Author: coheigea
Date: Wed Feb 13 12:48:33 2013
New Revision: 1445574
URL: http://svn.apache.org/r1445574
Log:
[WSS-424] - Signature Element is not inserted in the correct place in the
header in certain circumstances
Conflicts:
ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/SignatureTest.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java?rev=1445574&r1=1445573&r2=1445574&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/action/SignatureAction.java
Wed Feb 13 12:48:33 2013
@@ -30,7 +30,6 @@ import org.apache.ws.security.dom.WSEncr
import org.apache.ws.security.dom.handler.RequestData;
import org.apache.ws.security.dom.handler.WSHandler;
import org.apache.ws.security.dom.message.WSSecSignature;
-import org.apache.ws.security.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -74,17 +73,22 @@ public class SignatureAction implements
} else if (reqData.isAppendSignatureAfterTimestamp()
&& WSConstants.WSU_NS.equals(part.getNamespace())
&& "Timestamp".equals(part.getName())) {
- List<Element> elements =
- WSSecurityUtil.findElements(
- doc.getDocumentElement(), part.getName(),
part.getNamespace()
- );
- if (elements != null && !elements.isEmpty()) {
- Element timestampElement = elements.get(0);
- Node child = timestampElement.getNextSibling();
- while (child != null && child.getNodeType() !=
Node.ELEMENT_NODE) {
- child = child.getNextSibling();
+ int originalSignatureActionIndex =
+ reqData.getOriginalSignatureActionPosition();
+ // Need to figure out where to put the Signature Element
in the header
+ if (originalSignatureActionIndex > 0) {
+ Element secHeader =
reqData.getSecHeader().getSecurityHeader();
+ Node lastChild = secHeader.getLastChild();
+ int count = 0;
+ while (lastChild != null && count <
originalSignatureActionIndex) {
+ while (lastChild != null &&
lastChild.getNodeType() != Node.ELEMENT_NODE) {
+ lastChild = lastChild.getPreviousSibling();
+ }
+ count++;
+ }
+ if (lastChild instanceof Element) {
+ siblingElementToPrepend = (Element)lastChild;
}
- siblingElementToPrepend = (Element)child;
}
}
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java?rev=1445574&r1=1445573&r2=1445574&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/RequestData.java
Wed Feb 13 12:48:33 2013
@@ -93,6 +93,7 @@ public class RequestData {
private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
private final List<BSPRule> ignoredBSPRules = new LinkedList<BSPRule>();
private boolean appendSignatureAfterTimestamp;
+ private int originalSignatureActionPosition;
private AlgorithmSuite algorithmSuite;
private AlgorithmSuite samlAlgorithmSuite;
@@ -124,6 +125,7 @@ public class RequestData {
appendSignatureAfterTimestamp = false;
algorithmSuite = null;
samlAlgorithmSuite = null;
+ setOriginalSignatureActionPosition(0);
}
public Object getMsgContext() {
@@ -579,5 +581,13 @@ public class RequestData {
public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
this.samlAlgorithmSuite = samlAlgorithmSuite;
}
+
+ public int getOriginalSignatureActionPosition() {
+ return originalSignatureActionPosition;
+ }
+
+ public void setOriginalSignatureActionPosition(int
originalSignatureActionPosition) {
+ this.originalSignatureActionPosition = originalSignatureActionPosition;
+ }
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java?rev=1445574&r1=1445573&r2=1445574&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/handler/WSHandler.java
Wed Feb 13 12:48:33 2013
@@ -203,9 +203,11 @@ public abstract class WSHandler {
if (signTimestamp) {
actionsToPerform = new ArrayList<Integer>(actions);
Collections.copy(actionsToPerform, actions);
- actionsToPerform.remove(actions.indexOf(WSConstants.SIGN));
+ int signatureIndex = actions.indexOf(WSConstants.SIGN);
+ actionsToPerform.remove(signatureIndex);
actionsToPerform.add(WSConstants.SIGN);
reqData.setAppendSignatureAfterTimestamp(true);
+ reqData.setOriginalSignatureActionPosition(signatureIndex);
}
}
Modified:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/SignatureTest.java?rev=1445574&r1=1445573&r2=1445574&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/SignatureTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/ws/security/dom/message/SignatureTest.java
Wed Feb 13 12:48:33 2013
@@ -725,6 +725,84 @@ public class SignatureTest extends org.j
List<WSSecurityEngineResult> results = verify(doc);
assertTrue(handler.checkResults(results, actions));
}
+
+ @org.junit.Test
+ public void
+ testSignatureEncryptTimestampOrder() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN | WSConstants.ENCR |
WSConstants.TS;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String,
Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new
java.util.ArrayList<Integer>();
+ actions.add(Integer.valueOf(WSConstants.SIGN));
+ actions.add(Integer.valueOf(WSConstants.ENCR));
+ actions.add(Integer.valueOf(WSConstants.TS));
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ }
+
+ @org.junit.Test
+ public void
+ testEncryptSignatureTimestampOrder() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.ENCR | WSConstants.SIGN |
WSConstants.TS;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String,
Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new
java.util.ArrayList<Integer>();
+ actions.add(Integer.valueOf(WSConstants.ENCR));
+ actions.add(Integer.valueOf(WSConstants.SIGN));
+ actions.add(Integer.valueOf(WSConstants.TS));
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ }
/**
* Verifies the soap envelope.
