Colm,
> final WSDocInfo wsDocInfo, > - final java.util.Vector returnResults, > + final java.util.List returnResults, > final WSSConfig config Is it possible to get these lists to be typed in WSS4J or do they have to be List<Obejct>? For example: List<WSResult> or similar? It would make the code much more readable. Dan On Friday 05 November 2010 12:07:12 pm cohei...@apache.org wrote: > Author: coheigea > Date: Fri Nov 5 16:07:11 2010 > New Revision: 1031652 > > URL: http://svn.apache.org/viewvc?rev=1031652&view=rev > Log: > Adding a branch of the WSS4J 1.6 port to sandbox. > - An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT. > - All the unit tests pass, 13 system tests are failing. > - WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but > will be shortly when I set up the hudson build. > > Added: > cxf/sandbox/wss4j-1.6-port/ > - copied from r1031553, cxf/trunk/ > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml > > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/IssuedTokenInterceptorProvider.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/SecureConversationInInterceptor.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/CryptoCoverageUtil.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/PolicyBasedWSS4JInInterceptor.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/UsernameTokenProcessorWithoutCallbacks.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/WSS4JInInterceptor.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AbstractBindingBuilder.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AsymmetricBindingHandler.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/SymmetricBindingHandler.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/TransportBindingHandler.java > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/ > security/wss4j/CustomProcessor.java > > Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml > URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom > .xml?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original) > +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov 5 16:07:11 > 2010 @@ -91,7 +91,7 @@ > <dependency> > <groupId>org.apache.ws.security</groupId> > <artifactId>wss4j</artifactId> > - <version>1.5.9</version> > + <version>1.6-SNAPSHOT</version> > <exclusions> > <exclusion> > <groupId>axis</groupId> > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/IssuedTokenInterceptorProvider.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterc > eptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/IssuedTokenInterceptorProvider.java (original) > +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Nov 5 > 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic > > import java.util.Arrays; > import java.util.Collection; > +import java.util.List; > import java.util.Vector; > > > @@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = > rResult.getResults(); + List wsSecEngineResults > = rResult.getResults(); > > for (int j = 0; j < wsSecEngineResults.size(); > j++) { //WSSecurityEngineResult wser = > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/SecureConversationInInterceptor.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversatio > nInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/SecureConversationInInterceptor.java > (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/policy/interceptors/SecureConversationInInterceptor.java Fri Nov > 5 16:07:11 2010 @@ -455,7 +455,7 @@ class SecureConversationInInterceptor > ex > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > > for (int j = 0; j < wsSecEngineResults.size(); j++) { > WSSecurityEngineResult wser = > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthentica > tingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java > (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Fri Nov > 5 16:07:11 2010 @@ -224,7 +224,7 @@ public abstract class > AbstractUsernameTo > if (c instanceof WSPasswordCallback) { > WSPasswordCallback pc = (WSPasswordCallback)c; > if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType()) > - && pc.getUsage() == > WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { + && > pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) { > AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject( > pc.getIdentifier(), pc.getPassword(), false, null, null); } > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/CryptoCoverageUtil.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=103 > 1652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/CryptoCoverageUtil.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/CryptoCoverageUtil.java Fri Nov 5 16:07:11 2010 @@ -82,9 > +82,9 @@ public final class CryptoCoverageUtil { > final WSDataRef signedRef = signedRefsIt.next(); > > if (isSignedEncryptionRef(encryptedRef, signedRef)) { > - > - final WSDataRef encryptedSignedRef = > - new WSDataRef(signedRef.getDataref()); > + > + final WSDataRef encryptedSignedRef = new WSDataRef(); > + encryptedSignedRef.setWsuId(signedRef.getWsuId()); > > encryptedSignedRef.setContent(false); > encryptedSignedRef.setName(encryptedRef.getName()); > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/PolicyBasedWSS4JInInterceptor.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.j > ava?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Nov 5 16:07:11 2010 > @@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept > } > > protected void doResults(SoapMessage msg, String actor, > - SOAPMessage doc, Vector results, boolean > utWithCallbacks) + SOAPMessage doc, List > results, boolean utWithCallbacks) throws SOAPException, > XMLStreamException, WSSecurityException { > > AssertionInfoMap aim = msg.get(AssertionInfoMap.class); > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/UsernameTokenProcessorWithoutCallbacks.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCa > llbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Fri Nov 5 > 16:07:11 2010 @@ -20,7 +20,7 @@ > package org.apache.cxf.ws.security.wss4j; > > import java.security.Principal; > -import java.util.Vector; > +import java.util.List; > import java.util.logging.Level; > import java.util.logging.Logger; > > @@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho > > @SuppressWarnings("unchecked") > public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, > CallbackHandler cb, - WSDocInfo wsDocInfo, Vector returnResults, > WSSConfig wsc) throws WSSecurityException { + WSDocInfo wsDocInfo, > List returnResults, WSSConfig wsc) throws WSSecurityException { if > (LOG.isLoggable(Level.FINE)) { > LOG.fine("Found UsernameToken list element"); > } > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/WSS4JInInterceptor.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=103 > 1652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/WSS4JInInterceptor.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/WSS4JInInterceptor.java Fri Nov 5 16:07:11 2010 @@ -192,7 > +192,7 @@ public class WSS4JInInterceptor extends > try { > reqData.setMsgContext(msg); > computeAction(msg, reqData); > - Vector actions = new Vector(); > + List actions = new Vector(); > String action = getAction(msg, version); > > int doAction = WSSecurityUtil.decodeAction(action, actions); > @@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends > */ > doReceiverAction(doAction, reqData); > > - Vector wsResult = null; > + List wsResult = null; > if (doTimeLog) { > t1 = System.currentTimeMillis(); > } > @@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends > } > } > > - private void checkActions(SoapMessage msg, RequestData reqData, Vector > wsResult, Vector actions) + private void checkActions(SoapMessage msg, > RequestData reqData, List wsResult, List actions) throws > WSSecurityException { > /* > * now check the security actions: do they match, in any order? > @@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends > throw new > WSSecurityException(WSSecurityException.INVALID_SECURITY); } > } > - private void checkSignatures(SoapMessage msg, RequestData reqData, > Vector wsResult) + private void checkSignatures(SoapMessage msg, > RequestData reqData, List wsResult) throws WSSecurityException { > /* > * Now we can check the certificate used to sign the message. In > the @@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends > */ > > // Extract the signature action result from the action vector > - Vector signatureResults = new Vector(); > + List signatureResults = new Vector(); > signatureResults = > WSSecurityUtil.fetchAllActionResults(wsResult, > WSConstants.SIGN, signatureResults); > > @@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends > } > } > > - protected void checkTimestamps(SoapMessage msg, RequestData reqData, > Vector wsResult) + protected void checkTimestamps(SoapMessage msg, > RequestData reqData, List wsResult) throws WSSecurityException { > /* > * Perform further checks on the timestamp that was transmitted in > @@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends > * other validation algorithms for subclasses. > */ > // Extract the timestamp action result from the action vector > - Vector timestampResults = new Vector(); > + List timestampResults = new Vector(); > timestampResults = > WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, > timestampResults); > > @@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends > > } > > - protected void doResults(SoapMessage msg, String actor, SOAPMessage > doc, Vector wsResult) + protected void doResults(SoapMessage msg, > String actor, SOAPMessage doc, List wsResult) throws SOAPException, > XMLStreamException, WSSecurityException { doResults(msg, actor, doc, > wsResult, false); > } > > - protected void doResults(SoapMessage msg, String actor, SOAPMessage > doc, Vector wsResult, + protected void doResults(SoapMessage msg, > String actor, SOAPMessage doc, List wsResult, boolean utWithCallbacks) > throws SOAPException, XMLStreamException, WSSecurityException { /* > * All ok up to this point. Now construct and setup the security > result > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AbstractBindingBuilder.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingB > uilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Nov 5 > 16:07:11 2010 @@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j > import java.io.IOException; > import java.io.InputStream; > import java.net.URL; > +import java.security.InvalidAlgorithmParameterException; > import java.security.KeyStoreException; > +import java.security.NoSuchAlgorithmException; > import java.security.cert.X509Certificate; > import java.util.ArrayList; > import java.util.Collection; > +import java.util.Collections; > import java.util.Enumeration; > import java.util.HashMap; > import java.util.HashSet; > @@ -40,6 +43,10 @@ import java.util.logging.Level; > import java.util.logging.Logger; > > import javax.security.auth.callback.CallbackHandler; > +import javax.xml.crypto.XMLStructure; > +import javax.xml.crypto.dom.DOMStructure; > +import javax.xml.crypto.dsig.DigestMethod; > +import javax.xml.crypto.dsig.Transform; > import javax.xml.namespace.QName; > import javax.xml.soap.SOAPException; > import javax.xml.soap.SOAPHeader; > @@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS > import org.apache.ws.security.message.token.SecurityTokenReference; > import org.apache.ws.security.transform.STRTransform; > import org.apache.ws.security.util.WSSecurityUtil; > -import org.apache.xml.security.signature.XMLSignatureException; > -import org.apache.xml.security.transforms.TransformationException; > -import org.apache.xml.security.transforms.Transforms; > > /** > * > */ > public abstract class AbstractBindingBuilder { > public static final String CRYPTO_CACHE = "ws-security.crypto.cache"; > - private static final Logger LOG = > LogUtils.getL7dLogger(AbstractBindingBuilder.class); + protected static > final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class); > > > protected SPConstants.ProtectionOrder protectionOrder = > SPConstants.ProtectionOrder.SignBeforeEncrypting; @@ -569,8 +573,7 @@ > public abstract class AbstractBindingBui > // coupled with WSSecSignatureHelper. This approach is > used so that // we can force WSS4J to sign the assertion through a STR > that // WSS4J did not create during message signature creation. - > part = new WSEncryptionPart(tempSig.getStrUri(), > "ExternalSTRTransform", "Element", - > WSConstants.PART_TYPE_ELEMENT); > + part = new WSEncryptionPart(tempSig.getStrUri(), > "ExternalSTRTransform", "Element"); > > } else { > if (tempSig.getBSTTokenId() != null) { > @@ -922,13 +925,11 @@ public abstract class AbstractBindingBui > if (sign) { > result.add(new WSEncryptionPart( > id, > - "Element", > - WSConstants.PART_TYPE_BODY)); > + "Element")); > } else { > result.add(new WSEncryptionPart( > id, > - "Content", > - WSConstants.PART_TYPE_BODY)); > + "Content")); > } > } > > @@ -958,8 +959,7 @@ public abstract class AbstractBindingBui > final String id = this.addWsuIdToElement(el); > result.add(new WSEncryptionPart( > id, > - part.getEncModifier(), > - WSConstants.PART_TYPE_HEADER)); > + part.getEncModifier())); > } > } > } > @@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui > > WSEncryptionPart part = new WSEncryptionPart( > id, > - encryptionModifier, > - WSConstants.PART_TYPE_ELEMENT); > + encryptionModifier); > part.setXpath(expression); > > /** > @@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > /* > * Scan the results for the first Signature action. Use the > * certificate of this Signature to set the certificate for the > @@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > /* > * Scan the results for a username token. Use the username > * of this token to set the alias for the encryption user > @@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui > sigParts.add(new > WSEncryptionPart(sig.getBSTTokenId())); } > try { > - sig.addReferencesToSign(sigParts, secHeader); > - sig.computeSignature(); > - sig.appendToHeader(secHeader); > + List referenceList = sig.addReferencesToSign(sigParts, > secHeader); + sig.computeSignature(referenceList, > false, null); > > signatures.add(sig.getSignatureValue()); > if (isSigProtect) { > @@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui > > dkSign.setParts(sigParts); > > - dkSign.addReferencesToSign(sigParts, secHeader); > + List referenceList = dkSign.addReferencesToSign(sigParts, > secHeader); > > - //Do signature > - dkSign.computeSignature(); > - > //Add elements to header > addSupportingElement(dkSign.getdktElement()); > - > secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement()); + > + //Do signature > + dkSign.computeSignature(referenceList, false, null); > > signatures.add(dkSign.getSignatureValue()); > } > @@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui > sig.prepare(doc, getSignatureCrypto(null), secHeader); > > sig.setParts(sigParts); > - sig.addReferencesToSign(sigParts, secHeader); > + List referenceList = sig.addReferencesToSign(sigParts, secHeader); > > //Do signature > - sig.computeSignature(); > + sig.computeSignature(referenceList, false, null); > signatures.add(sig.getSignatureValue()); > - > - > secHeader.getSecurityHeader().appendChild(sig.getSignatureElement()); } > protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) { > > assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING > _TOKENS)); @@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui > signedEncryptedParts.add( > new WSEncryptionPart( > encryptedPart.getEncId(), > - encryptedPart.getEncModifier(), > - encryptedPart.getType())); > + encryptedPart.getEncModifier())); > } > } > } > @@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui > } > > @Override > - public void addReferencesToSign(Vector references, > + public List addReferencesToSign(List references, > WSSecHeader secHeader) throws WSSecurityException { > final Vector<Object> unalteredReferences = new > Vector<Object>(); > > + List uberReferences = new Vector(); > try { > + DigestMethod digestMethod; > + try { > + digestMethod = > signatureFactory.newDigestMethod(this.getDigestAlgo(), null); + > } catch (Exception ex) { > + throw new WSSecurityException( > + WSSecurityException.FAILED_SIGNATURE, "noXMLSig", > null, ex + ); > + } > + > for (int part = 0; part < references.size(); part++) { > final WSEncryptionPart encPart = (WSEncryptionPart) > references.get(part); > > final String elemName = encPart.getName(); > - final Transforms transforms = new > Transforms(document); > > if (elemName != null && > "ExternalSTRTransform".equals(encPart.getNamespace())) { final Element ctx > = this.createSTRParameter(document); - > transforms.addTransform(STRTransform.implementedTransformURI, ctx); - > this.sig.addDocument("#" + elemName, transforms, > this.getDigestAlgo()); + > + XMLStructure structure = new DOMStructure(ctx); > + Transform transform = > + signatureFactory.newTransform( > + STRTransform.TRANSFORM_URI, > + structure > + ); > + > + javax.xml.crypto.dsig.Reference reference = > + signatureFactory.newReference( > + "#" + elemName, > + digestMethod, > + Collections.singletonList(transform), > + null, > + null > + ); > + uberReferences.add(reference); > } else { > unalteredReferences.add(encPart); > } > } > - } catch (TransformationException e1) { > + } catch (NoSuchAlgorithmException e1) { > throw new WSSecurityException( > WSSecurityException.FAILED_SIGNATURE, "noXMLSig", > null, e1 ); > - } catch (XMLSignatureException e1) { > + } catch (InvalidAlgorithmParameterException e1) { > throw new WSSecurityException( > WSSecurityException.FAILED_SIGNATURE, "noXMLSig", > null, e1 ); > } > > - super.addReferencesToSign(unalteredReferences, secHeader); > + List newReferences = > super.addReferencesToSign(unalteredReferences, secHeader); + > uberReferences.addAll(newReferences); > + return uberReferences; > } > } > > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AsymmetricBindingHandler.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindin > gHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Nov 5 > 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j > > > import java.util.Collection; > +import java.util.List; > import java.util.Vector; > import java.util.logging.Level; > import java.util.logging.Logger; > @@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex > > dkSign.setParts(sigParts); > > - dkSign.addReferencesToSign(sigParts, secHeader); > - > - // Do signature > - dkSign.computeSignature(); > - signatures.add(dkSign.getSignatureValue()); > + List referenceList = dkSign.addReferencesToSign(sigParts, > secHeader); > > // Add elements to header > addDerivedKeyElement(dkSign.getdktElement()); > - insertBeforeBottomUp(dkSign.getSignatureElement()); > - mainSigId = > addWsuIdToElement(dkSign.getSignatureElement()); + > + //Do signature > + if (bottomUpElement == null) { > + dkSign.computeSignature(referenceList, false, null); > + } else { > + dkSign.computeSignature(referenceList, true, > bottomUpElement); + } > + bottomUpElement = dkSign.getSignatureElement(); > + signatures.add(dkSign.getSignatureValue()); > + > + // TODO mainSigId = > addWsuIdToElement(dkSign.getSignatureElement()); + > mainSigId = dkSign.getId(); > } catch (Exception e) { > //REVISIT > e.printStackTrace(); > @@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex > } > > sig.prependBSTElementToHeader(secHeader); > - insertBeforeBottomUp(sig.getSignatureElement()); > sigParts.addAll(this.getSignedParts()); > > - sig.addReferencesToSign(sigParts, secHeader); > - sig.computeSignature(); > + List referenceList = sig.addReferencesToSign(sigParts, > secHeader); + //Do signature > + if (bottomUpElement == null) { > + sig.computeSignature(referenceList, false, null); > + } else { > + sig.computeSignature(referenceList, true, > bottomUpElement); + } > + bottomUpElement = sig.getSignatureElement(); > + > signatures.add(sig.getSignatureValue()); > > - mainSigId = addWsuIdToElement(sig.getSignatureElement()); > + //TODO mainSigId = > addWsuIdToElement(sig.getSignatureElement()); + mainSigId = > sig.getId(); > } > } > > @@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > /* > * Scan the results for the first Signature action. Use the > * certificate of this Signature to set the certificate for the > @@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > /* > * Scan the results for the first Signature action. Use the > * certificate of this Signature to set the certificate for the > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/SymmetricBindingHandler.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBinding > Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Nov 5 > 16:07:11 2010 @@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j > import java.security.MessageDigest; > import java.security.NoSuchAlgorithmException; > import java.util.Calendar; > +import java.util.List; > import java.util.Vector; > +import java.util.logging.Level; > > import javax.xml.soap.SOAPMessage; > > @@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext > > if (!isRequestor()) { > if (encrTok.getSHA1() != null) { > - encr.setUseKeyIdentifier(true); > > encr.setCustomReferenceValue(encrTok.getSHA1()); > encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } > else { > - encr.setUseKeyIdentifier(true); > > encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF); } > } else { > if (encrToken instanceof IssuedToken) { > - encr.setUseKeyIdentifier(true); > > encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI); > encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } > @@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext > } > > dkSign.setParts(sigs); > - dkSign.addReferencesToSign(sigs, secHeader); > + List referenceList = dkSign.addReferencesToSign(sigs, secHeader); > > - //Do signature > - dkSign.computeSignature(); > - > //Add elements to header > Element el = dkSign.getdktElement(); > - addDerivedKeyElement(el); > - insertBeforeBottomUp(dkSign.getSignatureElement()); > - this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement()); > + addDerivedKeyElement(el); > + > + //Do signature > + if (bottomUpElement == null) { > + dkSign.computeSignature(referenceList, false, null); > + } else { > + dkSign.computeSignature(referenceList, true, bottomUpElement); > + } > + bottomUpElement = dkSign.getSignatureElement(); > + > + // TODO this.mainSigId = > addWsuIdToElement(dkSign.getSignatureElement()); + this.mainSigId = > dkSign.getId(); > > return dkSign.getSignatureValue(); > } > @@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext > } > > this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, > crypto); sig.prepare(saaj.getSOAPPart(), crypto, secHeader); > + String soap = > org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart()); + > LOG.log(Level.FINE, "SOAP: " + soap); > sig.setParts(sigs); > - sig.addReferencesToSign(sigs, secHeader); > + List referenceList = sig.addReferencesToSign(sigs, secHeader); > > //Do signature > - sig.computeSignature(); > + if (bottomUpElement == null) { > + sig.computeSignature(referenceList, false, null); > + } else { > + sig.computeSignature(referenceList, true, > bottomUpElement); + } > + bottomUpElement = sig.getSignatureElement(); > > - Element mainSigElement = sig.getSignatureElement(); > - insertBeforeBottomUp(mainSigElement); > - mainSigId = addWsuIdToElement(mainSigElement); > + // TODO mainSigId = addWsuIdToElement(mainSigElement); > + this.mainSigId = sig.getId(); > return sig.getSignatureValue(); > } > } > @@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext > > private String getEncryptedKey() { > > - Vector results = (Vector)message.getExchange().getInMessage() > + List results = (List)message.getExchange().getInMessage() > .get(WSHandlerConstants.RECV_RESULTS); > > for (int i = 0; i < results.size(); i++) { > WSHandlerResult rResult = > (WSHandlerResult) results.get(i); > > - Vector wsSecEngineResults = rResult.getResults(); > + List wsSecEngineResults = rResult.getResults(); > > for (int j = 0; j < wsSecEngineResults.size(); j++) { > WSSecurityEngineResult wser = > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/TransportBindingHandler.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBinding > Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/ > security/wss4j/policyhandlers/TransportBindingHandler.java Fri Nov 5 > 16:07:11 2010 @@ -20,6 +20,7 @@ > package org.apache.cxf.ws.security.wss4j.policyhandlers; > > import java.util.Collection; > +import java.util.List; > import java.util.Vector; > > import javax.xml.soap.SOAPMessage; > @@ -262,13 +263,11 @@ public class TransportBindingHandler ext > */ > > dkSig.setParts(sigParts); > - dkSig.addReferencesToSign(sigParts, secHeader); > + List referenceList = dkSig.addReferencesToSign(sigParts, > secHeader); > > //Do signature > - dkSig.computeSignature(); > - > dkSig.appendDKElementToHeader(secHeader); > - dkSig.appendSigToHeader(secHeader); > + dkSig.computeSignature(referenceList, false, null); > > return dkSig.getSignatureValue(); > } else { > @@ -276,10 +275,14 @@ public class TransportBindingHandler ext > if (sig != null) { > sig.prependBSTElementToHeader(secHeader); > > - sig.addReferencesToSign(sigParts, secHeader); > - insertBeforeBottomUp(sig.getSignatureElement()); > - > - sig.computeSignature(); > + List referenceList = sig.addReferencesToSign(sigParts, > secHeader); + > + if (bottomUpElement == null) { > + sig.computeSignature(referenceList, false, null); > + } else { > + sig.computeSignature(referenceList, true, > bottomUpElement); + } > + bottomUpElement = sig.getSignatureElement(); > > return sig.getSignatureValue(); > } else { > @@ -375,12 +378,10 @@ public class TransportBindingHandler ext > addDerivedKeyElement(dkSign.getdktElement()); > > dkSign.setParts(sigParts); > - dkSign.addReferencesToSign(sigParts, secHeader); > + List referenceList = dkSign.addReferencesToSign(sigParts, > secHeader); > > //Do signature > - dkSign.computeSignature(); > - > - dkSign.appendSigToHeader(secHeader); > + dkSign.computeSignature(referenceList, false, null); > > return dkSign.getSignatureValue(); > } else { > @@ -425,14 +426,16 @@ public class TransportBindingHandler ext > sig.prepare(doc, crypto, secHeader); > > sig.setParts(sigParts); > - sig.addReferencesToSign(sigParts, secHeader); > + List referenceList = sig.addReferencesToSign(sigParts, > secHeader); > > //Do signature > - sig.computeSignature(); > - > - //Add elements to header > - insertBeforeBottomUp(sig.getSignatureElement()); > - > + if (bottomUpElement == null) { > + sig.computeSignature(referenceList, false, null); > + } else { > + sig.computeSignature(referenceList, true, > bottomUpElement); + } > + bottomUpElement = sig.getSignatureElement(); > + > return sig.getSignatureValue(); > } > } > > Modified: > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/ > security/wss4j/CustomProcessor.java URL: > http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src > /test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=103165 > 2&r1=1031553&r2=1031652&view=diff > ========================================================================== > ==== --- > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/ > security/wss4j/CustomProcessor.java (original) +++ > cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/ > security/wss4j/CustomProcessor.java Fri Nov 5 16:07:11 2010 @@ -40,7 +40,7 > @@ public class CustomProcessor implements > final Crypto decCrypto, > final javax.security.auth.callback.CallbackHandler cb, > final WSDocInfo wsDocInfo, > - final java.util.Vector returnResults, > + final java.util.List returnResults, > final WSSConfig config > ) throws WSSecurityException { > final java.util.Map result = -- Daniel Kulp dk...@apache.org http://dankulp.com/blog