Author: coheigea
Date: Wed Nov 3 14:29:46 2010
New Revision: 1030475
URL: http://svn.apache.org/viewvc?rev=1030475&view=rev
Log:
Reordered how some of the providers are added to the provider list plus some
other minor stuff.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Wed Nov
3 14:29:46 2010
@@ -20,7 +20,10 @@
package org.apache.ws.security;
+import java.security.Provider;
+import java.security.Security;
import java.util.HashMap;
+import java.util.Map;
import javax.xml.namespace.QName;
@@ -50,9 +53,9 @@ public class WSSConfig {
/**
* The default collection of actions supported by the toolkit.
*/
- private static final java.util.Map DEFAULT_ACTIONS;
+ private static final Map DEFAULT_ACTIONS;
static {
- final java.util.Map tmp = new java.util.HashMap();
+ final Map tmp = new HashMap();
try {
tmp.put(
new Integer(WSConstants.UT),
@@ -102,9 +105,9 @@ public class WSSConfig {
/**
* The default collection of processors supported by the toolkit
*/
- private static final java.util.Map DEFAULT_PROCESSORS;
+ private static final Map DEFAULT_PROCESSORS;
static {
- final java.util.Map tmp = new java.util.HashMap();
+ final Map tmp = new HashMap();
try {
tmp.put(
WSSecurityEngine.SAML_TOKEN,
@@ -248,14 +251,14 @@ public class WSSConfig {
* The known actions are initialized from a set of defaults,
* but the list may be modified via the setAction operations.
*/
- private final java.util.Map actionMap = new
java.util.HashMap(DEFAULT_ACTIONS);
+ private final Map actionMap = new HashMap(DEFAULT_ACTIONS);
/**
* The known processors. This map is of the form <String, String> or
<String,Processor>.
* The known processors are initialized from a set of defaults,
* but the list may be modified via the setProcessor operations.
*/
- private final java.util.Map processorMap = new
java.util.HashMap(DEFAULT_PROCESSORS);
+ private final Map processorMap = new HashMap(DEFAULT_PROCESSORS);
/**
* a static boolean flag that determines whether default JCE providers
@@ -290,8 +293,10 @@ public class WSSConfig {
org.apache.xml.security.Init.init();
if (addJceProviders) {
addJceProvider("BC",
"org.bouncycastle.jce.provider.BouncyCastleProvider");
- addJceProvider("XMLDSig",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
- addJceProvider("STRTransform",
"org.apache.ws.security.transform.STRTransformProvider");
+ appendJceProvider("XMLDSig",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
+ appendJceProvider(
+ "STRTransform",
"org.apache.ws.security.transform.STRTransformProvider"
+ );
}
staticallyInitialized = true;
@@ -325,7 +330,7 @@ public class WSSConfig {
/**
* Checks if we are in WS-I Basic Security Profile compliance mode
*
- * @return TODO
+ * @return whether we are in WS-I Basic Security Profile compliance mode
*/
public boolean isWsiBSPCompliant() {
return wsiBSPCompliant;
@@ -344,17 +349,16 @@ public class WSSConfig {
/**
* Checks if we need to use milliseconds in timestamps
*
- * @return TODO
+ * @return whether to use precision in milliseconds for timestamps
*/
public boolean isPrecisionInMilliSeconds() {
return precisionInMilliSeconds;
}
/**
- * Set the precision in milliseconds
+ * Set the precision in milliseconds for timestamps
*
- * @param precisionInMilliSeconds
- * TODO
+ * @param precisionInMilliSeconds whether to use precision in milliseconds
for timestamps
*/
public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
this.precisionInMilliSeconds = precisionInMilliSeconds;
@@ -579,60 +583,74 @@ public class WSSConfig {
/**
- * Load the provider of the specified name, and of the specified class.
Return either the
- * name of the previously loaded provider, the name of the new loaded
provider, or null if
- * there's an exception in loading the provider.
+ * Add a new JCE security provider to use for WSS4J, of the specified name
and class. Return
+ * either the name of the previously loaded provider, the name of the new
loaded provider, or
+ * null if there's an exception in loading the provider. Add the provider
either after the SUN
+ * provider (see WSS-99), or the IBMJCE provider. Otherwise fall back to
the old behaviour of
+ * inserting the provider in position 2.
+ *
+ * @param name
+ * The name string of the provider (this may not be the real
name of the provider)
+ * @param className
+ * Name of the class the implements the provider. This class
must
+ * be a subclass of <code>java.security.Provider</code>
+ *
+ * @return Returns the actual name of the provider that was loaded
*/
- private String loadProvider(String name, String className) {
- try {
- if (java.security.Security.getProvider(name) == null) {
- Class c = Loader.loadClass(className, false);
- java.security.Provider[] provs =
- java.security.Security.getProviders();
- java.security.Provider newProvider =
(java.security.Provider)c.newInstance();
- //
- // Install the provider after the SUN provider (see WSS-99)
- // Otherwise fall back to the old behaviour of inserting
- // the provider in position 2. For AIX, install it after
- // the IBMJCE provider.
- //
- int ret = 0;
- for (int i = 0; i < provs.length; i++) {
- if ("SUN".equals(provs[i].getName())
- || "IBMJCE".equals(provs[i].getName())) {
- ret =
- java.security.Security.insertProviderAt(
- newProvider, i + 2
- );
- break;
+ public String addJceProvider(String name, String className) {
+ if (jceProvider.get(name) == null) {
+ String newName = null;
+ try {
+ if (Security.getProvider(name) == null) {
+ Class c = Loader.loadClass(className, false);
+ Provider[] provs = Security.getProviders();
+ Provider newProvider = (Provider)c.newInstance();
+ //
+ // Install the provider after the SUN provider (see WSS-99)
+ // Otherwise fall back to the old behaviour of inserting
+ // the provider in position 2. For AIX, install it after
+ // the IBMJCE provider.
+ //
+ int ret = 0;
+ for (int i = 0; i < provs.length; i++) {
+ if ("SUN".equals(provs[i].getName())
+ || "IBMJCE".equals(provs[i].getName())) {
+ ret = Security.insertProviderAt(newProvider, i +
2);
+ break;
+ }
}
+ if (ret == 0) {
+ ret = Security.insertProviderAt(newProvider, 2);
+ }
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "The provider " + newProvider.getName() + " was
added at position: " + ret
+ );
+ }
+ newName = newProvider.getName();
+ } else {
+ newName = name;
}
- if (ret == 0) {
- ret = java.security.Security.insertProviderAt(newProvider,
2);
- }
+ } catch (Throwable t) {
if (log.isDebugEnabled()) {
- log.debug(
- "The provider " + newProvider.getName() + " was added
at position: " + ret
- );
+ log.debug("The provider " + name + " could not be added: "
+ t.getMessage(), t);
}
- return newProvider.getName();
- } else {
- return name;
+ newName = null;
}
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug("The provider " + name + " could not be added: " +
t.getMessage(), t);
+ if (newName != null) {
+ jceProvider.put(newName, className);
}
- return null;
+ return newName;
}
-
+ return name;
}
-
+
+
/**
- * Add a new JCE security provider to use for WSS4J.
- *
- * If the provider is not already known the method loads a security
provider
- * class and adds the provider to the java security service.
+ * Add a new JCE security provider to use for WSS4J, of the specified name
and class. Return
+ * either the name of the previously loaded provider, the name of the new
loaded provider, or
+ * null if there's an exception in loading the provider. Append the
provider to the provider
+ * list.
*
* @param name
* The name string of the provider (this may not be the real
name of the provider)
@@ -642,9 +660,29 @@ public class WSSConfig {
*
* @return Returns the actual name of the provider that was loaded
*/
- public String addJceProvider(String name, String className) {
+ public String appendJceProvider(String name, String className) {
if (jceProvider.get(name) == null) {
- String newName = loadProvider(name, className);
+ String newName = null;
+ try {
+ if (Security.getProvider(name) == null) {
+ Class c = Loader.loadClass(className, false);
+ Provider newProvider = (Provider)c.newInstance();
+ int ret = Security.addProvider(newProvider);
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "The provider " + newProvider.getName() + " was
added at position: " + ret
+ );
+ }
+ newName = newProvider.getName();
+ } else {
+ newName = name;
+ }
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+ log.debug("The provider " + name + " could not be added: "
+ t.getMessage(), t);
+ }
+ newName = null;
+ }
if (newName != null) {
jceProvider.put(newName, className);
}
@@ -652,4 +690,5 @@ public class WSSConfig {
}
return name;
}
+
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
Wed Nov 3 14:29:46 2010
@@ -211,16 +211,19 @@ public class SignatureProcessor implemen
);
if (strElement == null) {
try {
+ //
+ // Look for a KeyValue object
+ //
keyValue = getKeyValue(keyInfoElement);
} catch (javax.xml.crypto.MarshalException ex) {
throw new
WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
}
if (keyValue != null) {
- //
- // Look for a KeyValue object
- //
try {
+ //
+ // Look for a Public Key in Key Value
+ //
publicKey = keyValue.getPublicKey();
principal = validatePublicKey(cb, publicKey);
} catch (java.security.KeyException ex) {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/SAMLIssuerImpl.java
Wed Nov 3 14:29:46 2010
@@ -77,9 +77,10 @@ public class SAMLIssuerImpl implements S
private Crypto userCrypto = null;
private String username = null;
- private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
private WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
+ private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
+
/**
* Flag indicating what format to put the subject's key material in when
* NOT using Sender Vouches as the confirmation method. The default is
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
Wed Nov 3 14:29:46 2010
@@ -147,6 +147,12 @@ public class WSSecSignatureSAML extends
prependSAMLElementsToHeader(secHeader);
+ if (senderVouches) {
+ computeSignature(referenceList, secHeader,
secRefSaml.getElement());
+ } else {
+ computeSignature(referenceList, secHeader, samlToken);
+ }
+
//
// if we have a BST prepend it in front of the Signature according to
// strict layout rules.
@@ -154,8 +160,6 @@ public class WSSecSignatureSAML extends
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
}
-
- computeSignature(referenceList, secHeader, samlToken);
return doc;
}
@@ -489,7 +493,7 @@ public class WSSecSignatureSAML extends
*
* @throws WSSecurityException
*/
- public void computeSignature(List referenceList, WSSecHeader secHeader,
Element assertion)
+ public void computeSignature(List referenceList, WSSecHeader secHeader,
Element siblingElement)
throws WSSecurityException {
boolean remove = WSDocInfoStore.store(wsDocInfo);
try {
@@ -516,9 +520,9 @@ public class WSSecSignatureSAML extends
// Prepend the signature element to the security header (after the
assertion)
//
XMLSignContext signContext = null;
- if (assertion != null && assertion.getNextSibling() != null) {
+ if (siblingElement != null && siblingElement.getNextSibling() !=
null) {
signContext =
- new DOMSignContext(key, securityHeaderElement,
assertion.getNextSibling());
+ new DOMSignContext(key, securityHeaderElement,
siblingElement.getNextSibling());
} else {
signContext = new DOMSignContext(key, securityHeaderElement);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/Base64.java Wed Nov
3 14:29:46 2010
@@ -50,11 +50,6 @@ public final class Base64 {
static final private byte [] base64Alphabet = new byte[BASELENGTH];
static final private char [] lookUpBase64Alphabet = new
char[LOOKUPLENGTH];
- static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Base64.class.getName());
-
- static private final boolean fDebug = log.isDebugEnabled();
-
static {
for (int i = 0; i < BASELENGTH; ++i) {
@@ -130,19 +125,12 @@ public final class Base64 {
int encodedIndex = 0;
int dataIndex = 0;
- if (fDebug) {
- log.debug("number of triplets = " + numberTriplets );
- }
for (int i=0; i<numberTriplets; i++) {
b1 = binaryData[dataIndex++];
b2 = binaryData[dataIndex++];
b3 = binaryData[dataIndex++];
- if (fDebug) {
- log.debug( "b1= " + b1 +", b2= " + b2 + ", b3= " + b3 );
- }
-
l = (byte)(b2 & 0x0f);
k = (byte)(b1 & 0x03);
@@ -151,12 +139,6 @@ public final class Base64 {
byte val2 = ((b2 & SIGN)==0)?(byte)(b2>>4):(byte)((b2)>>4^0xf0);
byte val3 = ((b3 & SIGN)==0)?(byte)(b3>>6):(byte)((b3)>>6^0xfc);
- if (fDebug) {
- log.debug( "val2 = " + val2 );
- log.debug( "k4 = " + (k<<4));
- log.debug( "vak = " + (val2 | (k<<4)));
- }
-
encodedData[encodedIndex++] = lookUpBase64Alphabet[ val1 ];
encodedData[encodedIndex++] = lookUpBase64Alphabet[ val2 | ( k<<4
)];
encodedData[encodedIndex++] = lookUpBase64Alphabet[ (l <<2 ) |
val3 ];
@@ -167,10 +149,7 @@ public final class Base64 {
if (fewerThan24bits == EIGHTBIT) {
b1 = binaryData[dataIndex];
k = (byte) ( b1 &0x03 );
- if (fDebug) {
- log.debug("b1=" + b1);
- log.debug("b1<<2 = " + (b1>>2) );
- }
+
byte val1 = ((b1 & SIGN)==0)?(byte)(b1>>2):(byte)((b1)>>2^0xc0);
encodedData[encodedIndex++] = lookUpBase64Alphabet[ val1 ];
encodedData[encodedIndex++] = lookUpBase64Alphabet[ k<<4 ];
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java?rev=1030475&r1=1030474&r2=1030475&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewST3.java Wed Nov 3
14:29:46 2010
@@ -76,7 +76,6 @@ public class TestWSSecurityNewST3 extend
*/
public TestWSSecurityNewST3(String name) {
super(name);
- secEngine.getWssConfig();
}
/**
