Author: coheigea
Date: Fri Jun 3 16:31:09 2011
New Revision: 1131099
URL: http://svn.apache.org/viewvc?rev=1131099&view=rev
Log:
Changed the way tokens are stored in WSDocInfo, deprecated a couple of methods.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/EnvelopeIdResolver.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecDKSign.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
Fri Jun 3 16:31:09 2011
@@ -45,7 +45,6 @@ public class WSDocInfo {
private Document doc = null;
private Crypto crypto = null;
private List<Element> tokenList = null;
- private List<Element> elementList = null;
private List<WSSecurityEngineResult> resultsList = null;
private CallbackLookup callbackLookup = null;
@@ -66,40 +65,77 @@ public class WSDocInfo {
if (tokenList != null && tokenList.size() > 0) {
tokenList.clear();
}
- if (elementList != null && elementList.size() > 0) {
- elementList.clear();
- }
if (resultsList != null && resultsList.size() > 0) {
resultsList.clear();
}
tokenList = null;
- elementList = null;
resultsList = null;
}
/**
- * Store a token element for later retrieval. The token element is one of:
- * - SecurityTokenReference element
- * - BinarySecurityToken element
- * - SAML Assertion element
- * - SecurityContextToken element
- * - UsernameToken element
- * - DerivedKeyToken element
- * - Timestamp element
- * @param elem is the token element to store
+ * Store a token element for later retrieval. Before storing the token, we
check for a
+ * previously processed token with the same (wsu/SAML) Id.
+ * @param element is the token element to store
+ * @deprecated
+ */
+ public void addTokenElement(Element element) throws WSSecurityException {
+ addTokenElement(element, true);
+ }
+
+ /**
+ * Store a token element for later retrieval. Before storing the token, we
check for a
+ * previously processed token with the same (wsu/SAML) Id.
+ * @param element is the token element to store
+ * @param checkMultipleElements check for a previously stored element with
the same Id.
*/
- public void addTokenElement(Element elem) {
+ public void addTokenElement(Element element, boolean
checkMultipleElements) throws WSSecurityException {
if (tokenList == null) {
tokenList = new ArrayList<Element>();
}
- tokenList.add(elem);
+
+ if (checkMultipleElements) {
+ for (Element elem : tokenList) {
+ if (compareElementsById(element, elem)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
"duplicateError"
+ );
+ }
+ }
+ }
+ tokenList.add(element);
+ }
+
+ private boolean compareElementsById(Element firstElement, Element
secondElement) {
+ if (firstElement.hasAttributeNS(WSConstants.WSU_NS, "Id")
+ && secondElement.hasAttributeNS(WSConstants.WSU_NS, "Id")) {
+ String id = firstElement.getAttributeNS(WSConstants.WSU_NS, "Id");
+ String id2 = secondElement.getAttributeNS(WSConstants.WSU_NS,
"Id");
+ if (id.equals(id2)) {
+ return true;
+ }
+ }
+ if (firstElement.hasAttribute("AssertionID")
+ && secondElement.hasAttribute("AssertionID")) {
+ String id = firstElement.getAttribute("AssertionID");
+ String id2 = secondElement.getAttribute("AssertionID");
+ if (id.equals(id2)) {
+ return true;
+ }
+ }
+ if (firstElement.hasAttribute("ID") &&
secondElement.hasAttribute("ID")) {
+ String id = firstElement.getAttribute("ID");
+ String id2 = secondElement.getAttribute("ID");
+ if (id.equals(id2)) {
+ return true;
+ }
+ }
+ return false;
}
/**
* Get a token Element for the given Id. The Id can be either a wsu:Id or
a
- * SAML AssertionID/ID.
- * TODO think about if it is better to restrict the default Id to wsu:Id?
+ * SAML AssertionID/ID.
* @param uri is the (relative) uri of the id
* @return the token element or null if nothing found
*/
@@ -115,7 +151,9 @@ public class WSDocInfo {
String cId = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
String samlId = elem.getAttribute("AssertionID");
String samlId2 = elem.getAttribute("ID");
- if (id.equals(cId) || id.equals(samlId) || id.equals(samlId2))
{
+ if ((elem.hasAttributeNS(WSConstants.WSU_NS, "Id") &&
id.equals(cId))
+ || (elem.hasAttribute("AssertionID") && id.equals(samlId))
+ || (elem.hasAttribute("ID") && id.equals(samlId2))) {
return elem;
}
}
@@ -124,39 +162,26 @@ public class WSDocInfo {
}
/**
- * Store a protection element for later retrieval.
+ * Store a protection element for later retrieval. This is only used for
the
+ * creation/outbound case.
* @param element is the protection element to store
+ * @deprecated
*/
public void addProtectionElement(Element element) {
- if (elementList == null) {
- elementList = new ArrayList<Element>();
+ if (tokenList == null) {
+ tokenList = new ArrayList<Element>();
}
- elementList.add(element);
+ tokenList.add(element);
}
/**
- * Get a protection element for the given (wsu) Id.
+ * Get a protection element for the given (wsu/SAML) Id.
* @param uri is the (relative) uri of the id
* @return the protection element or null if nothing found
+ * @deprecated
*/
public Element getProtectionElement(String uri) {
- String id = uri;
- if (id == null) {
- return null;
- } else if (id.charAt(0) == '#') {
- id = id.substring(1);
- }
- if (elementList != null) {
- for (Element element : elementList) {
- if (element != null) {
- String cId = element.getAttributeNS(WSConstants.WSU_NS,
"Id");
- if (id.equals(cId)) {
- return element;
- }
- }
- }
- }
- return null;
+ return getTokenElement(uri);
}
/**
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/EnvelopeIdResolver.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/EnvelopeIdResolver.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/EnvelopeIdResolver.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/EnvelopeIdResolver.java
Fri Jun 3 16:31:09 2011
@@ -69,18 +69,11 @@ public class EnvelopeIdResolver extends
}
//
- // First check to see if the element that we require is stored in as a
- // protection element in WSDocInfo
- //
- String id = uriNodeValue.substring(1);
- Element selectedElem = null;
- if (wsDocInfo != null) {
- selectedElem = wsDocInfo.getProtectionElement(id);
- }
- //
- // Next check to see if the element that we require is a previously
processed
+ // First check to see if the element that we require is a previously
processed
// Security Token that is stored in WSDocInfo.
//
+ Element selectedElem = null;
+ String id = uriNodeValue.substring(1);
if (selectedElem == null && wsDocInfo != null) {
selectedElem = wsDocInfo.getTokenElement(id);
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecDKSign.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecDKSign.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecDKSign.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecDKSign.java
Fri Jun 3 16:31:09 2011
@@ -156,7 +156,7 @@ public class WSSecDKSign extends WSSecDe
secRef.setReference(refUt);
XMLStructure structure = new DOMStructure(secRef.getElement());
- wsDocInfo.addTokenElement(secRef.getElement());
+ wsDocInfo.addTokenElement(secRef.getElement(), false);
keyInfo =
keyInfoFactory.newKeyInfo(
java.util.Collections.singletonList(structure), keyInfoUri
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Fri Jun 3 16:31:09 2011
@@ -192,7 +192,7 @@ public class WSSecSignature extends WSSe
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
bstToken.setID(certUri);
- wsDocInfo.addTokenElement(bstToken.getElement());
+ wsDocInfo.addTokenElement(bstToken.getElement(), false);
break;
case WSConstants.ISSUER_SERIAL:
@@ -296,7 +296,7 @@ public class WSSecSignature extends WSSe
if (keyIdentifierType != WSConstants.KEY_VALUE) {
XMLStructure structure = new DOMStructure(secRef.getElement());
- wsDocInfo.addTokenElement(secRef.getElement());
+ wsDocInfo.addTokenElement(secRef.getElement(), false);
keyInfo =
keyInfoFactory.newKeyInfo(
java.util.Collections.singletonList(structure), keyInfoUri
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
Fri Jun 3 16:31:09 2011
@@ -101,6 +101,7 @@ public class EncryptedDataProcessor impl
);
}
+ wsDocInfo.addTokenElement(elem);
WSSConfig wssConfig = request.getWssConfig();
if (wssConfig != null) {
// Get hold of the plain text element
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Fri Jun 3 16:31:09 2011
@@ -137,6 +137,7 @@ public class EncryptedKeyProcessor imple
);
result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
wsDocInfo.addResult(result);
+ wsDocInfo.addTokenElement(elem);
return java.util.Collections.singletonList(result);
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
Fri Jun 3 16:31:09 2011
@@ -59,6 +59,7 @@ public class SignatureConfirmationProces
new WSSecurityEngineResult(WSConstants.SC, sigConf);
result.put(WSSecurityEngineResult.TAG_ID, id);
wsDocInfo.addResult(result);
+ wsDocInfo.addTokenElement(elem);
return java.util.Collections.singletonList(result);
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
Fri Jun 3 16:31:09 2011
@@ -207,6 +207,7 @@ public class SignatureProcessor implemen
result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN,
Boolean.TRUE);
}
wsDocInfo.addResult(result);
+ wsDocInfo.addTokenElement(elem);
return java.util.Collections.singletonList(result);
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
Fri Jun 3 16:31:09 2011
@@ -373,7 +373,7 @@ public class WSSecSignatureSAML extends
Element elem = secRefSaml.getElement();
elem.appendChild(keyId);
}
- wsDocInfo.addTokenElement(secRefSaml.getElement());
+ wsDocInfo.addTokenElement(secRefSaml.getElement(), false);
}
} catch (Exception ex) {
throw new WSSecurityException(
@@ -389,7 +389,7 @@ public class WSSecSignatureSAML extends
bstToken = new X509Security(doc);
((X509Security) bstToken).setX509Certificate(certs[0]);
bstToken.setID(certUri);
- wsDocInfo.addTokenElement(bstToken.getElement());
+ wsDocInfo.addTokenElement(bstToken.getElement(), false);
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
break;
@@ -429,14 +429,14 @@ public class WSSecSignatureSAML extends
elem.appendChild(keyId);
}
XMLStructure structure = new DOMStructure(secRef.getElement());
- wsDocInfo.addTokenElement(secRef.getElement());
+ wsDocInfo.addTokenElement(secRef.getElement(), false);
keyInfo =
keyInfoFactory.newKeyInfo(
java.util.Collections.singletonList(structure), keyInfoUri
);
- wsDocInfo.addTokenElement(samlToken);
+ wsDocInfo.addTokenElement(samlToken, false);
}
/**
Modified:
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties?rev=1131099&r1=1131098&r2=1131099&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
(original)
+++
webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
Fri Jun 3 16:31:09 2011
@@ -57,6 +57,7 @@ noXMLSig = Cannot setup signature data s
noSKIHandling = Problem with SKI information: {0}
keystore = Cannot access/read keystore data
noCert = No certificate provided
+duplicateError = Multiple security tokens with the same Id have been detected
##
noSigCryptoFile=WSSecurityEngine: No crypto property file supplied to verify
signature
noDecCryptoFile=WSSecurityEngine: No crypto property file supplied for
decryption
