meder 2004/12/28 18:04:54
Modified: wss4j/src/org/apache/ws/security WSSecurityEngine.java
wss4j/src/org/apache/ws/security/conversation/message/token
RequestedProofToken.java
wss4j/src/org/apache/ws/security/message WSBaseMessage.java
WSEncryptBody.java WSSignEnvelope.java
wss4j/src/org/apache/ws/security/message/token
PKIPathSecurity.java
wss4j/src/org/apache/ws/security/util WSSecurityUtil.java
wss4j/test/secconv/components TestRSTR.java
Log:
Minor refactoring (probably more to come) and WS-I BSP compliance fixes
Revision Changes Path
1.43 +11 -7
ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
Index: WSSecurityEngine.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- WSSecurityEngine.java 13 Nov 2004 22:44:18 -0000 1.42
+++ WSSecurityEngine.java 29 Dec 2004 02:04:54 -0000 1.43
@@ -1151,7 +1151,7 @@
if (tmpE.getLocalName().equals("DataReference")) {
dataRefURI = ((Element) tmpE).getAttribute("URI");
decryptDataRef(doc, dataRefURI, decryptedBytes);
- }
+ }
}
}
@@ -1183,12 +1183,12 @@
}
boolean content = isContent(encBodyData);
- ;
// get the encryprion method
String symEncAlgo = getEncAlgo(encBodyData);
- SecretKey symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
decryptedBytes);
+ SecretKey symmetricKey = WSSecurityUtil.prepareSecretKey(
+ symEncAlgo, decryptedBytes);
// initialize Cipher ....
XMLCipher xmlCipher = null;
@@ -1269,7 +1269,7 @@
Element tmpE =
(Element) WSSecurityUtil.findElement((Node) encBodyData,
- "KeyName",
+ "KeyInfo",
WSConstants.SIG_NS);
SecretKey symmetricKey = getSharedKey(tmpE, symEncAlgo, cb);
@@ -1335,11 +1335,15 @@
return symEncAlgo;
}
- protected SecretKey getSharedKey(Element keyNmElem,
- String algorithm,
- CallbackHandler cb)
+ protected SecretKey getSharedKey(Element keyInfoElem,
+ String algorithm,
+ CallbackHandler cb)
throws WSSecurityException {
String keyName = null;
+ Element keyNmElem =
+ (Element) WSSecurityUtil.getDirectChild(keyInfoElem,
+ "KeyName",
+ WSConstants.SIG_NS);
if (keyNmElem != null) {
keyNmElem.normalize();
Node tmpN;
1.7 +0 -2
ws-fx/wss4j/src/org/apache/ws/security/conversation/message/token/RequestedProofToken.java
Index: RequestedProofToken.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/conversation/message/token/RequestedProofToken.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- RequestedProofToken.java 16 Oct 2004 06:06:54 -0000 1.6
+++ RequestedProofToken.java 29 Dec 2004 02:04:54 -0000 1.7
@@ -171,8 +171,6 @@
// "RequestedProofToken")
// .item(0)));
wsEncrypt.build(doc, crypto);
- this.sharedSecret = wsEncrypt.getSymmetricKey().getEncoded();
- log.debug(" RequestedProofToken, encryption ,Shared secret is ::
" + new String(this.sharedSecret));
} catch (WSSecurityException e) {
e.printStackTrace();
}
1.14 +1 -1
ws-fx/wss4j/src/org/apache/ws/security/message/WSBaseMessage.java
Index: WSBaseMessage.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSBaseMessage.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- WSBaseMessage.java 30 Aug 2004 09:39:23 -0000 1.13
+++ WSBaseMessage.java 29 Dec 2004 02:04:54 -0000 1.14
@@ -61,7 +61,7 @@
* @param actor The actor name of the <code>wsse:Security</code> header
*/
public WSBaseMessage(String actor) {
- setActor(actor);
+ this(actor, true);
}
/**
1.26 +89 -127
ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java
Index: WSEncryptBody.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- WSEncryptBody.java 13 Nov 2004 22:44:19 -0000 1.25
+++ WSEncryptBody.java 29 Dec 2004 02:04:54 -0000 1.26
@@ -268,12 +268,13 @@
* Certificates
* @return the SOAP envelope with encrypted Body as <code>Document
* </code>
- * @throws Exception
+ * @throws WSSecurityException
*/
public Document build(Document doc, Crypto crypto) throws
WSSecurityException {
doDebug = log.isDebugEnabled();
- if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME ||
keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
+ if (keyIdentifierType == WSConstants.EMBEDDED_KEYNAME ||
+ keyIdentifierType == WSConstants.EMBED_SECURITY_TOKEN_REF) {
return buildEmbedded(doc, crypto);
}
@@ -286,80 +287,21 @@
}
/*
- * First step: set the encryption encoding namespace in the
SOAP:Envelope
- */
- Element envelope = doc.getDocumentElement();
- envelope.setAttributeNS(WSConstants.XMLNS_NS,
- "xmlns:" + WSConstants.ENC_PREFIX,
- WSConstants.ENC_NS);
-
- SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
-
- /*
* Second step: generate a symmetric key (session key) for
* this alogrithm, and set the cipher into encryption mode.
*/
// This variable is made a classs attribute :: SecretKey
symmetricKey = null;
- KeyGenerator keyGen = getKeyGenerator();
- symmetricKey = keyGen.generateKey();
- XMLCipher xmlCipher = null;
- try {
- xmlCipher = XMLCipher.getInstance(symEncAlgo);
- } catch (XMLEncryptionException e3) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e3);
+ SecretKey encryptionKey = this.symmetricKey;
+ if (encryptionKey == null) {
+ KeyGenerator keyGen = getKeyGenerator();
+ encryptionKey = keyGen.generateKey();
}
+ Vector encDataRefs = doEncryption(doc, encryptionKey);
- // if no encryption parts set - use the default
- if (parts == null) {
- parts = new Vector();
- WSEncryptionPart encP =
- new
WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
- soapConstants.getEnvelopeURI(),
- "Content");
- parts.add(encP);
+ if (tlog.isDebugEnabled()) {
+ t1 = System.currentTimeMillis();
}
- Vector encDataRefs = new Vector();
-
- for (int part = 0; part < parts.size(); part++) {
- WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
- String elemName = encPart.getName();
- String nmSpace = encPart.getNamespace();
- String modifier = encPart.getEncModifier();
- /*
- * Third step: get the data to encrypt.
- */
- Element body =
- (Element) WSSecurityUtil.findElement(envelope,
- elemName,
- nmSpace);
- if (body == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noEncElement",
- new Object[]{"{" + nmSpace + "}" + elemName});
- }
-
- boolean content = modifier.equals("Content") ? true : false;
- String xencEncryptedDataId = "EncDataId-" + body.hashCode();
-
- /*
- * Forth step: encrypt data, and set neccessary attributes in
- * xenc:EncryptedData
- */
- try {
- xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
- EncryptedData encData = xmlCipher.getEncryptedData();
- encData.setId(xencEncryptedDataId);
- xmlCipher.doFinal(doc, body, content);
- } catch (Exception e2) {
- throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e2);
- }
- if (tlog.isDebugEnabled()) {
- t1 = System.currentTimeMillis();
- }
-
- encDataRefs.add(new String("#" + xencEncryptedDataId));
- }
/*
* At this point data is encrypted with the symmetric key and can be
* referenced via the above Id
@@ -393,7 +335,7 @@
} catch (InvalidKeyException e) {
throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e);
}
- byte[] encKey = symmetricKey.getEncoded();
+ byte[] encKey = encryptionKey.getEncoded();
if (doDebug) {
log.debug("cipher blksize: "
+ cipher.getBlockSize()
@@ -483,7 +425,8 @@
}
KeyInfo keyInfo = new KeyInfo(doc);
keyInfo.addUnknownElement(secToken.getElement());
- WSSecurityUtil.appendChildElement(doc, xencEncryptedKey,
keyInfo.getElement());
+ WSSecurityUtil.appendChildElement(
+ doc, xencEncryptedKey, keyInfo.getElement());
Element xencCipherValue = createCipherValue(doc, xencEncryptedKey);
xencCipherValue.appendChild(keyText);
@@ -501,25 +444,17 @@
return doc;
}
- private Document buildEmbedded(Document doc, Crypto crypto)
- throws WSSecurityException {
- doDebug = log.isDebugEnabled();
-
- long t0 = 0, t1 = 0, t2 = 0, t3 = 0;
- if (tlog.isDebugEnabled()) {
- t0 = System.currentTimeMillis();
- }
- if (doDebug) {
- log.debug("Beginning Encryption embedded...");
- }
-
- if (embeddedKey == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "noKeySupplied");
- }
+ private Vector doEncryption(Document doc, SecretKey encryptionKey)
+ throws WSSecurityException {
+ return doEncryption(doc, encryptionKey, null);
+ }
+ private Vector doEncryption(Document doc,
+ SecretKey encryptionKey,
+ KeyInfo keyInfo)
+ throws WSSecurityException {
/*
- * First step: set the encoding namespace in the SOAP:Envelope
+ * First step: set the encryption encoding namespace in the
SOAP:Envelope
*/
Element envelope = doc.getDocumentElement();
envelope.setAttributeNS(WSConstants.XMLNS_NS,
@@ -527,20 +462,12 @@
WSConstants.ENC_NS);
SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
- /*
- * Second step: generate a symmetric key from the specified
- * key (password) for this alogrithm, and set the cipher into
- * encryption mode.
- */
- if (symmetricKey == null) {
- symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
- embeddedKey);
- }
+
XMLCipher xmlCipher = null;
try {
xmlCipher = XMLCipher.getInstance(symEncAlgo);
- } catch (XMLEncryptionException e1) {
- throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e1);
+ } catch (XMLEncryptionException e3) {
+ throw new
WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e3);
}
// if no encryption parts set - use the default
@@ -555,8 +482,6 @@
Vector encDataRefs = new Vector();
- Element tmpE = null;
-
for (int part = 0; part < parts.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
String elemName = encPart.getName();
@@ -572,49 +497,86 @@
if (body == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noEncElement",
- new Object[]{nmSpace, elemName});
+ new Object[]{"{" + nmSpace + "}" + elemName});
}
boolean content = modifier.equals("Content") ? true : false;
String xencEncryptedDataId = "EncDataId-" + body.hashCode();
- KeyInfo keyInfo = null;
- if (this.keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
- keyInfo = new KeyInfo(doc);
- keyInfo.addKeyName(embeddedKeyName == null ? user :
embeddedKeyName);
- } else if (this.keyIdentifierType ==
WSConstants.EMBED_SECURITY_TOKEN_REF) {
- /* This means that we want to embed a
<wsse:SecurityTokenReference>
- * into keyInfo element.
- * If we need this functionality, this.secRef MUST be set
before
- * calling the build(doc, crypto) method.
- * So if secRef is null then throw an exception.
- */
- if (this.securityTokenReference == null) {
- throw new
WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "You must
set keyInfo element, if the keyIdentifier ==EMBED_SECURITY_TOKEN_REF");
- } else {
- keyInfo = new KeyInfo(doc);
-
keyInfo.addUnknownElement(securityTokenReference.getElement());
- }
- }
/*
* Forth step: encrypt data, and set neccessary attributes in
* xenc:EncryptedData
*/
try {
- xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, encryptionKey);
EncryptedData encData = xmlCipher.getEncryptedData();
encData.setId(xencEncryptedDataId);
encData.setKeyInfo(keyInfo);
xmlCipher.doFinal(doc, body, content);
- } catch (Exception e) {
- throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e);
- }
- if (tlog.isDebugEnabled()) {
- t1 = System.currentTimeMillis();
+ } catch (Exception e2) {
+ throw new
WSSecurityException(WSSecurityException.FAILED_ENC_DEC, null, null, e2);
}
- // remember references
encDataRefs.add(new String("#" + xencEncryptedDataId));
}
+ return encDataRefs;
+ }
+
+ private Document buildEmbedded(Document doc, Crypto crypto)
+ throws WSSecurityException {
+ doDebug = log.isDebugEnabled();
+
+ long t0 = 0, t1 = 0;
+ if (tlog.isDebugEnabled()) {
+ t0 = System.currentTimeMillis();
+ }
+ if (doDebug) {
+ log.debug("Beginning Encryption embedded...");
+ }
+
+ if (embeddedKey == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "noKeySupplied");
+ }
+
+ /*
+ * Second step: generate a symmetric key from the specified
+ * key (password) for this alogrithm, and set the cipher into
+ * encryption mode.
+ */
+ SecretKey encryptionKey = this.symmetricKey;
+ if (encryptionKey == null) {
+ encryptionKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
+ embeddedKey);
+ }
+
+ KeyInfo keyInfo = null;
+ if (this.keyIdentifierType == WSConstants.EMBEDDED_KEYNAME) {
+ keyInfo = new KeyInfo(doc);
+ keyInfo.addKeyName(embeddedKeyName == null ? user :
embeddedKeyName);
+ } else if (this.keyIdentifierType ==
WSConstants.EMBED_SECURITY_TOKEN_REF) {
+ /* This means that we want to embed a
<wsse:SecurityTokenReference>
+ * into keyInfo element.
+ * If we need this functionality, this.secRef MUST be set before
+ * calling the build(doc, crypto) method.
+ * So if secRef is null then throw an exception.
+ */
+ if (this.securityTokenReference == null) {
+ throw new WSSecurityException(
+ WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+ "You must set keyInfo element, if the keyIdentifier
" +
+ "== EMBED_SECURITY_TOKEN_REF");
+ } else {
+ keyInfo = new KeyInfo(doc);
+ Element tmpE = securityTokenReference.getElement();
+ tmpE.setAttributeNS(WSConstants.XMLNS_NS,
+ "xmlns:" + tmpE.getPrefix(),
+ tmpE.getNamespaceURI());
+
keyInfo.addUnknownElement(securityTokenReference.getElement());
+ }
+ }
+
+ Vector encDataRefs = doEncryption(doc, encryptionKey, keyInfo);
+
/*
* At this point data is encrypted with the symmetric key and can be
* referenced via the above Id
@@ -628,7 +590,7 @@
*/
Element wsseSecurity = insertSecurityHeader(doc);
- tmpE = doc.createElement("temp");
+ Element tmpE = doc.createElement("temp");
Element refList = createDataRefList(doc, tmpE, encDataRefs);
WSSecurityUtil.prependChildElement(doc, wsseSecurity, refList, true);
1.22 +124 -20
ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java
Index: WSSignEnvelope.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- WSSignEnvelope.java 13 Nov 2004 22:44:19 -0000 1.21
+++ WSSignEnvelope.java 29 Dec 2004 02:04:54 -0000 1.22
@@ -45,6 +45,11 @@
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.InclusiveNamespaces;
+import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
+
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.SAMLObject;
@@ -52,10 +57,14 @@
import org.opensaml.SAMLSubjectStatement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NamedNodeMap;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Vector;
+import java.util.Set;
+import java.util.HashSet;
/**
* Signs a SOAP envelope according to WS Specification, X509 profile, and
adds
@@ -85,7 +94,6 @@
"org.apache.ws.security.transform.STRTransform");
} catch (Exception ex) {
}
- ;
}
/**
@@ -207,7 +215,7 @@
* @param crypto An instance of the Crypto API to handle keystore and
* certificates
* @return A signed SOAP envelope as <code>Document</code>
- * @throws Exception
+ * @throws WSSecurityException
*/
public Document build(Document doc, Crypto crypto)
throws WSSecurityException {
@@ -236,7 +244,7 @@
// Set the id of the elements to be used as digest source
// String id = setBodyID(doc);
String certUri = null;
- X509Certificate[] certs = null;
+ X509Certificate[] certs = null;
if (keyIdentifierType != WSConstants.UT_SIGNING) {
certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
@@ -260,12 +268,44 @@
}
}
XMLSignature sig = null;
- try {
- sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
- } catch (XMLSecurityException e) {
- log.error("", e);
- throw new
WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
+
+ if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+ Element canonElem = XMLUtils.createElementInSignatureSpace(
+ doc,
+ Constants._TAG_CANONICALIZATIONMETHOD);
+
+ canonElem.setAttributeNS(
+ null,
+ Constants._ATT_ALGORITHM,
+ canonAlgo);
+
+ Set prefixes = getInclusivePrefixes(securityHeader, false);
+
+ InclusiveNamespaces inclusiveNamespaces = new
InclusiveNamespaces(
+ doc, prefixes);
+
+ canonElem.appendChild(inclusiveNamespaces.getElement());
+
+ try {
+ SignatureAlgorithm signatureAlgorithm =
+ new SignatureAlgorithm(doc, sigAlgo);
+ sig = new XMLSignature(
+ doc, null, signatureAlgorithm.getElement(), canonElem);
+ } catch (XMLSecurityException e) {
+ log.error("", e);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE,
+ "noXMLSig");
+ }
+ } else {
+ try {
+ sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
+ } catch (XMLSecurityException e) {
+ log.error("", e);
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_SIGNATURE,
"noXMLSig");
+ }
}
/*
* If we don't generate a new Transforms for each addDocument here,
then
@@ -310,16 +350,23 @@
* the token itself. If its a direct reference sign the token,
* otherwise sign the KeyInfo Element. "STRTransform": Setup the
* ds:Reference to use STR Transform
- *
+ *
*/
try {
if (elemName.equals("Token")) {
transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- if (keyIdentifierType
- == WSConstants.BST_DIRECT_REFERENCE) {
+ if (keyIdentifierType ==
WSConstants.BST_DIRECT_REFERENCE) {
+ transforms.item(0).getElement().appendChild(
+ new InclusiveNamespaces(
+ doc, getInclusivePrefixes(
+ securityHeader)).getElement());
sig.addDocument("#" + certUri, transforms);
} else {
+ transforms.item(0).getElement().appendChild(
+ new InclusiveNamespaces(
+ doc, getInclusivePrefixes(
+ info.getElement())).getElement());
sig.addDocument("#" + keyInfoUri, transforms);
}
} else if (elemName.equals("STRTransform")) { // STRTransform
@@ -340,6 +387,9 @@
}
transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ transforms.item(0).getElement().appendChild(
+ new InclusiveNamespaces(
+ doc, getInclusivePrefixes(body)).getElement());
sig.addDocument("#" + setWsuId(body), transforms);
}
} catch (TransformationException e1) {
@@ -364,7 +414,7 @@
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
}
-
+
byte[] secretKey = null;
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
@@ -415,7 +465,7 @@
secRef.setReference(refUt);
secretKey = usernameToken.getSecretKey();
break;
-
+
default :
throw new WSSecurityException(WSSecurityException.FAILURE,
"unsupportedKeyId");
@@ -538,8 +588,8 @@
wsDocInfo.setCrypto(issuerCrypto);
}
/*
- * in case of key holder:
- * - get the user's certificate that _must_ be included in the SAML
+ * in case of key holder:
+ * - get the user's certificate that _must_ be included in the SAML
* token. To ensure the cert integrity the SAML token must be signed
* (by the issuer). Just check if its signed, but
* don't verify this SAML token's signature here (maybe later).
@@ -629,11 +679,11 @@
/*
* If the sender vouches, then we must sign the SAML token _and_ at
* least one part of the message (usually the SOAP body). To do so we
- * need to
+ * need to
* - put in a reference to the SAML token. Thus we create a STR
- * and insert it into the wsse:Security header
- * - set a reference of the created STR to the signature and use STR
- * Transfrom during the signature
+ * and insert it into the wsse:Security header
+ * - set a reference of the created STR to the signature and use STR
+ * Transfrom during the signature
*/
Transforms transforms = null;
SecurityTokenReference secRefSaml = null;
@@ -669,7 +719,7 @@
* reference sign the token, otherwise sign the KeyInfo
* Element. "STRTransform": Setup the ds:Reference to use STR
* Transform
- *
+ *
*/
if (elemName.equals("Token")) {
transforms = new Transforms(doc);
@@ -832,5 +882,59 @@
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
transformParam.appendChild(canonElem);
return transformParam;
+ }
+
+ protected Set getInclusivePrefixes(Element target) {
+ return getInclusivePrefixes(target, true);
+ }
+
+ protected Set getInclusivePrefixes(Element target, boolean
excludeVisible) {
+ Set result = new HashSet();
+ Node parent = target;
+ NamedNodeMap attributes;
+ Node attribute;
+ while (! (parent.getParentNode() instanceof Document)) {
+ parent = parent.getParentNode();
+ attributes = parent.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ attribute = attributes.item(i);
+ if (attribute.getNamespaceURI() != null &&
+ attribute.getNamespaceURI().equals(
+ org.apache.ws.security.WSConstants.XMLNS_NS)) {
+ if (attribute.getNodeName().equals("xmlns")) {
+ result.add("#default");
+ } else {
+ result.add(attribute.getLocalName());
+ }
+ }
+ }
+ }
+
+ if (excludeVisible == true) {
+ attributes = target.getAttributes();
+ for (int i = 0; i < attributes.getLength(); i++) {
+ attribute = attributes.item(i);
+ if (attribute.getNamespaceURI() != null &&
+ attribute.getNamespaceURI().equals(
+ org.apache.ws.security.WSConstants.XMLNS_NS)) {
+ if (attribute.getNodeName().equals("xmlns")) {
+ result.remove("#default");
+ } else {
+ result.remove(attribute.getLocalName());
+ }
+ }
+ if (attribute.getPrefix() != null) {
+ result.remove(attribute.getPrefix());
+ }
+ }
+
+ if (target.getPrefix() == null) {
+ result.remove("#default");
+ } else {
+ result.remove(target.getPrefix());
+ }
+ }
+
+ return result;
}
}
1.9 +16 -8
ws-fx/wss4j/src/org/apache/ws/security/message/token/PKIPathSecurity.java
Index: PKIPathSecurity.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/token/PKIPathSecurity.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- PKIPathSecurity.java 9 Aug 2004 17:53:45 -0000 1.8
+++ PKIPathSecurity.java 29 Dec 2004 02:04:54 -0000 1.9
@@ -41,10 +41,14 @@
*
* @throws WSSecurityException
*/
- public PKIPathSecurity(WSSConfig wssConfig, Element elem) throws
WSSecurityException {
+ public PKIPathSecurity(WSSConfig wssConfig, Element elem)
+ throws WSSecurityException {
super(wssConfig, elem);
if (!getValueType().equals(getType(wssConfig))) {
- throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidValueType", new Object[]{getType(wssConfig), getValueType()});
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
+ "invalidValueType",
+ new Object[]{getType(wssConfig), getValueType()});
}
}
@@ -62,11 +66,12 @@
* <p/>
*
* @param reverse
+ * @param crypto
* @return
- * @throws GeneralSecurityException
- * @throws IOException
+ * @throws WSSecurityException
*/
- public X509Certificate[] getX509Certificates(boolean reverse, Crypto
crypto) throws WSSecurityException {
+ public X509Certificate[] getX509Certificates(boolean reverse, Crypto
crypto)
+ throws WSSecurityException {
byte[] data = getToken();
if (data == null) {
return null;
@@ -82,10 +87,13 @@
*
* @param certs
* @param reverse
- * @throws CertificateEncodingException
- * @throws IOException
+ * @param crypto
+ * @throws WSSecurityException
*/
- public void setX509Certificates(X509Certificate[] certs, boolean
reverse, Crypto crypto) throws WSSecurityException {
+ public void setX509Certificates(X509Certificate[] certs,
+ boolean reverse,
+ Crypto crypto)
+ throws WSSecurityException {
if (certs == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noCert");
1.26 +7 -7
ws-fx/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java
Index: WSSecurityUtil.java
===================================================================
RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- WSSecurityUtil.java 13 Nov 2004 22:44:19 -0000 1.25
+++ WSSecurityUtil.java 29 Dec 2004 02:04:54 -0000 1.26
@@ -73,13 +73,13 @@
* @return the <code>wsse:Security</code> element or
* <code>null</code> if not such element found
*/
- public static Element getSecurityHeader(WSSConfig wssConfig, Document
doc, String actor, SOAPConstants sc) {
-
- // TODO skip non-element element, e.g. comments.
- Element soapHeaderElement =
- (Element) getDirectChild(doc.getFirstChild(),
- sc.getHeaderQName().getLocalPart(),
- sc.getEnvelopeURI());
+ public static Element getSecurityHeader(
+ WSSConfig wssConfig, Document doc, String actor, SOAPConstants sc) {
+ // TODO skip non-element element, e.g. comments.
+ Element soapHeaderElement =
+ (Element) getDirectChild(doc.getFirstChild(),
+ sc.getHeaderQName().getLocalPart(),
+ sc.getEnvelopeURI());
if (soapHeaderElement == null) { // no SOAP header at all
return null;
1.4 +0 -4 ws-fx/wss4j/test/secconv/components/TestRSTR.java
Index: TestRSTR.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/test/secconv/components/TestRSTR.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TestRSTR.java 16 Oct 2004 06:05:00 -0000 1.3
+++ TestRSTR.java 29 Dec 2004 02:04:54 -0000 1.4
@@ -215,10 +215,6 @@
RequestedProofToken reqProof = stRes.getRequestedProofToken();
reqProof.doEncryptProof(doc, this.crypto,
"16c73ab6-b892-458f-abf5-2f875f74882e");
- byte[] symKey = reqProof.getSharedSecret();
- if(symKey==null){
- throw new Exception("Cannot get the symmetric key used to
produce <ds:EncryptedData>");
- }
/*
* convert the resulting document into a message first. The
toSOAPMessage()
