Author: nandana
Date: Wed Oct 1 21:09:53 2008
New Revision: 701003
URL: http://svn.apache.org/viewvc?rev=701003&view=rev
Log:
RAMPART-183 Fixing the error in validating signed parts / elements
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=701003&r1=701002&r2=701003&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Wed Oct 1 21:09:53 2008
@@ -29,6 +29,8 @@
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.SOAP11Constants;
+import org.apache.ws.security.SOAP12Constants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
@@ -39,6 +41,8 @@
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import com.ibm.wsdl.extensions.soap.SOAPConstants;
+
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -502,20 +506,44 @@
for(int i=0; i<signatureParts.size(); i++) {
WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
- Element headerElement = (Element) WSSecurityUtil.findElement(
- envelope, wsep.getName(), wsep.getNamespace() );
- if( headerElement == null ) {
- // The signedpart header we are checking is not present in
Soap header - this is allowed
- continue;
- }
+ if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
+
+ Element body;
+
+ if
(WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
+ body = WSSecurityUtil.findBodyElement(rmd.getDocument(),
new SOAP11Constants());
+ } else {
+ body = WSSecurityUtil.findBodyElement(rmd.getDocument(),
new SOAP12Constants());
+ }
+
+ if (!actuallySigned.contains(body)) {
+ // soap body is not signed
+ throw new RampartException("bodyNotSigned");
+ }
- // header element present - verify that it is part of signature
- if( actuallySigned.contains( headerElement) ) {
- continue;
- }
+ } else if (wsep.getType() == WSConstants.PART_TYPE_HEADER ||
+ wsep.getType() == WSConstants.PART_TYPE_ELEMENT) {
+
+ Element element = (Element) WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace() );
+ if( element == null ) {
+ // The signedpart header or element we are checking is not
present in
+ // soap envelope - this is allowed
+ continue;
+ }
+
+ // header or the element present in soap envelope - verify
that it is part of signature
+ if( actuallySigned.contains( element) ) {
+ continue;
+ }
+
+ String msg = wsep.getType() == WSConstants.PART_TYPE_HEADER ?
+ "signedPartHeaderNotSigned" :
"signedElementNotSigned";
+
+ // header or the element defined in policy is present but not
signed
+ throw new RampartException(msg, new String[] {
wsep.getNamespace()+":"+wsep.getName() });
- // header defined in policy is present but not signed
- throw new RampartException("signedPartHeaderNotSigned", new
String[] { wsep.getName() });
+ }
}
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?rev=701003&r1=701002&r2=701003&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
Wed Oct 1 21:09:53 2008
@@ -91,6 +91,8 @@
unexprectedEncryptedPart = Unexpected encrypted data found, no encryption
required
encryptionMissing = Expected encrypted part missing
signedPartHeaderNotSigned = Soap Header must be signed : {0}
+signedElementNotSigned = Element must be signed : {0}
+bodyNotSigned = Soap Body must be signed
unexprectedSignature = Unexpected signature
invalidTransport = Expected transport is "https" but incoming transport found
: \"{0}\"
requiredElementsMissing = Required Elements not found in the incoming message
: {0}
\ No newline at end of file
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=701003&r1=701002&r2=701003&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Wed Oct 1 21:09:53 2008
@@ -22,6 +22,8 @@
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
@@ -654,6 +656,8 @@
// Set request action
client.setAction(action);
+ client.setVersion(rmd.getWstVersion());
+
client.setRstTemplate(rstTemplate);
// Set crypto information
@@ -694,7 +698,12 @@
client.setOptions(options);
//Set soap version
-
client.setSoapVersion(msgContext.getOptions().getSoapVersionURI());
+ if (msgContext.isSOAP11()) {
+
client.setSoapVersion(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+ } else {
+
client.setSoapVersion(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+ }
+
//Make the request
org.apache.rahas.Token rst =
@@ -922,7 +931,7 @@
// check body
if(includeBody) {
if( sign ) {
- result.add(new
WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+ result.add(new
WSEncryptionPart(addWsuIdToElement(envelope.getBody()),null,WSConstants.PART_TYPE_BODY));
} else {
result.add(new
WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content",
WSConstants.PART_TYPE_BODY));
}
@@ -950,7 +959,7 @@
found.add( e );
if( sign ) {
- result.add(new WSEncryptionPart(e.getLocalName(),
wsep.getNamespace(), "Content"));
+ result.add(new WSEncryptionPart(e.getLocalName(),
wsep.getNamespace(), "Content", WSConstants.PART_TYPE_HEADER));
} else {
WSEncryptionPart encryptedHeader = new
WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element",
WSConstants.PART_TYPE_HEADER);
@@ -1011,10 +1020,10 @@
OMElement e = (OMElement)nodesIter.next();
if (sign) {
- result.add(new
WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(),
"Content"));
+ result.add(new
WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(),
"Content", WSConstants.PART_TYPE_ELEMENT));
} else {
- WSEncryptionPart encryptedElem = new
WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(),
"Element");
+ WSEncryptionPart encryptedElem = new
WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(),
"Element",WSConstants.PART_TYPE_ELEMENT);
OMAttribute wsuId = e.getAttribute(new
QName(WSConstants.WSU_NS, "Id"));
if ( wsuId != null ) {
