[ws-wss4j] branch master updated: WSS-695 - Unmarshalling failure with OpenSAML 4

Thu, 14 Apr 2022 05:06:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new 6ff54d5cf WSS-695 - Unmarshalling failure with OpenSAML 4
6ff54d5cf is described below

commit 6ff54d5cf098572394704d5700823b75293a12b0
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Apr 14 12:27:51 2022 +0100

    WSS-695 - Unmarshalling failure with OpenSAML 4
---
 .../wss4j/common/saml/OpenSAMLBootstrap.java       |  3 +-
 .../saml/WSS4JXSBase64BinaryUnmarshaller.java      | 47 ++++++++++++++++++++++
 .../src/main/resources/wss4j-signature-config.xml  | 15 +++++++
 3 files changed, 64 insertions(+), 1 deletion(-)

diff --git 
a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java
 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java
index 6d4498e35..01e0d703d 100644
--- 
a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java
+++ 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLBootstrap.java
@@ -56,6 +56,7 @@ public final class OpenSAMLBootstrap {
         "/saml2-channel-binding-config.xml",
         "/saml-ec-gss-config.xml",
         "/signature-config.xml",
+        "/wss4j-signature-config.xml",  // Override the default Base64 Binary 
Unmarshaller for X.509 Certificates
         "/encryption-config.xml",
         "/xacml20-context-config.xml",
         "/xacml20-policy-config.xml",
@@ -109,4 +110,4 @@ public final class OpenSAMLBootstrap {
         }
     }
 
-}
\ No newline at end of file
+}
diff --git 
a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java
 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java
new file mode 100644
index 000000000..8827d8145
--- /dev/null
+++ 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/WSS4JXSBase64BinaryUnmarshaller.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml;
+
+import net.shibboleth.utilities.java.support.primitive.StringSupport;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.w3c.dom.Text;
+
+/**
+ * Override the OpenSAML BASE-64 unmarshaller for X.509 Certificates, to fix a 
test failure in CXF due to the fact
+ * that an X.509 Certificate is only partially unmarshalled.
+ *
+ * https://issues.apache.org/jira/browse/WSS-695
+ */
+public final class WSS4JXSBase64BinaryUnmarshaller extends 
org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller {
+
+    /**
+     * A fix to call Text.getWholeText() instead of Text.getData(), as 
otherwise with the SAMLRenewTest in CXF's STS
+     * systests, the X.509 Certificate is only partially unmarshalled.
+     */
+    @Override
+    protected void unmarshallTextContent(XMLObject xmlObject, Text content) 
throws UnmarshallingException {
+        final String textContent = 
StringSupport.trimOrNull(content.getWholeText());
+        if (textContent != null) {
+            processElementContent(xmlObject, textContent);
+        }
+    }
+
+}
diff --git a/ws-security-common/src/main/resources/wss4j-signature-config.xml 
b/ws-security-common/src/main/resources/wss4j-signature-config.xml
new file mode 100644
index 000000000..07ee51572
--- /dev/null
+++ b/ws-security-common/src/main/resources/wss4j-signature-config.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
xmlns:ds11="http://www.w3.org/2009/xmldsig11#"; 
xmlns="http://www.opensaml.org/xmltooling-config";>
+    
+    <ObjectProviders>
+
+        <!-- X509Certificate -->
+        <ObjectProvider qualifiedName="ds:X509Certificate">
+            <BuilderClass 
className="org.opensaml.xmlsec.signature.impl.X509CertificateBuilder"/>
+            <MarshallingClass 
className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass 
className="org.apache.wss4j.common.saml.WSS4JXSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+    </ObjectProviders>
+    
+</XMLTooling>

Reply via email to