ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1683564 - in /webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom: message/token/BinarySecurity.java processor/SignatureProcessor.java
Date Thu, 04 Jun 2015 14:50:26 GMT
Author: coheigea
Date: Thu Jun  4 14:50:26 2015
New Revision: 1683564

URL: http://svn.apache.org/r1683564
Log:
If a BinarySecurityToken is xop:Include + is signed, then expand it


Conflicts:
	ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/BinarySecurity.java
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/BinarySecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/BinarySecurity.java?rev=1683564&r1=1683563&r2=1683564&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/BinarySecurity.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/BinarySecurity.java
Thu Jun  4 14:50:26 2015
@@ -226,6 +226,17 @@ public class BinarySecurity {
     public void setRawToken(byte[] data) {
         this.data = Arrays.copyOf(data, data.length);
     }
+    
+    /**
+     * BASE64-Encode the raw token bytes + store them in a text child node.
+     */
+    public void encodeRawToken() {
+        if (data == null) {
+            throw new IllegalArgumentException("data == null");
+        }
+        Text node = getFirstNode();
+        node.setData(Base64.encode(data));
+    }
 
     /**
      * return the first text node.

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1683564&r1=1683563&r2=1683564&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Thu Jun  4 14:50:26 2015
@@ -74,6 +74,7 @@ import org.apache.wss4j.dom.bsp.BSPEnfor
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.CallbackLookup;
 import org.apache.wss4j.dom.message.DOMCallbackLookup;
+import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
 import org.apache.wss4j.dom.message.token.Timestamp;
 import org.apache.wss4j.dom.str.STRParser;
@@ -477,6 +478,40 @@ public class SignatureProcessor implemen
                     WSSecurityUtil.storeElementInContext(context, element);
                 }
             }
+            if (element != null && "BinarySecurityToken".equals(element.getLocalName())
+                && WSConstants.WSSE_NS.equals(element.getNamespaceURI())
+                && isXopInclude(element)) {
+                // We don't write out the xop:Include bytes into the BinarySecurityToken
by default
+                // But if the BST is signed, then we have to, or else Signature validation
fails...
+                handleXopInclude(element, wsDocInfo);
+            }
+        }
+    }
+    
+    private boolean isXopInclude(Element element) {
+        Element elementChild =
+            WSSecurityUtil.getDirectChildElement(element, "Include", WSConstants.XOP_NS);
+        if (elementChild != null && elementChild.hasAttributeNS(null, "href")) {
+            String xopUri = elementChild.getAttributeNS(null, "href");
+            if (xopUri != null && xopUri.startsWith("cid:")) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    private void handleXopInclude(Element element, WSDocInfo wsDocInfo) {
+        List<WSSecurityEngineResult> actionResults = wsDocInfo.getResultsByTag(WSConstants.BST);
+        if (actionResults != null) {
+            for (WSSecurityEngineResult result : actionResults) {
+                Element token = (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                if (element.equals(token)) {
+                    BinarySecurity binarySecurity = 
+                        (BinarySecurity)result.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+                    binarySecurity.encodeRawToken();
+                    return;
+                }
+            }
         }
     }
     



Mime
View raw message