ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1770708 - in /webservices/wss4j/branches/2_0_x-fixes: ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/
Date Mon, 21 Nov 2016 15:49:22 GMT
Author: coheigea
Date: Mon Nov 21 15:49:22 2016
New Revision: 1770708

URL: http://svn.apache.org/viewvc?rev=1770708&view=rev
Log:
WSS-594 - Copy Security Header SOAP MustUnderstand/Actor to an EncryptedHeader element

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
Mon Nov 21 15:49:22 2016
@@ -48,6 +48,8 @@ public class WSSecDKEncrypt extends WSSe
 
     private List<Element> attachmentEncryptedDataElements;
     
+    private WSSecHeader securityHeader;
+
     public WSSecDKEncrypt() {
         super();
     }
@@ -64,6 +66,8 @@ public class WSSecDKEncrypt extends WSSe
     }
 
     public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException
{
+
+        securityHeader = secHeader;
         
         //
         // Setup the encrypted key
@@ -136,7 +140,7 @@ public class WSSecDKEncrypt extends WSSe
 
         List<String> encDataRefs = 
             WSSecEncrypt.doEncryption(
-                document, getWsConfig(), keyInfo, key, symEncAlgo, references, callbackLookup,
attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
+                document, securityHeader, getWsConfig(), keyInfo, key, symEncAlgo, references,
callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
             );
         if (dataRef == null) {
             dataRef = 

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Mon Nov 21 15:49:22 2016
@@ -102,7 +102,9 @@ public class WSSecEncrypt extends WSSecE
     private boolean embedEncryptedKey;
 
     private List<Element> attachmentEncryptedDataElements;
- 
+    
+    private WSSecHeader securityHeader;
+
     public WSSecEncrypt() {
         super();
     }
@@ -209,6 +211,7 @@ public class WSSecEncrypt extends WSSecE
     public Document build(Document doc, Crypto crypto, WSSecHeader secHeader)
         throws WSSecurityException {
         doDebug = LOG.isDebugEnabled();
+        securityHeader = secHeader;
 
         prepare(doc, crypto);
         
@@ -284,7 +287,7 @@ public class WSSecEncrypt extends WSSecE
         SecretKeySpec secretKeySpec = new SecretKeySpec(symmetricKey.getEncoded(), symmetricKey.getAlgorithm());
         List<String> encDataRefs = 
             doEncryption(
-                document, getWsConfig(), keyInfo, secretKeySpec, symEncAlgo, references,
callbackLookup,
+                document, securityHeader, getWsConfig(), keyInfo, secretKeySpec, symEncAlgo,
references, callbackLookup,
                     attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
             );
         if (encDataRefs.isEmpty()) {
@@ -365,6 +368,7 @@ public class WSSecEncrypt extends WSSecE
      */
     public static List<String> doEncryption(
         Document doc,
+        WSSecHeader securityHeader,
         WSSConfig config,
         KeyInfo keyInfo,
         SecretKey secretKey,
@@ -373,12 +377,13 @@ public class WSSecEncrypt extends WSSecE
         CallbackLookup callbackLookup
     ) throws WSSecurityException {
         return doEncryption(
-                doc, config, keyInfo, secretKey, encryptionAlgorithm,
+                doc, securityHeader, config, keyInfo, secretKey, encryptionAlgorithm,
                 references, callbackLookup, null, null, false);
     }
 
     public static List<String> doEncryption(
             Document doc,
+            WSSecHeader securityHeader,
             WSSConfig config,
             KeyInfo keyInfo,
             SecretKey secretKey,
@@ -431,7 +436,7 @@ public class WSSecEncrypt extends WSSecE
                 for (Element elementToEncrypt : elementsToEncrypt) {
                     try {
                         String id = 
-                            encryptElementInAttachment(doc, config, keyInfo, secretKey, encryptionAlgorithm,
+                            encryptElementInAttachment(doc, securityHeader, config, keyInfo,
secretKey, encryptionAlgorithm,
                                           attachmentCallbackHandler, encPart, elementToEncrypt);
                         encPart.setEncId(id);
                         encDataRef.add("#" + id);
@@ -444,7 +449,7 @@ public class WSSecEncrypt extends WSSecE
             } else {
                 for (Element elementToEncrypt : elementsToEncrypt) {
                     String id = 
-                        encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), config,
xmlCipher,
+                        encryptElement(doc, securityHeader, elementToEncrypt, encPart.getEncModifier(),
config, xmlCipher,
                                        secretKey, keyInfo);
                     encPart.setEncId(id);
                     encDataRef.add("#" + id);
@@ -463,6 +468,7 @@ public class WSSecEncrypt extends WSSecE
     
     private static String encryptElementInAttachment(
         Document doc,
+        WSSecHeader securityHeader,
         WSSConfig config,
         KeyInfo keyInfo,
         SecretKey secretKey,
@@ -482,7 +488,7 @@ public class WSSecEncrypt extends WSSecE
         
         if ("Header".equals(encryptionPart.getEncModifier()) 
             && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc)))
{
-            createEncryptedHeaderElement(doc, elementToEncrypt, config);
+            createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, config);
         }
 
         Element encryptedData =
@@ -674,6 +680,7 @@ public class WSSecEncrypt extends WSSecE
      */
     private static String encryptElement(
         Document doc,
+        WSSecHeader securityHeader,
         Element elementToEncrypt,
         String modifier,
         WSSConfig config,
@@ -691,7 +698,7 @@ public class WSSecEncrypt extends WSSecE
         try {
             if ("Header".equals(modifier) 
                 && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc)))
{
-                createEncryptedHeaderElement(doc, elementToEncrypt, config);
+                createEncryptedHeaderElement(doc, securityHeader, elementToEncrypt, config);
             }
             
             xmlCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
@@ -709,6 +716,7 @@ public class WSSecEncrypt extends WSSecE
     
     private static void createEncryptedHeaderElement(
         Document doc,
+        WSSecHeader securityHeader,
         Element elementToEncrypt,
         WSSConfig config
     ) {
@@ -723,6 +731,7 @@ public class WSSecEncrypt extends WSSecE
         elem.setAttributeNS(
             WSConstants.WSU_NS, wsuPrefix + ":Id", headerId
         );
+
         //
         // Add the EncryptedHeader node to the element to be encrypted's parent
         // (i.e. the SOAP header). Add the element to be encrypted to the Encrypted
@@ -732,22 +741,25 @@ public class WSSecEncrypt extends WSSecE
         elementToEncrypt = (Element)parent.replaceChild(elem, elementToEncrypt);
         elem.appendChild(elementToEncrypt);
         
-        NamedNodeMap map = elementToEncrypt.getAttributes();
-        for (int i = 0; i < map.getLength(); i++) {
-            Attr attr = (Attr)map.item(i);
-            if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
-                || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
-                String soapEnvPrefix = 
-                    WSSecurityUtil.setNamespace(
-                        elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+        if (securityHeader != null) {
+            NamedNodeMap map = securityHeader.getSecurityHeader().getAttributes();
+            for (int i = 0; i < map.getLength(); i++) {
+                Attr attr = (Attr)map.item(i);
+                if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
+                    || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
+                    String soapEnvPrefix = 
+                        WSSecurityUtil.setNamespace(
+                            elem, attr.getNamespaceURI(), WSConstants.DEFAULT_SOAP_PREFIX
+                        );
+                    elem.setAttributeNS(
+                        attr.getNamespaceURI(), 
+                        soapEnvPrefix + ":" + attr.getLocalName(), 
+                        attr.getValue()
                     );
-                elem.setAttributeNS(
-                    attr.getNamespaceURI(), 
-                    soapEnvPrefix + ":" + attr.getLocalName(), 
-                    attr.getValue()
-                );
+                }
             }
         }
+
     }
     
     /**

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1770708&r1=1770707&r2=1770708&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Mon Nov 21 15:49:22 2016
@@ -350,16 +350,25 @@ public class EncryptOutputProcessor exte
 
                 List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
 
-                @SuppressWarnings("unchecked")
-                Iterator<Attribute> attributeIterator = getXmlSecStartElement().getAttributes();
-                while (attributeIterator.hasNext()) {
-                    Attribute attribute = attributeIterator.next();
-                    if (!attribute.isNamespace() &&
-                            (WSSConstants.NS_SOAP11.equals(attribute.getName().getNamespaceURI())
||
-                                    WSSConstants.NS_SOAP12.equals(attribute.getName().getNamespaceURI())))
{
-                        attributes.add(createAttribute(attribute.getName(), attribute.getValue()));
+                final String actor = ((WSSSecurityProperties) getSecurityProperties()).getActor();
+                final String soapMessageVersion = WSSUtils.getSOAPMessageVersionNamespace(xmlSecStartElement);
+                if (actor != null && !actor.isEmpty()) {
+                    if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+                        attributes.add(createAttribute(WSSConstants.ATT_soap11_Actor, actor));
+                    } else {
+                        attributes.add(createAttribute(WSSConstants.ATT_soap12_Role, actor));
                     }
                 }
+                
+                boolean mustUnderstand = ((WSSSecurityProperties) getSecurityProperties()).isMustUnderstand();
+                if (mustUnderstand) {
+                    if (WSSConstants.NS_SOAP11.equals(soapMessageVersion)) {
+                        attributes.add(createAttribute(WSSConstants.ATT_soap11_MustUnderstand,
"1"));
+                    } else {
+                        attributes.add(createAttribute(WSSConstants.ATT_soap12_MustUnderstand,
"true"));
+                    }
+                }
+                
                 createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader,
true, attributes);
             }
 



Mime
View raw message