Author: ruchithf
Date: Wed Nov 7 10:34:33 2007
New Revision: 592847
URL: http://svn.apache.org/viewvc?rev=592847&view=rev
Log:
Applied patch in RAMPART-106. Thanks Nandana
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=592847&r1=592846&r2=592847&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Wed Nov 7 10:34:33 2007
@@ -111,7 +111,7 @@
}
}
- validateEncrSig(encryptedParts, signatureParts, results);
+ validateEncrSig(data,encryptedParts, signatureParts, results);
if(!rpd.isTransportBinding()) {
validateProtectionOrder(data, results);
@@ -179,7 +179,7 @@
* @param encryptedParts
* @param signatureParts
*/
- private void validateEncrSig(Vector encryptedParts, Vector signatureParts,
Vector results)
+ private void validateEncrSig(ValidatorData data,Vector encryptedParts,
Vector signatureParts, Vector results)
throws RampartException {
ArrayList actions = getSigEncrActions(results);
boolean sig = false;
@@ -215,7 +215,8 @@
encrDataFound = true;
}
}
- if(encrDataFound) {
+ //TODO check whether the encrptedDataFound is an UsernameToken
+ if(encrDataFound && !isUsernameTokenPresent(data)) {
//Unexpected encryption
throw new RampartException("unexprectedEncryptedPart");
}
@@ -669,4 +670,54 @@
return list;
}
+
+ private boolean isUsernameTokenPresent(ValidatorData data) {
+
+ //TODO This can be integrated with supporting token processing
+ // which also checks whether Username Tokens present
+
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+
+ SupportingToken suppTok = rpd.getSupportingTokens();
+ if(isUsernameTokenPresent(suppTok)){
+ return true;
+ }
+
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ if(isUsernameTokenPresent(signedSuppToken)) {
+ return true;
+ }
+
+ SupportingToken signedEndSuppToken =
rpd.getSignedEndorsingSupportingTokens();
+ if(isUsernameTokenPresent(signedEndSuppToken)) {
+ return true;
+ }
+
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ if(isUsernameTokenPresent(endSuppToken)){
+ return true;
+ }
+
+ return false;
+
+
+ }
+
+ private boolean isUsernameTokenPresent(SupportingToken suppTok) {
+
+ if(suppTok == null) {
+ return false;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=592847&r1=592846&r2=592847&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Wed Nov 7 10:34:33 2007
@@ -72,6 +72,8 @@
protected String mainSigId = null;
+ protected ArrayList usernameTokenIdList = new ArrayList();
+
protected Element timestampElement;
@@ -162,6 +164,7 @@
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
//TODO Get the UT type, only WS-SX spec supports this
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
utBuilder.setUserInfo(user, password);
return utBuilder;
@@ -348,7 +351,9 @@
Element elem = utBuilder.getUsernameTokenElement();
RampartUtil.insertSiblingAfter(rmd,
this.getInsertionLocation(), elem);
- //Move the insert location to th enext element
+ usernameTokenIdList.add(utBuilder.getId());
+
+ //Move the insert location to the next element
this.setInsertionLocation(elem);
Date now = new Date();
try {
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java?rev=592847&r1=592846&r2=592847&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
Wed Nov 7 10:34:33 2007
@@ -313,8 +313,9 @@
+", Signature tool :" + (t2 - t1) );
}
- //Check for signature protection
- if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ //Check for signature protection and encryption of UsernameToken
+ if(rpd.isSignatureProtection() && this.mainSigId != null ||
+ usernameTokenIdList.size() > 0 && rmd.isInitiator()) {
long t3 = 0, t4 = 0;
if(dotDebug){
t3 = System.currentTimeMillis();
@@ -323,7 +324,15 @@
Vector secondEncrParts = new Vector();
//Now encrypt the signature using the above token
- secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
"Element"));
+ if(rpd.isSignatureProtection()) {
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
"Element"));
+ }
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < usernameTokenIdList.size(); i++) {
+ encrParts.add(new
WSEncryptionPart((String)usernameTokenIdList.get(i),"Element"));
+ }
+ }
Element secondRefList = null;
@@ -506,6 +515,13 @@
//Now encrypt the signature using the above token
encrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
}
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < usernameTokenIdList.size(); i++) {
+ encrParts.add(new
WSEncryptionPart((String)usernameTokenIdList.get(i),"Element"));
+ }
+ }
+
Element refList = null;
if(encrToken.isDerivedKeys() || encrToken instanceof
SecureConversationToken) {
