ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1030475 - in /webservices/wss4j/trunk: src/org/apache/ws/security/ src/org/apache/ws/security/processor/ src/org/apache/ws/security/saml/ src/org/apache/ws/security/util/ test/wssec/
Date Wed, 03 Nov 2010 14:29:47 GMT
Author: coheigea
Date: Wed Nov  3 14:29:46 2010
New Revision: 1030475

URL: http://svn.apache.org/viewvc?rev=1030475&view=rev
Log:
Reordered how some of the providers are added to the provider list plus some other minor stuff.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
    webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
    webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Wed Nov  3 14:29:46
2010
@@ -20,7 +20,10 @@
 
 package org.apache.ws.security;
 
+import java.security.Provider;
+import java.security.Security;
 import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.namespace.QName;
 
@@ -50,9 +53,9 @@ public class WSSConfig {
     /**
      * The default collection of actions supported by the toolkit.
      */
-    private static final java.util.Map DEFAULT_ACTIONS;
+    private static final Map DEFAULT_ACTIONS;
     static {
-        final java.util.Map tmp = new java.util.HashMap();
+        final Map tmp = new HashMap();
         try {
             tmp.put(
                 new Integer(WSConstants.UT),
@@ -102,9 +105,9 @@ public class WSSConfig {
     /**
      * The default collection of processors supported by the toolkit
      */
-    private static final java.util.Map DEFAULT_PROCESSORS;
+    private static final Map DEFAULT_PROCESSORS;
     static {
-        final java.util.Map tmp = new java.util.HashMap();
+        final Map tmp = new HashMap();
         try {
             tmp.put(
                 WSSecurityEngine.SAML_TOKEN,
@@ -248,14 +251,14 @@ public class WSSConfig {
      * The known actions are initialized from a set of defaults,
      * but the list may be modified via the setAction operations.
      */
-    private final java.util.Map actionMap = new java.util.HashMap(DEFAULT_ACTIONS);
+    private final Map actionMap = new HashMap(DEFAULT_ACTIONS);
 
     /**
      * The known processors. This map is of the form <String, String> or <String,Processor>.
      * The known processors are initialized from a set of defaults,
      * but the list may be modified via the setProcessor operations.
      */
-    private final java.util.Map processorMap = new java.util.HashMap(DEFAULT_PROCESSORS);
+    private final Map processorMap = new HashMap(DEFAULT_PROCESSORS);
     
     /**
      * a static boolean flag that determines whether default JCE providers
@@ -290,8 +293,10 @@ public class WSSConfig {
             org.apache.xml.security.Init.init();
             if (addJceProviders) {
                 addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
-                addJceProvider("XMLDSig", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
-                addJceProvider("STRTransform", "org.apache.ws.security.transform.STRTransformProvider");
+                appendJceProvider("XMLDSig", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
+                appendJceProvider(
+                    "STRTransform", "org.apache.ws.security.transform.STRTransformProvider"
+                );
             }
             
             staticallyInitialized = true;
@@ -325,7 +330,7 @@ public class WSSConfig {
     /**
      * Checks if we are in WS-I Basic Security Profile compliance mode
      * 
-     * @return TODO
+     * @return whether we are in WS-I Basic Security Profile compliance mode
      */
     public boolean isWsiBSPCompliant() {
         return wsiBSPCompliant;
@@ -344,17 +349,16 @@ public class WSSConfig {
     /**
      * Checks if we need to use milliseconds in timestamps
      * 
-     * @return TODO
+     * @return whether to use precision in milliseconds for timestamps
      */
     public boolean isPrecisionInMilliSeconds() {
         return precisionInMilliSeconds;
     }
 
     /**
-     * Set the precision in milliseconds
+     * Set the precision in milliseconds for timestamps
      * 
-     * @param precisionInMilliSeconds
-     *            TODO
+     * @param precisionInMilliSeconds whether to use precision in milliseconds for timestamps
      */
     public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
         this.precisionInMilliSeconds = precisionInMilliSeconds;
@@ -579,60 +583,74 @@ public class WSSConfig {
 
     
     /**
-     * Load the provider of the specified name, and of the specified class. Return either
the
-     * name of the previously loaded provider, the name of the new loaded provider, or null
if
-     * there's an exception in loading the provider.
+     * Add a new JCE security provider to use for WSS4J, of the specified name and class.
Return
+     * either the name of the previously loaded provider, the name of the new loaded provider,
or
+     * null if there's an exception in loading the provider. Add the provider either after
the SUN
+     * provider (see WSS-99), or the IBMJCE provider. Otherwise fall back to the old behaviour
of
+     * inserting the provider in position 2.
+     * 
+     * @param name
+     *            The name string of the provider (this may not be the real name of the provider)
+     * @param className
+     *            Name of the class the implements the provider. This class must
+     *            be a subclass of <code>java.security.Provider</code>
+     * 
+     * @return Returns the actual name of the provider that was loaded
      */
-    private String loadProvider(String name, String className) {
-        try {
-            if (java.security.Security.getProvider(name) == null) {
-                Class c = Loader.loadClass(className, false);
-                java.security.Provider[] provs = 
-                    java.security.Security.getProviders();
-                java.security.Provider newProvider = (java.security.Provider)c.newInstance();
-                //
-                // Install the provider after the SUN provider (see WSS-99)
-                // Otherwise fall back to the old behaviour of inserting
-                // the provider in position 2. For AIX, install it after
-                // the IBMJCE provider.
-                //
-                int ret = 0;
-                for (int i = 0; i < provs.length; i++) {
-                    if ("SUN".equals(provs[i].getName())
-                        || "IBMJCE".equals(provs[i].getName())) {
-                        ret =
-                            java.security.Security.insertProviderAt(
-                                newProvider, i + 2
-                            );
-                        break;
+    public String addJceProvider(String name, String className) {
+        if (jceProvider.get(name) == null) {
+            String newName = null;
+            try {
+                if (Security.getProvider(name) == null) {
+                    Class c = Loader.loadClass(className, false);
+                    Provider[] provs = Security.getProviders();
+                    Provider newProvider = (Provider)c.newInstance();
+                    //
+                    // Install the provider after the SUN provider (see WSS-99)
+                    // Otherwise fall back to the old behaviour of inserting
+                    // the provider in position 2. For AIX, install it after
+                    // the IBMJCE provider.
+                    //
+                    int ret = 0;
+                    for (int i = 0; i < provs.length; i++) {
+                        if ("SUN".equals(provs[i].getName())
+                            || "IBMJCE".equals(provs[i].getName())) {
+                            ret = Security.insertProviderAt(newProvider, i + 2);
+                            break;
+                        }
                     }
+                    if (ret == 0) {
+                        ret = Security.insertProviderAt(newProvider, 2);
+                    }
+                    if (log.isDebugEnabled()) {
+                        log.debug(
+                            "The provider " + newProvider.getName() + " was added at position:
" + ret
+                        );
+                    }
+                    newName = newProvider.getName();
+                } else {
+                    newName = name;
                 }
-                if (ret == 0) {
-                    ret = java.security.Security.insertProviderAt(newProvider, 2);
-                }
+            } catch (Throwable t) {
                 if (log.isDebugEnabled()) {
-                    log.debug(
-                        "The provider " + newProvider.getName() + " was added at position:
" + ret
-                    );
+                    log.debug("The provider " + name + " could not be added: " + t.getMessage(),
t);
                 }
-                return newProvider.getName();
-            } else {
-                return name;
+                newName = null;
             }
-        } catch (Throwable t) {
-            if (log.isDebugEnabled()) {
-                log.debug("The provider " + name + " could not be added: " + t.getMessage(),
t);
+            if (newName != null) {
+                jceProvider.put(newName, className);
             }
-            return null;
+            return newName;
         }
-
+        return name;
     }
-
+    
+    
     /**
-     * Add a new JCE security provider to use for WSS4J.
-     * 
-     * If the provider is not already known the method loads a security provider
-     * class and adds the provider to the java security service.
+     * Add a new JCE security provider to use for WSS4J, of the specified name and class.
Return
+     * either the name of the previously loaded provider, the name of the new loaded provider,
or
+     * null if there's an exception in loading the provider. Append the provider to the provider
+     * list.
      * 
      * @param name
      *            The name string of the provider (this may not be the real name of the provider)
@@ -642,9 +660,29 @@ public class WSSConfig {
      * 
      * @return Returns the actual name of the provider that was loaded
      */
-    public String addJceProvider(String name, String className) {
+    public String appendJceProvider(String name, String className) {
         if (jceProvider.get(name) == null) {
-            String newName = loadProvider(name, className);
+            String newName = null;
+            try {
+                if (Security.getProvider(name) == null) {
+                    Class c = Loader.loadClass(className, false);
+                    Provider newProvider = (Provider)c.newInstance();
+                    int ret = Security.addProvider(newProvider);
+                    if (log.isDebugEnabled()) {
+                        log.debug(
+                            "The provider " + newProvider.getName() + " was added at position:
" + ret
+                        );
+                    }
+                    newName = newProvider.getName();
+                } else {
+                    newName = name;
+                }
+            } catch (Throwable t) {
+                if (log.isDebugEnabled()) {
+                    log.debug("The provider " + name + " could not be added: " + t.getMessage(),
t);
+                }
+                newName = null;
+            }
             if (newName != null) {
                 jceProvider.put(newName, className);
             }
@@ -652,4 +690,5 @@ public class WSSConfig {
         }
         return name;
     }
+    
 }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Wed
Nov  3 14:29:46 2010
@@ -211,16 +211,19 @@ public class SignatureProcessor implemen
                 );
             if (strElement == null) {
                 try {
+                    //
+                    // Look for a KeyValue object
+                    //
                     keyValue = getKeyValue(keyInfoElement);
                 } catch (javax.xml.crypto.MarshalException ex) {
                     throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null,
null, ex);
                 } 
 
                 if (keyValue != null) {
-                    //
-                    // Look for a KeyValue object
-                    //
                     try {
+                        //
+                        // Look for a Public Key in Key Value
+                        //
                         publicKey = keyValue.getPublicKey();
                         principal = validatePublicKey(cb, publicKey);
                     } catch (java.security.KeyException ex) {

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java Wed Nov  3
14:29:46 2010
@@ -77,9 +77,10 @@ public class SAMLIssuerImpl implements S
     private Crypto userCrypto = null;
     private String username = null;
     
-    private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
     private WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
     
+    private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
+    
     /**
      * Flag indicating what format to put the subject's key material in when
      * NOT using Sender Vouches as the confirmation method.  The default is

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Wed Nov
 3 14:29:46 2010
@@ -147,6 +147,12 @@ public class WSSecSignatureSAML extends 
 
         prependSAMLElementsToHeader(secHeader);
 
+        if (senderVouches) {
+            computeSignature(referenceList, secHeader, secRefSaml.getElement());
+        } else {
+            computeSignature(referenceList, secHeader, samlToken);
+        }
+        
         //
         // if we have a BST prepend it in front of the Signature according to
         // strict layout rules.
@@ -154,8 +160,6 @@ public class WSSecSignatureSAML extends 
         if (bstToken != null) {
             prependBSTElementToHeader(secHeader);
         }
-        
-        computeSignature(referenceList, secHeader, samlToken);
 
         return doc;
     }
@@ -489,7 +493,7 @@ public class WSSecSignatureSAML extends 
      * 
      * @throws WSSecurityException
      */
-    public void computeSignature(List referenceList, WSSecHeader secHeader, Element assertion)

+    public void computeSignature(List referenceList, WSSecHeader secHeader, Element siblingElement)

         throws WSSecurityException {
         boolean remove = WSDocInfoStore.store(wsDocInfo);
         try {
@@ -516,9 +520,9 @@ public class WSSecSignatureSAML extends 
             // Prepend the signature element to the security header (after the assertion)
             //
             XMLSignContext signContext = null;
-            if (assertion != null && assertion.getNextSibling() != null) {
+            if (siblingElement != null && siblingElement.getNextSibling() != null)
{
                 signContext = 
-                    new DOMSignContext(key, securityHeaderElement, assertion.getNextSibling());
+                    new DOMSignContext(key, securityHeaderElement, siblingElement.getNextSibling());
             } else {
                 signContext = new DOMSignContext(key, securityHeaderElement);
             }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java Wed Nov  3 14:29:46
2010
@@ -50,11 +50,6 @@ public final class  Base64 {
     static final private byte [] base64Alphabet        = new byte[BASELENGTH];
     static final private char [] lookUpBase64Alphabet  = new char[LOOKUPLENGTH];
     
-    static org.apache.commons.logging.Log log = 
-        org.apache.commons.logging.LogFactory.getLog(Base64.class.getName());
-    
-    static private final boolean fDebug          = log.isDebugEnabled();
-
     static {
 
         for (int i = 0; i < BASELENGTH; ++i) {
@@ -130,19 +125,12 @@ public final class  Base64 {
 
         int encodedIndex = 0;
         int dataIndex   = 0;
-        if (fDebug) {
-            log.debug("number of triplets = " + numberTriplets );
-        }
 
         for (int i=0; i<numberTriplets; i++) {
             b1 = binaryData[dataIndex++];
             b2 = binaryData[dataIndex++];
             b3 = binaryData[dataIndex++];
 
-            if (fDebug) {
-                log.debug( "b1= " + b1 +", b2= " + b2 + ", b3= " + b3 );
-            }
-
             l  = (byte)(b2 & 0x0f);
             k  = (byte)(b1 & 0x03);
 
@@ -151,12 +139,6 @@ public final class  Base64 {
             byte val2 = ((b2 & SIGN)==0)?(byte)(b2>>4):(byte)((b2)>>4^0xf0);
             byte val3 = ((b3 & SIGN)==0)?(byte)(b3>>6):(byte)((b3)>>6^0xfc);
 
-            if (fDebug) {
-                log.debug( "val2 = " + val2 );
-                log.debug( "k4   = " + (k<<4));
-                log.debug( "vak  = " + (val2 | (k<<4)));
-            }
-
             encodedData[encodedIndex++] = lookUpBase64Alphabet[ val1 ];
             encodedData[encodedIndex++] = lookUpBase64Alphabet[ val2 | ( k<<4 )];
             encodedData[encodedIndex++] = lookUpBase64Alphabet[ (l <<2 ) | val3 ];
@@ -167,10 +149,7 @@ public final class  Base64 {
         if (fewerThan24bits == EIGHTBIT) {
             b1 = binaryData[dataIndex];
             k = (byte) ( b1 &0x03 );
-            if (fDebug) {
-                log.debug("b1=" + b1);
-                log.debug("b1<<2 = " + (b1>>2) );
-            }
+
             byte val1 = ((b1 & SIGN)==0)?(byte)(b1>>2):(byte)((b1)>>2^0xc0);
             encodedData[encodedIndex++] = lookUpBase64Alphabet[ val1 ];
             encodedData[encodedIndex++] = lookUpBase64Alphabet[ k<<4 ];

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java Wed Nov  3 14:29:46 2010
@@ -76,7 +76,6 @@ public class TestWSSecurityNewST3 extend
      */
     public TestWSSecurityNewST3(String name) {
         super(name);
-        secEngine.getWssConfig();
     }
 
     /**



Mime
View raw message