Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java Thu Apr 12 16:36:28 2012 @@ -20,10 +20,7 @@ package org.swssf.wss.test; import org.apache.ws.security.handler.WSHandlerConstants; import org.swssf.wss.WSSec; -import org.swssf.wss.ext.InboundWSSec; -import org.swssf.wss.ext.OutboundWSSec; -import org.swssf.wss.ext.WSSConstants; -import org.swssf.wss.ext.WSSSecurityProperties; +import org.swssf.wss.ext.*; import org.swssf.wss.securityEvent.SecurityEvent; import org.swssf.xmlsec.ext.SecurePart; import org.swssf.xmlsec.test.utils.StAX2DOM; @@ -35,6 +32,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; import javax.xml.transform.dom.DOMSource; @@ -90,7 +88,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -121,6 +119,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -167,7 +167,7 @@ public class SignatureTest extends Abstr Assert.assertSame(idAttrValue, ""); } else { Assert.assertNotSame(idAttrValue, ""); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } } } @@ -214,7 +214,7 @@ public class SignatureTest extends Abstr Assert.assertSame(idAttrValue, ""); } else { Assert.assertNotSame(idAttrValue, ""); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } } } @@ -251,6 +251,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -287,6 +289,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -382,7 +386,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -416,6 +420,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -462,7 +468,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -496,6 +502,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -543,7 +551,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -596,7 +604,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -632,6 +640,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -678,7 +688,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -712,6 +722,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -758,7 +770,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -792,6 +804,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -835,7 +849,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -868,6 +882,8 @@ public class SignatureTest extends Abstr { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -910,7 +926,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: { @@ -976,7 +992,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: { @@ -1029,7 +1045,7 @@ public class SignatureTest extends Abstr Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: { @@ -1050,4 +1066,44 @@ public class SignatureTest extends Abstr Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader); } } + + @Test + public void testSignatureHMACOutputLengthInbound() throws Exception { + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + { + InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"); + String action = WSHandlerConstants.SIGNATURE; + Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, new Properties()); + + NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_SignatureMethod.getNamespaceURI(), WSSConstants.TAG_dsig_SignatureMethod.getLocalPart()); + Element hmacElement = securedDocument.createElementNS(WSSConstants.TAG_dsig_HMACOutputLength.getNamespaceURI(), WSSConstants.TAG_dsig_HMACOutputLength.getLocalPart()); + hmacElement.setTextContent("abc"); + nodeList.item(0).appendChild(hmacElement); + + javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); + transformer.transform(new DOMSource(securedDocument), new StreamResult(baos)); + } + + //done signature; now test sig-verification: + { + WSSSecurityProperties securityProperties = new WSSSecurityProperties(); + securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); + XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); + + try { + Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader); + } catch (XMLStreamException e) { + Assert.assertTrue(e.getCause() instanceof WSSecurityException); + Assert.assertEquals(e.getMessage(), "org.swssf.wss.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header; nested exception is: \n" + + "\tjavax.xml.bind.UnmarshalException\n" + + " - with linked exception:\n" + + "[org.xml.sax.SAXParseException: cvc-datatype-valid.1.2.1: 'abc' is not a valid value for 'integer'.]; nested exception is: \n" + + "\tjavax.xml.bind.UnmarshalException\n" + + " - with linked exception:\n" + + "[org.xml.sax.SAXParseException: cvc-datatype-valid.1.2.1: 'abc' is not a valid value for 'integer'.]"); + } + } + } }
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/UsernameTokenTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/UsernameTokenTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/UsernameTokenTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/UsernameTokenTest.java Thu Apr 12 16:36:28 2012 @@ -236,6 +236,8 @@ public class UsernameTokenTest extends A WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.setCallbackHandler(new CallbackHandlerImpl()); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -420,7 +422,7 @@ public class UsernameTokenTest extends A Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done UsernameToken; now verification: Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java Thu Apr 12 16:36:28 2012 @@ -99,6 +99,8 @@ public class VulnerabliltyVectorsTest ex securityProperties.setCallbackHandler(new CallbackHandlerImpl()); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); try { doInboundSecurity(securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -185,6 +187,8 @@ public class VulnerabliltyVectorsTest ex inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R3006); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + inSecurityProperties.setDisableSchemaValidation(true); try { doInboundSecurity(inSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -290,6 +294,8 @@ public class VulnerabliltyVectorsTest ex { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java Thu Apr 12 16:36:28 2012 @@ -130,6 +130,8 @@ public class SAMLTokenHOKTest extends Ab { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -263,6 +265,8 @@ public class SAMLTokenHOKTest extends Ab { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java Thu Apr 12 16:36:28 2012 @@ -124,6 +124,8 @@ public class SAMLTokenReferenceTest exte { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -207,6 +209,8 @@ public class SAMLTokenReferenceTest exte { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -430,6 +434,8 @@ public class SAMLTokenReferenceTest exte { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -515,6 +521,8 @@ public class SAMLTokenReferenceTest exte { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -601,6 +609,8 @@ public class SAMLTokenReferenceTest exte { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenSVTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenSVTest.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenSVTest.java (original) +++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenSVTest.java Thu Apr 12 16:36:28 2012 @@ -86,7 +86,7 @@ public class SAMLTokenSVTest extends Abs Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -126,6 +126,8 @@ public class SAMLTokenSVTest extends Abs { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -177,7 +179,7 @@ public class SAMLTokenSVTest extends Abs Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -219,6 +221,8 @@ public class SAMLTokenSVTest extends Abs { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -265,7 +269,7 @@ public class SAMLTokenSVTest extends Abs Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -305,6 +309,8 @@ public class SAMLTokenSVTest extends Abs { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -352,7 +358,7 @@ public class SAMLTokenSVTest extends Abs Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -394,6 +400,8 @@ public class SAMLTokenSVTest extends Abs { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); @@ -441,7 +449,7 @@ public class SAMLTokenSVTest extends Abs Assert.assertEquals(nodeList.getLength(), 1); String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()); Assert.assertNotNull(idAttrValue); - Assert.assertTrue(idAttrValue.startsWith("id-"), "wsu:id Attribute doesn't start with id"); + Assert.assertTrue(idAttrValue.length() > 0); } //done signature; now test sig-verification: @@ -483,6 +491,8 @@ public class SAMLTokenSVTest extends Abs { WSSSecurityProperties securityProperties = new WSSSecurityProperties(); securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray()); + //we have to disable the schema validation until WSS4J-DOM is fixed. WSS4J generates an empty PrefixList which is not schema valid! + securityProperties.setDisableSchemaValidation(true); InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties); XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()))); Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/AbstractInputSecurityHeaderHandler.java Thu Apr 12 16:36:28 2012 @@ -41,9 +41,9 @@ public abstract class AbstractInputSecur protected final transient Log logger = LogFactory.getLog(this.getClass()); - protected <T> T parseStructure(Deque<XMLEvent> eventDeque, int index) throws XMLSecurityException { + protected <T> T parseStructure(Deque<XMLEvent> eventDeque, int index, XMLSecurityProperties securityProperties) throws XMLSecurityException { try { - Unmarshaller unmarshaller = XMLSecurityConstants.getJaxbContext().createUnmarshaller(); + Unmarshaller unmarshaller = XMLSecurityConstants.getJaxbUnmarshaller(securityProperties.isDisableSchemaValidation()); return (T) unmarshaller.unmarshal(new XMLSecurityEventReader(eventDeque, index)); } catch (JAXBException e) { Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java Thu Apr 12 16:36:28 2012 @@ -18,10 +18,21 @@ */ package org.swssf.xmlsec.ext; +import org.swssf.xmlsec.impl.util.ConcreteLSInput; +import org.w3c.dom.ls.LSInput; +import org.w3c.dom.ls.LSResourceResolver; +import org.xml.sax.SAXException; + +import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; import javax.xml.namespace.QName; import javax.xml.stream.XMLEventFactory; +import javax.xml.transform.Source; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -34,8 +45,8 @@ import java.security.SecureRandom; public class XMLSecurityConstants { public static final SecureRandom secureRandom; - //todo jaxbContext pool? private static JAXBContext jaxbContext; + private static Schema schema; static { try { @@ -45,10 +56,50 @@ public class XMLSecurityConstants { } try { - //todo schema validation? setJaxbContext(JAXBContext.newInstance("org.swssf.binding.xmlenc:org.swssf.binding.xmldsig:org.swssf.binding.xmldsig11:org.swssf.binding.excc14n")); + SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); + schemaFactory.setResourceResolver(new LSResourceResolver() { + @Override + public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) { + if ("http://www.w3.org/2001/XMLSchema.dtd".equals(systemId)) { + ConcreteLSInput concreteLSInput = new ConcreteLSInput(); + concreteLSInput.setByteStream(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/XMLSchema.dtd")); + return concreteLSInput; + } else if ("XMLSchema.dtd".equals(systemId)) { + ConcreteLSInput concreteLSInput = new ConcreteLSInput(); + concreteLSInput.setByteStream(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/XMLSchema.dtd")); + return concreteLSInput; + } else if ("datatypes.dtd".equals(systemId)) { + ConcreteLSInput concreteLSInput = new ConcreteLSInput(); + concreteLSInput.setByteStream(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/datatypes.dtd")); + return concreteLSInput; + } else if ("http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd".equals(systemId)) { + ConcreteLSInput concreteLSInput = new ConcreteLSInput(); + concreteLSInput.setByteStream(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xmldsig-core-schema.xsd")); + return concreteLSInput; + } else if ("http://www.w3.org/2001/xml.xsd".equals(systemId)) { + ConcreteLSInput concreteLSInput = new ConcreteLSInput(); + concreteLSInput.setByteStream(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xml.xsd")); + return concreteLSInput; + } + return null; + } + }); + Schema schema = schemaFactory.newSchema( + new Source[]{ + new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/exc-c14n.xsd")), + new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xenc-schema.xsd")), + new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xmldsig11-schema.xsd")), + new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xmldsig-core-schema.xsd")), + new StreamSource(XMLSecurityConstants.class.getClassLoader().getResourceAsStream("schemas/xmldsig1-schema.xsd")), + } + ); + setJaxbSchemas(schema); + } catch (JAXBException e) { throw new RuntimeException(e); + } catch (SAXException e) { + throw new RuntimeException(e); } } @@ -59,8 +110,16 @@ public class XMLSecurityConstants { XMLSecurityConstants.jaxbContext = jaxbContext; } - public static JAXBContext getJaxbContext() { - return jaxbContext; + public static synchronized void setJaxbSchemas(Schema schema) { + XMLSecurityConstants.schema = schema; + } + + public static Unmarshaller getJaxbUnmarshaller(boolean disableSchemaValidation) throws JAXBException { + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + if (!disableSchemaValidation) { + unmarshaller.setSchema(schema); + } + return unmarshaller; } public enum Phase { Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java Thu Apr 12 16:36:28 2012 @@ -515,4 +515,14 @@ public class XMLSecurityProperties { public void setSkipDocumentEvents(boolean skipDocumentEvents) { this.skipDocumentEvents = skipDocumentEvents; } + + private boolean disableSchemaValidation = false; + + public boolean isDisableSchemaValidation() { + return disableSchemaValidation; + } + + public void setDisableSchemaValidation(boolean disableSchemaValidation) { + this.disableSchemaValidation = disableSchemaValidation; + } } Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java Thu Apr 12 16:36:28 2012 @@ -27,6 +27,7 @@ import org.swssf.xmlsec.config.JCEAlgori import org.swssf.xmlsec.ext.*; import org.swssf.xmlsec.impl.XMLSecurityEventReader; import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory; +import org.swssf.xmlsec.impl.util.IDGenerator; import org.swssf.xmlsec.impl.util.IVSplittingOutputStream; import org.swssf.xmlsec.impl.util.ReplaceableOuputStream; import org.xmlsecurity.ns.configuration.AlgorithmType; @@ -63,8 +64,7 @@ public abstract class AbstractDecryptInp private KeyInfoType keyInfoType; private List<ReferenceType> processedReferences = new ArrayList<ReferenceType>(); - //the prefix must start with a letter by spec!: - private final String uuid = "a" + UUID.randomUUID().toString().replaceAll("-", ""); + private final String uuid = IDGenerator.generateID(null); private final QName wrapperElementName = new QName("http://dummy";, "dummy", uuid); private ArrayDeque<XMLEvent> tmpXmlEventList = new ArrayDeque<XMLEvent>(); Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java Thu Apr 12 16:36:28 2012 @@ -55,7 +55,7 @@ public abstract class AbstractSignatureI Deque<XMLEvent> eventQueue, Integer index) throws XMLSecurityException { @SuppressWarnings("unchecked") - final SignatureType signatureType = ((JAXBElement<SignatureType>) parseStructure(eventQueue, index)).getValue(); + final SignatureType signatureType = ((JAXBElement<SignatureType>) parseStructure(eventQueue, index, securityProperties)).getValue(); SecurityToken securityToken = verifySignedInfo(inputProcessorChain, securityProperties, signatureType, eventQueue, index); addSignatureReferenceInputProcessorToChain(inputProcessorChain, securityProperties, signatureType, securityToken); } Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractEncryptOutputProcessor.java Thu Apr 12 16:36:28 2012 @@ -311,7 +311,7 @@ public abstract class AbstractEncryptOut */ public class CharacterEventGeneratorOutputStream extends OutputStream { - private List<Characters> charactersBuffer = new Vector<Characters>(); + private List<Characters> charactersBuffer = new LinkedList<Characters>(); private String encoding; public CharacterEventGeneratorOutputStream(String encoding) { Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1325366&r1=1325365&r2=1325366&view=diff ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Thu Apr 12 16:36:28 2012 @@ -23,6 +23,7 @@ import org.swssf.xmlsec.ext.*; import org.swssf.xmlsec.impl.SignaturePartDef; import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithm; import org.swssf.xmlsec.impl.algorithms.SignatureAlgorithmFactory; +import org.swssf.xmlsec.impl.util.IDGenerator; import org.swssf.xmlsec.impl.util.SignerOutputStream; import javax.xml.namespace.QName; @@ -90,7 +91,7 @@ public abstract class AbstractSignatureE OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this); Map<QName, String> attributes = new HashMap<QName, String>(); - attributes.put(XMLSecurityConstants.ATT_NULL_Id, "Signature-" + UUID.randomUUID().toString()); + attributes.put(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)); createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_Signature, attributes); SignatureAlgorithm signatureAlgorithm; @@ -161,7 +162,7 @@ public abstract class AbstractSignatureE createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_SignatureValue); attributes = new HashMap<QName, String>(); - attributes.put(XMLSecurityConstants.ATT_NULL_Id, "KeyId-" + UUID.randomUUID().toString()); + attributes.put(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)); createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, attributes); createKeyInfoStructureForSignature(subOutputProcessorChain, wrappingSecurityToken, getSecurityProperties().isUseSingleCert()); createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo); Added: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java?rev=1325366&view=auto ============================================================================== --- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java (added) +++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java Thu Apr 12 16:36:28 2012 @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.swssf.xmlsec.impl.util; + +import java.util.UUID; + +/** + * @author $Author$ + * @version $Revision$ $Date$ + */ +public class IDGenerator { + + public static String generateID(String prefix) { + String id = UUID.randomUUID().toString(); + if (prefix != null) { + return prefix + id; + } else { + //always prepend a constant character to get a schema-valid id!: + return "G" + id; + } + } +} Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/util/IDGenerator.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision
