ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1861149 - in /webservices/wss4j/branches/2_2_x-fixes: ws-security-common/src/main/java/org/apache/wss4j/common/token/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/to...
Date Wed, 12 Jun 2019 16:36:59 GMT
Author: coheigea
Date: Wed Jun 12 16:36:58 2019
New Revision: 1861149

URL: http://svn.apache.org/viewvc?rev=1861149&view=rev
Log:
WSS-651 - Incorrect signature if document has WSU_NS declared on SOAP Header or Envelope

Added:
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
Modified:
    webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
Wed Jun 12 16:36:58 2019
@@ -142,7 +142,7 @@ public class BinarySecurity {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSS4JConstants.WSU_PREFIX, WSS4JConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/token/SecurityTokenReference.java
Wed Jun 12 16:36:58 2019
@@ -117,7 +117,7 @@ public class SecurityTokenReference {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSS4JConstants.WSU_PREFIX, WSS4JConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
Wed Jun 12 16:36:58 2019
@@ -48,6 +48,7 @@ public class WSSecBase {
     protected CallbackHandler attachmentCallbackHandler;
     protected boolean storeBytesInAttachment;
     protected boolean expandXopInclude;
+    protected boolean addWSUNamespace;
 
     private WsuIdAllocator idAllocator;
     private final List<WSEncryptionPart> parts = new ArrayList<>();
@@ -62,6 +63,9 @@ public class WSSecBase {
         } else {
             doc = null;
         }
+
+        // Explicitly add the WSU Namespace if we already have a different prefix
+        addWSUNamespace = securityHeader.getWsuPrefix() != null && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
     }
 
     public WSSecBase(Document doc) {

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
Wed Jun 12 16:36:58 2019
@@ -161,6 +161,9 @@ public class WSSecDKEncrypt extends WSSe
         KeyInfo keyInfo = new KeyInfo(getDocument());
         SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
         secToken.addWSSENamespace();
+        if (addWSUNamespace) {
+            secToken.addWSUNamespace();
+        }
         Reference ref = new Reference(getDocument());
         ref.setURI("#" + getId());
         String ns =

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
Wed Jun 12 16:36:58 2019
@@ -156,6 +156,9 @@ public class WSSecDKSign extends WSSecDe
         secRef = new SecurityTokenReference(getDocument());
         strUri = getIdAllocator().createSecureId("STR-", secRef);
         secRef.setID(strUri);
+        if (addWSUNamespace) {
+            secRef.addWSUNamespace();
+        }
 
         Reference ref = new Reference(getDocument());
         ref.setURI("#" + getId());

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
Wed Jun 12 16:36:58 2019
@@ -225,11 +225,17 @@ public abstract class WSSecDerivedKeyBas
         dkt.setLength(length);
         dkt.setNonce(XMLUtils.encodeToString(nonce));
         dkt.setID(dktId);
+        if (addWSUNamespace) {
+            dkt.addWSUNamespace();
+        }
 
         if (strElem == null) {
             SecurityTokenReference secRef = new SecurityTokenReference(getDocument());
             String strUri = getIdAllocator().createSecureId("STR-", secRef);
             secRef.setID(strUri);
+            if (addWSUNamespace) {
+                secRef.addWSUNamespace();
+            }
 
             X509Certificate[] certs = getSigningCerts();
 

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Wed Jun 12 16:36:58 2019
@@ -316,6 +316,9 @@ public class WSSecEncrypt extends WSSecE
             keyInfo.addUnknownElement(getEncryptedKeyElement());
         } else if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             if (customReferenceValue != null) {
                 secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
@@ -327,18 +330,27 @@ public class WSSecEncrypt extends WSSecE
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
             secToken.setKeyIdentifier(WSConstants.WSS_SAML_KI_VALUE_TYPE, getId());
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customReferenceValue)) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
             secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, getId());
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
             secToken.setKeyIdentifier(customReferenceValue, getId(), true);
@@ -351,6 +363,9 @@ public class WSSecEncrypt extends WSSecE
             keyInfo.addUnknownElement(securityTokenReference.getElement());
         } else if (getId() != null) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             Reference ref = new Reference(getDocument());
             if (encKeyIdDirectId) {
@@ -370,6 +385,9 @@ public class WSSecEncrypt extends WSSecE
             keyInfo.addUnknownElement(secToken.getElement());
         } else if (!encryptSymmKey && keyIdentifierType == WSConstants.ISSUER_SERIAL)
{
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
             secToken.addWSSENamespace();
             if (customReferenceValue != null) {
                 secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
Wed Jun 12 16:36:58 2019
@@ -337,6 +337,9 @@ public class WSSecEncryptedKey extends W
             encryptedKeyElement.appendChild(getDocument().adoptNode(customEKKeyInfoElement));
         } else {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
 
             switch (keyIdentifierType) {
             case WSConstants.X509_KEY_IDENTIFIER:
@@ -610,6 +613,9 @@ public class WSSecEncryptedKey extends W
             || keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING_DIRECT
             || keyIdentifierType == WSConstants.CUSTOM_KEY_IDENTIFIER) {
             SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
+            if (addWSUNamespace) {
+                secToken.addWSUNamespace();
+            }
 
             switch (keyIdentifierType) {
 
@@ -695,6 +701,9 @@ public class WSSecEncryptedKey extends W
 
         bstAddedToSecurityHeader = false;
         bstToken.setID(IDGenerator.generateID(null));
+        if (addWSUNamespace) {
+            bstToken.addWSUNamespace();
+        }
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecHeader.java
Wed Jun 12 16:36:58 2019
@@ -43,6 +43,8 @@ public class WSSecHeader {
 
     private final Document doc;
 
+    private String wsuPrefix = WSConstants.WSU_PREFIX;
+
     /**
      * Constructor.
      * @param doc The Document to use when creating the security header
@@ -92,7 +94,7 @@ public class WSSecHeader {
     public void setMustUnderstand(boolean mu) {
         mustunderstand = mu;
     }
-    
+
     /**
      * Get the security header document of this instance.
      *
@@ -194,7 +196,7 @@ public class WSSecHeader {
                 mustUnderstandLocal
             );
         }
-        XMLUtils.setNamespace(securityHeader, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        wsuPrefix = XMLUtils.setNamespace(securityHeader, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
 
         return securityHeader;
     }
@@ -218,4 +220,8 @@ public class WSSecHeader {
         }
     }
 
+    public String getWsuPrefix() {
+        return wsuPrefix;
+    }
+
 }

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
Wed Jun 12 16:36:58 2019
@@ -454,6 +454,9 @@ public class WSSecSignature extends WSSe
                 getDocument().createElementNS(WSS4JConstants.WSSE_NS, "wsse:BinarySecurityToken");
             bstToken.setAttributeNS(null, "EncodingType", WSS4JConstants.BASE64_ENCODING);
             bstToken.setAttributeNS(WSS4JConstants.WSU_NS, WSS4JConstants.WSU_PREFIX + ":Id",
certUri);
+            if (addWSUNamespace) {
+                bstToken.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX,
WSConstants.WSU_NS);
+            }
 
             byte[] certBytes = null;
             if (!useSingleCert) {
@@ -484,6 +487,9 @@ public class WSSecSignature extends WSSe
                 ((X509Security) binarySecurity).setX509Certificate(certs[0]);
             }
             binarySecurity.setID(certUri);
+            if (addWSUNamespace) {
+                binarySecurity.addWSUNamespace();
+            }
             bstToken = binarySecurity.getElement();
             getWsDocInfo().addTokenElement(bstToken, false);
         }

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
Wed Jun 12 16:36:58 2019
@@ -63,6 +63,9 @@ public class WSSecSignatureConfirmation
     public void prepare() {
         sc = new SignatureConfirmation(getDocument(), signatureValue);
         sc.setID(getIdAllocator().createId("SC-", sc));
+        if (addWSUNamespace) {
+            sc.addWSUNamespace();
+        }
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
Wed Jun 12 16:36:58 2019
@@ -73,6 +73,9 @@ public class WSSecTimestamp extends WSSe
         ts = new Timestamp(precisionInMilliSeconds, getDocument(), wsTimeSource, timeToLive);
         String tsId = getIdAllocator().createId("TS-", ts);
         ts.setID(tsId);
+        if (addWSUNamespace) {
+            ts.addWSUNamespace();
+        }
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
Wed Jun 12 16:36:58 2019
@@ -181,6 +181,9 @@ public class WSSecUsernameToken extends
             ut.addCreated(precisionInMilliSeconds, wsTimeSource, getDocument());
         }
         ut.setID(getIdAllocator().createId("UsernameToken-", ut));
+        if (addWSUNamespace) {
+            ut.addWSUNamespace();
+        }
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
Wed Jun 12 16:36:58 2019
@@ -156,7 +156,7 @@ public class DerivedKeyToken {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
Wed Jun 12 16:36:58 2019
@@ -177,7 +177,7 @@ public class SecurityContextToken {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SignatureConfirmation.java
Wed Jun 12 16:36:58 2019
@@ -88,7 +88,7 @@ public class SignatureConfirmation {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
Wed Jun 12 16:36:58 2019
@@ -119,12 +119,12 @@ public class Timestamp {
                 if (!ZoneOffset.UTC.equals(createdDateTime.getZone())) {
                     bspEnforcer.handleBSPRule(BSPRule.R3217);
                 }
-                
+
                 created = createdDateTime.toInstant();
             } catch (DateTimeParseException e) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
             }
-            
+
             if (created.getNano() > 0) {
                 int milliseconds = created.get(ChronoField.MILLI_OF_SECOND);
                 if (milliseconds * 1000000 != created.getNano()) {
@@ -139,12 +139,12 @@ public class Timestamp {
                 if (!ZoneOffset.UTC.equals(expiresDateTime.getZone())) {
                     bspEnforcer.handleBSPRule(BSPRule.R3223);
                 }
-                
+
                 expires = expiresDateTime.toInstant();
             } catch (DateTimeParseException e) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
             }
-            
+
             if (expires.getNano() > 0) {
                 int milliseconds = expires.get(ChronoField.MILLI_OF_SECOND);
                 if (milliseconds * 1000000 != expires.getNano()) {
@@ -185,13 +185,13 @@ public class Timestamp {
                 WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN
             );
         created = timeSource.now();
-        
+
         DateTimeFormatter formatter = DateUtil.getDateTimeFormatter(milliseconds);
         elementCreated.appendChild(doc.createTextNode(created.atZone(ZoneOffset.UTC).format(formatter)));
-        
+
         element.appendChild(elementCreated);
         if (ttl != 0) {
-            expires = created.plusSeconds((long)ttl);
+            expires = created.plusSeconds(ttl);
 
             Element elementExpires =
                 doc.createElementNS(
@@ -207,7 +207,7 @@ public class Timestamp {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
     }
 
     /**

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java?rev=1861149&r1=1861148&r2=1861149&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
Wed Jun 12 16:36:58 2019
@@ -282,7 +282,7 @@ public class UsernameToken {
      * efficiency purposes.
      */
     public void addWSUNamespace() {
-        XMLUtils.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+        element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
     }
 
     /**

Added: webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java?rev=1861149&view=auto
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
(added)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java
Wed Jun 12 16:36:58 2019
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.message;
+
+import java.util.List;
+
+import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+
+/**
+ * Test signing with an existing wsu namespace defined with a different prefix to "wsu"
+ */
+public class SignatureWSS651Test {
+    private static final org.slf4j.Logger LOG =
+        org.slf4j.LoggerFactory.getLogger(SignatureWSS651Test.class);
+
+    private static final String SAMPLE_SOAP_MSG_WSU_NS =
+        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+        + "<SOAP-ENV:Envelope "
+        +   "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+        +   "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
+        +   "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
+        +   "xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"
"
+        +   ">"
+        +   "<SOAP-ENV:Body>"
+        +       "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
+        +           "<value xmlns=\"\">15</value>"
+        +       "</add>"
+        +   "</SOAP-ENV:Body>"
+        + "</SOAP-ENV:Envelope>";
+
+    private WSSecurityEngine secEngine = new WSSecurityEngine();
+    private Crypto crypto;
+
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+    }
+
+    public SignatureWSS651Test() throws Exception {
+        WSSConfig.init();
+        crypto = CryptoFactory.getInstance();
+    }
+
+    @Test
+    public void testSignedTimestamp() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SAMPLE_SOAP_MSG_WSU_NS);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecTimestamp timestamp = new WSSecTimestamp(secHeader);
+        timestamp.setTimeToLive(300);
+        timestamp.build();
+
+        WSSecSignature builder = new WSSecSignature(secHeader);
+        builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+
+        // builder.setAddInclusivePrefixes(false);
+
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "Timestamp",
+                WSConstants.WSU_NS,
+                "");
+        builder.getParts().add(encP);
+
+        builder.prepare(crypto);
+
+        List<javax.xml.crypto.dsig.Reference> referenceList =
+            builder.addReferencesToSign(builder.getParts());
+
+        builder.computeSignature(referenceList, false, null);
+
+        String outputString = XMLUtils.prettyDocumentToString(doc);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("After Signing....");
+            LOG.debug(outputString);
+        }
+
+        verify(doc);
+
+        Document doc2 = SOAPUtil.toSOAPPart(outputString);
+        verify(doc2);
+    }
+
+    /**
+     * Verifies the soap envelope.
+     * This method verifies all the signature generated.
+     *
+     * @param env soap envelope
+     * @throws java.lang.Exception Thrown when there is a problem in verification
+     */
+    private WSHandlerResult verify(Document doc) throws Exception {
+        return secEngine.processSecurityHeader(doc, null, null, crypto);
+    }
+
+}
\ No newline at end of file



Mime
View raw message