Author: coheigea
Date: Wed Aug 14 09:33:45 2013
New Revision: 1513780
URL: http://svn.apache.org/r1513780
Log:
[WSS-476] - Add the ability to configure the Signature Canonicalization
Algorithm via WSHandler
Conflicts:
src/main/java/org/apache/ws/security/action/SignatureAction.java
src/main/java/org/apache/ws/security/handler/RequestData.java
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SAMLTokenSignedAction.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SAMLTokenSignedAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SAMLTokenSignedAction.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SAMLTokenSignedAction.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SAMLTokenSignedAction.java
Wed Aug 14 09:33:45 2013
@@ -81,6 +81,9 @@ public class SAMLTokenSignedAction imple
if (reqData.getSigDigestAlgorithm() != null) {
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
+ if (reqData.getSignatureC14nAlgorithm() != null) {
+ wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm());
+ }
/*
* required to add support for the
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
Wed Aug 14 09:33:45 2013
@@ -53,7 +53,10 @@ public class SignatureAction implements
if (reqData.getSigDigestAlgorithm() != null) {
wsSign.setDigestAlgo(reqData.getSigDigestAlgorithm());
}
-
+ if (reqData.getSignatureC14nAlgorithm() != null) {
+ wsSign.setSigCanonicalization(reqData.getSignatureC14nAlgorithm());
+ }
+
wsSign.setUserInfo(reqData.getSignatureUser(),
passwordCallback.getPassword());
wsSign.setUseSingleCertificate(reqData.isUseSingleCert());
if (reqData.getSignatureParts().size() > 0) {
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
Wed Aug 14 09:33:45 2013
@@ -60,6 +60,7 @@ public class RequestData {
private String sigAlgorithm = null;
private String signatureDigestAlgorithm = null;
private String encryptionDigestAlgorithm = null;
+ private String signatureC14nAlgorithm;
private List<WSEncryptionPart> signatureParts = new
ArrayList<WSEncryptionPart>();
private Crypto encCrypto = null;
private int encKeyId = 0;
@@ -101,6 +102,7 @@ public class RequestData {
wssConfig = null;
signatureValues.clear();
signatureDigestAlgorithm = null;
+ signatureC14nAlgorithm = null;
encryptionDigestAlgorithm = null;
encSymmetricEncryptionKey = true;
secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
@@ -120,6 +122,14 @@ public class RequestData {
setOriginalSignatureActionPosition(0);
}
+ public String getSignatureC14nAlgorithm() {
+ return signatureC14nAlgorithm;
+ }
+
+ public void setSignatureC14nAlgorithm(String signatureC14nAlgorithm) {
+ this.signatureC14nAlgorithm = signatureC14nAlgorithm;
+ }
+
public Object getMsgContext() {
return msgContext;
}
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
Wed Aug 14 09:33:45 2013
@@ -529,6 +529,9 @@ public abstract class WSHandler {
String digestAlgo = getString(WSHandlerConstants.SIG_DIGEST_ALGO, mc);
reqData.setSigDigestAlgorithm(digestAlgo);
+
+ String c14nAlgo = getString(WSHandlerConstants.SIG_C14N_ALGO, mc);
+ reqData.setSignatureC14nAlgorithm(c14nAlgo);
String parts = getString(WSHandlerConstants.SIGNATURE_PARTS, mc);
if (parts != null) {
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandlerConstants.java
Wed Aug 14 09:33:45 2013
@@ -561,6 +561,12 @@ public final class WSHandlerConstants {
* </pre>
*/
public static final String SIG_DIGEST_ALGO = "signatureDigestAlgorithm";
+
+ /**
+ * Defines which signature c14n (canonicalization) algorithm to use. The
default is:
+ * "http://www.w3.org/2001/10/xml-exc-c14n#";
+ */
+ public static final String SIG_C14N_ALGO = "signatureC14nAlgorithm";
/**
* Parameter to define which parts of the request shall be signed.
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1513780&r1=1513779&r2=1513780&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
Wed Aug 14 09:33:45 2013
@@ -804,6 +804,51 @@ public class SignatureTest extends org.j
LOG.debug(outputString);
}
}
+
+ @org.junit.Test
+ public void testWSHandlerSignatureCanonicalization() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String,
Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.SIG_C14N_ALGO,
WSConstants.C14N_WITH_COMMENTS);
+ config.put("password", "security");
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new
java.util.ArrayList<Integer>();
+ actions.add(WSConstants.SIGN);
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+
+ RequestData data = new RequestData();
+ WSSConfig newConfig = WSSConfig.getNewInstance();
+ newConfig.setWsiBSPCompliant(false);
+ data.setWssConfig(newConfig);
+ data.setSigCrypto(crypto);
+
+ WSSecurityEngine newSecEngine = new WSSecurityEngine();
+ Element elem = WSSecurityUtil.getSecurityHeader(doc, "");
+ List<WSSecurityEngineResult> results =
+ newSecEngine.processSecurityHeader(elem, data);
+ assertTrue(handler.checkResults(results, actions));
+ }
/**
* Verifies the soap envelope.
