.ext.*;
 
 import javax.crypto.spec.SecretKeySpec;
@@ -35,12 +34,13 @@ import javax.xml.stream.XMLStreamExcepti
 import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
 import java.io.UnsupportedEncodingException;
-import java.security.*;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.security.Key;
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.UUID;
 
 /**
  * @author $Author$
@@ -281,132 +281,21 @@ public class DerivedKeyTokenOutputProces
             if (keyIdentifierType == WSSConstants.KeyIdentifierType.ISSUER_SERIAL) {
                 createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
-                createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
-                createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
-                createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_EMBEDDED) {
-                createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+                WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
-                createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+                WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
             } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
-                createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+                WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
             } else {
                 throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
             }
             createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
         }
-
-        //todo common method
-        protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
-            // As per the 1.1 specification, SKI can only be used for a V3 certificate
-            if (x509Certificates[0].getVersion() != 3) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
-            }
-
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
-            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common method
-        protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            try {
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common methdod
-        protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            try {
-                MessageDigest sha;
-                sha = MessageDigest.getInstance("SHA-1");
-                sha.reset();
-                sha.update(x509Certificates[0].getEncoded());
-                byte[] data = sha.digest();
-
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            } catch (NoSuchAlgorithmException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common method
-        protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            String valueType;
-            if (useSingleCertificate) {
-                valueType = WSSConstants.NS_X509_V3_TYPE;
-            } else {
-                valueType = WSSConstants.NS_X509PKIPathv1;
-            }
-            attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-            if (embed) {
-                createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-        }
-
-        //todo common method
-        protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-        }
-
-        //todo common method
-        protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            String valueType;
-            if (useSingleCertificate) {
-                valueType = WSSConstants.NS_X509_V3_TYPE;
-            } else {
-                valueType = WSSConstants.NS_X509PKIPathv1;
-            }
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-            attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
-            try {
-                if (useSingleCertificate) {
-                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-                } else {
-                    try {
-                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
-                        List<X509Certificate> certificates = Arrays.asList(x509Certificates);
-                        createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
-                    } catch (CertificateException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    } catch (NoSuchProviderException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    }
-                }
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
-        }
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptEndingOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -19,7 +19,6 @@
 package org.swssf.wss.impl.processor.output;
 
 import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
 import org.swssf.wss.ext.WSSSecurityProperties;
 import org.swssf.wss.ext.WSSUtils;
 import org.swssf.xmlsec.ext.OutputProcessorChain;
@@ -27,13 +26,7 @@ import org.swssf.xmlsec.ext.XMLSecurityC
 import org.swssf.xmlsec.ext.XMLSecurityException;
 import org.swssf.xmlsec.impl.processor.output.AbstractEncryptEndingOutputProcessor;
 
-import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.EndElement;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
-import java.util.Iterator;
 
 /**
  * Processor buffers encrypted XMLEvents and forwards them when final is called
@@ -50,7 +43,7 @@ public class EncryptEndingOutputProcesso
     }
 
     @Override
-    protected void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+    public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
         if (getAction() == WSSConstants.ENCRYPT_WITH_DERIVED_KEY) {
             createReferenceListStructure(subOutputProcessorChain);
@@ -59,107 +52,8 @@ public class EncryptEndingOutputProcesso
 
     @Override
     public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
-
-        //todo replace this and in EncryptEndingOutputProcessor with a common method somewhere
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-
-        //loop until we reach our security header and set flag
-        Iterator<XMLEvent> xmlEventIterator = getXmlEventBuffer().descendingIterator();
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            if (xmlEvent.isStartElement()) {
-                StartElement startElement = xmlEvent.asStartElement();
-                if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
-                        && WSSUtils.isResponsibleActorOrRole(
-                        startElement,
-                        ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
-                        ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
-                    ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
-                    subOutputProcessorChain.reset();
-                    subOutputProcessorChain.processEvent(xmlEvent);
-                    break;
-                }
-            }
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-
-        //append current header
-        if (getAppendAfterThisTokenId() == null) {
-            processHeaderEvent(subOutputProcessorChain);
-        } else {
-            //we have a dependent token. so we have to append the current header after the token
-            boolean found = false;
-            while (xmlEventIterator.hasNext() && !found) {
-                XMLEvent xmlEvent = xmlEventIterator.next();
-
-                subOutputProcessorChain.reset();
-                subOutputProcessorChain.processEvent(xmlEvent);
-
-                //search for an element with a matching wsu:Id. this is our token
-                if (xmlEvent.isStartElement()) {
-                    StartElement startElement = xmlEvent.asStartElement();
-                    QName matchingElementName;
-
-                    @SuppressWarnings("unchecked")
-                    Iterator<Attribute> attributeIterator = startElement.getAttributes();
-                    while (attributeIterator.hasNext() && !found) {
-                        Attribute attribute = attributeIterator.next();
-                        final QName attributeName = attribute.getName();
-                        final String attributeValue = attribute.getValue();
-                        if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_ID.equals(attributeName) && getAppendAfterThisTokenId().endsWith(attributeValue))) {
-                            matchingElementName = startElement.getName();
-                            //we found the token and...
-                            int level = 0;
-                            while (xmlEventIterator.hasNext() && !found) {
-                                xmlEvent = xmlEventIterator.next();
-
-                                subOutputProcessorChain.reset();
-                                subOutputProcessorChain.processEvent(xmlEvent);
-
-                                //loop until we reach the token end element
-                                if (xmlEvent.isEndElement()) {
-                                    EndElement endElement = xmlEvent.asEndElement();
-                                    if (level == 0 && endElement.getName().equals(matchingElementName)) {
-                                        found = true;
-                                        //output now the current header
-                                        processHeaderEvent(subOutputProcessorChain);
-                                    }
-                                    level--;
-                                } else if (xmlEvent.isStartElement()) {
-                                    level++;
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        }
-        //loop until our security header end element and unset the flag
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            if (xmlEvent.isEndElement()) {
-                EndElement endElement = xmlEvent.asEndElement();
-                if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
-                    ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
-                    subOutputProcessorChain.reset();
-                    subOutputProcessorChain.processEvent(xmlEvent);
-                    break;
-                }
-            }
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-        //loop throug the rest of the document
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-        subOutputProcessorChain.reset();
+        WSSUtils.flushBufferAndCallbackAfterTokenID(subOutputProcessorChain, this, getXmlEventBuffer());
         //call final on the rest of the chain
         subOutputProcessorChain.doFinal();
         //this processor is now finished and we can remove it now

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -59,7 +59,7 @@ public class EncryptOutputProcessor exte
 
             //avoid double encryption when child elements matches too
             if (getActiveInternalEncryptionOutputProcessor() == null) {
-                SecurePart securePart = securePartMatches(startElement, outputProcessorChain);
+                SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getEncryptionSecureParts());
                 if (securePart != null) {
                     logger.debug("Matched securePart for encryption");
                     InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptedKeyOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -19,14 +19,10 @@
 package org.swssf.wss.impl.processor.output;
 
 import org.apache.commons.codec.binary.Base64;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.ext.*;
 import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
 import org.swssf.xmlsec.config.JCEAlgorithmMapper;
 import org.swssf.xmlsec.crypto.Crypto;
-import org.swssf.xmlsec.crypto.Merlin;
 import org.swssf.xmlsec.ext.*;
 
 import javax.crypto.*;
@@ -34,12 +30,14 @@ import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
-import java.security.*;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
 
 /**
  * @author $Author$
@@ -292,132 +290,21 @@ public class EncryptedKeyOutputProcessor
             if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.ISSUER_SERIAL.name())) {
                 createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER.name())) {
-                createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER.name())) {
-                createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER.name())) {
-                createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+                WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.BST_EMBEDDED.name())) {
-                createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+                WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE.name())) {
-                createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+                WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
             } else if (keyIdentifierType.name().equals(WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF.name())) {
-                createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+                WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
             } else {
                 throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
             }
             createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
         }
-
-        //todo common method
-        protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
-            // As per the 1.1 specification, SKI can only be used for a V3 certificate
-            if (x509Certificates[0].getVersion() != 3) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
-            }
-
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
-            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common method
-        protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            try {
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common methdod
-        protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-            try {
-                MessageDigest sha;
-                sha = MessageDigest.getInstance("SHA-1");
-                sha.reset();
-                sha.update(x509Certificates[0].getEncoded());
-                byte[] data = sha.digest();
-
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            } catch (NoSuchAlgorithmException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-        }
-
-        //todo common method
-        protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            String valueType;
-            if (useSingleCertificate) {
-                valueType = WSSConstants.NS_X509_V3_TYPE;
-            } else {
-                valueType = WSSConstants.NS_X509PKIPathv1;
-            }
-            attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-            if (embed) {
-                createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-        }
-
-        //todo common method
-        protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-        }
-
-        //todo common method
-        protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-            Map<QName, String> attributes = new HashMap<QName, String>();
-            String valueType;
-            if (useSingleCertificate) {
-                valueType = WSSConstants.NS_X509_V3_TYPE;
-            } else {
-                valueType = WSSConstants.NS_X509PKIPathv1;
-            }
-            attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-            attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-            attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
-            try {
-                if (useSingleCertificate) {
-                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-                } else {
-                    try {
-                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
-                        List<X509Certificate> certificates = Arrays.asList(x509Certificates);
-                        createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
-                    } catch (CertificateException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    } catch (NoSuchProviderException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                    }
-                }
-            } catch (CertificateEncodingException e) {
-                throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-            }
-            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
-        }
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -18,7 +18,6 @@
  */
 package org.swssf.wss.impl.processor.output;
 
-import org.apache.commons.codec.binary.Base64;
 import org.opensaml.common.SAMLVersion;
 import org.swssf.wss.ext.*;
 import org.swssf.wss.impl.saml.OpenSAMLUtil;
@@ -38,14 +37,13 @@ import javax.xml.stream.XMLStreamExcepti
 import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
 import java.security.Key;
-import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
 
 /**
  * @author $Author$
@@ -230,39 +228,6 @@ public class SAMLTokenOutputProcessor ex
         outputProcessorChain.processEvent(xmlEvent);
     }
 
-    //todo common method
-    protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        String valueType;
-        if (useSingleCertificate) {
-            valueType = WSSConstants.NS_X509_V3_TYPE;
-        } else {
-            valueType = WSSConstants.NS_X509PKIPathv1;
-        }
-        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-        attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
-        try {
-            if (useSingleCertificate) {
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-            } else {
-                try {
-                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
-                    List<X509Certificate> certificates = Arrays.asList(x509Certificates);
-                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
-                } catch (CertificateException e) {
-                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                } catch (NoSuchProviderException e) {
-                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                }
-            }
-        } catch (CertificateEncodingException e) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-        }
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
-    }
-
     class FinalSAMLTokenOutputProcessor extends AbstractOutputProcessor {
 
         private SecurityToken securityToken;
@@ -294,7 +259,7 @@ public class SAMLTokenOutputProcessor ex
                 if (((WSSDocumentContext) outputProcessorChain.getDocumentContext()).isInSecurityHeader() && startElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
                     OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
                     if (senderVouches && ((WSSSecurityProperties) getSecurityProperties()).getSignatureKeyIdentifierType() == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
-                        outputBinarySecurityToken(outputProcessorChain, binarySecurityTokenReferenceId, securityToken.getX509Certificates(), getSecurityProperties().isUseSingleCert());
+                        WSSUtils.createBinarySecurityTokenStructure(this, outputProcessorChain, binarySecurityTokenReferenceId, securityToken.getX509Certificates(), getSecurityProperties().isUseSingleCert());
                     }
                     outputSamlAssertion(samlAssertionWrapper.toDOM(null), subOutputProcessorChain);
                     if (senderVouches) {
@@ -327,10 +292,6 @@ public class SAMLTokenOutputProcessor ex
         createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
     }
 
-    private void outputBinarySecurityToken(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-        createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
-    }
-
     //todo serialize directly from SAML XMLObject?
     private void outputSamlAssertion(Element element, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureEndingOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -18,8 +18,10 @@
  */
 package org.swssf.wss.impl.processor.output;
 
-import org.apache.commons.codec.binary.Base64;
-import org.swssf.wss.ext.*;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.wss.ext.WSSUtils;
+import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.wss.securityEvent.SecurityEvent;
 import org.swssf.wss.securityEvent.SignatureValueSecurityEvent;
 import org.swssf.xmlsec.ext.OutputProcessorChain;
@@ -32,18 +34,10 @@ import org.swssf.xmlsec.impl.processor.o
 
 import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.EndElement;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
 
 /**
  * @author $Author$
@@ -62,107 +56,8 @@ public class SignatureEndingOutputProces
     @Override
     public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
         setAppendAfterThisTokenId(outputProcessorChain.getSecurityContext().<String>get(WSSConstants.PROP_APPEND_SIGNATURE_ON_THIS_ID));
-
-        //todo replace this and in EncryptEndingOutputProcessor with a common method somewhere
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-
-        //loop until we reach our security header and set flag
-        Iterator<XMLEvent> xmlEventIterator = getXmlEventBuffer().descendingIterator();
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            if (xmlEvent.isStartElement()) {
-                StartElement startElement = xmlEvent.asStartElement();
-                if (startElement.getName().equals(WSSConstants.TAG_wsse_Security)
-                        && WSSUtils.isResponsibleActorOrRole(
-                        startElement,
-                        ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).getSOAPMessageVersionNamespace(),
-                        ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
-                    ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(true);
-                    subOutputProcessorChain.reset();
-                    subOutputProcessorChain.processEvent(xmlEvent);
-                    break;
-                }
-            }
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-
-        //append current header
-        if (getAppendAfterThisTokenId() == null) {
-            processHeaderEvent(subOutputProcessorChain);
-        } else {
-            //we have a dependent token. so we have to append the current header after the token
-            boolean found = false;
-            while (xmlEventIterator.hasNext() && !found) {
-                XMLEvent xmlEvent = xmlEventIterator.next();
-
-                subOutputProcessorChain.reset();
-                subOutputProcessorChain.processEvent(xmlEvent);
-
-                //search for an element with a matching wsu:Id. this is our token
-                if (xmlEvent.isStartElement()) {
-                    StartElement startElement = xmlEvent.asStartElement();
-                    QName matchingElementName;
-
-                    @SuppressWarnings("unchecked")
-                    Iterator<Attribute> attributeIterator = startElement.getAttributes();
-                    while (attributeIterator.hasNext() && !found) {
-                        Attribute attribute = attributeIterator.next();
-                        final QName attributeName = attribute.getName();
-                        final String attributeValue = attribute.getValue();
-                        if ((WSSConstants.ATT_wsu_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_Id.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_AssertionID.equals(attributeName) && getAppendAfterThisTokenId().equals(attributeValue))
-                                || (WSSConstants.ATT_NULL_ID.equals(attributeName) && getAppendAfterThisTokenId().endsWith(attributeValue))) {
-                            matchingElementName = startElement.getName();
-                            //we found the token and...
-                            int level = 0;
-                            while (xmlEventIterator.hasNext() && !found) {
-                                xmlEvent = xmlEventIterator.next();
-
-                                subOutputProcessorChain.reset();
-                                subOutputProcessorChain.processEvent(xmlEvent);
-
-                                //loop until we reach the token end element
-                                if (xmlEvent.isEndElement()) {
-                                    EndElement endElement = xmlEvent.asEndElement();
-                                    if (level == 0 && endElement.getName().equals(matchingElementName)) {
-                                        found = true;
-                                        //output now the current header
-                                        processHeaderEvent(subOutputProcessorChain);
-                                    }
-                                    level--;
-                                } else if (xmlEvent.isStartElement()) {
-                                    level++;
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        }
-        //loop until our security header end element and unset the flag
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            if (xmlEvent.isEndElement()) {
-                EndElement endElement = xmlEvent.asEndElement();
-                if (endElement.getName().equals(WSSConstants.TAG_wsse_Security)) {
-                    ((WSSDocumentContext) subOutputProcessorChain.getDocumentContext()).setInSecurityHeader(false);
-                    subOutputProcessorChain.reset();
-                    subOutputProcessorChain.processEvent(xmlEvent);
-                    break;
-                }
-            }
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-        //loop throug the rest of the document
-        while (xmlEventIterator.hasNext()) {
-            XMLEvent xmlEvent = xmlEventIterator.next();
-            subOutputProcessorChain.reset();
-            subOutputProcessorChain.processEvent(xmlEvent);
-        }
-        subOutputProcessorChain.reset();
+        WSSUtils.flushBufferAndCallbackAfterTokenID(subOutputProcessorChain, this, getXmlEventBuffer());
         //call final on the rest of the chain
         subOutputProcessorChain.doFinal();
         //this processor is now finished and we can remove it now
@@ -177,7 +72,7 @@ public class SignatureEndingOutputProces
     }
 
     @Override
-    protected void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
+    public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
         super.processHeaderEvent(outputProcessorChain);
 
         SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent(SecurityEvent.Event.SignatureValue);
@@ -214,160 +109,27 @@ public class SignatureEndingOutputProces
         if (keyIdentifierType == WSSConstants.KeyIdentifierType.ISSUER_SERIAL) {
             createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
-            createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+            WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
-            createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+            WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
-            createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+            WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_EMBEDDED) {
-            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+            WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
-            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+            WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
-            createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+            WSSUtils.createEmbeddedSecurityTokenReferenceStructure(this, outputProcessorChain, tokenId);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.EMEDDED_KEYIDENTIFIER_REF) {
-            createEmbeddedKeyIdentifierStructure(outputProcessorChain, securityToken.getTokenType(), tokenId);
+            WSSUtils.createEmbeddedKeyIdentifierStructure(this, outputProcessorChain, securityToken.getTokenType(), tokenId);
         } else if (keyIdentifierType == WSSConstants.KeyIdentifierType.USERNAMETOKEN_REFERENCE) {
-            createUsernameTokenReferenceStructure(outputProcessorChain, tokenId);
+            WSSUtils.createUsernameTokenReferenceStructure(this, outputProcessorChain, tokenId);
         } else {
             throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedSecurityToken", keyIdentifierType.name());
         }
         createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
     }
 
-    //todo common method
-    protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLSecurityException, XMLStreamException {
-        // As per the 1.1 specification, SKI can only be used for a V3 certificate
-        if (x509Certificates[0].getVersion() != 3) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
-        }
-
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-        byte data[] = getSecurityProperties().getSignatureCrypto().getSKIBytesFromCert(x509Certificates[0]);
-        createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-    }
-
-    //todo common method
-    protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-        try {
-            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-        } catch (CertificateEncodingException e) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-        }
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-    }
-
-    //todo common methdod
-    protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-        try {
-            MessageDigest sha;
-            sha = MessageDigest.getInstance("SHA-1");
-            sha.reset();
-            sha.update(x509Certificates[0].getEncoded());
-            byte[] data = sha.digest();
-
-            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
-        } catch (CertificateEncodingException e) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-        } catch (NoSuchAlgorithmException e) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-        }
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-    }
-
-    //todo common method
-    protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        String valueType;
-        if (useSingleCertificate) {
-            valueType = WSSConstants.NS_X509_V3_TYPE;
-        } else {
-            valueType = WSSConstants.NS_X509PKIPathv1;
-        }
-        attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-        if (embed) {
-            createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
-        }
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-    }
-
-    //todo common method
-    protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        String valueType;
-        if (useSingleCertificate) {
-            valueType = WSSConstants.NS_X509_V3_TYPE;
-        } else {
-            valueType = WSSConstants.NS_X509PKIPathv1;
-        }
-        attributes.put(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, valueType);
-        attributes.put(WSSConstants.ATT_wsu_Id, referenceId);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, attributes);
-        try {
-            if (useSingleCertificate) {
-                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
-            } else {
-                try {
-                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
-                    List<X509Certificate> certificates = Arrays.asList(x509Certificates);
-                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
-                } catch (CertificateException e) {
-                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                } catch (NoSuchProviderException e) {
-                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
-                }
-            }
-        } catch (CertificateEncodingException e) {
-            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_SIGNATURE, e);
-        }
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
-    }
-
-    //todo common method
-    protected void createEmbeddedKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, XMLSecurityConstants.TokenType tokenType, String referenceId) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        if (tokenType.equals(WSSConstants.Saml10Token) || tokenType.equals(WSSConstants.Saml11Token)) {
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE);
-        } else if (tokenType.equals(WSSConstants.Saml20Token)) {
-            attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE);
-        }
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, attributes);
-        createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
-    }
-
-    //todo common method
-    protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        attributes.put(WSSConstants.ATT_NULL_URI, "#" + referenceId);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-    }
-
-    //todo common method:
-    protected void createUsernameTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, XMLSecurityException {
-        Map<QName, String> attributes = new HashMap<QName, String>();
-        attributes.put(WSSConstants.ATT_NULL_URI, "#" + tokenId);
-        attributes.put(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
-        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
-        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
-    }
-
     protected void createTransformsStructureForSignature(OutputProcessorChain subOutputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
         Map<QName, String> attributes;
         if (signaturePartDef.getTransformAlgo() != null) {

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SignatureOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -57,7 +57,7 @@ public class SignatureOutputProcessor ex
 
             //avoid double signature when child elements matches too
             if (getActiveInternalSignatureOutputProcessor() == null) {
-                SecurePart securePart = securePartMatches(startElement, outputProcessorChain);
+                SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getSignatureSecureParts());
                 if (securePart != null) {
 
                     logger.debug("Matched securePart for signature");

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java?rev=1196546&r1=1196545&r2=1196546&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractBufferingOutputProcessor.java Wed Nov  2 11:40:54 2011
@@ -21,6 +21,7 @@ package org.swssf.xmlsec.ext;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.XMLEvent;
 import java.util.ArrayDeque;
+import java.util.Deque;
 
 /**
  * An abstract OutputProcessor class for reusabilty
@@ -37,15 +38,15 @@ public abstract class AbstractBufferingO
         super(securityProperties, action);
     }
 
-    public ArrayDeque<XMLEvent> getXmlEventBuffer() {
+    public Deque<XMLEvent> getXmlEventBuffer() {
         return xmlEventBuffer;
     }
 
-    protected String getAppendAfterThisTokenId() {
+    public String getAppendAfterThisTokenId() {
         return appendAfterThisTokenId;
     }
 
-    protected void setAppendAfterThisTokenId(String appendAfterThisTokenId) {
+    public void setAppendAfterThisTokenId(String appendAfterThisTokenId) {
         this.appendAfterThisTokenId = appendAfterThisTokenId;
     }
 
@@ -57,5 +58,5 @@ public abstract class AbstractBufferingO
     @Override
     public abstract void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
 
-    protected abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
+    public abstract void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException;
 }



Mime
View raw message