Author: coheigea
Date: Wed Jun 26 14:35:36 2013
New Revision: 1496947
URL: http://svn.apache.org/r1496947
Log:
Fixing SymmetricBinding response use-cases
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java?rev=1496947&r1=1496946&r2=1496947&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSUtils.java
Wed Jun 26 14:35:36 2013
@@ -336,17 +336,24 @@ public class WSSUtils extends XMLSecurit
OutputProcessorChain outputProcessorChain, Key key)
throws XMLStreamException, XMLSecurityException {
- List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
-
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType,
WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
-
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType,
WSSConstants.NS_ENCRYPTED_KEY_SHA1));
-
abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_KeyIdentifier, false, attributes);
try {
MessageDigest sha = MessageDigest.getInstance("SHA-1");
byte[] data = sha.digest(key.getEncoded());
-
abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain,
new Base64(76, new byte[]{'\n'}).encodeToString(data));
+ createEncryptedKeySha1IdentifierStructure(abstractOutputProcessor,
outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
} catch (NoSuchAlgorithmException e) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
+ }
+
+ public static void
createEncryptedKeySha1IdentifierStructure(AbstractOutputProcessor
abstractOutputProcessor,
+
OutputProcessorChain outputProcessorChain, String identifier)
+ throws XMLStreamException, XMLSecurityException {
+
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
+
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType,
WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
+
attributes.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType,
WSSConstants.NS_ENCRYPTED_KEY_SHA1));
+
abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_KeyIdentifier, false, attributes);
+
abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain,
identifier);
abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_KeyIdentifier);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1496947&r1=1496946&r2=1496947&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
Wed Jun 26 14:35:36 2013
@@ -55,6 +55,7 @@ public class BinarySecurityTokenOutputPr
try {
final String bstId;
final X509Certificate[] x509Certificates;
+ String reference = null;
Key key = null;
XMLSecurityConstants.Action action = getAction();
@@ -74,6 +75,7 @@ public class BinarySecurityTokenOutputPr
(GenericOutboundSecurityToken)signatureTokenProvider.getSecurityToken();
if (securityToken != null) {
key =
securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm());
+ reference = securityToken.getSha1Identifier();
}
}
}
@@ -147,6 +149,7 @@ public class BinarySecurityTokenOutputPr
final GenericOutboundSecurityToken binarySecurityToken =
new GenericOutboundSecurityToken(bstId,
WSSecurityTokenConstants.X509V3Token, key, x509Certificates);
+ binarySecurityToken.setSha1Identifier(reference);
final SecurityTokenProvider<OutboundSecurityToken>
binarySecurityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1496947&r1=1496946&r2=1496947&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Wed Jun 26 14:35:36 2013
@@ -94,7 +94,8 @@ public class EncryptOutputProcessor exte
new InternalEncryptionOutputProcessor(
encryptionPartDef,
xmlSecStartElement,
-
outputProcessorChain.getDocumentContext().getEncoding()
+
outputProcessorChain.getDocumentContext().getEncoding(),
+ securityToken.getSha1Identifier()
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalEncryptionOutputProcessor.setAction(getAction());
@@ -122,14 +123,17 @@ public class EncryptOutputProcessor exte
class InternalEncryptionOutputProcessor extends
AbstractInternalEncryptionOutputProcessor {
private boolean doEncryptedHeader = false;
+ private final String sha1Identifier;
- InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef,
XMLSecStartElement xmlSecStartElement, String encoding)
+ InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef,
XMLSecStartElement xmlSecStartElement,
+ String encoding, String
sha1Identifier)
throws XMLSecurityException, XMLStreamException {
super(encryptionPartDef, xmlSecStartElement, encoding);
this.addBeforeProcessor(EncryptEndingOutputProcessor.class.getName());
this.addBeforeProcessor(InternalEncryptionOutputProcessor.class.getName());
this.addAfterProcessor(EncryptOutputProcessor.class.getName());
+ this.sha1Identifier = sha1Identifier;
}
protected OutputStream applyTransforms(OutputStream outputStream)
throws XMLSecurityException {
@@ -214,7 +218,11 @@ public class EncryptOutputProcessor exte
attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType,
WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
- WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
+ if (sha1Identifier != null) {
+ WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, sha1Identifier);
+ } else {
+ WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
+ }
} else {
createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java?rev=1496947&r1=1496946&r2=1496947&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
Wed Jun 26 14:35:36 2013
@@ -40,6 +40,7 @@ import org.apache.xml.security.stax.secu
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import java.security.cert.X509Certificate;
+import java.security.Key;
import java.util.*;
public class WSSSignatureEndingOutputProcessor extends
AbstractSignatureEndingOutputProcessor {
@@ -121,8 +122,13 @@ public class WSSSignatureEndingOutputPro
} else if
(WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier))
{
WSSUtils.createThumbprintKeyIdentifierStructure(this,
outputProcessorChain, x509Certificates);
} else if
(WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier))
{
- WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain,
-
securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm()));
+ String identifier = securityToken.getSha1Identifier();
+ if (identifier != null) {
+ WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, identifier);
+ } else {
+ Key key =
securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm());
+ WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, key);
+ }
} else if
(WSSecurityTokenConstants.KeyIdentifier_EncryptedKey.equals(keyIdentifier)) {
String id = securityToken.getId();
WSSUtils.createBSTReferenceStructure(this,
outputProcessorChain, id, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE);
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java?rev=1496947&r1=1496946&r2=1496947&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
Wed Jun 26 14:35:36 2013
@@ -39,7 +39,6 @@ public class EncryptedKeySha1SecurityTok
extends AbstractInboundSecurityToken implements
EncryptedKeySha1SecurityToken {
private CallbackHandler callbackHandler;
- private String sha1Identifier;
public EncryptedKeySha1SecurityTokenImpl(
WSInboundSecurityContext inboundSecurityContext, CallbackHandler
callbackHandler,
@@ -47,7 +46,7 @@ public class EncryptedKeySha1SecurityTok
super(inboundSecurityContext, id,
WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier, false);
this.callbackHandler = callbackHandler;
- this.sha1Identifier = sha1Identifier;
+ setSha1Identifier(sha1Identifier);
}
@Override
@@ -65,11 +64,11 @@ public class EncryptedKeySha1SecurityTok
}
WSPasswordCallback secretKeyCallback =
- new WSPasswordCallback(sha1Identifier, null,
+ new WSPasswordCallback(getSha1Identifier(), null,
WSSConstants.NS_ENCRYPTED_KEY_SHA1,
WSPasswordCallback.Usage.SECRET_KEY);
- WSSUtils.doSecretKeyCallback(callbackHandler, secretKeyCallback,
sha1Identifier);
+ WSSUtils.doSecretKeyCallback(callbackHandler, secretKeyCallback,
getSha1Identifier());
if (secretKeyCallback.getKey() == null) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey",
sha1Identifier);
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey",
getSha1Identifier());
}
String algoFamily =
JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
