java...

ruchithf Thu, 08 Feb 2007 05:23:04 -0800

Author: ruchithf
Date: Thu Feb  8 05:22:42 2007
New Revision: 504884

URL: http://svn.apache.org/viewvc?view=rev&rev=504884
Log:
Applied Hans' patch to RAMPART-8 with some modifications


https://issues.apache.org/jira/browse/RAMPART-8



Modified:
    
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
    
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
    
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
    
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
    
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
    
webservices/rampart/trunk/java/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java

Modified: 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 Thu Feb  8 05:22:42 2007
@@ -30,6 +30,8 @@
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
@@ -37,6 +39,7 @@
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Iterator;
+import java.util.Set;
 import java.util.Vector;
 
 public class PolicyBasedResultsValidator {
@@ -74,6 +77,8 @@
         
         validateEncryptedParts(data, results);
 
+        validateSignedPartsHeaders(data, results);
+
         //Supporting tokens
         if(!rmd.isClientSide()) {
             validateSupportingTokens(data, results);
@@ -311,6 +316,53 @@
         
     }
 
+    private void validateSignedPartsHeaders(ValidatorData data, Vector 
results) 
+    throws RampartException {
+        
+        RampartMessageData rmd = data.getRampartMessageData();
+        
+        Node envelope = rmd.getDocument().getFirstChild();
+        
+        WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+                results, WSConstants.SIGN);
+
+        // Find elements that are signed
+        Vector actuallySigned = new Vector();
+        if( actionResult != null ) { 
+            Set signedIDs = actionResult.getSignedElements();
+            for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+                String e = (String) i.next();
+                
+                Element element = WSSecurityUtil.findElementById(envelope, e, 
WSConstants.WSU_NS);
+                actuallySigned.add( element );
+            }
+        }
+        
+        RampartPolicyData rpd = rmd.getPolicyData();
+        
+        // Get list to check from Policy
+        Vector signedParts = rpd.getSignedParts();
+        for(int i=0; i<signedParts.size(); i++) {
+            WSEncryptionPart wsep = (WSEncryptionPart) signedParts.get( i );
+            
+            Element headerElement = (Element) WSSecurityUtil.findElement(
+                    envelope, wsep.getName(), wsep.getNamespace() );
+            if( headerElement == null ) {
+                // The signedpart header we are checking is not present in 
Soap header - this is allowed
+                continue;
+            }
+            
+            // header elemement present - verify that it is part of signature
+            if( actuallySigned.contains( headerElement) ) {
+                continue;
+            }
+            
+            // header defined in policy is present but not signed
+            throw new RampartException("signedPartHeaderNotSigned", new 
String[] { wsep.getName() });
+        }
+    }
+
+    
     private boolean isSignatureRequired(RampartPolicyData rpd) {
         return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
                 (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() && 

Modified: 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
 Thu Feb  8 05:22:42 2007
@@ -80,4 +80,5 @@
 usernameTokenMissing = UsernameToken missing in request
 signatureMissing = Message is not signed
 unexprectedEncryptedPart = Unexpected encrypted data found, no encryption 
required
-encryptionMissing = Expected encrypted part missing
\ No newline at end of file
+encryptionMissing = Expected encrypted part missing
+signedPartHeaderNotSigned = Soap Header must be signed : {0}

Modified: 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
 Thu Feb  8 05:22:42 2007
@@ -214,7 +214,7 @@
             rpd.setSignBody(sep.isBody());
             while (it.hasNext()) {
                 Header header = (Header) it.next();
-                rpd.setSignedParts(header.getNamespace(), header.getName());
+                rpd.addSignedPart(header.getNamespace(), header.getName());
             }
         } else {
             rpd.setEncryptBody(sep.isBody());

Modified: 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
 Thu Feb  8 05:22:42 2007
@@ -333,13 +333,21 @@
      * @param element
      *            The part's element name.
      */
-    public void setSignedParts(String namespace, String element) {
+    public void addSignedPart(String namespace, String element) {
 
         WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
                 "Content");
         signedParts.add(wep);
     }
 
+    public void addSignedPart(WSEncryptionPart part) {
+        signedParts.add(part);
+    }
+    
+    public void setSignedParts(Vector signedParts) {
+        this.signedParts = signedParts;
+    }
+    
     public void setSupportingTokens(SupportingToken suppTokens)
             throws WSSPolicyException {
 
@@ -631,4 +639,5 @@
     public Policy getIssuerPolicy() {
         return issuerPolicy;
     }
+
 }

Modified: 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
 Thu Feb  8 05:22:42 2007
@@ -532,25 +532,32 @@
     
     public static Vector getSignedParts(RampartMessageData rmd) {
         RampartPolicyData rpd =  rmd.getPolicyData();
-        Vector parts = rpd.getSignedParts();
-        SOAPEnvelope envelope = rmd
-                            .getMsgContext().getEnvelope();
+        SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+        
         if(rpd.isEntireHeadersAndBodySignatures()) {
+            
+            //Reset the signedParrts vector in RampartPolicyData to an empty
+            //vector to prvent singing headers twice, if the policy contained 
+            //a SignedParts assertion
+            rpd.setSignedParts(new Vector());
             Iterator childElems = envelope.getHeader().getChildElements();
             while (childElems.hasNext()) {
                 OMElement element = (OMElement) childElems.next();
                 if(!element.getQName().equals(new QName(WSConstants.WSSE_NS, 
WSConstants.WSSE_LN)) &&
                         !element.getQName().equals(new 
QName(WSConstants.WSSE11_NS, WSConstants.WSSE_LN))) {
-                    parts.add(new 
WSEncryptionPart(addWsuIdToElement(element)));
+                    rpd.addSignedPart(new 
WSEncryptionPart(addWsuIdToElement(element)));
                 }
             }
-            parts.add(new 
WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+            rpd.addSignedPart(new 
WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
             
-        } else if(rpd.isEncryptBody()) {
-            parts.add(new 
WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+        } else {
+            // Copy list of headers to sign from Policy
+            if(rpd.isSignBody()) {
+                rpd.addSignedPart(new 
WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+            }
         }
         
-        return parts;
+        return rpd.getSignedParts();
     }
     
     public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo) 
throws WSSecurityException {

Modified: 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?view=diff&rev=504884&r1=504883&r2=504884
==============================================================================
--- 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
 Thu Feb  8 05:22:42 2007
@@ -33,14 +33,12 @@
 
 import javax.xml.namespace.QName;
 
-import java.io.File;
-
 import junit.framework.TestCase;
 
 
 public class RampartTest extends TestCase {
     
-    public final static int PORT = 5556;//UtilServer.TESTING_PORT;
+    public final static int PORT = UtilServer.TESTING_PORT;
     
     public RampartTest(String name) {
         super(name);

svn commit: r504884 - in /webservices/rampart/trunk/java/modules: rampart-core/src/main/java/org/apache/rampart/ rampart-core/src/main/java/org/apache/rampart/policy/ rampart-core/src/main/java/org/apache/rampart/util/ rampart-integration/src/test/java...

Reply via email to