This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push: new 6ff54d5cf WSS-695 - Unmarshalling failure with OpenSAML 4 6ff54d5cf is described below commit 6ff54d5cf098572394704d5700823b75293a12b0 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Apr 14 12:27:51 2022 +0100 WSS-695 - Unmarshalling failure with OpenSAML 4 --- .../wss4j/common/saml/OpenSAMLBootstrap.java | 3 +- .../saml/WSS4JXSBase64BinaryUnmarshaller.java | 47 ++++++++++++++++++++++ .../src/main/resources/wss4j-signature-config.xml | 15 +++++++ 3 files changed, 64 insertions(+), 1 deletion(-) diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java index 6d4498e35..01e0d703d 100644 --- a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java +++ b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java @@ -56,6 +56,7 @@ public final class OpenSAMLBootstrap { "/saml2-channel-binding-config.xml", "/saml-ec-gss-config.xml", "/signature-config.xml", + "/wss4j-signature-config.xml", // Override the default Base64 Binary Unmarshaller for X.509 Certificates "/encryption-config.xml", "/xacml20-context-config.xml", "/xacml20-policy-config.xml", @@ -109,4 +110,4 @@ public final class OpenSAMLBootstrap { } } -} \ No newline at end of file +} diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java new file mode 100644 index 000000000..8827d8145 --- /dev/null +++ b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.wss4j.common.saml; + +import net.shibboleth.utilities.java.support.primitive.StringSupport; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.w3c.dom.Text; + +/** + * Override the OpenSAML BASE-64 unmarshaller for X.509 Certificates, to fix a test failure in CXF due to the fact + * that an X.509 Certificate is only partially unmarshalled. + * + * https://issues.apache.org/jira/browse/WSS-695 + */ +public final class WSS4JXSBase64BinaryUnmarshaller extends org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller { + + /** + * A fix to call Text.getWholeText() instead of Text.getData(), as otherwise with the SAMLRenewTest in CXF's STS + * systests, the X.509 Certificate is only partially unmarshalled. + */ + @Override + protected void unmarshallTextContent(XMLObject xmlObject, Text content) throws UnmarshallingException { + final String textContent = StringSupport.trimOrNull(content.getWholeText()); + if (textContent != null) { + processElementContent(xmlObject, textContent); + } + } + +} diff --git a/ws-security-common/src/main/resources/wss4j-signature-config.xml b/ws-security-common/src/main/resources/wss4j-signature-config.xml new file mode 100644 index 000000000..07ee51572 --- /dev/null +++ b/ws-security-common/src/main/resources/wss4j-signature-config.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<XMLTooling xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#" xmlns="http://www.opensaml.org/xmltooling-config"> + + <ObjectProviders> + + <!-- X509Certificate --> + <ObjectProvider qualifiedName="ds:X509Certificate"> + <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509CertificateBuilder"/> + <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/> + <UnmarshallingClass className="org.apache.wss4j.common.saml.WSS4JXSBase64BinaryUnmarshaller"/> + </ObjectProvider> + + </ObjectProviders> + +</XMLTooling>