Author: coheigea
Date: Mon May 25 10:54:29 2015
New Revision: 1681580
URL: http://svn.apache.org/r1681580
Log:
Adding support for processing a BinarySecurityToken that references a child
Element via xop:Include
Conflicts:
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java?rev=1681580&r1=1681579&r2=1681580&view=diff
==============================================================================
---
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
(original)
+++
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
Mon May 25 10:54:29 2015
@@ -36,6 +36,7 @@ import org.apache.wss4j.dom.message.toke
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.message.token.PKIPathSecurity;
import org.apache.wss4j.dom.message.token.X509Security;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.Validator;
@@ -166,6 +167,18 @@ public class BinarySecurityTokenProcesso
} else {
token = new BinarySecurity(element, data.getBSPEnforcer());
}
+
+ // Now see if the Element content is actually referenced via
xop:Include
+ Element elementChild =
+ WSSecurityUtil.getDirectChildElement(element, "Include",
WSConstants.XOP_NS);
+ if (elementChild != null && elementChild.hasAttributeNS(null, "href"))
{
+ String xopUri = elementChild.getAttributeNS(null, "href");
+ if (xopUri != null && xopUri.startsWith("cid:")) {
+ byte[] content = WSSecurityUtil.getBytesFromAttachment(xopUri,
data);
+ token.setToken(content);
+ }
+ }
+
return token;
}
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1681580&r1=1681579&r2=1681580&view=diff
==============================================================================
---
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Mon May 25 10:54:29 2015
@@ -20,7 +20,6 @@
package org.apache.wss4j.dom.processor;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
@@ -35,20 +34,16 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
+
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.ext.Attachment;
-import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -67,7 +62,6 @@ import org.apache.wss4j.dom.util.X509Uti
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.JavaUtils;
public class EncryptedKeyProcessor implements Processor {
private static final org.slf4j.Logger LOG =
@@ -218,7 +212,7 @@ public class EncryptedKeyProcessor imple
// Get the key bytes from CipherValue directly or via an attachment
String xopUri =
EncryptionUtils.getXOPURIFromCipherValue(xencCipherValue);
if (xopUri != null && xopUri.startsWith("cid:")) {
- encryptedEphemeralKey =
getDecryptedKeyBytesFromAttachment(xopUri, data);
+ encryptedEphemeralKey =
WSSecurityUtil.getBytesFromAttachment(xopUri, data);
} else {
encryptedEphemeralKey =
getDecodedBase64EncodedData(xencCipherValue);
}
@@ -255,40 +249,6 @@ public class EncryptedKeyProcessor imple
return java.util.Collections.singletonList(result);
}
- private byte[] getDecryptedKeyBytesFromAttachment(
- String xopUri, RequestData data
- ) throws WSSecurityException {
- CallbackHandler attachmentCallbackHandler =
data.getAttachmentCallbackHandler();
- if (attachmentCallbackHandler == null) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
- }
-
- final String attachmentId = xopUri.substring(4);
-
- AttachmentRequestCallback attachmentRequestCallback = new
AttachmentRequestCallback();
- attachmentRequestCallback.setAttachmentId(attachmentId);
-
- try {
- attachmentCallbackHandler.handle(new
Callback[]{attachmentRequestCallback});
-
- List<Attachment> attachments =
attachmentRequestCallback.getAttachments();
- if (attachments == null || attachments.isEmpty() ||
!attachmentId.equals(attachments.get(0).getId())) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.INVALID_SECURITY,
- "empty", new Object[] {"Attachment not found"}
- );
- }
- Attachment attachment = attachments.get(0);
- InputStream inputStream = attachment.getSourceStream();
-
- return JavaUtils.getBytesFromStream(inputStream);
- } catch (UnsupportedCallbackException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- } catch (IOException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
- }
- }
-
/**
* Generates a random secret key using the algorithm specified in the
* first DataReference URI
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java?rev=1681580&r1=1681579&r2=1681580&view=diff
==============================================================================
---
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
(original)
+++
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
Mon May 25 10:54:29 2015
@@ -215,8 +215,7 @@ public final class EncryptionUtils {
}
public static String getXOPURIFromCipherValue(Element cipherValue) {
- if (cipherValue != null &&
cipherValue.hasAttributeNS(WSConstants.XMLNS_NS, "xop")
- &&
WSConstants.XOP_NS.equals(cipherValue.getAttributeNS(WSConstants.XMLNS_NS,
"xop"))) {
+ if (cipherValue != null) {
Element cipherValueChild =
XMLUtils.getDirectChildElement(cipherValue, "Include",
WSConstants.XOP_NS);
if (cipherValueChild != null &&
cipherValueChild.hasAttributeNS(null, "href")) {
@@ -254,7 +253,7 @@ public final class EncryptionUtils {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
}
- final String attachmentId = uri.substring(4);
+ final String attachmentId = uri.substring("cid:".length());
AttachmentRequestCallback attachmentRequestCallback = new
AttachmentRequestCallback();
attachmentRequestCallback.setAttachmentId(attachmentId);
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1681580&r1=1681579&r2=1681580&view=diff
==============================================================================
---
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Mon May 25 10:54:29 2015
@@ -28,14 +28,18 @@ import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.ext.Attachment;
+import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.HandlerAction;
+import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -51,11 +55,17 @@ import javax.xml.namespace.QName;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
/**
* WS-Security Utility methods. <p/>
*/
@@ -1208,4 +1218,39 @@ public final class WSSecurityUtil {
return false;
}
+ public static byte[] getBytesFromAttachment(
+ String xopUri, RequestData data
+ ) throws WSSecurityException {
+ CallbackHandler attachmentCallbackHandler =
data.getAttachmentCallbackHandler();
+ if (attachmentCallbackHandler == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ }
+
+ final String attachmentId = xopUri.substring("cid:".length());
+
+ AttachmentRequestCallback attachmentRequestCallback = new
AttachmentRequestCallback();
+ attachmentRequestCallback.setAttachmentId(attachmentId);
+
+ try {
+ attachmentCallbackHandler.handle(new
Callback[]{attachmentRequestCallback});
+
+ List<Attachment> attachments =
attachmentRequestCallback.getAttachments();
+ if (attachments == null || attachments.isEmpty()
+ || !attachmentId.equals(attachments.get(0).getId())) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.INVALID_SECURITY,
+ "empty", new Object[] {"Attachment not found"}
+ );
+ }
+ Attachment attachment = attachments.get(0);
+ InputStream inputStream = attachment.getSourceStream();
+
+ return JavaUtils.getBytesFromStream(inputStream);
+ } catch (UnsupportedCallbackException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ } catch (IOException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+ }
+ }
+
}
