ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1770695 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/
Date Mon, 21 Nov 2016 15:08:58 GMT
Author: coheigea
Date: Mon Nov 21 15:08:58 2016
New Revision: 1770695

URL: http://svn.apache.org/viewvc?rev=1770695&view=rev
Log:
WSS-594 - Copy Security Header SOAP MustUnderstand/Actor to an EncryptedHeader element

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
Mon Nov 21 15:08:58 2016
@@ -50,6 +50,8 @@ public class WSSecDKEncrypt extends WSSe
     private List<Element> attachmentEncryptedDataElements;
     
     private Serializer encryptionSerializer;
+    
+    private WSSecHeader securityHeader;
 
     public WSSecDKEncrypt() {
         super();
@@ -64,6 +66,8 @@ public class WSSecDKEncrypt extends WSSe
 
     public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException
{
 
+        securityHeader = secHeader;
+        
         //
         // Setup the encrypted key
         //
@@ -131,7 +135,7 @@ public class WSSecDKEncrypt extends WSSe
 
         List<String> encDataRefs =
             WSSecEncrypt.doEncryption(
-                document, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup,
+                document, securityHeader, getIdAllocator(), keyInfo, key, symEncAlgo, references,
callbackLookup,
                 attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment,
                 encryptionSerializer
             );

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Mon Nov 21 15:08:58 2016
@@ -107,6 +107,8 @@ public class WSSecEncrypt extends WSSecE
     private List<Element> attachmentEncryptedDataElements;
     
     private Serializer encryptionSerializer;
+    
+    private WSSecHeader securityHeader;
 
     public WSSecEncrypt() {
         super();
@@ -198,6 +200,7 @@ public class WSSecEncrypt extends WSSecE
     public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
         throws WSSecurityException {
         doDebug = LOG.isDebugEnabled();
+        securityHeader = secHeader;
 
         prepare(doc, crypto);
 
@@ -262,7 +265,7 @@ public class WSSecEncrypt extends WSSecE
         SecretKeySpec secretKeySpec = new SecretKeySpec(symmetricKey.getEncoded(), symmetricKey.getAlgorithm());
         List<String> encDataRefs =
             doEncryption(
-                document, getIdAllocator(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(),
references,
+                document, securityHeader, getIdAllocator(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(),
references,
                     callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements,
                     storeBytesInAttachment
             );
@@ -344,6 +347,7 @@ public class WSSecEncrypt extends WSSecE
      */
     public static List<String> doEncryption(
         Document doc,
+        WSSecHeader securityHeader,
         WsuIdAllocator idAllocator,
         KeyInfo keyInfo,
         SecretKey secretKey,
@@ -352,12 +356,13 @@ public class WSSecEncrypt extends WSSecE
         CallbackLookup callbackLookup
     ) throws WSSecurityException {
         return doEncryption(
-                doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
+                doc, securityHeader, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
                 references, callbackLookup, null, null, false);
     }
     
     public static List<String> doEncryption(
          Document doc,
+         WSSecHeader securityHeader,
          WsuIdAllocator idAllocator,
          KeyInfo keyInfo,
          SecretKey secretKey,
@@ -369,13 +374,14 @@ public class WSSecEncrypt extends WSSecE
          boolean storeBytesInAttachment
     ) throws WSSecurityException {
         return doEncryption(
-                            doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
+                            doc, securityHeader, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
                             references, callbackLookup, attachmentCallbackHandler, 
                             attachmentEncryptedDataElements, storeBytesInAttachment, null);
     }
 
     public static List<String> doEncryption(
             Document doc,
+            WSSecHeader securityHeader,
             WsuIdAllocator idAllocator,
             KeyInfo keyInfo,
             SecretKey secretKey,
@@ -432,8 +438,8 @@ public class WSSecEncrypt extends WSSecE
                 for (Element elementToEncrypt : elementsToEncrypt) {
                     try {
                         String id =
-                            encryptElementInAttachment(doc, idAllocator, keyInfo, secretKey,
encryptionAlgorithm,
-                                          attachmentCallbackHandler, encPart, elementToEncrypt);
+                            encryptElementInAttachment(doc, securityHeader, idAllocator,
keyInfo, secretKey, 
+                                                       encryptionAlgorithm, attachmentCallbackHandler,
encPart, elementToEncrypt);
                         encPart.setEncId(id);
                         encDataRef.add("#" + id);
                     } catch (Exception ex) {
@@ -445,8 +451,8 @@ public class WSSecEncrypt extends WSSecE
             } else {
                 for (Element elementToEncrypt : elementsToEncrypt) {
                     String id =
-                        encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), idAllocator,
xmlCipher,
-                                       secretKey, keyInfo);
+                        encryptElement(doc, securityHeader, elementToEncrypt, encPart.getEncModifier(),
idAllocator, 
+                                       xmlCipher, secretKey, keyInfo);
                     encPart.setEncId(id);
                     encDataRef.add("#" + id);
                 }
@@ -464,6 +470,7 @@ public class WSSecEncrypt extends WSSecE
 
     private static String encryptElementInAttachment(
         Document doc,
+        WSSecHeader securityHeader,
         WsuIdAllocator idAllocator,
         KeyInfo keyInfo,
         SecretKey secretKey,
@@ -483,7 +490,7 @@ public class WSSecEncrypt extends WSSecE
 
         if ("Header".equals(encryptionPart.getEncModifier())
             && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc)))
{
-            createEncryptedHeaderElement(doc, elementToEncrypt, idAllocator);
+            createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, idAllocator);
         }
 
         Element encryptedData =
@@ -676,6 +683,7 @@ public class WSSecEncrypt extends WSSecE
      */
     private static String encryptElement(
         Document doc,
+        WSSecHeader securityHeader,
         Element elementToEncrypt,
         String modifier,
         WsuIdAllocator idAllocator,
@@ -691,8 +699,8 @@ public class WSSecEncrypt extends WSSecE
         String xencEncryptedDataId = idAllocator.createId("ED-", elementToEncrypt);
         try {
             if ("Header".equals(modifier)
-                && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc)))
{
-                createEncryptedHeaderElement(doc, elementToEncrypt, idAllocator);
+                && elementToEncrypt.getParentNode().equals(securityHeader.getSecurityHeader().getParentNode()))
{
+                createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, idAllocator);
             }
 
             xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
@@ -710,6 +718,7 @@ public class WSSecEncrypt extends WSSecE
 
     private static void createEncryptedHeaderElement(
         Document doc,
+        WSSecHeader securityHeader,
         Element elementToEncrypt,
         WsuIdAllocator idAllocator
     ) {
@@ -724,6 +733,7 @@ public class WSSecEncrypt extends WSSecE
         elem.setAttributeNS(
             WSConstants.WSU_NS, wsuPrefix + ":Id", headerId
         );
+
         //
         // Add the EncryptedHeader node to the element to be encrypted's parent
         // (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
@@ -733,22 +743,25 @@ public class WSSecEncrypt extends WSSecE
         elementToEncrypt = (Element)parent.replaceChild(elem, elementToEncrypt);
         elem.appendChild(elementToEncrypt);
 
-        NamedNodeMap map = elementToEncrypt.getAttributes();
-        for (int i = 0; i < map.getLength(); i++) {
-            Attr attr = (Attr)map.item(i);
-            if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
-                || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
-                String soapEnvPrefix =
-                    XMLUtils.setNamespace(
-                        elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+        if (securityHeader != null) {
+            NamedNodeMap map = securityHeader.getSecurityHeader().getAttributes();
+            for (int i = 0; i < map.getLength(); i++) {
+                Attr attr = (Attr)map.item(i);
+                if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
+                    || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
+                    String soapEnvPrefix =
+                        XMLUtils.setNamespace(
+                            elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+                        );
+                    elem.setAttributeNS(
+                        attr.getNamespaceURI(),
+                        soapEnvPrefix + ":" + attr.getLocalName(),
+                        attr.getValue()
                     );
-                elem.setAttributeNS(
-                    attr.getNamespaceURI(),
-                    soapEnvPrefix + ":" + attr.getLocalName(),
-                    attr.getValue()
-                );
+                }
             }
         }
+
     }
 
     /**

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1770695&r1=1770694&r2=1770695&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Mon Nov 21 15:08:58 2016
@@ -352,16 +352,25 @@ public class EncryptOutputProcessor exte
 
                 List<XMLSecAttribute> attributes = new ArrayList<>(1);
 
-                @SuppressWarnings("unchecked")
-                Iterator<Attribute> attributeIterator = getXmlSecStartElement().getAttributes();
-                while (attributeIterator.hasNext()) {
-                    Attribute attribute = attributeIterator.next();
-                    if (!attribute.isNamespace() 
-                        && (WSSConstants.NS_SOAP11.equals(attribute.getName().getNamespaceURI())

-                            || WSSConstants.NS_SOAP12.equals(attribute.getName().getNamespaceURI())))
{
-                        attributes.add(createAttribute(attribute.getName(), attribute.getValue()));
+                final String actor = ((WSSSecurityProperties) getSecurityProperties()).getActor();
+                final String soapMessageVersion = WSSUtils.getSOAPMessageVersionNamespace(xmlSecStartElement);
+                if (actor != null && !actor.isEmpty()) {
+                    if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+                        attributes.add(createAttribute(WSSConstants.ATT_SOAP11_ACTOR, actor));
+                    } else {
+                        attributes.add(createAttribute(WSSConstants.ATT_SOAP12_ROLE, actor));
                     }
                 }
+                
+                boolean mustUnderstand = ((WSSSecurityProperties) getSecurityProperties()).isMustUnderstand();
+                if (mustUnderstand) {
+                    if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+                        attributes.add(createAttribute(WSSConstants.ATT_SOAP11_MUST_UNDERSTAND,
"1"));
+                    } else {
+                        attributes.add(createAttribute(WSSConstants.ATT_SOAP12_MUST_UNDERSTAND,
"true"));
+                    }
+                }
+                
                 createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader,
true, attributes);
             }
 



Mime
View raw message