Author: coheigea
Date: Mon Jun 17 16:03:17 2013
New Revision: 1493827
URL: http://svn.apache.org/r1493827
Log:
Support the ability to disable encrypting a symmetric key plus some misc stuff to support
SymmetricBinding policies
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Mon Jun 17 16:03:17 2013
@@ -421,6 +421,10 @@ public final class ConfigurationConverte
boolean enableNonceCache =
decodeBooleanConfigValue(ConfigurationConstants.ENABLE_NONCE_CACHE, true, config);
properties.setEnableNonceReplayCache(enableNonceCache);
+
+ boolean encryptSymmetricEncryptionKey =
+ decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY, true, config);
+ properties.setEncryptSymmetricEncrytionKey(encryptSymmetricEncryptionKey);
}
private static void parseNonBooleanProperties(
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Mon Jun 17 16:03:17 2013
@@ -139,12 +139,14 @@ public class WSSec {
if (securityProperties.getEncryptionUseThisCertificate() == null
&& securityProperties.getEncryptionKeyStore() == null
&& securityProperties.getEncryptionCryptoProperties() ==
null
- && !securityProperties.isUseReqSigCertForEncryption()) {
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
}
if (securityProperties.getEncryptionUser() == null
&& securityProperties.getEncryptionUseThisCertificate() ==
null
- && !securityProperties.isUseReqSigCertForEncryption()) {
+ && !securityProperties.isUseReqSigCertForEncryption()
+ && securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noEncryptionUser");
}
if (securityProperties.getEncryptionSymAlgorithm() == null) {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Mon Jun 17 16:03:17 2013
@@ -152,12 +152,14 @@ public class OutboundWSSec {
initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor,
action);
} else if (WSSConstants.ENCRYPT.equals(action)) {
- final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor
=
+ if (securityProperties.isEncryptSymmetricEncrytionKey()) {
+ final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor
=
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor,
action);
+ initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor,
action);
- final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
+ final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
+ }
final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor,
action);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Mon Jun 17 16:03:17 2013
@@ -68,6 +68,7 @@ public class WSSSecurityProperties exten
private Integer derivedKeyIterations = 1000;
private boolean addUsernameTokenNonce;
private boolean addUsernameTokenCreated;
+ private boolean encryptSymmetricEncrytionKey = true;
/**
* This variable controls whether types other than PasswordDigest or PasswordText
@@ -156,6 +157,7 @@ public class WSSSecurityProperties exten
this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
+ this.encryptSymmetricEncrytionKey = wssSecurityProperties.encryptSymmetricEncrytionKey;
}
/**
@@ -839,5 +841,13 @@ public class WSSSecurityProperties exten
public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
this.enableNonceReplayCache = enableNonceReplayCache;
}
+
+ public boolean isEncryptSymmetricEncrytionKey() {
+ return encryptSymmetricEncrytionKey;
+ }
+
+ public void setEncryptSymmetricEncrytionKey(boolean encryptSymmetricEncrytionKey) {
+ this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -45,7 +45,8 @@ public class EncryptEndingOutputProcesso
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException,
XMLSecurityException {
OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
}
}
@@ -65,7 +66,8 @@ public class EncryptEndingOutputProcesso
case XMLStreamConstants.START_ELEMENT:
if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
WSSUtils.updateSecurityHeaderOrder(
outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList,
getAction(), true);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -117,7 +117,7 @@ public class EncryptOutputProcessor exte
}
/**
- * Processor which handles the effective enryption of the data
+ * Processor which handles the effective encryption of the data
*/
class InternalEncryptionOutputProcessor extends AbstractInternalEncryptionOutputProcessor
{
@@ -207,12 +207,17 @@ public class EncryptOutputProcessor exte
@Override
protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo,
true, null);
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(
((WSSSecurityProperties) getSecurityProperties()).getEncryptionKeyIdentifier()))
{
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+ attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
false, attributes);
+
WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain,
getEncryptionPartDef().getSymmetricKey());
} else {
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
+
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference,
false, attributes);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Mon Jun 17 16:03:17 2013
@@ -111,7 +111,7 @@ public class SecurityHeaderReorderProces
subOutputProcessorChain.reset();
subOutputProcessorChain.processEvent(event);
}
- //remove the actual header so that it won't be outputted twice
in the loop below
+ //remove the actual header so that it won't be output twice in
the loop below
entryIterator.remove();
}
//... the action is encryption and...
|