Author: coheigea
Date: Mon Jun 17 16:03:17 2013
New Revision: 1493827
URL: http://svn.apache.org/r1493827
Log:
Support the ability to disable encrypting a symmetric key plus some misc stuff
to support SymmetricBinding policies
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Mon Jun 17 16:03:17 2013
@@ -421,6 +421,10 @@ public final class ConfigurationConverte
boolean enableNonceCache =
decodeBooleanConfigValue(ConfigurationConstants.ENABLE_NONCE_CACHE, true,
config);
properties.setEnableNonceReplayCache(enableNonceCache);
+
+ boolean encryptSymmetricEncryptionKey =
+ decodeBooleanConfigValue(ConfigurationConstants.ENC_SYM_ENC_KEY,
true, config);
+
properties.setEncryptSymmetricEncrytionKey(encryptSymmetricEncryptionKey);
}
private static void parseNonBooleanProperties(
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
Mon Jun 17 16:03:17 2013
@@ -139,12 +139,14 @@ public class WSSec {
if (securityProperties.getEncryptionUseThisCertificate() ==
null
&& securityProperties.getEncryptionKeyStore() == null
&& securityProperties.getEncryptionCryptoProperties()
== null
- && !securityProperties.isUseReqSigCertForEncryption())
{
+ && !securityProperties.isUseReqSigCertForEncryption()
+ &&
securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"encryptionKeyStoreNotSet");
}
if (securityProperties.getEncryptionUser() == null
&&
securityProperties.getEncryptionUseThisCertificate() == null
- && !securityProperties.isUseReqSigCertForEncryption())
{
+ && !securityProperties.isUseReqSigCertForEncryption()
+ &&
securityProperties.isEncryptSymmetricEncrytionKey()) {
throw new
WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE,
"noEncryptionUser");
}
if (securityProperties.getEncryptionSymAlgorithm() == null) {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
Mon Jun 17 16:03:17 2013
@@ -152,12 +152,14 @@ public class OutboundWSSec {
initializeOutputProcessor(outputProcessorChain,
signatureOutputProcessor, action);
} else if (WSSConstants.ENCRYPT.equals(action)) {
- final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
+ if (securityProperties.isEncryptSymmetricEncrytionKey()) {
+ final BinarySecurityTokenOutputProcessor
binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
+ initializeOutputProcessor(outputProcessorChain,
binarySecurityTokenOutputProcessor, action);
- final EncryptedKeyOutputProcessor
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
- initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
+ final EncryptedKeyOutputProcessor
encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain,
encryptedKeyOutputProcessor, action);
+ }
final EncryptOutputProcessor encryptOutputProcessor = new
EncryptOutputProcessor();
initializeOutputProcessor(outputProcessorChain,
encryptOutputProcessor, action);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
Mon Jun 17 16:03:17 2013
@@ -68,6 +68,7 @@ public class WSSSecurityProperties exten
private Integer derivedKeyIterations = 1000;
private boolean addUsernameTokenNonce;
private boolean addUsernameTokenCreated;
+ private boolean encryptSymmetricEncrytionKey = true;
/**
* This variable controls whether types other than PasswordDigest or
PasswordText
@@ -156,6 +157,7 @@ public class WSSSecurityProperties exten
this.addUsernameTokenNonce =
wssSecurityProperties.addUsernameTokenNonce;
this.addUsernameTokenCreated =
wssSecurityProperties.addUsernameTokenCreated;
this.validateSamlSubjectConfirmation =
wssSecurityProperties.validateSamlSubjectConfirmation;
+ this.encryptSymmetricEncrytionKey =
wssSecurityProperties.encryptSymmetricEncrytionKey;
}
/**
@@ -839,5 +841,13 @@ public class WSSSecurityProperties exten
public void setEnableNonceReplayCache(boolean enableNonceReplayCache) {
this.enableNonceReplayCache = enableNonceReplayCache;
}
+
+ public boolean isEncryptSymmetricEncrytionKey() {
+ return encryptSymmetricEncrytionKey;
+ }
+
+ public void setEncryptSymmetricEncrytionKey(boolean
encryptSymmetricEncrytionKey) {
+ this.encryptSymmetricEncrytionKey = encryptSymmetricEncrytionKey;
+ }
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptEndingOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -45,7 +45,8 @@ public class EncryptEndingOutputProcesso
@Override
public void processHeaderEvent(OutputProcessorChain outputProcessorChain)
throws XMLStreamException, XMLSecurityException {
OutputProcessorChain subOutputProcessorChain =
outputProcessorChain.createSubChain(this);
- if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ ||
!((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
WSSUtils.createReferenceListStructureForEncryption(this,
subOutputProcessorChain);
}
}
@@ -65,7 +66,8 @@ public class EncryptEndingOutputProcesso
case XMLStreamConstants.START_ELEMENT:
if (WSSUtils.isSecurityHeaderElement(xmlSecEvent, actor)) {
- if
(WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())) {
+ if
(WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(getAction())
+ ||
!((WSSSecurityProperties)getSecurityProperties()).isEncryptSymmetricEncrytionKey())
{
WSSUtils.updateSecurityHeaderOrder(
outputProcessorChain,
WSSConstants.TAG_xenc_ReferenceList, getAction(), true);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Mon Jun 17 16:03:17 2013
@@ -117,7 +117,7 @@ public class EncryptOutputProcessor exte
}
/**
- * Processor which handles the effective enryption of the data
+ * Processor which handles the effective encryption of the data
*/
class InternalEncryptionOutputProcessor extends
AbstractInternalEncryptionOutputProcessor {
@@ -207,12 +207,17 @@ public class EncryptOutputProcessor exte
@Override
protected void createKeyInfoStructure(OutputProcessorChain
outputProcessorChain) throws XMLStreamException, XMLSecurityException {
createStartElementAndOutputAsEvent(outputProcessorChain,
XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
- createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
if
(WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(
((WSSSecurityProperties)
getSecurityProperties()).getEncryptionKeyIdentifier())) {
+ List<XMLSecAttribute> attributes = new
ArrayList<XMLSecAttribute>(1);
+
attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType,
WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
+ createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
+
WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
} else {
+ createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+
List<XMLSecAttribute> attributes = new
ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#"
+ getEncryptionPartDef().getKeyId()));
createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_Reference, false, attributes);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java?rev=1493827&r1=1493826&r2=1493827&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SecurityHeaderReorderProcessor.java
Mon Jun 17 16:03:17 2013
@@ -111,7 +111,7 @@ public class SecurityHeaderReorderProces
subOutputProcessorChain.reset();
subOutputProcessorChain.processEvent(event);
}
- //remove the actual header so that it won't be
outputted twice in the loop below
+ //remove the actual header so that it won't be
output twice in the loop below
entryIterator.remove();
}
//... the action is encryption and...
