ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1672679 - in /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom: message/WSSecEncrypt.java util/WSSecurityUtil.java
Date Fri, 10 Apr 2015 15:09:27 GMT
Author: coheigea
Date: Fri Apr 10 15:09:27 2015
New Revision: 1672679

URL: http://svn.apache.org/r1672679
Log:
[WSS-531] - Only create an EncryptedHeader if the parent node is the SOAP Header

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1672679&r1=1672678&r2=1672679&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
Fri Apr 10 15:09:27 2015
@@ -348,10 +348,12 @@ public class WSSecEncrypt extends WSSecE
         }
 
         List<String> encDataRef = new ArrayList<>();
+        WSEncryptionPart attachmentEncryptionPart = null;
         for (int part = 0; part < references.size(); part++) {
             WSEncryptionPart encPart = references.get(part);
 
             if (encPart.getId() != null && encPart.getId().startsWith("cid:")) {
+                attachmentEncryptionPart = encPart;
                 continue;
             }
 
@@ -392,113 +394,107 @@ public class WSSecEncrypt extends WSSecE
             }
         }
 
-        for (int part = 0; part < references.size(); part++) {
-            WSEncryptionPart encPart = references.get(part);
+        if (attachmentEncryptionPart != null) {
+            // We have an attachment to encrypt
 
-            if (encPart.getId() != null && encPart.getId().startsWith("cid:")) {
+            if (attachmentCallbackHandler == null) {
+                throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILURE,
+                    "empty", "no attachment callbackhandler supplied"
+                );
+            }
 
-                if (attachmentCallbackHandler == null) {
-                    throw new WSSecurityException(
-                            WSSecurityException.ErrorCode.FAILURE,
-                            "empty", "no attachment callbackhandler supplied"
-                    );
-                }
+            AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
+            String id = attachmentEncryptionPart.getId().substring(4);
+            attachmentRequestCallback.setAttachmentId(id);
+            try {
+                attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
+            } catch (Exception e) {
+                throw new WSSecurityException(
+                    WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
+                );
+            }
+            String attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY;
+            if ("Element".equals(attachmentEncryptionPart.getEncModifier())) {
+                attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE;
+            }
 
-                AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
-                String id = encPart.getId().substring(4);
-                attachmentRequestCallback.setAttachmentId(id);
-                try {
-                    attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
-                } catch (Exception e) {
-                    throw new WSSecurityException(
-                            WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e
-                    );
-                }
-                String attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY;
-                if ("Element".equals(encPart.getEncModifier())) {
-                    attachmentEncryptedDataType = WSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE;
-                }
+            for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
 
-                for (Attachment attachment : attachmentRequestCallback.getAttachments())
{
+                final String attachmentId = attachment.getId();
+                String encEncryptedDataId = idAllocator.createId("ED-", attachmentId);
+                encDataRef.add("#" + encEncryptedDataId);
 
-                    final String attachmentId = attachment.getId();
-                    String encEncryptedDataId = idAllocator.createId("ED-", attachmentId);
-                    encDataRef.add("#" + encEncryptedDataId);
-
-                    Element encryptedData =
-                            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":EncryptedData");
-                    encryptedData.setAttributeNS(null, "Id", encEncryptedDataId);
-                    encryptedData.setAttributeNS(null, "MimeType", attachment.getMimeType());
-                    encryptedData.setAttributeNS(null, "Type", attachmentEncryptedDataType);
-
-                    Element encryptionMethod =
-                            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":EncryptionMethod");
-                    encryptionMethod.setAttributeNS(null, "Algorithm", encryptionAlgorithm);
-
-                    encryptedData.appendChild(encryptionMethod);
-                    encryptedData.appendChild(keyInfo.getElement());
-
-                    Element cipherData =
-                            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":CipherData");
-                    Element cipherReference =
-                            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":CipherReference");
-                    cipherReference.setAttributeNS(null, "URI", "cid:" + attachmentId);
-
-                    Element transforms = doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":Transforms");
-                    Element transform = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX
+ ":Transform");
-                    transform.setAttributeNS(null, "Algorithm", WSConstants.SWA_ATTACHMENT_CIPHERTEXT_TRANS);
-                    transforms.appendChild(transform);
-
-                    cipherReference.appendChild(transforms);
-                    cipherData.appendChild(cipherReference);
-                    encryptedData.appendChild(cipherData);
-
-                    attachmentEncryptedDataElements.add(encryptedData);
-
-                    Attachment resultAttachment = new Attachment();
-                    resultAttachment.setId(attachmentId);
-                    resultAttachment.setMimeType("application/octet-stream");
-
-                    String jceAlgorithm = JCEMapper.translateURItoJCEID(encryptionAlgorithm);
-                    Cipher cipher = null;
-                    try {
-                        cipher = Cipher.getInstance(jceAlgorithm);
-
-                        // The Spec mandates a 96-bit IV for GCM algorithms
-                        if (XMLCipher.AES_128_GCM.equals(encryptionAlgorithm)
-                                || XMLCipher.AES_192_GCM.equals(encryptionAlgorithm)
-                                || XMLCipher.AES_256_GCM.equals(encryptionAlgorithm)) {
-                            byte[] temp = WSSecurityUtil.generateNonce(12);
-                            IvParameterSpec paramSpec = new IvParameterSpec(temp);
-                            cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
-                        } else {
-                            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
-                        }
-                    } catch (Exception e) {
-                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION,
e);
-                    }
+                Element encryptedData =
+                    doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedData");
+                encryptedData.setAttributeNS(null, "Id", encEncryptedDataId);
+                encryptedData.setAttributeNS(null, "MimeType", attachment.getMimeType());
+                encryptedData.setAttributeNS(null, "Type", attachmentEncryptedDataType);
 
-                    Map<String, String> headers = new HashMap<>(attachment.getHeaders());
-                    resultAttachment.setSourceStream(
-                            AttachmentUtils.setupAttachmentEncryptionStream(
-                                    cipher,
-                                    "Element".equals(encPart.getEncModifier()),
-                                    attachment,
-                                    headers
-                            )
-                    );
-                    resultAttachment.addHeaders(headers);
+                Element encryptionMethod =
+                    doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptionMethod");
+                encryptionMethod.setAttributeNS(null, "Algorithm", encryptionAlgorithm);
+
+                encryptedData.appendChild(encryptionMethod);
+                encryptedData.appendChild(keyInfo.getElement());
+
+                Element cipherData =
+                    doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherData");
+                Element cipherReference =
+                    doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherReference");
+                cipherReference.setAttributeNS(null, "URI", "cid:" + attachmentId);
+
+                Element transforms = doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ ":Transforms");
+                Element transform = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX
+ ":Transform");
+                transform.setAttributeNS(null, "Algorithm", WSConstants.SWA_ATTACHMENT_CIPHERTEXT_TRANS);
+                transforms.appendChild(transform);
+
+                cipherReference.appendChild(transforms);
+                cipherData.appendChild(cipherReference);
+                encryptedData.appendChild(cipherData);
+
+                attachmentEncryptedDataElements.add(encryptedData);
 
-                    AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
-                    attachmentResultCallback.setAttachmentId(attachmentId);
-                    attachmentResultCallback.setAttachment(resultAttachment);
-                    try {
-                        attachmentCallbackHandler.handle(new Callback[]{attachmentResultCallback});
-                    } catch (Exception e) {
-                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION,
e);
+                Attachment resultAttachment = new Attachment();
+                resultAttachment.setId(attachmentId);
+                resultAttachment.setMimeType("application/octet-stream");
+
+                String jceAlgorithm = JCEMapper.translateURItoJCEID(encryptionAlgorithm);
+                Cipher cipher = null;
+                try {
+                    cipher = Cipher.getInstance(jceAlgorithm);
+
+                    // The Spec mandates a 96-bit IV for GCM algorithms
+                    if (XMLCipher.AES_128_GCM.equals(encryptionAlgorithm)
+                        || XMLCipher.AES_192_GCM.equals(encryptionAlgorithm)
+                        || XMLCipher.AES_256_GCM.equals(encryptionAlgorithm)) {
+                        byte[] temp = WSSecurityUtil.generateNonce(12);
+                        IvParameterSpec paramSpec = new IvParameterSpec(temp);
+                        cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
+                    } else {
+                        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
                     }
+                } catch (Exception e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION,
e);
+                }
+
+                Map<String, String> headers = new HashMap<>(attachment.getHeaders());
+                resultAttachment.setSourceStream(
+                    AttachmentUtils.setupAttachmentEncryptionStream(
+                        cipher, "Element".equals(attachmentEncryptionPart.getEncModifier()),
+                        attachment, headers
+                    )
+                );
+                resultAttachment.addHeaders(headers);
+
+                AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
+                attachmentResultCallback.setAttachmentId(attachmentId);
+                attachmentResultCallback.setAttachment(resultAttachment);
+                try {
+                    attachmentCallbackHandler.handle(new Callback[]{attachmentResultCallback});
+                } catch (Exception e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION,
e);
                 }
-                break;
             }
         }
 
@@ -525,7 +521,8 @@ public class WSSecEncrypt extends WSSecE
         String xencEncryptedDataId = idAllocator.createId("ED-", elementToEncrypt);
         try {
             String headerId = "";
-            if ("Header".equals(modifier)) {
+            if ("Header".equals(modifier) 
+                && elementToEncrypt.getParentNode().equals(WSSecurityUtil.getSOAPHeader(doc)))
{
                 Element elem = 
                     doc.createElementNS(
                         WSConstants.WSSE11_NS, "wsse11:" + WSConstants.ENCRYPTED_HEADER

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1672679&r1=1672678&r2=1672679&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Fri Apr 10 15:09:27 2015
@@ -56,6 +56,14 @@ public final class WSSecurityUtil {
         // Complete
     }
     
+    public static Element getSOAPHeader(Document doc) {
+        String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+        return 
+            XMLUtils.getDirectChildElement(
+                doc.getDocumentElement(), WSConstants.ELEM_HEADER, soapNamespace
+            );
+    }
+    
     /**
      * Returns the first WS-Security header element for a given actor. Only one
      * WS-Security header is allowed for an actor.
@@ -66,17 +74,12 @@ public final class WSSecurityUtil {
      *         if not such element found
      */
     public static Element getSecurityHeader(Document doc, String actor) throws WSSecurityException
{
-        String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
-        Element soapHeaderElement = 
-            XMLUtils.getDirectChildElement(
-                doc.getDocumentElement(), 
-                WSConstants.ELEM_HEADER, 
-                soapNamespace
-            );
+        Element soapHeaderElement = getSOAPHeader(doc);
         if (soapHeaderElement == null) { // no SOAP header at all
             return null;
         }
         
+        String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
         return getSecurityHeader(soapHeaderElement, actor, WSConstants.URI_SOAP12_ENV.equals(soapNamespace));
     }
     



Mime
View raw message