ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1493827 - in /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax: ./ ext/ impl/processor/output/
Date Mon, 17 Jun 2013 16:03:17 GMT
Author: coheigea
Date: Mon Jun 17 16:03:17 2013
New Revision: 1493827

URL: http://svn.apache.org/r1493827
Log:
Support the ability to disable encrypting a symmetric key plus some misc stuff to support
SymmetricBinding policies

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Mon Jun 17 16:03:17 2013
@@ -421,6 +421,10 @@ public final class ConfigurationConverte
         boolean enableNonceCache = 
             decodeBooleanConfigValue(ConfigurationConstants.ENABLE_NONCE_CACHE, true, config);
         properties.setEnableNonceReplayCache(enableNonceCache);
+        
+        boolean encryptSymmetricEncryptionKey = 
+            decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY, true, config);
+        properties.setEncryptSymmetricEncrytionKey(encryptSymmetricEncryptionKey);
     }
     
     private static void parseNonBooleanProperties(

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Mon Jun 17 16:03:17 2013
@@ -139,12 +139,14 @@ public class WSSec {
                 if (securityProperties.getEncryptionUseThisCertificate() == null
                         && securityProperties.getEncryptionKeyStore() == null
                         && securityProperties.getEncryptionCryptoProperties() ==
null
-                        && !securityProperties.isUseReqSigCertForEncryption()) {
+                        && !securityProperties.isUseReqSigCertForEncryption()
+                        && securityProperties.isEncryptSymmetricEncrytionKey()) {
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
                 }
                 if (securityProperties.getEncryptionUser() == null
                         && securityProperties.getEncryptionUseThisCertificate() ==
null
-                        && !securityProperties.isUseReqSigCertForEncryption()) {
+                        && !securityProperties.isUseReqSigCertForEncryption()
+                        && securityProperties.isEncryptSymmetricEncrytionKey()) {
                     throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noEncryptionUser");
                 }
                 if (securityProperties.getEncryptionSymAlgorithm() == null) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Mon Jun 17 16:03:17 2013
@@ -152,12 +152,14 @@ public class OutboundWSSec {
                     initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor,
action);
 
                 } else if (WSSConstants.ENCRYPT.equals(action)) {
-                    final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor
=
+                    if (securityProperties.isEncryptSymmetricEncrytionKey()) {
+                        final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor
=
                             new BinarySecurityTokenOutputProcessor();
-                    initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor,
action);
+                        initializeOutputProcessor(outputProcessorChain, binarySecurityTokenOutputProcessor,
action);
 
-                    final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
-                    initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
+                        final EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = new
EncryptedKeyOutputProcessor();
+                        initializeOutputProcessor(outputProcessorChain, encryptedKeyOutputProcessor,
action);
+                    }
 
                     final EncryptOutputProcessor encryptOutputProcessor = new EncryptOutputProcessor();
                     initializeOutputProcessor(outputProcessorChain, encryptOutputProcessor,
action);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Mon Jun 17 16:03:17 2013
@@ -68,6 +68,7 @@ public class WSSSecurityProperties exten
     private Integer derivedKeyIterations = 1000;
     private boolean addUsernameTokenNonce;
     private boolean addUsernameTokenCreated;
+    private boolean encryptSymmetricEncrytionKey = true;
 
     /**
      * This variable controls whether types other than PasswordDigest or PasswordText
@@ -156,6 +157,7 @@ public class WSSSecurityProperties exten
         this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
         this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
         this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
+        this.encryptSymmetricEncrytionKey = wssSecurityProperties.encryptSymmetricEncrytionKey;
     }
 
     /**
@@ -839,5 +841,13 @@ public class WSSSecurityProperties exten
     public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
         this.enableNonceReplayCache = enableNonceReplayCache;
     }
+
+    public boolean isEncryptSymmetricEncrytionKey() {
+        return encryptSymmetricEncrytionKey;
+    }
+
+    public void setEncryptSymmetricEncrytionKey(boolean encryptSymmetricEncrytionKey) {
+        this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -45,7 +45,8 @@ public class EncryptEndingOutputProcesso
     @Override
     public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException,
XMLSecurityException {
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);
-        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+            || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
             WSSUtils.createReferenceListStructureForEncryption(this, subOutputProcessorChain);
         }
     }
@@ -65,7 +66,8 @@ public class EncryptEndingOutputProcesso
                 case XMLStreamConstants.START_ELEMENT:
                     if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
 
-                        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+                        if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+                            || !((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
                             WSSUtils.updateSecurityHeaderOrder(
                                     outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList,
getAction(), true);                            
                         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -117,7 +117,7 @@ public class EncryptOutputProcessor exte
     }
 
     /**
-     * Processor which handles the effective enryption of the data
+     * Processor which handles the effective encryption of the data
      */
     class InternalEncryptionOutputProcessor extends AbstractInternalEncryptionOutputProcessor
{
 
@@ -207,12 +207,17 @@ public class EncryptOutputProcessor exte
         @Override
         protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
             createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo,
true, null);
-            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
 
             if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(
                     ((WSSSecurityProperties) getSecurityProperties()).getEncryptionKeyIdentifier()))
{
+                List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
+                attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
+                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
false, attributes);
+                
                 WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain,
getEncryptionPartDef().getSymmetricKey());
             } else {
+                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
+                
                 List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
                 attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
                 createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference,
false, attributes);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Mon Jun 17 16:03:17 2013
@@ -111,7 +111,7 @@ public class SecurityHeaderReorderProces
                                 subOutputProcessorChain.reset();
                                 subOutputProcessorChain.processEvent(event);
                             }
-                            //remove the actual header so that it won't be outputted twice
in the loop below
+                            //remove the actual header so that it won't be output twice in
the loop below
                             entryIterator.remove();
                         }
                         //... the action is encryption and...



Mime
View raw message