Repository: cxf Updated Branches: refs/heads/master 45547032b -> 2be064961
Added the ability to sign/encrypt the request without specifying QNames Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/405db940 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/405db940 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/405db940 Branch: refs/heads/master Commit: 405db9402430a6cf81601ae5aed9bfaa8830969e Parents: 4554703 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Feb 20 12:04:03 2014 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Feb 20 12:04:03 2014 +0000 ---------------------------------------------------------------------- .../rs/security/xml/XmlSecOutInterceptor.java | 58 +++++++++++++------- .../jaxrs/security/xml/JAXRSXmlSecTest.java | 5 -- 2 files changed, 39 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/405db940/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java index bcff1aa..f9f7a6a 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java @@ -151,10 +151,6 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message> { private void configureEncryption(Message message, XMLSecurityProperties properties) throws Exception { - if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) { - throw new Exception("An Element to Encrypt must be specified"); - } - properties.setEncryptionSymAlgorithm( encryptionProperties.getEncryptionSymmetricKeyAlgo()); properties.setEncryptionKey( @@ -192,9 +188,20 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message> { } properties.addAction(XMLSecurityConstants.ENCRYPT); - SecurePart securePart = - new SecurePart(elementsToEncrypt.get(0), SecurePart.Modifier.Element); - properties.addEncryptionPart(securePart); + + if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) { + LOG.fine("No Elements to encrypt are specified, so the entire request is encrypt"); + SecurePart securePart = + new SecurePart((QName)null, SecurePart.Modifier.Element); + securePart.setSecureEntireRequest(true); + properties.addEncryptionPart(securePart); + } else { + for (QName element : elementsToEncrypt) { + SecurePart securePart = + new SecurePart(element, SecurePart.Modifier.Element); + properties.addEncryptionPart(securePart); + } + } } private X509Certificate getCertificateFromCrypto(Crypto crypto, String user) throws Exception { @@ -238,10 +245,6 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message> { private void configureSignature( Message message, XMLSecurityProperties properties ) throws Exception { - if (elementsToSign == null || elementsToSign.isEmpty()) { - throw new Exception("An Element to Sign must be specified"); - } - String userNameKey = SecurityConstants.SIGNATURE_USERNAME; CryptoLoader loader = new CryptoLoader(); @@ -302,14 +305,31 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message> { if (sigProps.getSignatureC14nTransform() != null) { transform = sigProps.getSignatureC14nTransform(); } - SecurePart securePart = - new SecurePart(elementsToSign.get(0), SecurePart.Modifier.Element, - new String[]{ - "http://www.w3.org/2000/09/xmldsig#enveloped-signature";, - transform - }, - digestAlgo); - properties.addSignaturePart(securePart); + + if (elementsToSign == null || elementsToSign.isEmpty()) { + LOG.fine("No Elements to sign are specified, so the entire request is signed"); + SecurePart securePart = + new SecurePart(null, SecurePart.Modifier.Element, + new String[]{ + "http://www.w3.org/2000/09/xmldsig#enveloped-signature";, + transform + }, + digestAlgo); + securePart.setSecureEntireRequest(true); + properties.addSignaturePart(securePart); + } else { + for (QName element : elementsToSign) { + SecurePart securePart = + new SecurePart(element, SecurePart.Modifier.Element, + new String[]{ + "http://www.w3.org/2000/09/xmldsig#enveloped-signature";, + transform + }, + digestAlgo); + properties.addSignaturePart(securePart); + } + } + } protected void throwFault(String error, Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/405db940/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java index 927769a..68c8047 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java @@ -28,7 +28,6 @@ import java.util.Map; import javax.ws.rs.BadRequestException; import javax.ws.rs.ProcessingException; import javax.ws.rs.WebApplicationException; -import javax.xml.namespace.QName; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; @@ -127,7 +126,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase { if (streaming) { XmlSecOutInterceptor sigInterceptor = new XmlSecOutInterceptor(); sigInterceptor.setSignRequest(true); - sigInterceptor.addElementToSign(new QName("", "Book")); bean.getOutInterceptors().add(sigInterceptor); } else { XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor(); @@ -208,7 +206,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase { if (streaming) { XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor(); sigOutInterceptor.setSignRequest(true); - sigOutInterceptor.addElementToSign(new QName("", "Book")); sigOutInterceptor.setKeyInfoMustBeAvailable(useKeyInfo); bean.getOutInterceptors().add(sigOutInterceptor); @@ -425,9 +422,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase { encInterceptor.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionSymmetricKeyAlgo()); encInterceptor.setEncryptionDigestAlgorithm(encryptionProperties.getEncryptionDigestAlgo()); encInterceptor.setEncryptRequest(true); - encInterceptor.addElementToEncrypt(new QName("", "Book")); if (sign) { - encInterceptor.addElementToSign(new QName("", "Book")); encInterceptor.setSignRequest(true); } bean.getOutInterceptors().add(encInterceptor);
