ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1466831 - in /webservices/wss4j/trunk/ws-security-stax/src: main/java/org/apache/wss4j/stax/ext/ main/java/org/apache/wss4j/stax/impl/ test/java/org/apache/wss4j/stax/test/
Date Thu, 11 Apr 2013 10:38:35 GMT
Author: coheigea
Date: Thu Apr 11 10:38:34 2013
New Revision: 1466831

URL: http://svn.apache.org/r1466831
Log:
Add a way to disable all BSP rules for the StaX code

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
Thu Apr 11 10:38:34 2013
@@ -127,6 +127,7 @@ public class InboundWSSec {
         securityContextImpl.putList(SecurityEvent.class, requestSecurityEvents);
         securityContextImpl.addSecurityEventListener(securityEventListener);
         securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
+        securityContextImpl.setDisableBSPEnforcement(this.securityProperties.isDisableBSPEnforcement());
 
         if (!requestSecurityEvents.isEmpty()) {
             try {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Thu Apr 11 10:38:34 2013
@@ -55,6 +55,7 @@ public class WSSSecurityProperties exten
     private String actor;
     private CallbackHandler callbackHandler;
     private final List<BSPRule> ignoredBSPRules = new LinkedList<BSPRule>();
+    private boolean disableBSPEnforcement;
     private final Map<QName, Validator> validators = new HashMap<QName, Validator>();
 
     private Integer timestampTTL = 300;
@@ -104,6 +105,7 @@ public class WSSSecurityProperties exten
         this.actor = wssSecurityProperties.actor;
         this.callbackHandler = wssSecurityProperties.callbackHandler;
         this.ignoredBSPRules.addAll(wssSecurityProperties.ignoredBSPRules);
+        this.disableBSPEnforcement = wssSecurityProperties.disableBSPEnforcement;
         this.validators.putAll(wssSecurityProperties.validators);
         this.timestampTTL = wssSecurityProperties.timestampTTL;
         this.timeStampFutureTTL = wssSecurityProperties.timeStampFutureTTL;
@@ -681,5 +683,13 @@ public class WSSSecurityProperties exten
         
         return nonceReplayCache;
     }
+
+    public boolean isDisableBSPEnforcement() {
+        return disableBSPEnforcement;
+    }
+
+    public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+        this.disableBSPEnforcement = disableBSPEnforcement;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
Thu Apr 11 10:38:34 2013
@@ -49,6 +49,7 @@ public class InboundWSSecurityContextImp
     private final Deque<SecurityEvent> securityEventQueue = new ArrayDeque<SecurityEvent>();
     private boolean operationSecurityEventOccured = false;
     private boolean messageEncryptionTokenOccured = false;
+    private boolean disableBSPEnforcement;
 
     private List<BSPRule> ignoredBSPRules = Collections.emptyList();
 
@@ -533,6 +534,9 @@ public class InboundWSSecurityContextImp
 
     @Override
     public void handleBSPRule(BSPRule bspRule) throws WSSecurityException {
+        if (disableBSPEnforcement) {
+            return;
+        }
         if (!ignoredBSPRules.contains(bspRule)) {
             throw new WSSecurityException(
                     WSSecurityException.ErrorCode.INVALID_SECURITY,
@@ -547,4 +551,12 @@ public class InboundWSSecurityContextImp
     public void ignoredBSPRules(List<BSPRule> bspRules) {
         ignoredBSPRules = new ArrayList<BSPRule>(bspRules);
     }
+
+    public boolean isDisableBSPEnforcement() {
+        return disableBSPEnforcement;
+    }
+
+    public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+        this.disableBSPEnforcement = disableBSPEnforcement;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Thu Apr 11 10:38:34 2013
@@ -431,6 +431,53 @@ public class SignatureTest extends Abstr
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
         }
     }
+    
+    /**
+     * Since WSS4J hardcoded the C14N algo for References, we test against our framework
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testSignatureC14NInclusivePartsInbound_DisableAllBSPRules() throws Exception
{
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+            securityProperties.setOutAction(actions);
+            securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+            securityProperties.setSignatureUser("transmitter");
+            securityProperties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/1999/XMLSchema",
"complexType"), SecurePart.Modifier.Element));
+            securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+            XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new
ArrayList<SecurityEvent>());
+            XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+            XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+            xmlStreamWriter.close();
+
+            Document securedDocument = documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+            NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+        }
+
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.setDisableBSPEnforcement(true);
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+            Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(),
xmlStreamReader);
+
+            //header element must still be there
+            NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 1);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+        }
+    }
 
     @Test
     public void testSignatureKeyIdentifierIssuerSerialOutbound() throws Exception {



Mime
View raw message