Author: coheigea
Date: Wed Feb 13 12:17:44 2013
New Revision: 1445567
URL: http://svn.apache.org/r1445567
Log:
[WSS-424] - Signature Element is not inserted in the correct place in the
header in certain circumstances
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java?rev=1445567&r1=1445566&r2=1445567&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/action/SignatureAction.java
Wed Feb 13 12:17:44 2013
@@ -30,7 +30,6 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
import org.apache.ws.security.message.WSSecSignature;
-import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -75,17 +74,22 @@ public class SignatureAction implements
} else if (reqData.isAppendSignatureAfterTimestamp()
&& WSConstants.WSU_NS.equals(part.getNamespace())
&& "Timestamp".equals(part.getName())) {
- List<Element> elements =
- WSSecurityUtil.findElements(
- doc.getDocumentElement(), part.getName(),
part.getNamespace()
- );
- if (elements != null && !elements.isEmpty()) {
- Element timestampElement = elements.get(0);
- Node child = timestampElement.getNextSibling();
- while (child != null && child.getNodeType() !=
Node.ELEMENT_NODE) {
- child = child.getNextSibling();
+ int originalSignatureActionIndex =
+ reqData.getOriginalSignatureActionPosition();
+ // Need to figure out where to put the Signature Element
in the header
+ if (originalSignatureActionIndex > 0) {
+ Element secHeader =
reqData.getSecHeader().getSecurityHeader();
+ Node lastChild = secHeader.getLastChild();
+ int count = 0;
+ while (lastChild != null && count <
originalSignatureActionIndex) {
+ while (lastChild != null &&
lastChild.getNodeType() != Node.ELEMENT_NODE) {
+ lastChild = lastChild.getPreviousSibling();
+ }
+ count++;
+ }
+ if (lastChild instanceof Element) {
+ siblingElementToPrepend = (Element)lastChild;
}
- siblingElementToPrepend = (Element)child;
}
}
}
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java?rev=1445567&r1=1445566&r2=1445567&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/RequestData.java
Wed Feb 13 12:17:44 2013
@@ -86,6 +86,7 @@ public class RequestData {
private ReplayCache nonceReplayCache;
private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
private boolean appendSignatureAfterTimestamp;
+ private int originalSignatureActionPosition;
private AlgorithmSuite algorithmSuite;
private AlgorithmSuite samlAlgorithmSuite;
@@ -116,6 +117,7 @@ public class RequestData {
appendSignatureAfterTimestamp = false;
algorithmSuite = null;
samlAlgorithmSuite = null;
+ setOriginalSignatureActionPosition(0);
}
public Object getMsgContext() {
@@ -542,5 +544,13 @@ public class RequestData {
public void setSamlAlgorithmSuite(AlgorithmSuite samlAlgorithmSuite) {
this.samlAlgorithmSuite = samlAlgorithmSuite;
}
+
+ public int getOriginalSignatureActionPosition() {
+ return originalSignatureActionPosition;
+ }
+
+ public void setOriginalSignatureActionPosition(int
originalSignatureActionPosition) {
+ this.originalSignatureActionPosition = originalSignatureActionPosition;
+ }
}
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java?rev=1445567&r1=1445566&r2=1445567&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/handler/WSHandler.java
Wed Feb 13 12:17:44 2013
@@ -204,9 +204,11 @@ public abstract class WSHandler {
if (signTimestamp) {
actionsToPerform = new ArrayList<Integer>(actions);
Collections.copy(actionsToPerform, actions);
- actionsToPerform.remove(actions.indexOf(WSConstants.SIGN));
+ int signatureIndex = actions.indexOf(WSConstants.SIGN);
+ actionsToPerform.remove(signatureIndex);
actionsToPerform.add(WSConstants.SIGN);
reqData.setAppendSignatureAfterTimestamp(true);
+ reqData.setOriginalSignatureActionPosition(signatureIndex);
}
}
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java?rev=1445567&r1=1445566&r2=1445567&view=diff
==============================================================================
---
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
(original)
+++
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/SignatureTest.java
Wed Feb 13 12:17:44 2013
@@ -726,6 +726,84 @@ public class SignatureTest extends org.j
List<WSSecurityEngineResult> results = verify(doc);
assertTrue(handler.checkResults(results, actions));
}
+
+ @org.junit.Test
+ public void
+ testSignatureEncryptTimestampOrder() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.SIGN | WSConstants.ENCR |
WSConstants.TS;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String,
Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new
java.util.ArrayList<Integer>();
+ actions.add(Integer.valueOf(WSConstants.SIGN));
+ actions.add(Integer.valueOf(WSConstants.ENCR));
+ actions.add(Integer.valueOf(WSConstants.TS));
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ }
+
+ @org.junit.Test
+ public void
+ testEncryptSignatureTimestampOrder() throws Exception {
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ final int action = WSConstants.ENCR | WSConstants.SIGN |
WSConstants.TS;
+ final RequestData reqData = new RequestData();
+ reqData.setWssConfig(cfg);
+ reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+ java.util.Map<String, Object> config = new java.util.TreeMap<String,
Object>();
+ config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
+ config.put("password", "security");
+ config.put(
+ WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
+ );
+ reqData.setMsgContext(config);
+
+ final java.util.List<Integer> actions = new
java.util.ArrayList<Integer>();
+ actions.add(Integer.valueOf(WSConstants.ENCR));
+ actions.add(Integer.valueOf(WSConstants.SIGN));
+ actions.add(Integer.valueOf(WSConstants.TS));
+ final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ CustomHandler handler = new CustomHandler();
+ handler.send(
+ action,
+ doc,
+ reqData,
+ actions,
+ true
+ );
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed message:");
+ LOG.debug(outputString);
+ }
+ }
/**
* Verifies the soap envelope.
