Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/ReferenceListProcessor.java Thu Mar 26 12:42:53 2009 @@ -18,6 +18,7 @@ package org.apache.ws.security.processor; import java.util.ArrayList; +import java.util.List; import java.util.Vector; import javax.crypto.SecretKey; @@ -46,8 +47,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - public class ReferenceListProcessor implements Processor { private static Log log = LogFactory.getLog(ReferenceListProcessor.class.getName()); @@ -73,7 +72,7 @@ throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback"); } wsDocInfo = wdi; - ArrayList uris = handleReferenceList(elem, cb, crypto); + List uris = handleReferenceList(elem, cb, crypto); returnResults.add( 0, new WSSecurityEngineResult(WSConstants.ENCR, uris) @@ -88,29 +87,25 @@ * @param cb the callback handler to get the key for a key name stored if * <code>KeyInfo</code> inside the encrypted data elements */ - private ArrayList handleReferenceList( + private List handleReferenceList( Element elem, CallbackHandler cb, Crypto crypto ) throws WSSecurityException { - Document doc = elem.getOwnerDocument(); - - Node tmpE = null; - ArrayList dataRefUris = new ArrayList(); - for (tmpE = elem.getFirstChild(); + List dataRefUris = new ArrayList(); + for (Node tmpE = elem.getFirstChild(); tmpE != null; tmpE = tmpE.getNextSibling() ) { - if (tmpE.getNodeType() != Node.ELEMENT_NODE) { - continue; - } - if (!tmpE.getNamespaceURI().equals(WSConstants.ENC_NS)) { - continue; - } - if (tmpE.getLocalName().equals("DataReference")) { + if (Node.ELEMENT_NODE == tmpE.getNodeType() + && WSConstants.ENC_NS.equals(tmpE.getNamespaceURI()) + && "DataReference".equals(tmpE.getLocalName())) { String dataRefURI = ((Element) tmpE).getAttribute("URI"); - WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1)); - decryptDataRefEmbedded(doc, dataRefURI, dataRef, cb, crypto); + if (dataRefURI.charAt(0) == '#') { + dataRefURI = dataRefURI.substring(1); + } + WSDataRef dataRef = new WSDataRef(dataRefURI); + decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, dataRef, cb, crypto); dataRefUris.add(dataRef); } } @@ -133,8 +128,8 @@ // Look up the encrypted data. First try wsu:Id="someURI". If no such Id // then try the generic lookup to find Id="someURI" // - Element encBodyData = null; - if ((encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI)) == null) { + Element encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI); + if (encBodyData == null) { encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI); } if (encBodyData == null) { @@ -142,7 +137,6 @@ WSSecurityException.INVALID_SECURITY, "dataRef", new Object[] {dataRefURI} ); } - boolean content = X509Util.isContent(encBodyData); // Now figure out the encryption algorithm @@ -150,7 +144,7 @@ Element tmpE = (Element)WSSecurityUtil.findElement( - (Node) encBodyData, "KeyInfo", WSConstants.SIG_NS + encBodyData, "KeyInfo", WSConstants.SIG_NS ); if (tmpE == null) { throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyinfo"); @@ -161,7 +155,7 @@ // shared key using a KeyName. // Element secRefToken = - (Element) WSSecurityUtil.getDirectChild( + WSSecurityUtil.getDirectChildElement( tmpE, "SecurityTokenReference", WSConstants.WSSE_NS ); @@ -189,8 +183,8 @@ } try { - Node parentEncBody =encBodyData.getParentNode(); - final java.util.List before_peers = listChildren(parentEncBody); + Node parentEncBody = encBodyData.getParentNode(); + final java.util.List before_peers = WSSecurityUtil.listChildren(parentEncBody); xmlCipher.doFinal(doc, encBodyData, content); @@ -201,13 +195,16 @@ String sigId = decryptedHeaderClone.getAttributeNS(WSConstants.WSU_NS, "Id"); if (sigId == null || sigId.equals("")) { - String id = ((Element)parentEncBody).getAttributeNS(WSConstants.WSU_NS, "Id"); + String id = ((Element)parentEncBody).getAttributeNS(WSConstants.WSU_NS, "Id"); + if (id.charAt(0) == '#') { + id = id.substring(1); + } String wsuPrefix = WSSecurityUtil.setNamespace( decryptedHeaderClone, WSConstants.WSU_NS, WSConstants.WSU_PREFIX ); decryptedHeaderClone.setAttributeNS(WSConstants.WSU_NS, wsuPrefix + ":Id", id); - dataRef.setWsuId(id.substring(1)); + dataRef.setWsuId(id); } else { dataRef.setWsuId(sigId); } @@ -216,8 +213,8 @@ parentEncBody.getParentNode().removeChild(parentEncBody); } - final java.util.List after_peers = listChildren(parentEncBody); - final java.util.List new_nodes = newNodes(before_peers, after_peers); + final List after_peers = WSSecurityUtil.listChildren(parentEncBody); + final List new_nodes = WSSecurityUtil.newNodes(before_peers, after_peers); for ( final java.util.Iterator pos = new_nodes.iterator(); pos.hasNext(); @@ -233,7 +230,7 @@ ((Element)node).setAttributeNS( WSConstants.WSU_NS, wsuPrefix + ":Id", dataRefURI ); - dataRef.setWsuId(dataRefURI.substring(1)); + dataRef.setWsuId(dataRefURI); } dataRef.setName(new QName(node.getNamespaceURI(),node.getLocalName())); } @@ -267,7 +264,7 @@ * @param secRefToken The element containing the STR * @param algorithm A string that identifies the symmetric decryption algorithm * @param crypto Crypto instance to obtain key - * @param cb CAllback handler to obtain the key passwords + * @param cb Callback handler to obtain the key passwords * @return The secret key for the specified algorithm * @throws WSSecurityException */ @@ -294,7 +291,8 @@ || p instanceof SAMLTokenProcessor) ) { // Try custom token - WSPasswordCallback pwcb = new WSPasswordCallback(id, WSPasswordCallback.CUSTOM_TOKEN); + WSPasswordCallback pwcb = + new WSPasswordCallback(id, WSPasswordCallback.CUSTOM_TOKEN); try { Callback[] callbacks = new Callback[]{pwcb}; cb.handle(callbacks); @@ -356,88 +354,4 @@ return WSSecurityUtil.prepareSecretKey(algorithm, decryptedData); } - /** - * @return a list of Nodes, representing the - */ - private static java.util.List - listChildren( - final Node parent - ) { - if (parent == null) { - return java.util.Collections.EMPTY_LIST; - } - final java.util.List ret = new java.util.ArrayList(); - if (parent.hasChildNodes()) { - final NodeList children = parent.getChildNodes(); - if (children != null) { - for (int i = 0, n = children.getLength(); i < n; ++i) { - ret.add(children.item(i)); - } - } - } - return ret; - } - - /** - * @return a list of Nodes in b that are not in a - */ - private static java.util.List - newNodes( - java.util.List a, - java.util.List b - ) { - if (a.size() == 0) { - return b; - } - if (b.size() == 0) { - return java.util.Collections.EMPTY_LIST; - } - - a = new ArrayList(a); - //try a fast node compare at same position first..... - for (int x = 0; x < b.size(); x++) { - final Node bnode = (Node)b.get(x); - final Node anode = (Node)a.get(x); - if (bnode == anode - || bnode.getLocalName().equals(anode.getLocalName()) - && bnode.getNamespaceURI().equals(anode.getNamespaceURI())) { - b.remove(x); - a.remove(x); - } - } - //what's left is stuff that didn't exactly position match, do slower searches - final java.util.List ret = new java.util.ArrayList(); - for ( - final java.util.Iterator bpos = b.iterator(); - bpos.hasNext(); - ) { - final Node bnode = (Node) bpos.next(); - final java.lang.String bns = bnode.getNamespaceURI(); - final java.lang.String bln = bnode.getLocalName(); - boolean found = false; - for ( - final java.util.Iterator apos = a.iterator(); - apos.hasNext() && !found; - ) { - final Node anode = (Node) apos.next(); - final java.lang.String ans = anode.getNamespaceURI(); - final java.lang.String aln = anode.getLocalName(); - final boolean nsmatch = - ans == null - ? ((bns == null) ? true : false) - : ((bns == null) ? false : ans.equals(bns)); - final boolean lnmatch = - aln == null - ? ((bln == null) ? true : false) - : ((bln == null) ? false : aln.equals(bln)); - if (nsmatch && lnmatch) { - found = true; - } - } - if (!found) { - ret.add(bnode); - } - } - return ret; - } }
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java Thu Mar 26 12:42:53 2009 @@ -50,9 +50,9 @@ if (log.isDebugEnabled()) { log.debug("Found SAML Assertion element"); } - SAMLAssertion assertion = handleSAMLToken((Element) elem); + SAMLAssertion assertion = handleSAMLToken(elem); this.id = assertion.getId(); - wsDocInfo.setAssertion((Element) elem); + wsDocInfo.setAssertion(elem); returnResults.add( 0, new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion) Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Thu Mar 26 12:42:53 2009 @@ -53,7 +53,6 @@ import org.apache.xml.security.signature.XMLSignatureException; import org.opensaml.SAMLAssertion; import org.w3c.dom.Element; -import org.w3c.dom.Node; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -219,18 +218,18 @@ throw new WSSecurityException(ex.getMessage(), ex); } } else if (info != null) { - Node node = - WSSecurityUtil.getDirectChild( + Element strElement = + WSSecurityUtil.getDirectChildElement( info.getElement(), SecurityTokenReference.SECURITY_TOKEN_REFERENCE, WSConstants.WSSE_NS ); - if (node == null) { + if (strElement == null) { throw new WSSecurityException( WSSecurityException.INVALID_SECURITY, "unsupportedKeyInfo" ); } - SecurityTokenReference secRef = new SecurityTokenReference((Element) node); + SecurityTokenReference secRef = new SecurityTokenReference(strElement); // Here we get some information about the document that is being // processed, in particular the crypto implementation, and already // detected BST that may be used later during dereferencing. @@ -357,7 +356,7 @@ throw new WSSecurityException( WSSecurityException.INVALID_SECURITY, "unsupportedKeyInfo", - new Object[]{node.toString()} + new Object[]{strElement.toString()} ); } } else { Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/X509Util.java Thu Mar 26 12:42:53 2009 @@ -36,20 +36,8 @@ private static Log log = LogFactory.getLog(X509Util.class.getName()); public static boolean isContent(Node encBodyData) { - // - // Depending on the encrypted data type (Content or Element) the encBodyData either - // holds the element whose contents where encrypted, e.g. soapenv:Body, or the - // xenc:EncryptedData element (in case of Element encryption). In either case we need - // to get the xenc:EncryptedData element. So get it. The findElement method returns - // immediately if its already the correct element. - // Then we can get the Type attribute. - // - Element tmpE = - (Element) WSSecurityUtil.findElement( - encBodyData, "EncryptedData", WSConstants.ENC_NS - ); - if (tmpE != null) { - String typeStr = tmpE.getAttribute("Type"); + if (encBodyData != null) { + String typeStr = ((Element)encBodyData).getAttribute("Type"); if (typeStr != null) { return typeStr.equals(WSConstants.ENC_NS + "Content"); } @@ -59,7 +47,7 @@ public static String getEncAlgo(Node encBodyData) throws WSSecurityException { Element tmpE = - (Element) WSSecurityUtil.findElement( + WSSecurityUtil.getDirectChildElement( encBodyData, "EncryptionMethod", WSConstants.ENC_NS ); String symEncAlgo = null; @@ -84,7 +72,7 @@ ) throws WSSecurityException { String keyName = null; Element keyNmElem = - (Element) WSSecurityUtil.getDirectChild( + WSSecurityUtil.getDirectChildElement( keyInfoElem, "KeyName", WSConstants.SIG_NS ); if (keyNmElem != null) { Modified: webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/saml/WSSecSignatureSAML.java Thu Mar 26 12:42:53 2009 @@ -19,7 +19,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ws.security.SOAPConstants; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSDocInfo; import org.apache.ws.security.WSDocInfoStore; @@ -117,14 +116,11 @@ prepare(doc, uCrypto, assertion, iCrypto, iKeyName, iKeyPW, secHeader); - SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc - .getDocumentElement()); - + String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement()); if (parts == null) { parts = new Vector(); - WSEncryptionPart encP = new WSEncryptionPart(soapConstants - .getBodyQName().getLocalPart(), soapConstants - .getEnvelopeURI(), "Content"); + WSEncryptionPart encP = + new WSEncryptionPart(WSConstants.ELEM_BODY, soapNamespace, "Content"); parts.add(encP); } addReferencesToSign(parts, secHeader); Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Thu Mar 26 12:42:53 2009 @@ -140,7 +140,7 @@ 0 ); Element canonElem = - (Element) WSSecurityUtil.getDirectChild( + WSSecurityUtil.getDirectChildElement( tmpE, "CanonicalizationMethod", WSConstants.SIG_NS ); canonAlgo = canonElem.getAttribute("Algorithm"); Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original) +++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Thu Mar 26 12:42:53 2009 @@ -74,12 +74,13 @@ * * @param doc * @param actor + * @deprecated use WSSecurityUtil.getSecurityHeader(Document, String) instead * @return the <code>wsse:Security</code> element or <code>null</code> * if not such element found */ public static Element getSecurityHeader(Document doc, String actor, SOAPConstants sc) { Element soapHeaderElement = - (Element) getDirectChild( + getDirectChildElement( doc.getDocumentElement(), sc.getHeaderQName().getLocalPart(), sc.getEnvelopeURI() @@ -107,6 +108,50 @@ } return null; } + + /** + * Returns the first WS-Security header element for a given actor. Only one + * WS-Security header is allowed for an actor. + * + * @param doc + * @param actor + * @return the <code>wsse:Security</code> element or <code>null</code> + * if not such element found + */ + public static Element getSecurityHeader(Document doc, String actor) { + String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement()); + Element soapHeaderElement = + getDirectChildElement( + doc.getDocumentElement(), + WSConstants.ELEM_HEADER, + soapNamespace + ); + if (soapHeaderElement == null) { // no SOAP header at all + return null; + } + + String actorLocal = WSConstants.ATTR_ACTOR; + if (WSConstants.URI_SOAP12_ENV.equals(soapNamespace)) { + actorLocal = WSConstants.ATTR_ROLE; + } + + // get all wsse:Security nodes + NodeList list = + soapHeaderElement.getElementsByTagNameNS(WSConstants.WSSE_NS, WSConstants.WSSE_LN); + if (list == null) { + return null; + } + for (int i = 0; i < list.getLength(); i++) { + Element elem = (Element) list.item(i); + Attr attr = elem.getAttributeNodeNS(soapNamespace, actorLocal); + String hActor = (attr != null) ? attr.getValue() : null; + if (WSSecurityUtil.isActorEqual(actor, hActor)) { + return elem; + } + } + return null; + } + /** * Compares two actor strings and returns true if these are equal. Takes @@ -117,7 +162,6 @@ * @return true is the actor arguments are equal */ public static boolean isActorEqual(String actor, String hActor) { - if (((hActor == null) || (hActor.length() == 0)) && ((actor == null) || (actor.length() == 0))) { return true; @@ -136,6 +180,7 @@ * @param fNode the node where to start the search * @param localName local name of the child to get * @param namespace the namespace of the child to get + * @deprecated see WSSecurityUtil#getDirectChildElement instead * @return the node or <code>null</code> if not such node found */ public static Node getDirectChild( @@ -155,23 +200,85 @@ } return null; } + + /** + * Gets a direct child with specified localname and namespace. <p/> + * + * @param fNode the node where to start the search + * @param localName local name of the child to get + * @param namespace the namespace of the child to get + * @return the node or <code>null</code> if not such node found + */ + public static Element getDirectChildElement( + Node fNode, + String localName, + String namespace + ) { + for ( + Node currentChild = fNode.getFirstChild(); + currentChild != null; + currentChild = currentChild.getNextSibling() + ) { + if (Node.ELEMENT_NODE == currentChild.getNodeType() + && localName.equals(currentChild.getLocalName()) + && namespace.equals(currentChild.getNamespaceURI())) { + return (Element)currentChild; + } + } + return null; + } + /** * return the first soap "Body" element. <p/> * + * @deprecated use findBodyElement(Document) instead * @param doc * @return the body element or <code>null</code> if document does not * contain a SOAP body */ public static Element findBodyElement(Document doc, SOAPConstants sc) { Element soapBodyElement = - (Element) WSSecurityUtil.getDirectChild( + WSSecurityUtil.getDirectChildElement( doc.getFirstChild(), sc.getBodyQName().getLocalPart(), sc.getEnvelopeURI() ); return soapBodyElement; } + + + /** + * return the first soap "Body" element. <p/> + * + * @param doc + * @return the body element or <code>null</code> if document does not + * contain a SOAP body + */ + public static Element findBodyElement(Document doc) { + // + // Find the SOAP Envelope NS. Default to SOAP11 NS + // + Element docElement = doc.getDocumentElement(); + String ns = docElement.getNamespaceURI(); + String bodyNamespace = WSConstants.URI_SOAP11_ENV; + if (WSConstants.URI_SOAP12_ENV.equals(ns)) { + bodyNamespace = ns; + } + + for ( + Node currentChild = docElement.getFirstChild(); + currentChild != null; + currentChild = currentChild.getNextSibling() + ) { + if (Node.ELEMENT_NODE == currentChild.getNodeType() + && WSConstants.ELEM_BODY.equals(currentChild.getLocalName()) + && bodyNamespace.equals(currentChild.getNamespaceURI())) { + return (Element)currentChild; + } + } + return null; + } /** * Returns the first element that matches <code>name</code> and @@ -440,10 +547,13 @@ */ public static String getIDFromReference(String ref) { String id = ref.trim(); - if ((id.length() == 0) || (id.charAt(0) != '#')) { + if (id.length() == 0) { return null; } - return id.substring(1); + if (id.charAt(0) == '#') { + id = id.substring(1); + } + return id; } /** @@ -470,10 +580,12 @@ return null; } id = id.trim(); - if ((id.length() == 0) || (id.charAt(0) != '#')) { + if (id.length() == 0) { return null; } - id = id.substring(1); + if (id.charAt(0) == '#') { + id = id.substring(1); + } return WSSecurityUtil.findElementById(doc.getDocumentElement(), id, null); } @@ -495,29 +607,6 @@ return parent.getOwnerDocument().createElementNS(nsUri, qName); } - /** - * find a child element with given namespace and local name <p/> - * - * @param parent the node to start the search - * @param namespaceUri of the element - * @param localName of the element - * @return the found element or null if the element does not exist - */ - private static Element findChildElement(Element parent, String namespaceUri, String localName) { - NodeList children = parent.getChildNodes(); - int len = children.getLength(); - for (int i = 0; i < len; i++) { - Node child = children.item(i); - if (child.getNodeType() == Node.ELEMENT_NODE) { - Element elementChild = (Element) child; - if (namespaceUri.equals(elementChild.getNamespaceURI()) - && localName.equals(elementChild.getLocalName())) { - return elementChild; - } - } - } - return null; - } /** * append a child element <p/> @@ -620,16 +709,15 @@ String actor, boolean doCreate ) { - SOAPConstants sc = getSOAPConstants(envelope); - Element wsseSecurity = getSecurityHeader(doc, actor, sc); + Element wsseSecurity = getSecurityHeader(doc, actor); if (wsseSecurity != null) { return wsseSecurity; } + String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement()); Element header = - findChildElement(envelope, sc.getEnvelopeURI(), sc.getHeaderQName().getLocalPart()); + getDirectChildElement(envelope, WSConstants.ELEM_HEADER, soapNamespace); if (header == null && doCreate) { - header = - createElementInSameNamespace(envelope, sc.getHeaderQName().getLocalPart()); + header = createElementInSameNamespace(envelope, WSConstants.ELEM_HEADER); header = prependChildElement(envelope, header); } if (doCreate) { @@ -666,14 +754,23 @@ } return new SOAP11Constants(); } + + public static String getSOAPNamespace(Element startElement) { + Document doc = startElement.getOwnerDocument(); + String ns = doc.getDocumentElement().getNamespaceURI(); + if (WSConstants.URI_SOAP12_ENV.equals(ns)) { + return ns; + } + return WSConstants.URI_SOAP11_ENV; + } public static Cipher getCipherInstance(String cipherAlgo) throws WSSecurityException { Cipher cipher = null; try { - if (cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) { + if (WSConstants.KEYTRANSPORT_RSA15.equalsIgnoreCase(cipherAlgo)) { cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING"); - } else if (cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) { + } else if (WSConstants.KEYTRANSPORT_RSAOEP.equalsIgnoreCase(cipherAlgo)) { cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING"); } else { throw new WSSecurityException( @@ -1005,4 +1102,76 @@ } return random; } + + /** + * @return a list of child Nodes + */ + public static java.util.List + listChildren( + final Node parent + ) { + if (parent == null) { + return java.util.Collections.EMPTY_LIST; + } + final java.util.List ret = new java.util.ArrayList(); + if (parent.hasChildNodes()) { + final NodeList children = parent.getChildNodes(); + if (children != null) { + for (int i = 0, n = children.getLength(); i < n; ++i) { + ret.add(children.item(i)); + } + } + } + return ret; + } + + /** + * @return a list of Nodes in b that are not in a + */ + public static java.util.List + newNodes( + final java.util.List a, + final java.util.List b + ) { + if (a.size() == 0) { + return b; + } + if (b.size() == 0) { + return java.util.Collections.EMPTY_LIST; + } + final java.util.List ret = new java.util.ArrayList(); + for ( + final java.util.Iterator bpos = b.iterator(); + bpos.hasNext(); + ) { + final Node bnode = (Node) bpos.next(); + final java.lang.String bns = bnode.getNamespaceURI(); + final java.lang.String bln = bnode.getLocalName(); + boolean found = false; + for ( + final java.util.Iterator apos = a.iterator(); + apos.hasNext() && !found; + ) { + final Node anode = (Node) apos.next(); + final java.lang.String ans = anode.getNamespaceURI(); + final java.lang.String aln = anode.getLocalName(); + final boolean nsmatch = + ans == null + ? ((bns == null) ? true : false) + : ((bns == null) ? false : ans.equals(bns)); + final boolean lnmatch = + aln == null + ? ((bln == null) ? true : false) + : ((bln == null) ? false : aln.equals(bln)); + if (nsmatch && lnmatch) { + found = true; + } + } + if (!found) { + ret.add(bnode); + } + } + return ret; + } + } Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java?rev=758612&r1=758611&r2=758612&view=diff ============================================================================== --- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java (original) +++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java Thu Mar 26 12:42:53 2009 @@ -223,6 +223,61 @@ } + + /** + * Test loading a certificate using BouncyCastle, and using it to encrypt a message, but + * decrypt the message using the Java Keystore provider. In this case though the cert doesn't + * correspond with the cert in wss86.keystore. + */ + public void testBadInterop() throws Exception { + byte[] certBytes = + org.apache.ws.security.util.Base64.decode( + "MIIDNDCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEPMA0GA1UECBMG" + + "QmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTATBgNVBAsTDEFwYWNoZSBX" + + "U1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQwNDE5MzIxOFoXDTEwMDQwNDE5MzIxOFowYTEL" + + "MAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZB" + + "cGFjaGUxDjAMBgNVBAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8wDQYJKoZIhvcNAQEBBQAD" + + "gY0AMIGJAoGBAINlL3/k0H/zvknpBtLo8jzXwx/IJU/CGSv6MsqJZ2fyZ6kpLlXCuSBUZ/tfkdxp" + + "uzhYq/Sc7A8csIk9gDf9RUbrhK0qKw0VP6DoCIJjS5IeN+NeJkx8YjmzLPmZqLYbNPXr/hy8CRrR" + + "6CqLTTSkBwoEJ+cDkfZrdH2/bND0FEIZAgMBAAGjgfYwgfMwCQYDVR0TBAIwADAsBglghkgBhvhC" + + "AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFSZXv0I5bG7XPEw" + + "jylwG3lmZGdiMIGYBgNVHSMEgZAwgY2AFL/FsHHolGIMacU1TZW/88Bd2EL6oWqkaDBmMQswCQYD" + + "VQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx" + + "FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAuBIOAWJ19mwwDQYJKoZI" + + "hvcNAQEEBQADgYEAUiUh/wORVcQYXxIh13h3w2Btg6Kj2g6V6YO0Utc/gEYWwT310C2OuroKAwwo" + + "HapMIIWiJRclIAiA8Hnb0Sv/puuHYD4G4NWFdiVjRord90eZJe40NMGruRmlqIRIGGKCv+wv3E6U" + + "x1cWW862f5H9Eyrcocke2P+3GNAGy83vghA=" + ); + CertificateFactory factory = + CertificateFactory.getInstance("X.509", "BC"); + X509Certificate cert = + (X509Certificate)factory.generateCertificate( + new java.io.ByteArrayInputStream(certBytes) + ); + + SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); + WSSecEncrypt encrypt = new WSSecEncrypt(); + encrypt.setUseThisCert(cert); + Document doc = unsignedEnvelope.getAsDocument(); + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + Document encryptedDoc = encrypt.build(doc, crypto, secHeader); + + if (LOG.isDebugEnabled()) { + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc); + LOG.debug(outputString); + } + try { + verify(encryptedDoc); + fail("Failure expected on encryption with a key that does not exist in the keystore"); + } catch (Exception ex) { + assertTrue(ex.getMessage().indexOf( + "The private key for the supplied alias does not exist in the keystore") != -1); + } + + } + /** * Verifies the soap envelope * <p/> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
