Author: coheigea
Date: Thu Dec 16 13:55:35 2010
New Revision: 1049977
URL: http://svn.apache.org/viewvc?rev=1049977&view=rev
Log:
Passing through the signature/encryption DOM element, to avoid searching for it
on the outbound side.
Modified:
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified:
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1049977&r1=1049976&r2=1049977&view=diff
==============================================================================
---
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Dec 16 13:55:35 2010
@@ -34,7 +34,6 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -147,7 +146,7 @@ public abstract class AbstractBindingBui
protected Map<Token, WSSecBase> sgndEndEncSuppTokMap;
protected Map<Token, WSSecBase> sgndEndSuppTokMap;
- protected List<byte[]> signatures = new Vector<byte[]>();
+ protected List<byte[]> signatures = new ArrayList<byte[]>();
Element lastSupportingTokenElement;
Element lastEncryptedKeyElement;
@@ -579,18 +578,22 @@ public abstract class AbstractBindingBui
if ((WSConstants.WSS_SAML_NS + WSConstants.SAML_ASSERTION_ID).
equals(secRef.getKeyIdentifierValueType())) {
- addSupportingElement(cloneElement(secRef.getElement()));
+ Element secRefElement = cloneElement(secRef.getElement());
+ addSupportingElement(secRefElement);
part = new WSEncryptionPart("STRTransform", null,
"Element");
part.setId(tempSig.getSecurityTokenReferenceURI());
+ part.setElement(secRefElement);
} else {
if (tempSig.getBSTTokenId() != null) {
part = new WSEncryptionPart(tempSig.getBSTTokenId());
+
part.setElement(tempSig.getBinarySecurityTokenElement());
}
}
} else if (tempTok instanceof WSSecUsernameToken) {
WSSecUsernameToken unt = (WSSecUsernameToken)tempTok;
part = new WSEncryptionPart(unt.getId());
+ part.setElement(unt.getUsernameTokenElement());
} else {
policyNotAsserted(entry.getKey(),
"UnsupportedTokenInSupportingToken: " + tempTok);
}
@@ -773,7 +776,7 @@ public abstract class AbstractBindingBui
// REVISIT consider catching exceptions and unassert failed assertions
or
// to process and assert them one at a time. Additionally, a found
list
// should be applied to all operations that involve adding anything to
- // the encrypted vector to prevent duplication / errors in encryption.
+ // the encrypted list to prevent duplication / errors in encryption.
return getPartsAndElements(false,
isBody,
signedParts,
@@ -820,7 +823,7 @@ public abstract class AbstractBindingBui
// REVISIT consider catching exceptions and unassert failed assertions
or
// to process and assert them one at a time. Additionally, a found
list
// should be applied to all operations that involve adding anything to
- // the signed vector to prevent duplication in the signature.
+ // the signed list to prevent duplication in the signature.
return getPartsAndElements(true,
isSignBody,
signedParts,
@@ -869,7 +872,7 @@ public abstract class AbstractBindingBui
Map<String, String>
cnamespaces)
throws SOAPException {
- List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
List<Element> found = new ArrayList<Element>();
@@ -921,15 +924,19 @@ public abstract class AbstractBindingBui
boolean includeBody, List<WSEncryptionPart> parts,
List<Element> found) throws SOAPException {
- List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
if (includeBody && !found.contains(this.saaj.getSOAPBody())) {
found.add(saaj.getSOAPBody());
final String id = this.addWsuIdToElement(this.saaj.getSOAPBody());
if (sign) {
- result.add(new WSEncryptionPart(id, "Element"));
+ WSEncryptionPart bodyPart = new WSEncryptionPart(id,
"Element");
+ bodyPart.setElement(this.saaj.getSOAPBody());
+ result.add(bodyPart);
} else {
- result.add(new WSEncryptionPart(id, "Content"));
+ WSEncryptionPart bodyPart = new WSEncryptionPart(id,
"Content");
+ bodyPart.setElement(this.saaj.getSOAPBody());
+ result.add(bodyPart);
}
}
@@ -954,10 +961,13 @@ public abstract class AbstractBindingBui
found.add(el);
// Generate an ID for the element and use this ID or else
// WSS4J will only ever sign/encrypt the first matching
- // elemenet with the same name and namespace as that in the
+ // element with the same name and namespace as that in the
// WSEncryptionPart
final String id = this.addWsuIdToElement(el);
- result.add(new WSEncryptionPart(id,
part.getEncModifier()));
+ WSEncryptionPart elPart =
+ new WSEncryptionPart(id, part.getEncModifier());
+ elPart.setElement(el);
+ result.add(elPart);
}
}
}
@@ -993,7 +1003,7 @@ public abstract class AbstractBindingBui
List<String> xpaths, Map<String, String> namespaces,
List<Element> found) throws XPathExpressionException,
SOAPException {
- List<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
if (xpaths != null && !xpaths.isEmpty()) {
XPathFactory factory = XPathFactory.newInstance();
@@ -1018,6 +1028,7 @@ public abstract class AbstractBindingBui
WSEncryptionPart part = new WSEncryptionPart(
id,
encryptionModifier);
+ part.setElement(el);
part.setXpath(expression);
/**
@@ -1238,7 +1249,7 @@ public abstract class AbstractBindingBui
}
/**
- * Scan through <code>WSHandlerResult<code> vector for a Username token
and return
+ * Scan through <code>WSHandlerResult<code> list for a Username token and
return
* the username if a Username Token found
* @param results
* @return
@@ -1351,13 +1362,18 @@ public abstract class AbstractBindingBui
for (Map.Entry<Token, WSSecBase> ent : tokenMap.entrySet()) {
WSSecBase tempTok = ent.getValue();
- List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
- sigParts.add(new WSEncryptionPart(mainSigId));
+ List<WSEncryptionPart> sigParts = new
ArrayList<WSEncryptionPart>();
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId);
+ sigPart.setElement(bottomUpElement);
+ sigParts.add(sigPart);
if (tempTok instanceof WSSecSignature) {
WSSecSignature sig = (WSSecSignature)tempTok;
if (isTokenProtection && sig.getBSTTokenId() != null) {
- sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(sig.getBSTTokenId());
+ bstPart.setElement(sig.getBinarySecurityTokenElement());
+ sigParts.add(bstPart);
}
try {
List<Reference> referenceList =
sig.addReferencesToSign(sigParts, secHeader);
@@ -1621,9 +1637,9 @@ public abstract class AbstractBindingBui
/*
* loop over all results gathered by all handlers in the chain. For
each
* handler result get the various actions. After that loop we have all
- * signature results in the signatureActions vector
+ * signature results in the signatureActions list
*/
- List<WSSecurityEngineResult> signatureActions = new
Vector<WSSecurityEngineResult>();
+ List<WSSecurityEngineResult> signatureActions = new
ArrayList<WSSecurityEngineResult>();
for (WSHandlerResult wshResult : results) {
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
WSConstants.SIGN, signatureActions);
@@ -1673,7 +1689,7 @@ public abstract class AbstractBindingBui
public void handleEncryptedSignedHeaders(List<WSEncryptionPart>
encryptedParts,
List<WSEncryptionPart> signedParts) {
- final List<WSEncryptionPart> signedEncryptedParts = new
Vector<WSEncryptionPart>();
+ final List<WSEncryptionPart> signedEncryptedParts = new
ArrayList<WSEncryptionPart>();
for (WSEncryptionPart encryptedPart : encryptedParts) {
final Iterator<WSEncryptionPart> signedPartsIt =
signedParts.iterator();
@@ -1695,15 +1711,30 @@ public abstract class AbstractBindingBui
// change the ID to the encrypted ID.
signedPartsIt.remove();
- signedEncryptedParts.add(
- new WSEncryptionPart(
- encryptedPart.getEncId(),
- encryptedPart.getEncModifier()));
+ WSEncryptionPart part = new WSEncryptionPart(
+ encryptedPart.getEncId(),
+ encryptedPart.getEncModifier());
+ part.setElement(encryptedPart.getElement());
+ signedEncryptedParts.add(part);
}
}
}
signedParts.addAll(signedEncryptedParts);
}
+
+ /**
+ * Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if
there is not
+ * one already.
+ * @param element The DOM Element to convert
+ * @return The WSEncryptionPart representing the DOM Element argument
+ */
+ public WSEncryptionPart convertToEncryptionPart(Element element) {
+ String id = addWsuIdToElement(element);
+ WSEncryptionPart part = new WSEncryptionPart(id);
+ part.setElement(element);
+ return part;
+ }
+
}
Modified:
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1049977&r1=1049976&r2=1049977&view=diff
==============================================================================
---
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Dec 16 13:55:35 2010
@@ -19,10 +19,9 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
-
+import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -96,12 +95,13 @@ public class AsymmetricBindingHandler ex
private void doSignBeforeEncrypt() {
try {
- List<WSEncryptionPart> sigs = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigs = new ArrayList<WSEncryptionPart>();
if (isRequestor()) {
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
addSupportingTokens(sigs);
@@ -113,8 +113,9 @@ public class AsymmetricBindingHandler ex
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
addSignatureConfirmation(sigs);
@@ -125,7 +126,9 @@ public class AsymmetricBindingHandler ex
//Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
- enc.add(new WSEncryptionPart(mainSigId, "Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId,
"Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
}
if (isRequestor()) {
@@ -175,7 +178,9 @@ public class AsymmetricBindingHandler ex
handleEncryptedSignedHeaders(encrParts, sigParts);
if (timestampEl != null) {
- sigParts.add(new
WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
if (isRequestor()) {
@@ -205,10 +210,12 @@ public class AsymmetricBindingHandler ex
// Check for signature protection
if (abinding.isSignatureProtection() && mainSigId != null) {
- List<WSEncryptionPart> secondEncrParts = new
Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new
ArrayList<WSEncryptionPart>();
// Now encrypt the signature using the above token
- secondEncrParts.add(new WSEncryptionPart(mainSigId,
"Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId,
"Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
if (isRequestor()) {
for (String id : encryptedTokensIdList) {
@@ -288,8 +295,7 @@ public class AsymmetricBindingHandler ex
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
- encr.prepare(saaj.getSOAPPart(),
- crypto);
+ encr.prepare(saaj.getSOAPPart(), crypto);
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader(secHeader);
@@ -362,7 +368,10 @@ public class AsymmetricBindingHandler ex
dkSign.prepare(saaj.getSOAPPart(), secHeader);
if (abinding.isTokenProtection()) {
- sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ WSEncryptionPart ekPart =
+ new WSEncryptionPart(encrKey.getId());
+ ekPart.setElement(encrKey.getEncryptedKeyElement());
+ sigParts.add(ekPart);
}
dkSign.setParts(sigParts);
@@ -392,7 +401,10 @@ public class AsymmetricBindingHandler ex
// This action must occur before sig.prependBSTElementToHeader
if (abinding.isTokenProtection()
&& sig.getBSTTokenId() != null) {
- sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(sig.getBSTTokenId());
+ bstPart.setElement(sig.getBinarySecurityTokenElement());
+ sigParts.add(bstPart);
}
sig.prependBSTElementToHeader(secHeader);
Modified:
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1049977&r1=1049976&r2=1049977&view=diff
==============================================================================
---
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Dec 16 13:55:35 2010
@@ -19,9 +19,9 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
-import java.util.Vector;
import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPMessage;
@@ -196,7 +196,9 @@ public class SymmetricBindingHandler ext
handleEncryptedSignedHeaders(encrParts, sigParts);
if (timestampEl != null) {
- sigParts.add(new
WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+ WSEncryptionPart timestampPart =
+ convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
if (isRequestor()) {
@@ -219,11 +221,14 @@ public class SymmetricBindingHandler ext
//Check for signature protection and encryption of
UsernameToken
if (sbinding.isSignatureProtection() && this.mainSigId != null
|| encryptedTokensIdList.size() > 0 && isRequestor()) {
- List<WSEncryptionPart> secondEncrParts = new
Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> secondEncrParts = new
ArrayList<WSEncryptionPart>();
//Now encrypt the signature using the above token
if (sbinding.isSignatureProtection()) {
- secondEncrParts.add(new
WSEncryptionPart(this.mainSigId, "Element"));
+ WSEncryptionPart sigPart =
+ new WSEncryptionPart(this.mainSigId, "Element");
+ sigPart.setElement(bottomUpElement);
+ secondEncrParts.add(sigPart);
}
if (isRequestor()) {
@@ -313,8 +318,8 @@ public class SymmetricBindingHandler ext
List<WSEncryptionPart> sigs = getSignedParts();
//Add timestamp
if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ WSEncryptionPart timestampPart =
convertToEncryptionPart(timestampEl.getElement());
+ sigs.add(timestampPart);
}
if (isRequestor()) {
@@ -360,7 +365,9 @@ public class SymmetricBindingHandler ext
//Check for signature protection
if (sbinding.isSignatureProtection() && mainSigId != null) {
- enc.add(new WSEncryptionPart(mainSigId, "Element"));
+ WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId,
"Element");
+ sigPart.setElement(bottomUpElement);
+ enc.add(sigPart);
}
if (isRequestor()) {
Modified:
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1049977&r1=1049976&r2=1049977&view=diff
==============================================================================
---
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/branches/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Thu Dec 16 13:55:35 2010
@@ -19,9 +19,9 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import java.util.Vector;
import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPMessage;
@@ -118,7 +118,7 @@ public class TransportBindingHandler ext
try {
if (this.isRequestor()) {
- List<byte[]> signatureValues = new Vector<byte[]>();
+ List<byte[]> signatureValues = new ArrayList<byte[]>();
ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
if (ais != null) {
@@ -217,23 +217,25 @@ public class TransportBindingHandler ext
}
- private byte[] doX509TokenSignature(Token token, SignedEncryptedParts
signdParts,
+ private byte[] doX509TokenSignature(Token token, SignedEncryptedParts
signedParts,
TokenWrapper wrapper)
throws Exception {
Document doc = saaj.getSOAPPart();
- List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
if (timestampEl != null) {
- sigParts.add(new WSEncryptionPart(timestampEl.getId()));
+ WSEncryptionPart timestampPart =
convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
- if (signdParts != null) {
- if (signdParts.isBody()) {
- sigParts.add(new
WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
+ if (signedParts != null) {
+ if (signedParts.isBody()) {
+ WSEncryptionPart bodyPart =
convertToEncryptionPart(saaj.getSOAPBody());
+ sigParts.add(bodyPart);
}
- for (Header header : signdParts.getHeaders()) {
+ for (Header header : signedParts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
header.getNamespace(),
"Content");
@@ -286,6 +288,7 @@ public class TransportBindingHandler ext
sig.computeSignature(referenceList, true, bottomUpElement);
}
bottomUpElement = sig.getSignatureElement();
+ mainSigId = sig.getId();
return sig.getSignatureValue();
} else {
@@ -309,7 +312,7 @@ public class TransportBindingHandler ext
SPConstants.IncludeTokenType inclusion = token.getInclusion();
boolean tokenIncluded = false;
- List<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
|| ((inclusion ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
|| inclusion ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
@@ -328,12 +331,14 @@ public class TransportBindingHandler ext
}
if (timestampEl != null) {
- sigParts.add(new WSEncryptionPart(timestampEl.getId()));
+ WSEncryptionPart timestampPart =
convertToEncryptionPart(timestampEl.getElement());
+ sigParts.add(timestampPart);
}
if (signdParts != null) {
if (signdParts.isBody()) {
- sigParts.add(new
WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
+ WSEncryptionPart bodyPart =
convertToEncryptionPart(saaj.getSOAPBody());
+ sigParts.add(bodyPart);
}
if (secTok.getX509Certificate() != null
|| securityTok != null) {
@@ -438,6 +443,7 @@ public class TransportBindingHandler ext
sig.computeSignature(referenceList, true, bottomUpElement);
}
bottomUpElement = sig.getSignatureElement();
+ mainSigId = sig.getId();
return sig.getSignatureValue();
}
