ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1031122 - in /webservices/wss4j/trunk/src/org/apache/ws/security: ./ action/ message/ transform/
Date Thu, 04 Nov 2010 18:19:15 GMT
Author: coheigea
Date: Thu Nov  4 18:19:14 2010
New Revision: 1031122

URL: http://svn.apache.org/viewvc?rev=1031122&view=rev
Log:
Committing some fixes to get CXF working with WSS4J 1.6
 - This merge breaks checkstyle...I'll fix this asap.
 - The STR Transform requires some work as well.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
    webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
    webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java Thu Nov  4 18:19:14
2010
@@ -27,6 +27,7 @@ public class WSEncryptionPart {
     private String name;
     private String namespace;
     private String encModifier;
+    private String encId;
     private String id;
     
     /**
@@ -130,6 +131,14 @@ public class WSEncryptionPart {
     public void setId(String id) {
         this.id = id;
     }
+    
+    public void setEncId(String id) {
+        encId = id;
+    }
+    
+    public String getEncId() {
+        return encId;
+    }
 
     /**
      * @return the xpath

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
Thu Nov  4 18:19:14 2010
@@ -124,7 +124,7 @@ public class UsernameTokenSignedAction i
         List referenceList = sign.addReferencesToSign(parts, reqData.getSecHeader());
 
         try {
-            sign.computeSignature(referenceList, reqData.getSecHeader());
+            sign.computeSignature(referenceList);
             reqData.getSignatureValues().add(sign.getSignatureValue());
         } catch (WSSecurityException e) {
             throw new WSSecurityException(

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/EnvelopeIdResolver.java Thu
Nov  4 18:19:14 2010
@@ -142,7 +142,7 @@ public class EnvelopeIdResolver extends 
                 }
                 if (cId == null) {
                     throw new ResourceResolverException("generic.EmptyMessage",
-                            new Object[]{"Id not found"},
+                            new Object[]{"Id: " + id + " not found"},
                             uri,
                             BaseURI);
                 }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecDKSign.java Thu Nov  4
18:19:14 2010
@@ -32,6 +32,8 @@ import org.apache.ws.security.message.to
 import org.apache.ws.security.util.WSSecurityUtil;
 
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
 import java.util.List;
 import java.util.Vector;
 
@@ -75,6 +77,7 @@ public class WSSecDKSign extends WSSecDe
     private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
     private KeyInfo keyInfo;
     private CanonicalizationMethod c14nMethod;
+    private Element securityHeader = null;
 
 
     public Document build(Document doc, WSSecHeader secHeader)
@@ -101,7 +104,7 @@ public class WSSecDKSign extends WSSecDe
         }
         
         List referenceList = addReferencesToSign(parts, secHeader);
-        computeSignature(referenceList, secHeader);
+        computeSignature(referenceList);
         
         //
         // prepend elements in the right order to the security header
@@ -115,6 +118,7 @@ public class WSSecDKSign extends WSSecDe
         throws WSSecurityException, ConversationException {
         super.prepare(doc);
         wsDocInfo = new WSDocInfo(doc);
+        securityHeader = secHeader.getSecurityHeader();
         
         try {
             C14NMethodParameterSpec c14nSpec = null;
@@ -149,6 +153,19 @@ public class WSSecDKSign extends WSSecDe
         
     }
     
+    /**
+     * Returns the SignatureElement.
+     * The method can be called any time after <code>prepare()</code>.
+     * @return The DOM Element of the signature.
+     */
+    public Element getSignatureElement() {
+        return
+            WSSecurityUtil.getDirectChildElement(
+                securityHeader,
+                WSConstants.SIG_LN,
+                WSConstants.SIG_NS
+            );
+    }
     
     /**
      * This method adds references to the Signature.
@@ -170,6 +187,20 @@ public class WSSecDKSign extends WSSecDe
             );
     }
     
+    /**
+     * Compute the Signature over the references.
+     * 
+     * After references are set this method computes the Signature for them.
+     * This method can be called any time after the references were set. See
+     * <code>addReferencesToSign()</code>.
+     * 
+     * @throws WSSecurityException
+     */
+    public void computeSignature(
+        List referenceList
+    ) throws WSSecurityException {
+        computeSignature(referenceList, true, null);
+    }
     
     /**
      * Compute the Signature over the references.
@@ -180,7 +211,11 @@ public class WSSecDKSign extends WSSecDe
      * 
      * @throws WSSecurityException
      */
-    public void computeSignature(List referenceList, WSSecHeader secHeader) throws WSSecurityException
{
+    public void computeSignature(
+        List referenceList, 
+        boolean prepend,
+        Element siblingElement
+    ) throws WSSecurityException {
         boolean remove = WSDocInfoStore.store(wsDocInfo);
         try {
             java.security.Key key = 
@@ -198,17 +233,23 @@ public class WSSecDKSign extends WSSecDe
                     wssConfig.getIdAllocator().createId("SIG-", null),
                     null);
             
-            org.w3c.dom.Element securityHeaderElement = secHeader.getSecurityHeader();
             //
-            // Prepend the signature element to the security header
+            // Figure out where to insert the signature element
             //
             XMLSignContext signContext = null;
-            if (securityHeaderElement.hasChildNodes()) {
-                org.w3c.dom.Node firstChild = securityHeaderElement.getFirstChild();
-                signContext = new DOMSignContext(key, securityHeaderElement, firstChild);
+            if (prepend) {
+                if (siblingElement == null) {
+                    siblingElement = (Element)securityHeader.getFirstChild();
+                }
+                if (siblingElement == null) {
+                    signContext = new DOMSignContext(key, securityHeader);
+                } else {
+                    signContext = new DOMSignContext(key, securityHeader, siblingElement);
+                }
             } else {
-                signContext = new DOMSignContext(key, securityHeaderElement);
+                signContext = new DOMSignContext(key, securityHeader);
             }
+            
             signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
             if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
                 signContext.putNamespacePrefix(

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncrypt.java Thu Nov 
4 18:19:14 2010
@@ -456,6 +456,7 @@ public class WSSecEncrypt extends WSSecE
             //
             String xencEncryptedDataId = 
                 config.getIdAllocator().createId("ED-", elementToEncrypt);
+            encPart.setEncId(xencEncryptedDataId);
             try {
                 if (modifier.equals("Header")) {
                     Element elem = 

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java Thu Nov
 4 18:19:14 2010
@@ -105,6 +105,7 @@ public class WSSecSignature extends WSSe
     private String customTokenId;
     private String digestAlgo = WSConstants.SHA1;
     private X509Certificate useThisCert = null;
+    private Element securityHeader = null;
 
    
     /**
@@ -133,6 +134,7 @@ public class WSSecSignature extends WSSe
         document = doc;
         wsDocInfo = new WSDocInfo(doc);
         wsDocInfo.setCrypto(cr);
+        securityHeader = secHeader.getSecurityHeader();
         
         //
         // At first get the security token (certificate) according to the parameters.
@@ -160,6 +162,10 @@ public class WSSecSignature extends WSSe
         secRef.setID(strUri);
         
         //
+        // Get an initialized XMLSignature element.
+        //
+        
+        //
         // Prepare and setup the token references for this Signature
         //
         switch (keyIdentifierType) {
@@ -301,7 +307,7 @@ public class WSSecSignature extends WSSe
 
         List referenceList = addReferencesToSign(parts, secHeader);
 
-        computeSignature(referenceList, secHeader);
+        computeSignature(referenceList);
         
         //
         // if we have a BST prepend it in front of the Signature according to
@@ -334,6 +340,19 @@ public class WSSecSignature extends WSSe
             );
     }
 
+    /**
+     * Returns the SignatureElement.
+     * The method can be called any time after <code>prepare()</code>.
+     * @return The DOM Element of the signature.
+     */
+    public Element getSignatureElement() {
+        return
+            WSSecurityUtil.getDirectChildElement(
+                securityHeader,
+                WSConstants.SIG_LN,
+                WSConstants.SIG_NS
+            );
+    }
     
     /**
      * Prepend the BinarySecurityToken to the elements already in the Security
@@ -364,6 +383,20 @@ public class WSSecSignature extends WSSe
         bstToken = null;
     }
     
+    /**
+     * Compute the Signature over the references.
+     * 
+     * After references are set this method computes the Signature for them.
+     * This method can be called any time after the references were set. See
+     * <code>addReferencesToSign()</code>.
+     * 
+     * @throws WSSecurityException
+     */
+    public void computeSignature(
+        List referenceList 
+    ) throws WSSecurityException {
+        computeSignature(referenceList, true, null);
+    }
     
     /**
      * Compute the Signature over the references.
@@ -374,8 +407,11 @@ public class WSSecSignature extends WSSe
      * 
      * @throws WSSecurityException
      */
-    public void computeSignature(List referenceList, WSSecHeader secHeader) 
-        throws WSSecurityException {
+    public void computeSignature(
+        List referenceList, 
+        boolean prepend,
+        Element siblingElement
+    ) throws WSSecurityException {
         boolean remove = WSDocInfoStore.store(wsDocInfo);
         try {
             java.security.Key key;
@@ -396,17 +432,23 @@ public class WSSecSignature extends WSSe
                     wssConfig.getIdAllocator().createId("SIG-", null),
                     null);
             
-            org.w3c.dom.Element securityHeaderElement = secHeader.getSecurityHeader();
             //
-            // Prepend the signature element to the security header
+            // Figure out where to insert the signature element
             //
             XMLSignContext signContext = null;
-            if (securityHeaderElement.hasChildNodes()) {
-                org.w3c.dom.Node firstChild = securityHeaderElement.getFirstChild();
-                signContext = new DOMSignContext(key, securityHeaderElement, firstChild);
+            if (prepend) {
+                if (siblingElement == null) {
+                    siblingElement = (Element)securityHeader.getFirstChild();
+                }
+                if (siblingElement == null) {
+                    signContext = new DOMSignContext(key, securityHeader);
+                } else {
+                    signContext = new DOMSignContext(key, securityHeader, siblingElement);
+                }
             } else {
-                signContext = new DOMSignContext(key, securityHeaderElement);
+                signContext = new DOMSignContext(key, securityHeader);
             }
+            
             signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
             if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
                 signContext.putNamespacePrefix(

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=1031122&r1=1031121&r2=1031122&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Thu Nov
 4 18:19:14 2010
@@ -19,13 +19,17 @@
 
 package org.apache.ws.security.transform;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDocInfo;
 import org.apache.ws.security.WSDocInfoStore;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.WSSecurityUtil;
 
+import org.apache.xml.security.c14n.Canonicalizer;
 import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.XMLUtils;
 
 import org.jcp.xml.dsig.internal.dom.ApacheData;
 import org.jcp.xml.dsig.internal.dom.DOMSubTreeData;
@@ -34,6 +38,7 @@ import org.jcp.xml.dsig.internal.dom.DOM
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
@@ -66,6 +71,10 @@ public class STRTransform extends Transf
     
     private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
     
+    private static Log log = LogFactory.getLog(STRTransform.class.getName());
+
+    private static boolean doDebug = false;
+    
     public final AlgorithmParameterSpec getParameterSpec() {
         return params;
     }
@@ -120,6 +129,7 @@ public class STRTransform extends Transf
     
     private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os) 
         throws TransformException {
+        doDebug = log.isDebugEnabled();
         // 
         // First step: Get the required c14n argument and get the specified
         // Canonicalizer
@@ -174,8 +184,14 @@ public class STRTransform extends Transf
             // element.
             //
             SecurityTokenReference secRef = new SecurityTokenReference(str);
+            
+            Canonicalizer canon = Canonicalizer.getInstance(canonAlgo);
+
+            ByteArrayOutputStream bos = null;
+            byte[] buf = null;
+            
             //
-            // Third and fourth step are performed by derefenceSTR()
+            // Third and fourth step are performed by dereferenceSTR()
             //
             Document doc = str.getOwnerDocument();
             WSDocInfo wsDocInfo = WSDocInfoStore.lookup(doc);
@@ -185,6 +201,63 @@ public class STRTransform extends Transf
 
             Element dereferencedToken = 
                 STRTransformUtil.dereferenceSTR(doc, secRef, wsDocInfo);
+            
+            //
+            // C14n with specified algorithm. According to WSS Specification.
+            //
+            buf = canon.canonicalizeSubtree(dereferencedToken, "#default");
+            if (doDebug) {
+                bos = new ByteArrayOutputStream(buf.length);
+                bos.write(buf, 0, buf.length);
+                log.debug("after c14n: " + bos.toString());
+            }
+
+            //
+            // Alert: Hacks ahead According to WSS spec an Apex node must
+            // contain a default namespace. If none is availabe in the first
+            // node of the c14n output (this is the apex element) then we do
+            // some editing to insert an empty default namespace
+            // 
+            // TODO: Rework theses hacks after c14n was updated and can be
+            // instructed to insert empty default namespace if required
+            //
+            // If the problem with c14n method is solved then just do:
+            // return new XMLSignatureInput(buf);
+            
+            // start of HACK
+            StringBuffer bf = new StringBuffer(new String(buf));
+            String bf1 = bf.toString();
+
+            //
+            // Find start and end of first element <....>, this is the Apex node
+            //
+            int gt = bf1.indexOf(">");
+            //
+            // Lookup the default namespace
+            //
+            int idx = bf1.indexOf("xmlns=");
+            //
+            // If none found or if it is outside of this (Apex) element look for
+            // first blank in, insert default namespace there (this is the
+            // correct place according to c14n specification)
+            //
+            if (idx < 0 || idx > gt) {
+                idx = bf1.indexOf(" ");
+                bf.insert(idx + 1, "xmlns=\"\" ");
+                bf1 = bf.toString();
+            }
+            if (doDebug) {
+                log.debug("last result: ");
+                log.debug(bf1);
+            }
+            XMLSignatureInput output = new XMLSignatureInput(bf1.getBytes());
+            if (os != null) {
+                output.updateOutputStream(os);
+                return null;
+            }
+            return new OctetStreamData(output.getOctetStream());
+            
+            /*
             //
             // According to WSS spec an Apex node must contain a default namespace.
             // 
@@ -219,6 +292,7 @@ public class STRTransform extends Transf
                 return null;
             }
             return new OctetStreamData(output.getOctetStream());
+            */
         } catch (Exception ex) {
             throw new TransformException(ex);
         }



Mime
View raw message