Author: coheigea Date: Wed Nov 3 14:29:46 2010 New Revision: 1030475 URL: http://svn.apache.org/viewvc?rev=1030475&view=rev Log: Reordered how some of the providers are added to the provider list plus some other minor stuff. Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=1030475&r1=1030474&r2=1030475&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Wed Nov 3 14:29:46 2010 @@ -20,7 +20,10 @@ package org.apache.ws.security; +import java.security.Provider; +import java.security.Security; import java.util.HashMap; +import java.util.Map; import javax.xml.namespace.QName; @@ -50,9 +53,9 @@ public class WSSConfig { /** * The default collection of actions supported by the toolkit. */ - private static final java.util.Map DEFAULT_ACTIONS; + private static final Map DEFAULT_ACTIONS; static { - final java.util.Map tmp = new java.util.HashMap(); + final Map tmp = new HashMap(); try { tmp.put( new Integer(WSConstants.UT), @@ -102,9 +105,9 @@ public class WSSConfig { /** * The default collection of processors supported by the toolkit */ - private static final java.util.Map DEFAULT_PROCESSORS; + private static final Map DEFAULT_PROCESSORS; static { - final java.util.Map tmp = new java.util.HashMap(); + final Map tmp = new HashMap(); try { tmp.put( WSSecurityEngine.SAML_TOKEN, @@ -248,14 +251,14 @@ public class WSSConfig { * The known actions are initialized from a set of defaults, * but the list may be modified via the setAction operations. */ - private final java.util.Map actionMap = new java.util.HashMap(DEFAULT_ACTIONS); + private final Map actionMap = new HashMap(DEFAULT_ACTIONS); /** * The known processors. This map is of the form or . * The known processors are initialized from a set of defaults, * but the list may be modified via the setProcessor operations. */ - private final java.util.Map processorMap = new java.util.HashMap(DEFAULT_PROCESSORS); + private final Map processorMap = new HashMap(DEFAULT_PROCESSORS); /** * a static boolean flag that determines whether default JCE providers @@ -290,8 +293,10 @@ public class WSSConfig { org.apache.xml.security.Init.init(); if (addJceProviders) { addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider"); - addJceProvider("XMLDSig", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); - addJceProvider("STRTransform", "org.apache.ws.security.transform.STRTransformProvider"); + appendJceProvider("XMLDSig", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); + appendJceProvider( + "STRTransform", "org.apache.ws.security.transform.STRTransformProvider" + ); } staticallyInitialized = true; @@ -325,7 +330,7 @@ public class WSSConfig { /** * Checks if we are in WS-I Basic Security Profile compliance mode * - * @return TODO + * @return whether we are in WS-I Basic Security Profile compliance mode */ public boolean isWsiBSPCompliant() { return wsiBSPCompliant; @@ -344,17 +349,16 @@ public class WSSConfig { /** * Checks if we need to use milliseconds in timestamps * - * @return TODO + * @return whether to use precision in milliseconds for timestamps */ public boolean isPrecisionInMilliSeconds() { return precisionInMilliSeconds; } /** - * Set the precision in milliseconds + * Set the precision in milliseconds for timestamps * - * @param precisionInMilliSeconds - * TODO + * @param precisionInMilliSeconds whether to use precision in milliseconds for timestamps */ public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) { this.precisionInMilliSeconds = precisionInMilliSeconds; @@ -579,60 +583,74 @@ public class WSSConfig { /** - * Load the provider of the specified name, and of the specified class. Return either the - * name of the previously loaded provider, the name of the new loaded provider, or null if - * there's an exception in loading the provider. + * Add a new JCE security provider to use for WSS4J, of the specified name and class. Return + * either the name of the previously loaded provider, the name of the new loaded provider, or + * null if there's an exception in loading the provider. Add the provider either after the SUN + * provider (see WSS-99), or the IBMJCE provider. Otherwise fall back to the old behaviour of + * inserting the provider in position 2. + * + * @param name + * The name string of the provider (this may not be the real name of the provider) + * @param className + * Name of the class the implements the provider. This class must + * be a subclass of java.security.Provider + * + * @return Returns the actual name of the provider that was loaded */ - private String loadProvider(String name, String className) { - try { - if (java.security.Security.getProvider(name) == null) { - Class c = Loader.loadClass(className, false); - java.security.Provider[] provs = - java.security.Security.getProviders(); - java.security.Provider newProvider = (java.security.Provider)c.newInstance(); - // - // Install the provider after the SUN provider (see WSS-99) - // Otherwise fall back to the old behaviour of inserting - // the provider in position 2. For AIX, install it after - // the IBMJCE provider. - // - int ret = 0; - for (int i = 0; i < provs.length; i++) { - if ("SUN".equals(provs[i].getName()) - || "IBMJCE".equals(provs[i].getName())) { - ret = - java.security.Security.insertProviderAt( - newProvider, i + 2 - ); - break; + public String addJceProvider(String name, String className) { + if (jceProvider.get(name) == null) { + String newName = null; + try { + if (Security.getProvider(name) == null) { + Class c = Loader.loadClass(className, false); + Provider[] provs = Security.getProviders(); + Provider newProvider = (Provider)c.newInstance(); + // + // Install the provider after the SUN provider (see WSS-99) + // Otherwise fall back to the old behaviour of inserting + // the provider in position 2. For AIX, install it after + // the IBMJCE provider. + // + int ret = 0; + for (int i = 0; i < provs.length; i++) { + if ("SUN".equals(provs[i].getName()) + || "IBMJCE".equals(provs[i].getName())) { + ret = Security.insertProviderAt(newProvider, i + 2); + break; + } } + if (ret == 0) { + ret = Security.insertProviderAt(newProvider, 2); + } + if (log.isDebugEnabled()) { + log.debug( + "The provider " + newProvider.getName() + " was added at position: " + ret + ); + } + newName = newProvider.getName(); + } else { + newName = name; } - if (ret == 0) { - ret = java.security.Security.insertProviderAt(newProvider, 2); - } + } catch (Throwable t) { if (log.isDebugEnabled()) { - log.debug( - "The provider " + newProvider.getName() + " was added at position: " + ret - ); + log.debug("The provider " + name + " could not be added: " + t.getMessage(), t); } - return newProvider.getName(); - } else { - return name; + newName = null; } - } catch (Throwable t) { - if (log.isDebugEnabled()) { - log.debug("The provider " + name + " could not be added: " + t.getMessage(), t); + if (newName != null) { + jceProvider.put(newName, className); } - return null; + return newName; } - + return name; } - + + /** - * Add a new JCE security provider to use for WSS4J. - * - * If the provider is not already known the method loads a security provider - * class and adds the provider to the java security service. + * Add a new JCE security provider to use for WSS4J, of the specified name and class. Return + * either the name of the previously loaded provider, the name of the new loaded provider, or + * null if there's an exception in loading the provider. Append the provider to the provider + * list. * * @param name * The name string of the provider (this may not be the real name of the provider) @@ -642,9 +660,29 @@ public class WSSConfig { * * @return Returns the actual name of the provider that was loaded */ - public String addJceProvider(String name, String className) { + public String appendJceProvider(String name, String className) { if (jceProvider.get(name) == null) { - String newName = loadProvider(name, className); + String newName = null; + try { + if (Security.getProvider(name) == null) { + Class c = Loader.loadClass(className, false); + Provider newProvider = (Provider)c.newInstance(); + int ret = Security.addProvider(newProvider); + if (log.isDebugEnabled()) { + log.debug( + "The provider " + newProvider.getName() + " was added at position: " + ret + ); + } + newName = newProvider.getName(); + } else { + newName = name; + } + } catch (Throwable t) { + if (log.isDebugEnabled()) { + log.debug("The provider " + name + " could not be added: " + t.getMessage(), t); + } + newName = null; + } if (newName != null) { jceProvider.put(newName, className); } @@ -652,4 +690,5 @@ public class WSSConfig { } return name; } + } Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=1030475&r1=1030474&r2=1030475&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Wed Nov 3 14:29:46 2010 @@ -211,16 +211,19 @@ public class SignatureProcessor implemen ); if (strElement == null) { try { + // + // Look for a KeyValue object + // keyValue = getKeyValue(keyInfoElement); } catch (javax.xml.crypto.MarshalException ex) { throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex); } if (keyValue != null) { - // - // Look for a KeyValue object - // try { + // + // Look for a Public Key in Key Value + // publicKey = keyValue.getPublicKey(); principal = validatePublicKey(cb, publicKey); } catch (java.security.KeyException ex) { Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java?rev=1030475&r1=1030474&r2=1030475&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java Wed Nov 3 14:29:46 2010 @@ -77,9 +77,10 @@ public class SAMLIssuerImpl implements S private Crypto userCrypto = null; private String username = null; - private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM"); private WSSConfig wssConfig = WSSConfig.getDefaultWSConfig(); + private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM"); + /** * Flag indicating what format to put the subject's key material in when * NOT using Sender Vouches as the confirmation method. The default is Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1030475&r1=1030474&r2=1030475&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Wed Nov 3 14:29:46 2010 @@ -147,6 +147,12 @@ public class WSSecSignatureSAML extends prependSAMLElementsToHeader(secHeader); + if (senderVouches) { + computeSignature(referenceList, secHeader, secRefSaml.getElement()); + } else { + computeSignature(referenceList, secHeader, samlToken); + } + // // if we have a BST prepend it in front of the Signature according to // strict layout rules. @@ -154,8 +160,6 @@ public class WSSecSignatureSAML extends if (bstToken != null) { prependBSTElementToHeader(secHeader); } - - computeSignature(referenceList, secHeader, samlToken); return doc; } @@ -489,7 +493,7 @@ public class WSSecSignatureSAML extends * * @throws WSSecurityException */ - public void computeSignature(List referenceList, WSSecHeader secHeader, Element assertion) + public void computeSignature(List referenceList, WSSecHeader secHeader, Element siblingElement) throws WSSecurityException { boolean remove = WSDocInfoStore.store(wsDocInfo); try { @@ -516,9 +520,9 @@ public class WSSecSignatureSAML extends // Prepend the signature element to the security header (after the assertion) // XMLSignContext signContext = null; - if (assertion != null && assertion.getNextSibling() != null) { + if (siblingElement != null && siblingElement.getNextSibling() != null) { signContext = - new DOMSignContext(key, securityHeaderElement, assertion.getNextSibling()); + new DOMSignContext(key, securityHeaderElement, siblingElement.getNextSibling()); } else { signContext = new DOMSignContext(key, securityHeaderElement); } Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java?rev=1030475&r1=1030474&r2=1030475&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java Wed Nov 3 14:29:46 2010 @@ -50,11 +50,6 @@ public final class Base64 { static final private byte [] base64Alphabet = new byte[BASELENGTH]; static final private char [] lookUpBase64Alphabet = new char[LOOKUPLENGTH]; - static org.apache.commons.logging.Log log = - org.apache.commons.logging.LogFactory.getLog(Base64.class.getName()); - - static private final boolean fDebug = log.isDebugEnabled(); - static { for (int i = 0; i < BASELENGTH; ++i) { @@ -130,19 +125,12 @@ public final class Base64 { int encodedIndex = 0; int dataIndex = 0; - if (fDebug) { - log.debug("number of triplets = " + numberTriplets ); - } for (int i=0; i