ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1862201 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/token/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/ ws-security-do...
Date Thu, 27 Jun 2019 09:17:17 GMT
Author: coheigea
Date: Thu Jun 27 09:17:17 2019
New Revision: 1862201

URL: http://svn.apache.org/viewvc?rev=1862201&view=rev
Log:
WSS-652 - MTOM Content-Id handling doesn't comply with RFC2392: .NET issues

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
Thu Jun 27 09:17:17 2019
@@ -21,6 +21,9 @@ package org.apache.wss4j.common.token;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.UUID;
 
@@ -218,7 +221,11 @@ public class BinarySecurity {
             element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:xop", WSS4JConstants.XOP_NS);
             Element xopInclude =
                 document.createElementNS(WSS4JConstants.XOP_NS, "xop:Include");
-            xopInclude.setAttributeNS(null, "href", "cid:" + attachmentId);
+            try {
+                xopInclude.setAttributeNS(null, "href", "cid:" + URLEncoder.encode(attachmentId,
StandardCharsets.UTF_8.name()));
+            } catch (UnsupportedEncodingException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+            }
             element.appendChild(xopInclude);
 
             Attachment resultAttachment = new Attachment();

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/Encryptor.java
Thu Jun 27 09:17:17 2019
@@ -344,7 +344,7 @@ public class Encryptor {
         }
 
         AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
-        String id = attachmentEncryptionPart.getId().substring(4);
+        String id = AttachmentUtils.getAttachmentId(attachmentEncryptionPart.getId());
         attachmentRequestCallback.setAttachmentId(id);
         try {
             attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
Thu Jun 27 09:17:17 2019
@@ -39,6 +39,7 @@ import org.apache.wss4j.common.WSEncrypt
 import org.apache.wss4j.common.ext.Attachment;
 import org.apache.wss4j.common.ext.AttachmentRequestCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.AttachmentUtils;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -188,7 +189,7 @@ public class WSSecSignatureBase extends
                     }
                     for (Element elementToSign : elementsToSign) {
                         String wsuId = setWsuId(elementToSign);
-                        
+
                         cloneElement(elementToSign);
 
                         TransformParameterSpec transformSpec = null;
@@ -239,7 +240,7 @@ public class WSSecSignatureBase extends
                 // Clone the Element to be signed + insert the clone into the tree at the
same level
                 // We will expand the xop:Include for one of the nodes + sign that (and then
remove it),
                 // while leaving the original in the tree to be sent in the message
-                                
+
                 clonedElements.add(element);
                 Document doc = this.getSecurityHeader().getSecurityHeaderDoc();
                 element.getParentNode().appendChild(WSSecurityUtil.cloneElement(doc, element));
@@ -264,7 +265,7 @@ public class WSSecSignatureBase extends
         AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
         //no mime type must be set for signature:
         //attachmentCallback.setResultingMimeType(null);
-        String id = encPart.getId().substring(4);
+        String id = AttachmentUtils.getAttachmentId(encPart.getId());
         attachmentRequestCallback.setAttachmentId(id);
         try {
             attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
Thu Jun 27 09:17:17 2019
@@ -22,6 +22,8 @@ import org.apache.jcp.xml.dsig.internal.
 import org.apache.wss4j.common.ext.Attachment;
 import org.apache.wss4j.common.ext.AttachmentRequestCallback;
 import org.apache.wss4j.common.ext.AttachmentResultCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.AttachmentUtils;
 import org.apache.wss4j.common.util.CRLFOutputStream;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.xml.security.c14n.CanonicalizationException;
@@ -102,7 +104,12 @@ public class AttachmentContentSignatureT
     public Data transform(Data data, XMLCryptoContext context, OutputStream os) throws TransformException
{
 
         String attachmentUri = ((ApacheOctetStreamData) data).getURI();
-        String attachmentId = attachmentUri.substring(4);
+        String attachmentId = null;
+        try {
+            attachmentId = AttachmentUtils.getAttachmentId(attachmentUri);
+        } catch (WSSecurityException e) {
+            throw new TransformException(e);
+        }
 
         Attachment attachment;
         if (attachmentTransformParameterSpec != null) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
Thu Jun 27 09:17:17 2019
@@ -300,7 +300,7 @@ public final class EncryptionUtils {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
             }
 
-            final String attachmentId = uri.substring("cid:".length());
+            final String attachmentId = AttachmentUtils.getAttachmentId(uri);
 
             AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
             attachmentRequestCallback.setAttachmentId(attachmentId);
@@ -364,7 +364,7 @@ public final class EncryptionUtils {
         if (attachmentCallbackHandler == null) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
         }
-        final String attachmentId = xopURI.substring("cid:".length());
+        final String attachmentId = AttachmentUtils.getAttachmentId(xopURI);
 
         AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
         attachmentRequestCallback.setAttachmentId(attachmentId);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Thu Jun 27 09:17:17 2019
@@ -44,9 +44,12 @@ import org.w3c.dom.Text;
 //import com.sun.xml.internal.messaging.saaj.soap.SOAPDocumentImpl;
 
 import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
@@ -737,7 +740,11 @@ public final class WSSecurityUtil {
         parentElement.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:xop", WSConstants.XOP_NS);
         Element xopInclude =
             doc.createElementNS(WSConstants.XOP_NS, "xop:Include");
-        xopInclude.setAttributeNS(null, "href", "cid:" + attachmentId);
+        try {
+            xopInclude.setAttributeNS(null, "href", "cid:" + URLEncoder.encode(attachmentId,
StandardCharsets.UTF_8.name()));
+        } catch (UnsupportedEncodingException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+        }
         parentElement.appendChild(xopInclude);
 
         Attachment resultAttachment = new Attachment();

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
Thu Jun 27 09:17:17 2019
@@ -22,6 +22,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -222,6 +223,59 @@ public class XOPAttachmentTest {
 
         if (LOG.isDebugEnabled()) {
             String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
+            LOG.debug(outputString);
+            // System.out.println(outputString);
+        }
+
+        AttachmentCallbackHandler inboundAttachmentCallback =
+            new AttachmentCallbackHandler(encryptedAttachments);
+        verify(encryptedDoc, inboundAttachmentCallback);
+
+        String processedDoc = XMLUtils.prettyDocumentToString(encryptedDoc);
+        assertTrue(processedDoc.contains(SOAP_BODY));
+    }
+
+    // See https://issues.apache.org/jira/browse/CXF-8061
+    @Test
+    public void testEncryptedSOAPBodyURLEncoding() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecEncrypt encrypt = new WSSecEncrypt(secHeader);
+        encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        encrypt.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+
+        AttachmentCallbackHandler outboundAttachmentCallback = new AttachmentCallbackHandler();
+        encrypt.setAttachmentCallbackHandler(outboundAttachmentCallback);
+        encrypt.setStoreBytesInAttachment(true);
+
+        encrypt.getParts().add(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/",
"Content"));
+
+        KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+        SecretKey symmetricKey = keyGen.generateKey();
+        Document encryptedDoc = encrypt.build(crypto, symmetricKey);
+
+        List<Attachment> encryptedAttachments = outboundAttachmentCallback.getResponseAttachments();
+        assertNotNull(encryptedAttachments);
+        // Should have EncryptedKey + EncryptedData stored in attachments...
+        assertTrue(encryptedAttachments.size() == 2);
+
+        // Override the Attachment ID + URL encode something that will break as the Attachment
ID if it is not
+        // URL encoded
+        String newId = "http://tempuri.org/1/636966400494014846";
+        String oldId = encryptedAttachments.get(1).getId();
+        encryptedAttachments.get(1).setId(newId);
+        List<Element> xopElements =
+            XMLUtils.findElements(doc.getDocumentElement(), "Include", "http://www.w3.org/2004/08/xop/include");
+        for (Element xop : xopElements) {
+            if (xop.hasAttribute("href") && xop.getAttributeNS(null, "href").equals("cid:"
+ oldId)) {
+                xop.setAttributeNS(null, "href", "cid:" + URLEncoder.encode(newId, StandardCharsets.UTF_8.name()));
+            }
+        }
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = XMLUtils.prettyDocumentToString(encryptedDoc);
             LOG.debug(outputString);
             // System.out.println(outputString);
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
Thu Jun 27 09:17:17 2019
@@ -215,7 +215,7 @@ public class DecryptInputProcessor exten
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
         }
 
-        final String attachmentId = href.substring(4);
+        final String attachmentId = AttachmentUtils.getAttachmentId(href);
 
         CallbackHandler attachmentCallbackHandler =
             ((WSSSecurityProperties) getSecurityProperties()).getAttachmentCallbackHandler();
@@ -322,7 +322,7 @@ public class DecryptInputProcessor exten
             final InboundSecurityToken inboundSecurityToken = deferredAttachment.getInboundSecurityToken();
             final Cipher cipher = deferredAttachment.getCipher();
             final String uri = encryptedDataType.getCipherData().getCipherReference().getURI();
-            final String attachmentId = uri.substring(4);
+            final String attachmentId = AttachmentUtils.getAttachmentId(uri);
 
             CallbackHandler attachmentCallbackHandler =
                 ((WSSSecurityProperties) getSecurityProperties()).getAttachmentCallbackHandler();

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
Thu Jun 27 09:17:17 2019
@@ -42,6 +42,7 @@ import org.apache.wss4j.common.ext.Attac
 import org.apache.wss4j.common.ext.AttachmentRequestCallback;
 import org.apache.wss4j.common.ext.AttachmentResultCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.AttachmentUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
@@ -103,7 +104,7 @@ public class WSSSignatureReferenceVerify
                 );
             }
 
-            String attachmentId = referenceType.getURI().substring(4);
+            String attachmentId = AttachmentUtils.getAttachmentId(referenceType.getURI());
 
             AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
             attachmentRequestCallback.setAttachmentId(attachmentId);

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Thu Jun 27 09:17:17 2019
@@ -205,7 +205,7 @@ public class EncryptOutputProcessor exte
             final String externalReference = securePart.getExternalReference();
             if (externalReference != null && externalReference.startsWith("cid:"))
{
                 attachmentSecurePart = securePart;
-                externalId = externalReference.substring("cid:".length());
+                externalId = AttachmentUtils.getAttachmentId(externalReference);
                 break;
             }
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java?rev=1862201&r1=1862200&r2=1862201&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
Thu Jun 27 09:17:17 2019
@@ -36,6 +36,7 @@ import org.apache.wss4j.common.ext.Attac
 import org.apache.wss4j.common.ext.AttachmentRequestCallback;
 import org.apache.wss4j.common.ext.AttachmentResultCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.AttachmentUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform;
@@ -162,7 +163,7 @@ public class WSSSignatureOutputProcessor
             }
 
             AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
-            String id = securePart.getExternalReference().substring("cid:".length());
+            String id = AttachmentUtils.getAttachmentId(securePart.getExternalReference());
             attachmentRequestCallback.setAttachmentId(id);
             try {
                 attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});



Mime
View raw message