Author: dkulp
Date: Fri Mar 6 21:45:26 2009
New Revision: 751089
URL: http://svn.apache.org/viewvc?rev=751089&view=rev
Log:
While decrypting and signature verification, record the qnames of elements so
policy validation can be done later
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSDataRef.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSDataRef.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSDataRef.java?rev=751089&r1=751088&r2=751089&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSDataRef.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSDataRef.java Fri Mar
6 21:45:26 2009
@@ -18,7 +18,7 @@
package org.apache.ws.security;
/**
- * WSDataRef stores information about decrypted elements
+ * WSDataRef stores information about decrypted/signed elements
*
* When a processor decrypts an elements it stores information
* about that element in a WSDataRef so these information can
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=751089&r1=751088&r2=751089&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
Fri Mar 6 21:45:26 2009
@@ -202,7 +202,18 @@
this(act, princ, certificate, elements, sv);
put(TAG_PROTECTED_ELEMENTS, protectedElements);
}
-
+ public
+ WSSecurityEngineResult(
+ int act,
+ Principal princ,
+ X509Certificate certificate,
+ Set elements,
+ List dataRefs,
+ byte[] sv
+ ) {
+ this(act, princ, certificate, elements, sv);
+ put(TAG_DATA_REF_URIS, dataRefs);
+ }
public WSSecurityEngineResult(
int act,
byte[] decryptedKey,
@@ -216,6 +227,21 @@
put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
put(TAG_DATA_REF_URIS, dataRefUris);
}
+ public WSSecurityEngineResult(
+ int act,
+ byte[] decryptedKey,
+ byte[] encryptedKeyBytes,
+ String encyptedKeyId,
+ List dataRefUris,
+ X509Certificate cert
+ ) {
+ put(TAG_ACTION, new Integer(act));
+ put(TAG_DECRYPTED_KEY, decryptedKey);
+ put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
+ put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
+ put(TAG_DATA_REF_URIS, dataRefUris);
+ put(TAG_X509_CERTIFICATE, cert);
+ }
public WSSecurityEngineResult(int act, ArrayList dataRefUris) {
put(TAG_ACTION, new Integer(act));
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=751089&r1=751088&r2=751089&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Fri Mar 6 21:45:26 2009
@@ -64,6 +64,7 @@
private byte[] decryptedBytes = null;
private String encryptedKeyId = null;
+ private X509Certificate cert = null;
public void handleToken(
Element elem,
@@ -92,7 +93,8 @@
this.decryptedBytes,
this.encryptedEphemeralKey,
this.encryptedKeyId,
- dataRefUris
+ dataRefUris,
+ cert
)
);
}
@@ -222,6 +224,7 @@
// the private key associated with this certificate
//
alias = crypto.getAliasForX509Cert(certs[0]);
+ cert = certs[0];
if (log.isDebugEnabled()) {
log.debug("cert: " + certs[0]);
log.debug("KeyIdentifier Alias: " + alias);
@@ -242,7 +245,7 @@
new Object[] {"for decryption (BST)"}
);
}
- X509Certificate cert =
token.getX509Certificate(crypto);
+ cert = token.getX509Certificate(crypto);
if (cert == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=751089&r1=751088&r2=751089&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Fri Mar 6 21:45:26 2009
@@ -110,7 +110,7 @@
if (tmpE.getLocalName().equals("DataReference")) {
String dataRefURI = ((Element) tmpE).getAttribute("URI");
WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1));
- decryptDataRefEmbedded(doc, dataRefURI, dataRef,cb, crypto);
+ decryptDataRefEmbedded(doc, dataRefURI, dataRef, cb, crypto);
dataRefUris.add(dataRef);
}
}
@@ -185,6 +185,7 @@
if (content) {
encBodyData = (Element) encBodyData.getParentNode();
+ dataRef.setName(new QName(encBodyData.getNamespaceURI(),
encBodyData.getLocalName()));
}
try {
@@ -378,12 +379,12 @@
}
/**
- * @return a list of Nodes in b that are not in a
+ * @return a list of Nodes in b that are not in a
*/
private static java.util.List
newNodes(
- final java.util.List a,
- final java.util.List b
+ java.util.List a,
+ java.util.List b
) {
if (a.size() == 0) {
return b;
@@ -391,6 +392,20 @@
if (b.size() == 0) {
return java.util.Collections.EMPTY_LIST;
}
+
+ a = new ArrayList(a);
+ //try a fast node compare at same position first.....
+ for (int x = 0; x < b.size(); x++) {
+ final Node bnode = (Node)b.get(x);
+ final Node anode = (Node)a.get(x);
+ if (bnode == anode
+ || bnode.getLocalName().equals(anode.getLocalName())
+ && bnode.getNamespaceURI().equals(anode.getNamespaceURI())) {
+ b.remove(x);
+ a.remove(x);
+ }
+ }
+ //what's left is stuff that didn't exactly position match, do slower
searches
final java.util.List ret = new java.util.ArrayList();
for (
final java.util.Iterator bpos = b.iterator();
@@ -402,7 +417,7 @@
boolean found = false;
for (
final java.util.Iterator apos = a.iterator();
- apos.hasNext();
+ apos.hasNext() && !found;
) {
final Node anode = (Node) apos.next();
final java.lang.String ans = anode.getNamespaceURI();
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=751089&r1=751088&r2=751089&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
Fri Mar 6 21:45:26 2009
@@ -24,6 +24,7 @@
import org.apache.ws.security.PublicKeyCallback;
import org.apache.ws.security.PublicKeyPrincipal;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
@@ -63,6 +64,7 @@
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import java.util.Vector;
@@ -87,14 +89,15 @@
WSDocInfoStore.store(wsDocInfo);
X509Certificate[] returnCert = new X509Certificate[1];
Set returnElements = new HashSet();
- Set protectedElements = new java.util.TreeSet();
+ List protectedElements = new java.util.ArrayList();
byte[][] signatureValue = new byte[1][];
Principal lastPrincipalFound = null;
try {
lastPrincipalFound =
verifyXMLSignature(
- elem, crypto, returnCert, returnElements,
protectedElements, signatureValue, cb
+ elem, crypto, returnCert, returnElements,
+ protectedElements, signatureValue, cb
);
} catch (WSSecurityException ex) {
throw ex;
@@ -173,7 +176,7 @@
Crypto crypto,
X509Certificate[] returnCert,
Set returnElements,
- Set protectedElements,
+ List protectedElements,
byte[][] signatureValue,
CallbackHandler cb
) throws WSSecurityException {
@@ -452,6 +455,10 @@
if (se == null) {
throw new
WSSecurityException(WSSecurityException.FAILED_CHECK);
}
+ WSDataRef ref = new WSDataRef(uri);
+ ref.setWsuId(uri);
+ ref.setName(new QName(se.getNamespaceURI(),
se.getLocalName()));
+ protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
// This is the case where the signed element is
identified
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
