Author: nandana
Date: Fri Aug 28 08:00:48 2009
New Revision: 808800
URL: http://svn.apache.org/viewvc?rev=808800&view=rev
Log:
RAMPART-200 Applying the patch. Thanks Prabath
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Fri Aug 28 08:00:48 2009
@@ -22,6 +22,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.*;
@@ -112,6 +113,17 @@
new
WSEncryptionPart("SignedEndorsingSupportingTokens"));
}
}
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken supportingToken = (SupportingToken)
supportingToks.get(i);
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new
SupportingPolicyData();
+ policyData.build(supportingToken);
+
encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+
signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ }
}
validateEncrSig(data,encryptedParts, signatureParts, results);
@@ -248,8 +260,11 @@
//Check for UsernameToken
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
- SupportingToken suppTok = rpd.getSupportingTokens();
- handleSupportingTokens(results, suppTok);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ handleSupportingTokens(results, suppTok);
+ }
SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
handleSupportingTokens(results, signedSuppToken);
SupportingToken signedEndSuppToken =
rpd.getSignedEndorsingSupportingTokens();
@@ -529,18 +544,22 @@
Node envelope = rmd.getDocument().getFirstChild();
- WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
- results, WSConstants.SIGN);
+ WSSecurityEngineResult[] actionResults = fetchActionResults(results,
WSConstants.SIGN);
// Find elements that are signed
Vector actuallySigned = new Vector();
- if( actionResult != null ) {
- Set signedIDs =
(Set)actionResult.get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
-
- Element element = WSSecurityUtil.findElementById(envelope, e,
WSConstants.WSU_NS);
- actuallySigned.add( element );
+ if (actionResults != null) {
+ for (int j = 0; j < actionResults.length; j++) {
+ WSSecurityEngineResult actionResult = actionResults[j];
+ Set signedIDs = (Set) actionResult
+ .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
+ for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+ String e = (String) i.next();
+
+ Element element = WSSecurityUtil.findElementById(envelope,
e,
+ WSConstants.WSU_NS);
+ actuallySigned.add(element);
+ }
}
}
@@ -826,9 +845,12 @@
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
- SupportingToken suppTok = rpd.getSupportingTokens();
- if(isUsernameTokenPresent(suppTok)){
- return true;
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ if (isUsernameTokenPresent(suppTok)) {
+ return true;
+ }
}
SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
@@ -897,6 +919,24 @@
}
+ public static WSSecurityEngineResult[] fetchActionResults(Vector
wsResultVector, int action) {
+ List wsResult = new ArrayList();
+
+ // Find the part of the security result that matches the given action
+ for (int i = 0; i < wsResultVector.size(); i++) {
+ // Check the result of every action whether it matches the given
action
+ WSSecurityEngineResult result = (WSSecurityEngineResult)
wsResultVector.get(i);
+ int resultAction = ((java.lang.Integer)
result.get(WSSecurityEngineResult.TAG_ACTION))
+ .intValue();
+ if (resultAction == action) {
+ wsResult.add((WSSecurityEngineResult) wsResultVector.get(i));
+ }
+ }
+
+ return (WSSecurityEngineResult[]) wsResult.toArray(new
WSSecurityEngineResult[wsResult
+ .size()]);
+ }
+
private boolean isRefIdPresent(ArrayList refList , QName qname) {
for (int i = 0; i < refList.size() ; i++) {
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
Fri Aug 28 08:00:48 2009
@@ -24,12 +24,14 @@
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
@@ -236,8 +238,10 @@
SupportingToken sgndEndEncSuppTokens =
rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd,
sgndEndEncSuppTokens);
- SupportingToken supportingToks = rpd.getSupportingTokens();
- this.handleSupportingTokens(rmd, supportingToks);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd,
(SupportingToken)supportingToks.get(i));
+ }
SupportingToken encryptedSupportingToks =
rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
@@ -390,8 +394,10 @@
SupportingToken sgndEndEncSuppTokens =
rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd,
sgndEndEncSuppTokens);
- SupportingToken supportingToks = rpd.getSupportingTokens();
- this.handleSupportingTokens(rmd, supportingToks);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd,
(SupportingToken)supportingToks.get(i));
+ }
SupportingToken encryptedSupportingToks =
rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
@@ -413,6 +419,23 @@
this.doSignature(rmd);
}
+ Vector supportingToks = rpd.getSupportingPolicyData();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingPolicyData policyData = null;
+ if (supportingToks.get(i) != null) {
+ policyData = (SupportingPolicyData) supportingToks.get(i);
+ Vector supportingSigParts =
RampartUtil.getSupportingSignedParts(rmd,
+ policyData);
+
+ if (supportingSigParts.size() > 0
+ && ((rmd.isInitiator() && rpd.getInitiatorToken() !=
null) || (!rmd
+ .isInitiator() && rpd.getRecipientToken() !=
null))) {
+ // Do signature for policies defined under SupportingToken.
+ this.doSupportingSignature(rmd,
supportingSigParts,policyData);
+ }
+ }
+ }
+
//Do endorsed signature
if (rmd.isInitiator()) {
@@ -546,6 +569,22 @@
}
}
+ Vector supportingTokens = rpd.getSupportingPolicyData();
+ for (int i = 0; i < supportingTokens.size(); i++) {
+ SupportingPolicyData policyData = null;
+ if (supportingTokens.get(i) != null) {
+ policyData = (SupportingPolicyData) supportingTokens.get(i);
+ Token supportingEncrToken = policyData.getEncryptionToken();
+ Vector supoortingEncrParts =
RampartUtil.getSupportingEncryptedParts(rmd,
+ policyData);
+
+ if (supportingEncrToken != null && supoortingEncrParts.size()
> 0) {
+ doEncryptionWithSupportingToken(rpd, rmd,
supportingEncrToken, doc,
+ supoortingEncrParts);
+ }
+ }
+ }
+
if(dotDebug){
t2 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0)
@@ -553,6 +592,57 @@
}
}
+
+ private void doSupportingSignature(RampartMessageData rmd, Vector
supportingSigParts,
+ SupportingPolicyData supportingData) throws RampartException {
+
+ Token supportingSigToken;
+ WSSecSignature supportingSig;
+ Element supportingSignatureElement;
+
+ long t0 = 0, t1 = 0;
+ if (dotDebug) {
+ t0 = System.currentTimeMillis();
+ }
+
+ supportingSigToken = supportingData.getSignatureToken();
+
+ if (!(supportingSigToken instanceof X509Token)) {
+ return;
+ }
+ supportingSig = this.getSignatureBuider(rmd, supportingSigToken,
+ ((X509Token) supportingSigToken).getUserCertAlias());
+ Element bstElem = supportingSig.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection() &&
supportingSig.getBSTTokenId() != null) {
+ supportingSigParts.add(new
WSEncryptionPart(supportingSig.getBSTTokenId()));
+ }
+
+ try {
+ supportingSig.addReferencesToSign(supportingSigParts,
rmd.getSecHeader());
+ supportingSig.computeSignature();
+
+ supportingSignatureElement = supportingSig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), supportingSignatureElement));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ signatureValues.add(supportingSig.getSignatureValue());
+
+ if (dotDebug) {
+ t1 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0));
+ }
+
+ }
private void doSignature(RampartMessageData rmd) throws RampartException {
@@ -658,6 +748,55 @@
}
}
+
+ private void doEncryptionWithSupportingToken(RampartPolicyData rpd,
RampartMessageData rmd,
+ Token encrToken, Document doc, Vector encrParts) throws
RampartException {
+ Element refList = null;
+ try {
+ if (!(encrToken instanceof X509Token)) {
+ return;
+ }
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr, ((X509Token)
encrToken).getEncryptionUser());
+
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc,
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd
+ .getCustomClassLoader()));
+
+ if (this.timestampElement != null) {
+ this.setInsertionLocation(this.timestampElement);
+ } else {
+ this.setInsertionLocation(null);
+ }
+
+ if (encr.getBSTTokenId() != null) {
+
this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this
+ .getInsertionLocation(),
encr.getBinarySecurityTokenElement()));
+ }
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+
+ // Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ // Add internal refs
+ encryptedKeyElement.appendChild(refList);
+
+
this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this
+ .getInsertionLocation(), encryptedKeyElement));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
/**
* @param rmd
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Fri Aug 28 08:00:48 2009
@@ -26,6 +26,7 @@
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
@@ -230,8 +231,13 @@
}
}
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token
token)
+ throws RampartException {
+ return getSignatureBuider(rmd, token, null);
+ }
- protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token
token) throws RampartException {
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token
token,
+ String userCertAlias) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
@@ -245,8 +251,14 @@
String user = null;
+ if (userCertAlias != null) {
+ user = userCertAlias;
+ }
+
// Get the user - First check whether userCertAlias present
- user = rpd.getRampartConfig().getUserCertAlias();
+ if (user == null) {
+ user = rpd.getRampartConfig().getUserCertAlias();
+ }
// If userCertAlias is not present, use user property as Alias
@@ -365,6 +377,12 @@
this.getInsertionLocation(), bstElem);
this.setInsertionLocation(bstElem);
+ SupportingPolicyData supportingPolcy = new
SupportingPolicyData();
+ supportingPolcy.build(suppTokens);
+ supportingPolcy.setSignatureToken(token);
+ supportingPolcy.setEncryptionToken(token);
+
rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);
+
if (suppTokens.isEncryptedToken()) {
this.encryptedTokensIdList.add(sig.getBSTTokenId());
}
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
Fri Aug 28 08:00:48 2009
@@ -285,8 +285,10 @@
SupportingToken sgndEndEncSuppTokens =
rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd,
sgndEndEncSuppTokens);
- SupportingToken supportingToks = rpd.getSupportingTokens();
- this.handleSupportingTokens(rmd, supportingToks);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd,
(SupportingToken)supportingToks.get(i));
+ }
SupportingToken encryptedSupportingToks =
rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
@@ -484,8 +486,10 @@
SupportingToken sgndEndEncSuppTokens =
rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd,
sgndEndEncSuppTokens);
- SupportingToken supportingToks = rpd.getSupportingTokens();
- this.handleSupportingTokens(rmd, supportingToks);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd,
(SupportingToken)supportingToks.get(i));
+ }
SupportingToken encryptedSupportingToks =
rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
Fri Aug 28 08:00:48 2009
@@ -150,8 +150,10 @@
}
- SupportingToken supportingToks = rpd.getSupportingTokens();
- this.handleSupportingTokens(rmd, supportingToks);
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd,
(SupportingToken)supportingToks.get(i));
+ }
//Store the signature values vector
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
Fri Aug 28 08:00:48 2009
@@ -114,7 +114,7 @@
/*
* Holds the supporting tokens elements
*/
- private SupportingToken supportingTokens;
+ //private SupportingToken supportingTokens;
private SupportingToken signedSupportingTokens;
@@ -148,6 +148,18 @@
private Policy issuerPolicy;
+ private Vector supportingPolicyData = new Vector();
+
+ private Vector supportingTokens = new Vector();
+
+ public Vector getSupportingPolicyData() {
+ return supportingPolicyData;
+ }
+
+ public void addSupportingPolicyData(SupportingPolicyData
supportingPolicyData) {
+ this.supportingPolicyData.add(supportingPolicyData);
+ }
+
/**
* @return Returns the symmetricBinding.
*/
@@ -483,7 +495,7 @@
int tokenType = suppTokens.getTokenType();
if (tokenType == SPConstants.SUPPORTING_TOKEN_SUPPORTING) {
- supportingTokens = suppTokens;
+ supportingTokens.add(suppTokens);
} else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED) {
signedSupportingTokens = suppTokens;
} else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING) {
@@ -647,12 +659,20 @@
}
/**
- * @return Returns the supportingToken.
+ * @return Returns the supportingTokenList.
*/
- public SupportingToken getSupportingTokens() {
+ public Vector getSupportingTokensList() {
return supportingTokens;
}
+ public SupportingToken getSupportingTokens() {
+ if (supportingTokens.size() > 0) {
+ return (SupportingToken) supportingTokens.get(0);
+ } else {
+ return null;
+ }
+ }
+
/**
* @param encryptedSupportingTokens The encryptedSupportingToken to set.
*/
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Fri Aug 28 08:00:48 2009
@@ -56,6 +56,7 @@
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.SPConstants;
@@ -810,6 +811,19 @@
return getPartsAndElements(true, envelope, rpd.isSignBody(),
rpd.getSignedParts(), rpd.getSignedElements(), rpd.getDeclaredNamespaces());
}
+ public static Vector getSupportingEncryptedParts(RampartMessageData rmd,
+ SupportingPolicyData rpd) {
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(false, envelope, rpd.isEncryptBody(),
rpd.getEncryptedParts(),
+ rpd.getEncryptedElements(), rpd.getDeclaredNamespaces());
+ }
+
+ public static Vector getSupportingSignedParts(RampartMessageData rmd,
SupportingPolicyData rpd) {
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(true, envelope, rpd.isSignBody(),
rpd.getSignedParts(), rpd
+ .getSignedElements(), rpd.getDeclaredNamespaces());
+ }
+
public static Set findAllPrefixNamespaces(OMElement currentElement,
HashMap decNamespacess)
{
Set results = new HashSet();
@@ -1149,10 +1163,22 @@
}
}
- public static void setEncryptionUser(RampartMessageData rmd,
WSSecEncryptedKey encrKeyBuilder) throws RampartException {
+ public static void setEncryptionUser(RampartMessageData rmd,
WSSecEncryptedKey encrKeyBuilder)
+ throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
String encrUser = rpd.getRampartConfig().getEncryptionUser();
- if(encrUser == null || "".equals(encrUser)) {
+ setEncryptionUser(rmd, encrKeyBuilder, encrUser);
+ }
+
+ public static void setEncryptionUser(RampartMessageData rmd,
WSSecEncryptedKey encrKeyBuilder,
+ String encrUser) throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (encrUser == null) {
+ encrUser = rpd.getRampartConfig().getEncryptionUser();
+ }
+
+ if (encrUser == null || "".equals(encrUser)) {
throw new RampartException("missingEncryptionUser");
}
if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
@@ -1426,9 +1452,12 @@
if (!initiator && inflow || initiator && !inflow ) {
- supportingTokens = rpd.getSupportingTokens();
- if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
- return true;
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ supportingTokens = (SupportingToken) supportingToks.get(i);
+ if (supportingTokens != null &&
supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
}
supportingTokens = rpd.getSignedSupportingTokens();
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
Fri Aug 28 08:00:48 2009
@@ -38,6 +38,26 @@
private String tokenVersionAndType = Constants.WSS_X509_V3_TOKEN10;
+ private String encryptionUser;
+
+ private String userCertAlias;
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getUserCertAlias() {
+ return userCertAlias;
+ }
+
+ public void setUserCertAlias(String userCertAlias) {
+ this.userCertAlias = userCertAlias;
+ }
+
public X509Token(int version) {
setVersion(version);
}
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
Fri Aug 28 08:00:48 2009
@@ -32,6 +32,19 @@
import org.apache.ws.secpolicy.model.X509Token;
public class X509TokenBuilder implements AssertionBuilder {
+
+ public final static String USER_CERT_ALIAS_LN = "userCertAlias";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public static final QName RAMPART_CONFIG = new
QName("http://ws.apache.org/rampart/policy";,
+ "RampartConfig");
+
+ public static final QName USER_CERT_ALIAS = new
QName("http://ws.apache.org/rampart/policy";,
+ USER_CERT_ALIAS_LN);
+
+ public static final QName ENCRYPTION_USER = new
QName("http://ws.apache.org/rampart/policy";,
+ ENCRYPTION_USER_LN);
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
@@ -66,6 +79,21 @@
break;
}
}
+
+ if (x509Token != null && policyElement != null) {
+ OMElement ramp = null;
+ ramp = policyElement.getFirstChildWithName(RAMPART_CONFIG);
+ if (ramp != null) {
+ OMElement child = null;
+ if ((child = ramp.getFirstChildWithName(USER_CERT_ALIAS)) !=
null) {
+ x509Token.setUserCertAlias(child.getText());
+ }
+ if ((child = ramp.getFirstChildWithName(ENCRYPTION_USER)) !=
null) {
+ x509Token.setEncryptionUser(child.getText());
+ }
+ }
+ }
+
return x509Token;
}
Modified:
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java?rev=808800&r1=808799&r2=808800&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
Fri Aug 28 08:00:48 2009
@@ -32,6 +32,19 @@
import org.apache.ws.secpolicy.model.X509Token;
public class X509TokenBuilder implements AssertionBuilder {
+
+ public final static String USER_CERT_ALIAS_LN = "userCertAlias";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public static final QName RAMPART_CONFIG = new
QName("http://ws.apache.org/rampart/policy";,
+ "RampartConfig");
+
+ public static final QName USER_CERT_ALIAS = new
QName("http://ws.apache.org/rampart/policy";,
+ USER_CERT_ALIAS_LN);
+
+ public static final QName ENCRYPTION_USER = new
QName("http://ws.apache.org/rampart/policy";,
+ ENCRYPTION_USER_LN);
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
@@ -69,6 +82,21 @@
break;
}
}
+
+ if (x509Token != null && policyElement != null) {
+ OMElement ramp = null;
+ ramp = policyElement.getFirstChildWithName(RAMPART_CONFIG);
+ if (ramp != null) {
+ OMElement child = null;
+ if ((child = ramp.getFirstChildWithName(USER_CERT_ALIAS)) !=
null) {
+ x509Token.setUserCertAlias(child.getText());
+ }
+ if ((child = ramp.getFirstChildWithName(ENCRYPTION_USER)) !=
null) {
+ x509Token.setEncryptionUser(child.getText());
+ }
+ }
+ }
+
return x509Token;
}
