ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1689915 - in /webservices/wss4j/branches/2_0_x-fixes: ws-security-common/src/main/java/org/apache/wss4j/common/ ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/
Date Wed, 08 Jul 2015 16:28:19 GMT
Author: coheigea
Date: Wed Jul  8 16:28:19 2015
New Revision: 1689915

URL: http://svn.apache.org/r1689915
Log:
[WSS-544] - Adding a new configuration switch to disable expanding xop:Includes when verifying
signatures


Conflicts:
	ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
	ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java
Wed Jul  8 16:28:19 2015
@@ -548,6 +548,13 @@ public class ConfigurationConstants {
      */
     public static final String STORE_BYTES_IN_ATTACHMENT = "storeBytesInAttachment";
     
+    /**
+     * Whether to expand xop:Include Elements encountered when verifying a Signature. The
default is true,
+     * meaning that the relevant attachment bytes are BASE-64 encoded and inserted into the
Element. This
+     * ensures that the actual bytes are signed, and not just the reference.
+     */
+    public static final String EXPAND_XOP_INCLUDE_FOR_SIGNATURE = "expandXOPIncludeForSignature";
+    
     //
     // (Non-boolean) Configuration parameters for the actions/processors
     //

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
Wed Jul  8 16:28:19 2015
@@ -96,6 +96,7 @@ public class RequestData {
     private final List<String> audienceRestrictions = new ArrayList<String>();
     private boolean requireTimestampExpires;
     private boolean storeBytesInAttachment;
+    private boolean expandXopIncludeForSignature = true;
 
     public void clear() {
         soapConstants = null;
@@ -133,6 +134,7 @@ public class RequestData {
         audienceRestrictions.clear();
         requireTimestampExpires = false;
         storeBytesInAttachment = false;
+        expandXopIncludeForSignature = true;
     }
 
     public boolean isEnableTimestampReplayCache() {
@@ -600,4 +602,12 @@ public class RequestData {
     public void setStoreBytesInAttachment(boolean storeBytesInAttachment) {
         this.storeBytesInAttachment = storeBytesInAttachment;
     } 
+
+    public boolean isExpandXopIncludeForSignature() {
+        return expandXopIncludeForSignature;
+    }
+
+    public void setExpandXopIncludeForSignature(boolean expandXopIncludeForSignature) {
+        this.expandXopIncludeForSignature = expandXopIncludeForSignature;
+    }
 }

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
Wed Jul  8 16:28:19 2015
@@ -1453,6 +1453,12 @@ public abstract class WSHandler {
                 reqData.setSubjectCertConstraints(subjectCertConstraints);
             }
         }
+        
+        boolean expandXOP = 
+            decodeBooleanConfigValue(
+                reqData, WSHandlerConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, true
+            );
+        reqData.setExpandXopIncludeForSignature(expandXOP);
     }
 
     /*

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1689915&r1=1689914&r2=1689915&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Wed Jul  8 16:28:19 2015
@@ -480,7 +480,7 @@ public class SignatureProcessor implemen
                     WSSecurityUtil.storeElementInContext(context, element);
                 }
             }
-            if (element != null) {
+            if (element != null && data.isExpandXopIncludeForSignature()) {
                 // Look for xop:Include Nodes
                 List<Element> includeElements = 
                     WSSecurityUtil.findElements(element, "Include", WSConstants.XOP_NS);



Mime
View raw message