Author: ruchithf
Date: Fri Oct 5 04:31:25 2007
New Revision: 582216
URL: http://svn.apache.org/viewvc?rev=582216&view=rev
Log:
Fixed RAMPART-91, RAMPART-92 and RAMPART-93 with Nandana's patches.
Thanks Nandana!
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=582216&r1=582215&r2=582216&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Fri Oct 5 04:31:25 2007
@@ -210,7 +210,8 @@
boolean encrDataFound = false;
for (Iterator iter = list.iterator(); iter.hasNext();) {
WSSecurityEngineResult result = (WSSecurityEngineResult)
iter.next();
- if(result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS) !=
null) {
+ ArrayList dataRefURIs =
(ArrayList)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ if ( dataRefURIs != null && dataRefURIs.size() != 0) {
encrDataFound = true;
}
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=582216&r1=582215&r2=582216&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Fri Oct 5 04:31:25 2007
@@ -191,23 +191,9 @@
Document doc = rmd.getDocument();
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
- if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
- Wss10 wss = rpd.getWss11();
- if(wss == null) {
- wss = rpd.getWss10();
- }
- if(wss.isMustSupportRefKeyIdentifier()) {
- encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } else if(wss.isMustSupportRefIssuerSerial()) {
- encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
- } else if(wss instanceof Wss11 &&
((Wss11)wss).isMustSupportRefThumbprint()) {
-
encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- }
- } else {
- encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
- }
try {
+ RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
RampartUtil.setEncryptionUser(rmd, encrKey);
encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
@@ -229,21 +215,8 @@
sig.setWsConfig(rmd.getConfig());
log.debug("Token inclusion: " + token.getInclusion());
- if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
- Wss10 wss = rpd.getWss11();
- if(wss == null) {
- wss = rpd.getWss10();
- }
- if(wss.isMustSupportRefKeyIdentifier()) {
- sig.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } else if(wss.isMustSupportRefIssuerSerial()) {
- sig.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
- } else if(wss instanceof Wss11 &&
((Wss11)wss).isMustSupportRefThumbprint()) {
- sig.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- }
- } else {
- sig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
- }
+
+ RampartUtil.setKeyIdentifierType(rpd, sig, token);
//Get the user
String user = rpd.getRampartConfig().getUser();
@@ -578,6 +551,16 @@
WSSecSignature sig = new WSSecSignature();
sig.setWsConfig(rmd.getConfig());
+ // If a EncryptedKeyToken is used, set the correct value type
to
+ // be used in the wsse:Reference in ds:KeyInfo
+ if(policyToken instanceof X509Token) {
+
sig.setCustomTokenValueType(WSConstants.ENC_KEY_VALUE_TYPE_NS
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ } else {
+
sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+ + WSConstants.SAML_ASSERTION_ID);
+ }
+
//Hack to handle reference id issues
//TODO Need a better fix
String sigTokId = tok.getId();
@@ -585,8 +568,6 @@
sigTokId = sigTokId.substring(1);
}
sig.setCustomTokenId(sigTokId);
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
- WSConstants.SAML_ASSERTION_ID);
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=582216&r1=582215&r2=582216&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Fri Oct 5 04:31:25 2007
@@ -43,6 +43,8 @@
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
@@ -55,6 +57,7 @@
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecBase;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Loader;
import org.jaxen.JaxenException;
@@ -818,6 +821,55 @@
} else {
encrKeyBuilder.setUserInfo(encrUser);
}
+ }
+
+ /**
+ * Sets the keyIdentifierType of <code>WSSecSignature</code> or
<code>WSSecEncryptedKey</code>
+ * according to the given <code>Token</code> and
<code>RampartPolicyData</code>
+ * First check the requirements specified under Token Assertion and if not
found check
+ * the WSS11 and WSS10 assertions
+ */
+
+ public static void setKeyIdentifierType(RampartPolicyData rpd, WSSecBase
secBase,org.apache.ws.secpolicy.model.Token token) {
+
+ if (token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+
+ boolean tokenTypeSet = false;
+
+ if(token instanceof X509Token) {
+ X509Token x509Token = (X509Token)token;
+
+ if(x509Token.isRequireIssuerSerialReference()) {
+
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireKeyIdentifierReference())
{
+
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireThumbprintReference()) {
+
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ tokenTypeSet = true;
+ }
+ }
+
+ if (!tokenTypeSet) {
+ Wss10 wss = rpd.getWss11();
+ if (wss == null) {
+ wss = rpd.getWss10();
+ }
+
+ if (wss.isMustSupportRefKeyIdentifier()) {
+
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if (wss.isMustSupportRefIssuerSerial()) {
+
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if (wss instanceof Wss11
+ && ((Wss11)
wss).isMustSupportRefThumbprint()) {
+
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ }
+
+ } else {
+
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
}
private static X509Certificate getReqSigCert(Vector results) {
