Author: coheigea
Date: Fri Nov 5 16:07:11 2010
New Revision: 1031652
URL: http://svn.apache.org/viewvc?rev=1031652&view=rev
Log:
Adding a branch of the WSS4J 1.6 port to sandbox.
- An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT.
- All the unit tests pass, 13 system tests are failing.
- WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but will
be shortly when I set up the hudson build.
Added:
cxf/sandbox/wss4j-1.6-port/
- copied from r1031553, cxf/trunk/
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov 5 16:07:11 2010
@@ -91,7 +91,7 @@
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
- <version>1.5.9</version>
+ <version>1.6-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>axis</groupId>
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Fri Nov 5 16:07:11 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic
import java.util.Arrays;
import java.util.Collection;
+import java.util.List;
import java.util.Vector;
@@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size();
j++) {
//WSSecurityEngineResult wser =
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Fri Nov 5 16:07:11 2010
@@ -455,7 +455,7 @@ class SecureConversationInInterceptor ex
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
WSSecurityEngineResult wser =
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
Fri Nov 5 16:07:11 2010
@@ -224,7 +224,7 @@ public abstract class AbstractUsernameTo
if (c instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)c;
if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType())
- && pc.getUsage() ==
WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ && pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
pc.getIdentifier(), pc.getPassword(), false, null,
null);
}
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
Fri Nov 5 16:07:11 2010
@@ -82,9 +82,9 @@ public final class CryptoCoverageUtil {
final WSDataRef signedRef = signedRefsIt.next();
if (isSignedEncryptionRef(encryptedRef, signedRef)) {
-
- final WSDataRef encryptedSignedRef =
- new WSDataRef(signedRef.getDataref());
+
+ final WSDataRef encryptedSignedRef = new WSDataRef();
+ encryptedSignedRef.setWsuId(signedRef.getWsuId());
encryptedSignedRef.setContent(false);
encryptedSignedRef.setName(encryptedRef.getName());
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Fri Nov 5 16:07:11 2010
@@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept
}
protected void doResults(SoapMessage msg, String actor,
- SOAPMessage doc, Vector results, boolean
utWithCallbacks)
+ SOAPMessage doc, List results, boolean
utWithCallbacks)
throws SOAPException, XMLStreamException, WSSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
Fri Nov 5 16:07:11 2010
@@ -20,7 +20,7 @@
package org.apache.cxf.ws.security.wss4j;
import java.security.Principal;
-import java.util.Vector;
+import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho
@SuppressWarnings("unchecked")
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
- WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws
WSSecurityException {
+ WSDocInfo wsDocInfo, List returnResults, WSSConfig wsc) throws
WSSecurityException {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Found UsernameToken list element");
}
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Nov 5 16:07:11 2010
@@ -192,7 +192,7 @@ public class WSS4JInInterceptor extends
try {
reqData.setMsgContext(msg);
computeAction(msg, reqData);
- Vector actions = new Vector();
+ List actions = new Vector();
String action = getAction(msg, version);
int doAction = WSSecurityUtil.decodeAction(action, actions);
@@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends
*/
doReceiverAction(doAction, reqData);
- Vector wsResult = null;
+ List wsResult = null;
if (doTimeLog) {
t1 = System.currentTimeMillis();
}
@@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends
}
}
- private void checkActions(SoapMessage msg, RequestData reqData, Vector
wsResult, Vector actions)
+ private void checkActions(SoapMessage msg, RequestData reqData, List
wsResult, List actions)
throws WSSecurityException {
/*
* now check the security actions: do they match, in any order?
@@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends
throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
- private void checkSignatures(SoapMessage msg, RequestData reqData, Vector
wsResult)
+ private void checkSignatures(SoapMessage msg, RequestData reqData, List
wsResult)
throws WSSecurityException {
/*
* Now we can check the certificate used to sign the message. In the
@@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends
*/
// Extract the signature action result from the action vector
- Vector signatureResults = new Vector();
+ List signatureResults = new Vector();
signatureResults =
WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN,
signatureResults);
@@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends
}
}
- protected void checkTimestamps(SoapMessage msg, RequestData reqData,
Vector wsResult)
+ protected void checkTimestamps(SoapMessage msg, RequestData reqData, List
wsResult)
throws WSSecurityException {
/*
* Perform further checks on the timestamp that was transmitted in
@@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends
* other validation algorithms for subclasses.
*/
// Extract the timestamp action result from the action vector
- Vector timestampResults = new Vector();
+ List timestampResults = new Vector();
timestampResults =
WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS,
timestampResults);
@@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends
}
- protected void doResults(SoapMessage msg, String actor, SOAPMessage doc,
Vector wsResult)
+ protected void doResults(SoapMessage msg, String actor, SOAPMessage doc,
List wsResult)
throws SOAPException, XMLStreamException, WSSecurityException {
doResults(msg, actor, doc, wsResult, false);
}
- protected void doResults(SoapMessage msg, String actor, SOAPMessage doc,
Vector wsResult,
+ protected void doResults(SoapMessage msg, String actor, SOAPMessage doc,
List wsResult,
boolean utWithCallbacks) throws SOAPException, XMLStreamException,
WSSecurityException {
/*
* All ok up to this point. Now construct and setup the security result
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Nov 5 16:07:11 2010
@@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
+import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
@@ -40,6 +43,10 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Transform;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
@@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
/**
*
*/
public abstract class AbstractBindingBuilder {
public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
- private static final Logger LOG =
LogUtils.getL7dLogger(AbstractBindingBuilder.class);
+ protected static final Logger LOG =
LogUtils.getL7dLogger(AbstractBindingBuilder.class);
protected SPConstants.ProtectionOrder protectionOrder =
SPConstants.ProtectionOrder.SignBeforeEncrypting;
@@ -569,8 +573,7 @@ public abstract class AbstractBindingBui
// coupled with WSSecSignatureHelper. This approach is
used so that
// we can force WSS4J to sign the assertion through a STR
that
// WSS4J did not create during message signature creation.
- part = new WSEncryptionPart(tempSig.getStrUri(),
"ExternalSTRTransform", "Element",
- WSConstants.PART_TYPE_ELEMENT);
+ part = new WSEncryptionPart(tempSig.getStrUri(),
"ExternalSTRTransform", "Element");
} else {
if (tempSig.getBSTTokenId() != null) {
@@ -922,13 +925,11 @@ public abstract class AbstractBindingBui
if (sign) {
result.add(new WSEncryptionPart(
id,
- "Element",
- WSConstants.PART_TYPE_BODY));
+ "Element"));
} else {
result.add(new WSEncryptionPart(
id,
- "Content",
- WSConstants.PART_TYPE_BODY));
+ "Content"));
}
}
@@ -958,8 +959,7 @@ public abstract class AbstractBindingBui
final String id = this.addWsuIdToElement(el);
result.add(new WSEncryptionPart(
id,
- part.getEncModifier(),
- WSConstants.PART_TYPE_HEADER));
+ part.getEncModifier()));
}
}
}
@@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui
WSEncryptionPart part = new WSEncryptionPart(
id,
- encryptionModifier,
- WSConstants.PART_TYPE_ELEMENT);
+ encryptionModifier);
part.setXpath(expression);
/**
@@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
@@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for a username token. Use the username
* of this token to set the alias for the encryption user
@@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
try {
- sig.addReferencesToSign(sigParts, secHeader);
- sig.computeSignature();
- sig.appendToHeader(secHeader);
+ List referenceList = sig.addReferencesToSign(sigParts,
secHeader);
+ sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
if (isSigProtect) {
@@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, secHeader);
+ List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
- //Do signature
- dkSign.computeSignature();
-
//Add elements to header
addSupportingElement(dkSign.getdktElement());
-
secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement());
+
+ //Do signature
+ dkSign.computeSignature(referenceList, false, null);
signatures.add(dkSign.getSignatureValue());
}
@@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui
sig.prepare(doc, getSignatureCrypto(null), secHeader);
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, secHeader);
+ List referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
- sig.computeSignature();
+ sig.computeSignature(referenceList, false, null);
signatures.add(sig.getSignatureValue());
-
- secHeader.getSecurityHeader().appendChild(sig.getSignatureElement());
}
protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
@@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui
signedEncryptedParts.add(
new WSEncryptionPart(
encryptedPart.getEncId(),
- encryptedPart.getEncModifier(),
- encryptedPart.getType()));
+ encryptedPart.getEncModifier()));
}
}
}
@@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui
}
@Override
- public void addReferencesToSign(Vector references,
+ public List addReferencesToSign(List references,
WSSecHeader secHeader) throws WSSecurityException {
final Vector<Object> unalteredReferences = new Vector<Object>();
+ List uberReferences = new Vector();
try {
+ DigestMethod digestMethod;
+ try {
+ digestMethod =
signatureFactory.newDigestMethod(this.getDigestAlgo(), null);
+ } catch (Exception ex) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
null, ex
+ );
+ }
+
for (int part = 0; part < references.size(); part++) {
final WSEncryptionPart encPart = (WSEncryptionPart)
references.get(part);
final String elemName = encPart.getName();
- final Transforms transforms = new Transforms(document);
if (elemName != null &&
"ExternalSTRTransform".equals(encPart.getNamespace())) {
final Element ctx = this.createSTRParameter(document);
-
transforms.addTransform(STRTransform.implementedTransformURI, ctx);
- this.sig.addDocument("#" + elemName, transforms,
this.getDigestAlgo());
+
+ XMLStructure structure = new DOMStructure(ctx);
+ Transform transform =
+ signatureFactory.newTransform(
+ STRTransform.TRANSFORM_URI,
+ structure
+ );
+
+ javax.xml.crypto.dsig.Reference reference =
+ signatureFactory.newReference(
+ "#" + elemName,
+ digestMethod,
+ Collections.singletonList(transform),
+ null,
+ null
+ );
+ uberReferences.add(reference);
} else {
unalteredReferences.add(encPart);
}
}
- } catch (TransformationException e1) {
+ } catch (NoSuchAlgorithmException e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
);
- } catch (XMLSignatureException e1) {
+ } catch (InvalidAlgorithmParameterException e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
);
}
- super.addReferencesToSign(unalteredReferences, secHeader);
+ List newReferences =
super.addReferencesToSign(unalteredReferences, secHeader);
+ uberReferences.addAll(newReferences);
+ return uberReferences;
}
}
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Fri Nov 5 16:07:11 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
import java.util.Collection;
+import java.util.List;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, secHeader);
-
- // Do signature
- dkSign.computeSignature();
- signatures.add(dkSign.getSignatureValue());
+ List referenceList = dkSign.addReferencesToSign(sigParts,
secHeader);
// Add elements to header
addDerivedKeyElement(dkSign.getdktElement());
- insertBeforeBottomUp(dkSign.getSignatureElement());
- mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true,
bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+ signatures.add(dkSign.getSignatureValue());
+
+ // TODO mainSigId =
addWsuIdToElement(dkSign.getSignatureElement());
+ mainSigId = dkSign.getId();
} catch (Exception e) {
//REVISIT
e.printStackTrace();
@@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex
}
sig.prependBSTElementToHeader(secHeader);
- insertBeforeBottomUp(sig.getSignatureElement());
sigParts.addAll(this.getSignedParts());
- sig.addReferencesToSign(sigParts, secHeader);
- sig.computeSignature();
+ List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ //Do signature
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
+
signatures.add(sig.getSignatureValue());
- mainSigId = addWsuIdToElement(sig.getSignatureElement());
+ //TODO mainSigId = addWsuIdToElement(sig.getSignatureElement());
+ mainSigId = sig.getId();
}
}
@@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
@@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Nov 5 16:07:11 2010
@@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
+import java.util.List;
import java.util.Vector;
+import java.util.logging.Level;
import javax.xml.soap.SOAPMessage;
@@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext
if (!isRequestor()) {
if (encrTok.getSHA1() != null) {
- encr.setUseKeyIdentifier(true);
encr.setCustomReferenceValue(encrTok.getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
} else {
- encr.setUseKeyIdentifier(true);
encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
}
} else {
if (encrToken instanceof IssuedToken) {
- encr.setUseKeyIdentifier(true);
encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
@@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext
}
dkSign.setParts(sigs);
- dkSign.addReferencesToSign(sigs, secHeader);
+ List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
- //Do signature
- dkSign.computeSignature();
-
//Add elements to header
Element el = dkSign.getdktElement();
- addDerivedKeyElement(el);
- insertBeforeBottomUp(dkSign.getSignatureElement());
- this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+ addDerivedKeyElement(el);
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+
+ // TODO this.mainSigId =
addWsuIdToElement(dkSign.getSignatureElement());
+ this.mainSigId = dkSign.getId();
return dkSign.getSignatureValue();
}
@@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext
}
this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO,
crypto);
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
+ String soap =
org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart());
+ LOG.log(Level.FINE, "SOAP: " + soap);
sig.setParts(sigs);
- sig.addReferencesToSign(sigs, secHeader);
+ List referenceList = sig.addReferencesToSign(sigs, secHeader);
//Do signature
- sig.computeSignature();
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
- Element mainSigElement = sig.getSignatureElement();
- insertBeforeBottomUp(mainSigElement);
- mainSigId = addWsuIdToElement(mainSigElement);
+ // TODO mainSigId = addWsuIdToElement(mainSigElement);
+ this.mainSigId = sig.getId();
return sig.getSignatureValue();
}
}
@@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext
private String getEncryptedKey() {
- Vector results = (Vector)message.getExchange().getInMessage()
+ List results = (List)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS);
for (int i = 0; i < results.size(); i++) {
WSHandlerResult rResult =
(WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ List wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
WSSecurityEngineResult wser =
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Fri Nov 5 16:07:11 2010
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.util.Collection;
+import java.util.List;
import java.util.Vector;
import javax.xml.soap.SOAPMessage;
@@ -262,13 +263,11 @@ public class TransportBindingHandler ext
*/
dkSig.setParts(sigParts);
- dkSig.addReferencesToSign(sigParts, secHeader);
+ List referenceList = dkSig.addReferencesToSign(sigParts,
secHeader);
//Do signature
- dkSig.computeSignature();
-
dkSig.appendDKElementToHeader(secHeader);
- dkSig.appendSigToHeader(secHeader);
+ dkSig.computeSignature(referenceList, false, null);
return dkSig.getSignatureValue();
} else {
@@ -276,10 +275,14 @@ public class TransportBindingHandler ext
if (sig != null) {
sig.prependBSTElementToHeader(secHeader);
- sig.addReferencesToSign(sigParts, secHeader);
- insertBeforeBottomUp(sig.getSignatureElement());
-
- sig.computeSignature();
+ List referenceList = sig.addReferencesToSign(sigParts,
secHeader);
+
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
return sig.getSignatureValue();
} else {
@@ -375,12 +378,10 @@ public class TransportBindingHandler ext
addDerivedKeyElement(dkSign.getdktElement());
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, secHeader);
+ List referenceList = dkSign.addReferencesToSign(sigParts,
secHeader);
//Do signature
- dkSign.computeSignature();
-
- dkSign.appendSigToHeader(secHeader);
+ dkSign.computeSignature(referenceList, false, null);
return dkSign.getSignatureValue();
} else {
@@ -425,14 +426,16 @@ public class TransportBindingHandler ext
sig.prepare(doc, crypto, secHeader);
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, secHeader);
+ List referenceList = sig.addReferencesToSign(sigParts, secHeader);
//Do signature
- sig.computeSignature();
-
- //Add elements to header
- insertBeforeBottomUp(sig.getSignatureElement());
-
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
+
return sig.getSignatureValue();
}
}
Modified:
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
---
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
(original)
+++
cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
Fri Nov 5 16:07:11 2010
@@ -40,7 +40,7 @@ public class CustomProcessor implements
final Crypto decCrypto,
final javax.security.auth.callback.CallbackHandler cb,
final WSDocInfo wsDocInfo,
- final java.util.Vector returnResults,
+ final java.util.List returnResults,
final WSSConfig config
) throws WSSecurityException {
final java.util.Map result =
