ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1665531 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/ ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/ ws-security-stax/src/...
Date Tue, 10 Mar 2015 13:22:36 GMT
Author: coheigea
Date: Tue Mar 10 13:22:36 2015
New Revision: 1665531

URL: http://svn.apache.org/r1665531
Log:
Refactoring the actions

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/AbstractDerivedAction.java
Tue Mar 10 13:22:36 2015
@@ -19,27 +19,25 @@
 
 package org.apache.wss4j.dom.action;
 
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.apache.wss4j.common.SignatureEncryptionActionToken;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.WSSecDerivedKeyBase;
+import org.apache.wss4j.dom.message.WSSecEncryptedKey;
+import org.apache.wss4j.dom.message.token.SecurityContextToken;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
 
 public abstract class AbstractDerivedAction {
     
     protected Node findEncryptedKeySibling(RequestData reqData) {
         Element secHeader = reqData.getSecHeader().getSecurityHeader();
-        Node firstChild = secHeader.getFirstChild();
-        while (firstChild != null) {
-            if (firstChild instanceof Element && 
-                WSConstants.ENC_NS.equals(((Element)firstChild).getNamespaceURI())
-                && "EncryptedKey".equals(((Element)firstChild).getLocalName())
-                && firstChild.getNextSibling() != null) {
-                return firstChild.getNextSibling();
-            }
-            firstChild = firstChild.getNextSibling();
-        }
-        return null;
+        return findSibling(secHeader, WSConstants.ENC_NS, "EncryptedKey");
     }
     
     protected Node findSCTSibling(RequestData reqData) {
@@ -48,11 +46,18 @@ public abstract class AbstractDerivedAct
             namespace = ConversationConstants.WSC_NS_05_02;
         }
         Element secHeader = reqData.getSecHeader().getSecurityHeader();
+        return findSibling(secHeader, namespace, "SecurityContextToken");
+    }
+    
+    protected Node findSibling(Element secHeader, String namespace, String localName) {
+        if (secHeader == null) {
+            return null;
+        }
         Node firstChild = secHeader.getFirstChild();
         while (firstChild != null) {
             if (firstChild instanceof Element && 
                 namespace.equals(((Element)firstChild).getNamespaceURI())
-                && "SecurityContextToken".equals(((Element)firstChild).getLocalName())
+                && localName.equals(((Element)firstChild).getLocalName())
                 && firstChild.getNextSibling() != null) {
                 return firstChild.getNextSibling();
             }
@@ -61,4 +66,88 @@ public abstract class AbstractDerivedAct
         return null;
     }
 
+    protected Element setupSCTReference(WSSecDerivedKeyBase derivedKeyBase,
+                                        WSPasswordCallback passwordCallback,
+                                        SignatureEncryptionActionToken actionToken,
+                                        SignatureEncryptionActionToken previousActionToken,
+                                        boolean use200512Namespace,
+                                        Document doc) throws WSSecurityException {
+        if (use200512Namespace) {
+            derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT_05_12);
+        } else {
+            derivedKeyBase.setCustomValueType(WSConstants.WSC_SCT);
+        }
+
+        // See if a previous derived action has already set up a SecurityContextToken
+        if (previousActionToken != null && previousActionToken.getKey() != null
+            && previousActionToken.getKeyIdentifier() != null) {
+            byte[] secret = previousActionToken.getKey();
+            String tokenIdentifier = previousActionToken.getKeyIdentifier();
+            derivedKeyBase.setExternalKey(secret, tokenIdentifier);
+            return null;
+        }  else {
+            String tokenIdentifier = IDGenerator.generateID("uuid:");
+            derivedKeyBase.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
+
+            actionToken.setKey(passwordCallback.getKey());
+            actionToken.setKeyIdentifier(tokenIdentifier);
+
+            int version = ConversationConstants.VERSION_05_12;
+            if (!use200512Namespace) {
+                version = ConversationConstants.VERSION_05_02;
+            }
+
+            SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
+            return sct.getElement();
+        }
+    }
+    
+    protected Element setupEKReference(WSSecDerivedKeyBase derivedKeyBase,
+                                        WSPasswordCallback passwordCallback,
+                                        SignatureEncryptionActionToken actionToken,
+                                        SignatureEncryptionActionToken previousActionToken,
+                                        boolean use200512Namespace,
+                                        Document doc,
+                                        String keyTransportAlgorithm,
+                                        String mgfAlgorithm) throws WSSecurityException {
+        derivedKeyBase.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+        
+        // See if a previous derived action has already set up an EncryptedKey
+        if (previousActionToken != null && previousActionToken.getKey() != null
+            && previousActionToken.getKeyIdentifier() != null) {
+            byte[] ek = previousActionToken.getKey();
+            String tokenIdentifier = previousActionToken.getKeyIdentifier();
+            derivedKeyBase.setExternalKey(ek, tokenIdentifier);
+            return null;
+        } else {
+            WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+            encrKeyBuilder.setUserInfo(actionToken.getUser());
+            if (actionToken.getDerivedKeyIdentifier() != 0) {
+                encrKeyBuilder.setKeyIdentifierType(actionToken.getDerivedKeyIdentifier());
+            } else {
+                encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+            }
+            
+            if (actionToken.getDigestAlgorithm() != null) {
+                encrKeyBuilder.setDigestAlgorithm(actionToken.getDigestAlgorithm());
+            }
+            if (keyTransportAlgorithm != null) {
+                encrKeyBuilder.setKeyEncAlgo(keyTransportAlgorithm);
+            }
+            if (mgfAlgorithm != null) {
+                encrKeyBuilder.setMGFAlgorithm(mgfAlgorithm);
+            }
+            
+            encrKeyBuilder.prepare(doc, actionToken.getCrypto());
+
+            byte[] ek = encrKeyBuilder.getEphemeralKey();
+            String tokenIdentifier = encrKeyBuilder.getId();
+
+            actionToken.setKey(ek);
+            actionToken.setKeyIdentifier(tokenIdentifier);
+           
+            derivedKeyBase.setExternalKey(ek, tokenIdentifier);
+            return encrKeyBuilder.getEncryptedKeyElement();
+        }
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
Tue Mar 10 13:22:36 2015
@@ -33,10 +33,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandler;
 import org.apache.wss4j.dom.message.WSSecDKEncrypt;
-import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.message.token.SecurityContextToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -91,10 +88,7 @@ public class EncryptionDerivedAction ext
             if (parts != null && !parts.isEmpty()) {
                 wsEncrypt.getParts().addAll(parts);
             } else {
-                WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
-                        .getBodyQName().getLocalPart(), reqData.getSoapConstants()
-                        .getEnvelopeURI(), "Content");
-                wsEncrypt.getParts().add(encP);
+                wsEncrypt.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
             }
             
             wsEncrypt.prepare(doc);
@@ -138,74 +132,12 @@ public class EncryptionDerivedAction ext
         String derivedKeyTokenReference = encryptionToken.getDerivedKeyTokenReference();
         
         if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
-            if (reqData.isUse200512Namespace()) {
-                wsEncrypt.setCustomValueType(WSConstants.WSC_SCT_05_12);
-            } else {
-                wsEncrypt.setCustomValueType(WSConstants.WSC_SCT);
-            }
-            
-            // See if a SignatureDerivedAction has already set up a SecurityContextToken
-            if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey()
!= null
-                && reqData.getSignatureToken().getKeyIdentifier() != null) {
-                byte[] secret = reqData.getSignatureToken().getKey();
-                String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
-                wsEncrypt.setExternalKey(secret, tokenIdentifier);
-                return null;
-            }  else {
-                String tokenIdentifier = IDGenerator.generateID("uuid:");
-                wsEncrypt.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
-                
-                encryptionToken.setKey(passwordCallback.getKey());
-                encryptionToken.setKeyIdentifier(tokenIdentifier);
-                
-                int version = ConversationConstants.VERSION_05_12;
-                if (!reqData.isUse200512Namespace()) {
-                    version = ConversationConstants.VERSION_05_02;
-                }
-                
-                SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
-                return sct.getElement();
-            }
+            return setupSCTReference(wsEncrypt, passwordCallback, encryptionToken, reqData.getSignatureToken(),
+                                     reqData.isUse200512Namespace(), doc);
         } else {
-            wsEncrypt.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-            // See if a SignatureDerivedAction has already set up an EncryptedKey
-            if (reqData.getSignatureToken() != null && reqData.getSignatureToken().getKey()
!= null
-                && reqData.getSignatureToken().getKeyIdentifier() != null) {
-                byte[] ek = reqData.getSignatureToken().getKey();
-                String tokenIdentifier = reqData.getSignatureToken().getKeyIdentifier();
-                wsEncrypt.setExternalKey(ek, tokenIdentifier);
-                return null;
-            } else {
-                WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
-                encrKeyBuilder.setUserInfo(encryptionToken.getUser());
-                if (encryptionToken.getDerivedKeyIdentifier() != 0) {
-                    encrKeyBuilder.setKeyIdentifierType(encryptionToken.getDerivedKeyIdentifier());
-                } else {
-                    encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
-                }
-                
-                if (encryptionToken.getKeyTransportAlgorithm() != null) {
-                    encrKeyBuilder.setKeyEncAlgo(encryptionToken.getKeyTransportAlgorithm());
-                }
-                if (encryptionToken.getDigestAlgorithm() != null) {
-                    encrKeyBuilder.setDigestAlgorithm(encryptionToken.getDigestAlgorithm());
-                }
-                if (encryptionToken.getMgfAlgorithm() != null) {
-                    encrKeyBuilder.setMGFAlgorithm(encryptionToken.getMgfAlgorithm());
-                }
-                
-                encrKeyBuilder.prepare(doc, encryptionToken.getCrypto());
-
-                byte[] ek = encrKeyBuilder.getEphemeralKey();
-                String tokenIdentifier = encrKeyBuilder.getId();
-                wsEncrypt.setExternalKey(ek, tokenIdentifier);
-                
-                encryptionToken.setKey(ek);
-                encryptionToken.setKeyIdentifier(tokenIdentifier);
-                
-                return encrKeyBuilder.getEncryptedKeyElement();
-            }
-
+            return setupEKReference(wsEncrypt, passwordCallback, encryptionToken, reqData.getSignatureToken(),
+                                     reqData.isUse200512Namespace(), doc, encryptionToken.getKeyTransportAlgorithm(),
+                                     encryptionToken.getMgfAlgorithm());
         }
     }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
Tue Mar 10 13:22:36 2015
@@ -45,12 +45,10 @@ public class SAMLTokenSignedAction imple
                         Document doc, RequestData reqData)
             throws WSSecurityException {
         Crypto crypto = null;
-        /*
-        * it is possible and legal that we do not have a signature
-        * crypto here - thus ignore the exception. This is usually
-        * the case for the SAML option "sender vouches". In this case
-        * no user crypto is required.
-        */
+        
+        // it is possible and legal that we do not have a signature crypto here - thus ignore
the exception. 
+        // This is usually the case for the SAML option "sender vouches". In this case no
user crypto is
+        // required.
         try {
             crypto = handler.loadSignatureCrypto(reqData);
         } catch (Exception ex) {
@@ -115,12 +113,6 @@ public class SAMLTokenSignedAction imple
             wsSign.setSigCanonicalization(signatureToken.getC14nAlgorithm());
         }
 
-         /*
-         * required to add support for the 
-         * signatureParts parameter.
-         * If not set WSSecSignatureSAML
-         * defaults to only sign the body.
-         */
         if (signatureToken.getParts().size() > 0) {
             wsSign.getParts().addAll(signatureToken.getParts());
         }
@@ -136,7 +128,8 @@ public class SAMLTokenSignedAction imple
                     reqData.getSecHeader());
             reqData.getSignatureValues().add(wsSign.getSignatureValue());
         } catch (WSSecurityException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
e, "Error when signing the SAML token: ");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
e, 
+                                          "Error when signing the SAML token: ");
         }
     }
 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
Tue Mar 10 13:22:36 2015
@@ -33,6 +33,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandler;
 import org.apache.wss4j.dom.message.WSSecSignature;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -134,11 +135,8 @@ public class SignatureAction implements
             
             List<WSEncryptionPart> parts = signatureToken.getParts();
             if (parts == null || parts.isEmpty()) {
-                WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
-                        .getBodyQName().getLocalPart(), reqData.getSoapConstants()
-                        .getEnvelopeURI(), "Content");
-                parts = new ArrayList<>();
-                parts.add(encP);
+                parts = new ArrayList<>(1);
+                parts.add(WSSecurityUtil.getDefaultEncryptionPart(doc));
             }
             
             List<javax.xml.crypto.dsig.Reference> referenceList =

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
Tue Mar 10 13:22:36 2015
@@ -30,10 +30,8 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.message.WSSecSignatureConfirmation;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 
-import java.util.ArrayList;
 import java.util.List;
 
 public class SignatureConfirmationAction implements Action {
@@ -52,25 +50,10 @@ public class SignatureConfirmationAction
             (List<WSHandlerResult>) handler.getProperty(
                 reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS
             );
-        if (results == null) {
+        if (results == null || results.isEmpty()) {
             return;
         }
-        //
-        // Loop over all the (signature) results gathered by all the processors, and store
-        // them in a list.
-        //
-        final List<Integer> actions = new ArrayList<>(3);
-        actions.add(WSConstants.SIGN);
-        actions.add(WSConstants.ST_SIGNED);
-        actions.add(WSConstants.UT_SIGN);
-        List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
-        for (WSHandlerResult wshResult : results) {
-            List<WSSecurityEngineResult> resultList = wshResult.getResults();
-
-            signatureActions.addAll(
-                WSSecurityUtil.fetchAllActionResults(resultList, actions)
-            );
-        }
+        
         //
         // prepare a SignatureConfirmation token
         //
@@ -80,18 +63,29 @@ public class SignatureConfirmationAction
             signatureToken = reqData.getSignatureToken();
         }
         List<WSEncryptionPart> signatureParts = signatureToken.getParts();
-        if (signatureActions.size() > 0) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Signature Confirmation: number of Signature results: "
-                        + signatureActions.size());
-            }
-            for (int i = 0; i < signatureActions.size(); i++) {
-                WSSecurityEngineResult wsr = signatureActions.get(i);
-                byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
-                wsc.build(doc, sigVal, reqData.getSecHeader());
-                signatureParts.add(new WSEncryptionPart(wsc.getId()));
+        
+        //
+        // Loop over all the (signature) results gathered by all the processors
+        //
+        boolean signatureAdded = false;
+        for (WSHandlerResult wshResult : results) {
+            List<WSSecurityEngineResult> resultList = wshResult.getResults();
+
+            for (WSSecurityEngineResult result : resultList) {
+                int resultAction = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+                
+                // See if it's a signature action
+                if (WSConstants.SIGN == resultAction || WSConstants.ST_SIGNED == resultAction
+                    || WSConstants.UT_SIGN == resultAction) {
+                    byte[] sigVal = (byte[]) result.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+                    wsc.build(doc, sigVal, reqData.getSecHeader());
+                    signatureParts.add(new WSEncryptionPart(wsc.getId()));
+                    signatureAdded = true;
+                }
             }
-        } else {
+        }
+
+        if (!signatureAdded) {
             wsc.build(doc, null, reqData.getSecHeader());
             signatureParts.add(new WSEncryptionPart(wsc.getId()));
         }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
Tue Mar 10 13:22:36 2015
@@ -34,10 +34,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandler;
 import org.apache.wss4j.dom.message.WSSecDKSign;
-import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.message.token.SecurityContextToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -94,10 +91,7 @@ public class SignatureDerivedAction exte
             if (parts != null && !parts.isEmpty()) {
                 wsSign.getParts().addAll(parts);
             } else {
-                WSEncryptionPart encP = new WSEncryptionPart(reqData.getSoapConstants()
-                        .getBodyQName().getLocalPart(), reqData.getSoapConstants()
-                        .getEnvelopeURI(), "Content");
-                wsSign.getParts().add(encP);
+                wsSign.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
             }
             
             wsSign.prepare(doc, reqData.getSecHeader());
@@ -146,62 +140,11 @@ public class SignatureDerivedAction exte
         String derivedKeyTokenReference = signatureToken.getDerivedKeyTokenReference();
 
         if ("EncryptedKey".equals(derivedKeyTokenReference)) {
-            wsSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
-            // See if an EncryptionAction has already set up an EncryptedKey
-            if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey()
!= null
-                && reqData.getEncryptionToken().getKeyIdentifier() != null) {
-                byte[] ek = reqData.getEncryptionToken().getKey();
-                String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
-                wsSign.setExternalKey(ek, tokenIdentifier);
-                return null;
-            } else {
-                WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
-                encrKeyBuilder.setUserInfo(signatureToken.getUser());
-                if (signatureToken.getDerivedKeyIdentifier() != 0) {
-                    encrKeyBuilder.setKeyIdentifierType(signatureToken.getDerivedKeyIdentifier());
-                } else {
-                    encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
-                }
-                encrKeyBuilder.prepare(doc, signatureToken.getCrypto());
-
-                byte[] ek = encrKeyBuilder.getEphemeralKey();
-                String tokenIdentifier = encrKeyBuilder.getId();
-
-                signatureToken.setKey(ek);
-                signatureToken.setKeyIdentifier(tokenIdentifier);
-               
-                wsSign.setExternalKey(ek, tokenIdentifier);
-                return encrKeyBuilder.getEncryptedKeyElement();
-            }
+            return setupEKReference(wsSign, passwordCallback, signatureToken, reqData.getEncryptionToken(),
+                                     reqData.isUse200512Namespace(), doc, null, null);
         } else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
-            if (reqData.isUse200512Namespace()) {
-                wsSign.setCustomValueType(WSConstants.WSC_SCT_05_12);
-            } else {
-                wsSign.setCustomValueType(WSConstants.WSC_SCT);
-            }
-            
-            // See if a EncryptionDerivedAction has already set up a SecurityContextToken
-            if (reqData.getEncryptionToken() != null && reqData.getEncryptionToken().getKey()
!= null
-                && reqData.getEncryptionToken().getKeyIdentifier() != null) {
-                byte[] secret = reqData.getEncryptionToken().getKey();
-                String tokenIdentifier = reqData.getEncryptionToken().getKeyIdentifier();
-                wsSign.setExternalKey(secret, tokenIdentifier);
-                return null;
-            }  else {
-                String tokenIdentifier = IDGenerator.generateID("uuid:");
-                wsSign.setExternalKey(passwordCallback.getKey(), tokenIdentifier);
-                
-                signatureToken.setKey(passwordCallback.getKey());
-                signatureToken.setKeyIdentifier(tokenIdentifier);
-                
-                int version = ConversationConstants.VERSION_05_12;
-                if (!reqData.isUse200512Namespace()) {
-                    version = ConversationConstants.VERSION_05_02;
-                }
-                
-                SecurityContextToken sct = new SecurityContextToken(version, doc, tokenIdentifier);
-                return sct.getElement();
-            }
+            return setupSCTReference(wsSign, passwordCallback, signatureToken, reqData.getEncryptionToken(),
+                                     reqData.isUse200512Namespace(), doc);
         } else {
             // DirectReference
 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
Tue Mar 10 13:22:36 2015
@@ -24,7 +24,6 @@ import java.util.List;
 
 import javax.security.auth.callback.CallbackHandler;
 
-import org.apache.wss4j.dom.SOAPConstants;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.common.SecurityActionToken;
 import org.apache.wss4j.common.SignatureActionToken;
@@ -118,14 +117,8 @@ public class UsernameTokenSignedAction i
         if (signatureToken.getParts().size() > 0) {
             parts = signatureToken.getParts();
         } else {
-            SOAPConstants soapConstants = reqData.getSoapConstants();
-            if (soapConstants == null) {
-                soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
-            }
-            parts = new ArrayList<>();
-            WSEncryptionPart encP = 
-                new WSEncryptionPart(WSConstants.ELEM_BODY, soapConstants.getEnvelopeURI(),
"Content");
-            parts.add(encP);
+            parts = new ArrayList<>(1);
+            parts.add(WSSecurityUtil.getDefaultEncryptionPart(doc));
         }
         List<javax.xml.crypto.dsig.Reference> referenceList = 
             sign.addReferencesToSign(parts, reqData.getSecHeader());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
Tue Mar 10 13:22:36 2015
@@ -24,9 +24,11 @@ import java.util.Arrays;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
@@ -255,15 +257,17 @@ public abstract class WSHandler {
         if (wssConfig.isEnableSignatureConfirmation() 
             && isRequest && reqData.getSignatureValues().size() > 0) {
             @SuppressWarnings("unchecked")
-            List<byte[]> savedSignatures = 
-                (List<byte[]>)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+            Set<Integer> savedSignatures = 
+                (Set<Integer>)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
             if (savedSignatures == null) {
-                savedSignatures = new ArrayList<>();
+                savedSignatures = new HashSet<>();
                 setProperty(
                     reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV, savedSignatures
                 );
             }
-            savedSignatures.addAll(reqData.getSignatureValues());
+            for (byte[] signatureValue : reqData.getSignatureValues()) {
+                savedSignatures.add(Arrays.hashCode(signatureValue));
+            }
         }
     }
     
@@ -420,8 +424,8 @@ public abstract class WSHandler {
         //
         // First get all Signature values stored during sending the request
         //
-        List<byte[]> savedSignatures = 
-            (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
+        Set<Integer> savedSignatures = 
+            (Set<Integer>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
         //
         // Now get all results that hold a SignatureConfirmation element from
         // the current run of receiver (we can have more than one run: if we
@@ -456,16 +460,10 @@ public abstract class WSHandler {
                         );
                     }
                 } else {
-                    boolean found = false;
-                    for (int j = 0; j < savedSignatures.size(); j++) {
-                        byte[] storedValue = savedSignatures.get(j);
-                        if (Arrays.equals(sigVal, storedValue)) {
-                            found = true;
-                            savedSignatures.remove(j);
-                            break;
-                        }
-                    }
-                    if (!found) {
+                    Integer hash = Arrays.hashCode(sigVal);
+                    if (savedSignatures.contains(hash)) {
+                        savedSignatures.remove(hash);
+                    } else {
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty",
                                 "Received a SignatureConfirmation element, but there are
no matching"
                             + " stored signature values"
@@ -476,7 +474,7 @@ public abstract class WSHandler {
         }
 
         //
-        // the list holding the stored Signature values must be empty, otherwise we have
an error
+        // the set holding the stored Signature values must be empty, otherwise we have an
error
         //
         if (savedSignatures != null && !savedSignatures.isEmpty()) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
Tue Mar 10 13:22:36 2015
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.handler;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -40,7 +41,6 @@ import org.apache.wss4j.dom.common.Secur
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.token.SignatureConfirmation;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.utils.Base64;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -95,11 +95,11 @@ public class SignatureConfirmationTest e
         }
 
         msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
-        List<byte[]> savedSignatures = 
-            (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+        Set<Integer> savedSignatures = 
+            (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
         assertTrue(savedSignatures != null && savedSignatures.size() == 1);
-        byte[] signatureValue = savedSignatures.get(0);
-        assertTrue(signatureValue != null && signatureValue.length > 0);
+        Integer signatureValue = savedSignatures.iterator().next();
+        assertTrue(signatureValue != null && signatureValue != 0);
     }
     
     
@@ -136,8 +136,8 @@ public class SignatureConfirmationTest e
         }
 
         msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
-        List<byte[]> savedSignatures = 
-            (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+        Set<Integer> savedSignatures = 
+            (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
         assertTrue(savedSignatures == null);
     }
     
@@ -175,11 +175,11 @@ public class SignatureConfirmationTest e
         }
 
         msgContext = (java.util.Map<String, Object>)reqData.getMsgContext();
-        List<byte[]> savedSignatures = 
-            (List<byte[]>)msgContext.get(WSHandlerConstants.SEND_SIGV);
+        Set<Integer> savedSignatures = 
+            (Set<Integer>)msgContext.get(WSHandlerConstants.SEND_SIGV);
         assertTrue(savedSignatures != null && savedSignatures.size() == 1);
-        byte[] signatureValue = savedSignatures.get(0);
-        assertTrue(signatureValue != null && signatureValue.length > 0);
+        Integer signatureValue = savedSignatures.iterator().next();
+        assertTrue(signatureValue != null && signatureValue != 0);
         
         //
         // Verify the inbound request, and create a response with a Signature Confirmation
@@ -205,7 +205,6 @@ public class SignatureConfirmationTest e
             LOG.debug(outputString);
         }
         assertTrue(outputString.contains("SignatureConfirmation"));
-        assertTrue(outputString.contains(Base64.encode(signatureValue)));
     }
     
     

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
Tue Mar 10 13:22:36 2015
@@ -50,6 +50,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 
 public class HeaderOrderingTest extends AbstractTestBase {
 
@@ -598,7 +599,7 @@ public class HeaderOrderingTest extends
     @Test
     public void testSignatureConfirmationUsernameTokenTimestampStrictHeaderOrdering() throws
Exception {
 
-        List<byte[]> sigv;
+        Set<Integer> sigv;
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         {
             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -606,7 +607,7 @@ public class HeaderOrderingTest extends
             Properties properties = new Properties();
             properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument,
action, properties);
-            sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+            sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
 
             //some test that we can really sure we get what we want from WSS4J

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java?rev=1665531&r1=1665530&r2=1665531&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
Tue Mar 10 13:22:36 2015
@@ -47,6 +47,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 
 public class SignatureConfirmationTest extends AbstractTestBase {
 
@@ -54,7 +55,7 @@ public class SignatureConfirmationTest e
     @Test
     public void testDefaultConfigurationInbound() throws Exception {
 
-        List<byte[]> sigv;
+        Set<Integer> sigv;
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         {
             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -62,7 +63,7 @@ public class SignatureConfirmationTest e
             Properties properties = new Properties();
             properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument,
action, properties);
-            sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+            sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
 
             //some test that we can really sure we get what we want from WSS4J
@@ -150,7 +151,7 @@ public class SignatureConfirmationTest e
     @Test
     public void testDefaultConfigurationInboundUnsignedConfirmation() throws Exception {
 
-        List<byte[]> sigv;
+        Set<Integer> sigv;
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         {
             InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
@@ -158,7 +159,7 @@ public class SignatureConfirmationTest e
             Properties properties = new Properties();
             properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
             Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument,
action, properties);
-            sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+            sigv = (Set<Integer>) messageContext.get(WSHandlerConstants.SEND_SIGV);
             Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
 
             //some test that we can really sure we get what we want from WSS4J



Mime
View raw message