Author: coheigea
Date: Thu Apr 11 10:38:34 2013
New Revision: 1466831
URL: http://svn.apache.org/r1466831
Log:
Add a way to disable all BSP rules for the StaX code
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/InboundWSSec.java
Thu Apr 11 10:38:34 2013
@@ -127,6 +127,7 @@ public class InboundWSSec {
securityContextImpl.putList(SecurityEvent.class,
requestSecurityEvents);
securityContextImpl.addSecurityEventListener(securityEventListener);
securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
+
securityContextImpl.setDisableBSPEnforcement(this.securityProperties.isDisableBSPEnforcement());
if (!requestSecurityEvents.isEmpty()) {
try {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Thu Apr 11 10:38:34 2013
@@ -55,6 +55,7 @@ public class WSSSecurityProperties exten
private String actor;
private CallbackHandler callbackHandler;
private final List<BSPRule> ignoredBSPRules = new LinkedList<BSPRule>();
+ private boolean disableBSPEnforcement;
private final Map<QName, Validator> validators = new HashMap<QName,
Validator>();
private Integer timestampTTL = 300;
@@ -104,6 +105,7 @@ public class WSSSecurityProperties exten
this.actor = wssSecurityProperties.actor;
this.callbackHandler = wssSecurityProperties.callbackHandler;
this.ignoredBSPRules.addAll(wssSecurityProperties.ignoredBSPRules);
+ this.disableBSPEnforcement =
wssSecurityProperties.disableBSPEnforcement;
this.validators.putAll(wssSecurityProperties.validators);
this.timestampTTL = wssSecurityProperties.timestampTTL;
this.timeStampFutureTTL = wssSecurityProperties.timeStampFutureTTL;
@@ -681,5 +683,13 @@ public class WSSSecurityProperties exten
return nonceReplayCache;
}
+
+ public boolean isDisableBSPEnforcement() {
+ return disableBSPEnforcement;
+ }
+
+ public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+ this.disableBSPEnforcement = disableBSPEnforcement;
+ }
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
Thu Apr 11 10:38:34 2013
@@ -49,6 +49,7 @@ public class InboundWSSecurityContextImp
private final Deque<SecurityEvent> securityEventQueue = new
ArrayDeque<SecurityEvent>();
private boolean operationSecurityEventOccured = false;
private boolean messageEncryptionTokenOccured = false;
+ private boolean disableBSPEnforcement;
private List<BSPRule> ignoredBSPRules = Collections.emptyList();
@@ -533,6 +534,9 @@ public class InboundWSSecurityContextImp
@Override
public void handleBSPRule(BSPRule bspRule) throws WSSecurityException {
+ if (disableBSPEnforcement) {
+ return;
+ }
if (!ignoredBSPRules.contains(bspRule)) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY,
@@ -547,4 +551,12 @@ public class InboundWSSecurityContextImp
public void ignoredBSPRules(List<BSPRule> bspRules) {
ignoredBSPRules = new ArrayList<BSPRule>(bspRules);
}
+
+ public boolean isDisableBSPEnforcement() {
+ return disableBSPEnforcement;
+ }
+
+ public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+ this.disableBSPEnforcement = disableBSPEnforcement;
+ }
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1466831&r1=1466830&r2=1466831&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
Thu Apr 11 10:38:34 2013
@@ -431,6 +431,53 @@ public class SignatureTest extends Abstr
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
}
}
+
+ /**
+ * Since WSS4J hardcoded the C14N algo for References, we test against our
framework
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testSignatureC14NInclusivePartsInbound_DisableAllBSPRules()
throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ WSSConstants.Action[] actions = new
WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ securityProperties.setOutAction(actions);
+
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"),
"default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+ securityProperties.addSignaturePart(new SecurePart(new
QName("http://www.w3.org/1999/XMLSchema";, "complexType"),
SecurePart.Modifier.Element));
+
securityProperties.setSignatureCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";);
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut =
WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos,
"UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document securedDocument =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList =
securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ securityProperties.setDisableBSPEnforcement(true);
+
securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader =
wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+ Document document =
StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+
Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(),
WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+ }
@Test
public void testSignatureKeyIdentifierIssuerSerialOutbound() throws
Exception {
