Author: ruchithf
Date: Thu Jul 19 07:08:26 2007
New Revision: 557629
URL: http://svn.apache.org/viewvc?view=rev&rev=557629
Log:
Fixed issues with in using an issued token with a transport binding
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?view=diff&rev=557629&r1=557628&r2=557629
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Thu Jul 19 07:08:26 2007
@@ -21,6 +21,7 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
@@ -77,12 +78,35 @@
}
Vector signatureParts = RampartUtil.getSignedParts(rmd);
-
- //Add the timestamp result
+
+ //Timestamp is not included in sig parts
if(rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
- Timestamp timestamp = (Timestamp) tsResult
- .get(WSSecurityEngineResult.TAG_TIMESTAMP);
- signatureParts.add(new WSEncryptionPart(timestamp.getID()));
+ signatureParts.add(new WSEncryptionPart("timestamp"));
+ }
+
+ if(!rmd.isInitiator()) {
+ //Just an indicator for EndorsingSupportingToken signature
+ SupportingToken endSupportingToken =
rpd.getEndorsingSupportingTokens();
+ if(endSupportingToken != null) {
+ SignedEncryptedParts endSignedParts =
endSupportingToken.getSignedParts();
+ if(endSignedParts != null &&
+ (endSignedParts.isBody() ||
+ endSignedParts.getHeaders().size() > 0)) {
+ signatureParts.add(
+ new WSEncryptionPart("EndorsingSupportingTokens"));
+ }
+ }
+ //Just an indicator for SignedEndorsingSupportingToken signature
+ SupportingToken sgndEndSupportingToken =
rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSupportingToken != null) {
+ SignedEncryptedParts sgndEndSignedParts =
sgndEndSupportingToken.getSignedParts();
+ if(sgndEndSignedParts != null &&
+ (sgndEndSignedParts.isBody() ||
+ sgndEndSignedParts.getHeaders().size() > 0)) {
+ signatureParts.add(
+ new
WSEncryptionPart("SignedEndorsingSupportingTokens"));
+ }
+ }
}
validateEncrSig(encryptedParts, signatureParts, results);
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java?view=diff&rev=557629&r1=557628&r2=557629
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
Thu Jul 19 07:08:26 2007
@@ -17,6 +17,7 @@
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
@@ -26,7 +27,9 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
@@ -113,12 +116,13 @@
log.debug("Processing endorsing signed supporting tokens");
ArrayList tokens = sgndEndSuppTokens.getTokens();
+ SignedEncryptedParts signdParts =
sgndEndSuppTokens.getSignedParts();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
Token token = (Token) iter.next();
if(token instanceof IssuedToken && rmd.isInitiator()) {
- signatureValues.add(doIssuedTokenSignature(rmd,
token));
+ signatureValues.add(doIssuedTokenSignature(rmd, token,
signdParts));
} else if(token instanceof X509Token) {
- signatureValues.add(doX509TokenSignature(rmd, token));
+ signatureValues.add(doX509TokenSignature(rmd, token,
signdParts));
}
}
}
@@ -128,12 +132,13 @@
endSupptokens.getTokens().size() > 0) {
log.debug("Processing endorsing supporting tokens");
ArrayList tokens = endSupptokens.getTokens();
+ SignedEncryptedParts signdParts =
endSupptokens.getSignedParts();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
Token token = (Token) iter.next();
if(token instanceof IssuedToken && rmd.isInitiator()){
- signatureValues.add(doIssuedTokenSignature(rmd,
token));
+ signatureValues.add(doIssuedTokenSignature(rmd, token,
signdParts));
} else if(token instanceof X509Token) {
- signatureValues.add(doX509TokenSignature(rmd, token));
+ signatureValues.add(doX509TokenSignature(rmd, token,
signdParts));
}
}
}
@@ -161,12 +166,34 @@
* X.509 signature
* @param rmd
* @param token
+ * @param signdParts
*/
- private byte[] doX509TokenSignature(RampartMessageData rmd, Token token)
throws RampartException {
+ private byte[] doX509TokenSignature(RampartMessageData rmd, Token token,
SignedEncryptedParts signdParts) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new
WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
if(token.isDerivedKeys()) {
//In this case we will have to encrypt the ephmeral key with the
//other party's key and then use it as the parent key of the
@@ -194,11 +221,6 @@
dkSig.prepare(doc, rmd.getSecHeader());
- Vector sigParts = new Vector();
-
- if(this.timestampElement != null){
- sigParts.add(new
WSEncryptionPart(rmd.getTimestampId()));
- }
if(rpd.isTokenProtection()) {
sigParts.add(new
WSEncryptionPart(encrKey.getBSTTokenId()));
@@ -231,12 +253,6 @@
sig.appendBSTElementToHeader(rmd.getSecHeader());
- Vector sigParts = new Vector();
-
- if(this.timestampElement != null ){
- sigParts.add(new
WSEncryptionPart(rmd.getTimestampId()));
- }
-
if (rpd.isTokenProtection()
&& !Constants.INCLUDE_NEVER
.equals(token.getInclusion())) {
@@ -264,9 +280,10 @@
* IssuedToken signature
* @param rmd
* @param token
+ * @param signdParts
* @throws RampartException
*/
- private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token)
throws RampartException {
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token,
SignedEncryptedParts signdParts) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc= rmd.getDocument();
@@ -297,16 +314,33 @@
tokenIncluded = true;
}
- Vector sigParts = new Vector();
+ Vector sigParts = new Vector();
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
}
+
if(rpd.isTokenProtection() && tokenIncluded) {
sigParts.add(new WSEncryptionPart(id));
}
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new
WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+
//check for derived keys
if(token.isDerivedKeys()) {
//Create a derived key and add
@@ -375,13 +409,6 @@
sig.computeSignature();
//Add elements to header
- Element tokElem =
(Element)doc.importNode((Element)tok.getToken(), true);
-
- this.setInsertionLocation(RampartUtil
- .insertSiblingAfter(rmd,
- this.getInsertionLocation(),
- tokElem));
-
this.setInsertionLocation(RampartUtil.insertSiblingAfter(
rmd,
this.getInsertionLocation(),
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?view=diff&rev=557629&r1=557628&r2=557629
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
Thu Jul 19 07:08:26 2007
@@ -83,3 +83,4 @@
unexprectedEncryptedPart = Unexpected encrypted data found, no encryption
required
encryptionMissing = Expected encrypted part missing
signedPartHeaderNotSigned = Soap Header must be signed : {0}
+unexprectedSignature = Unexpected signature
\ No newline at end of file
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?view=diff&rev=557629&r1=557628&r2=557629
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Thu Jul 19 07:08:26 2007
@@ -639,7 +639,7 @@
}
- private static Vector getPartsAndElements(boolean sign, SOAPEnvelope
envelope, boolean includeBody, Vector parts, Vector elements) {
+ public static Vector getPartsAndElements(boolean sign, SOAPEnvelope
envelope, boolean includeBody, Vector parts, Vector elements) {
Vector found = new Vector();
Vector result = new Vector();
