svn commit: r554665 - in /webservices/wss4j/trunk/src/org/apache/ws/security: ./ handler/ processor/

Mon, 09 Jul 2007 07:54:48 -0700 

Author: ruchithf
Date: Mon Jul  9 07:54:26 2007
New Revision: 554665

URL: http://svn.apache.org/viewvc?view=rev&rev=554665
Log:
- Added BinarySecurityTokenProcessor
We need to be able to process an unreferenced BinarySecurityToken in the 
wsse:Security header. For example if the policy contains a X509Token 
SupportingToken we need the processing results to validate the supporting token.

- Updated some places where we use the security processing results to remove 
the usage of deprecated methods


Added:
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
    webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
    webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Mon Jul 
 9 07:54:26 2007
@@ -365,7 +365,9 @@
 
     public static final int NO_SERIALIZE = 0x100;
     public static final int SERIALIZE = 0x200;
-    public static final int SCT = 0x400;
+    public static final int SCT = 0x400; //SecurityContextToken
+    public static final int DKT = 0x800; //DerivedKeyToken
+    public static final int BST = 0x1000; //BinarySecurityToken
 
     /**
      * Length of UsernameToken derived key used by .NET WSE to sign a message.

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSConfig.java Mon Jul  
9 07:54:26 2007
@@ -249,6 +249,8 @@
         } else if(el.equals(WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_02) ||
                 el.equals(WSSecurityEngine.SECURITY_CONTEXT_TOKEN_05_12)) {
             name = 
"org.apache.ws.security.processor.SecurityContextTokenProcessor";
+        } else if(el.equals(WSSecurityEngine.binaryToken)) {
+            name = 
"org.apache.ws.security.processor.BinarySecurityTokenProcessor";
         }
 
         if (name != null) {

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java 
Mon Jul  9 07:54:26 2007
@@ -98,12 +98,12 @@
     /**
      * <code>wsc:DerivedKeyToken</code> as defined by WS-SecureConversation 
specification in WS-SX
      */
-    public static final QName DERIVED_KEY_TOKEN_05_12 = new 
QName(ConversationConstants.WSC_NS_05_02, 
ConversationConstants.DERIVED_KEY_TOKEN_LN);
+    public static final QName DERIVED_KEY_TOKEN_05_12 = new 
QName(ConversationConstants.WSC_NS_05_12, 
ConversationConstants.DERIVED_KEY_TOKEN_LN);
 
     /**
      * <code>wsc:SecurityContextToken</code> as defined by 
WS-SecureConversation specification in WS-SX
      */
-    public static final QName SECURITY_CONTEXT_TOKEN_05_12 = new 
QName(ConversationConstants.WSC_NS_05_02, 
ConversationConstants.SECURITY_CONTEXT_TOKEN_LN);
+    public static final QName SECURITY_CONTEXT_TOKEN_05_12 = new 
QName(ConversationConstants.WSC_NS_05_12, 
ConversationConstants.SECURITY_CONTEXT_TOKEN_LN);
     
     public WSSecurityEngine() {
     }

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java 
(original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java 
Mon Jul  9 07:54:26 2007
@@ -18,6 +18,7 @@
 
 package org.apache.ws.security;
 
+import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.message.token.SignatureConfirmation;
 import org.apache.ws.security.message.token.Timestamp;
@@ -145,7 +146,21 @@
     public static final java.lang.String TAG_DATA_REF_URIS =
         "data-ref-uris";
 
+    /**
+     * Tag denoting the X.509 certificate chain found, if applicable.
+     *
+     * The value under this tag is of type 
java.security.cert.X509Certificate[].
+     */
+    public static final java.lang.String TAG_X509_CERTIFICATES =
+        "x509-certificates";
 
+    /**
+     * Tag denoting the X.509 certificate found, if applicable.
+     *
+     * The value under this tag is of type java.security.cert.X509Certificate.
+     */
+    public static final java.lang.String TAG_BINARY_SECURITY_TOKEN =
+        "binary-security-token";
 
     public WSSecurityEngineResult(
         int act, 
@@ -212,6 +227,13 @@
     public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
         put(TAG_ACTION, new Integer(act));
         put(TAG_SIGNATURE_CONFIRMATION, sc);
+    }
+
+    public WSSecurityEngineResult(int act, BinarySecurity token,
+            X509Certificate[] certificates) {
+        put(TAG_ACTION, new Integer(act));
+        put(TAG_BINARY_SECURITY_TOKEN, token);
+        put(TAG_X509_CERTIFICATES, certificates);
     }
 
     /**

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java 
Mon Jul  9 07:54:26 2007
@@ -252,8 +252,10 @@
 
         int ai = 0;
         for (int i = 0; i < resultActions; i++) {
-            int act = ((WSSecurityEngineResult) wsResult.get(i)).getAction();
-            if (act == WSConstants.SC) {
+            final Integer actInt = (Integer) ((WSSecurityEngineResult) wsResult
+                    .get(i)).get(WSSecurityEngineResult.TAG_ACTION);
+            int act = actInt.intValue();
+            if (act == WSConstants.SC || act == WSConstants.BST) {
                 continue;
             }
             if (ai >= size || ((Integer) actions.get(ai++)).intValue() != act) 
{

Added: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?view=auto&rev=554665
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
 (added)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
 Mon Jul  9 07:54:26 2007
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2006,2007 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security.processor;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.PKIPathSecurity;
+import org.apache.ws.security.message.token.X509Security;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+
+/**
+ * Processor implementation to handle wsse:BinarySecurityToken elements
+ */
+public class BinarySecurityTokenProcessor  implements Processor {
+
+    /**
+     * Token Id
+     */
+    private String id;
+    
+    /**
+     * Token type
+     */
+    private String type;
+    
+    /**
+     * Certificates carried in this token
+     */
+    private X509Certificate[] certificates;
+    
+    /**
+     * Token object representing the token
+     */
+    private BinarySecurity token;
+    
+    /**
+     * [EMAIL PROTECTED]
+     */
+    public String getId() {
+        return this.id;
+    }
+    
+    /**
+     * [EMAIL PROTECTED]
+     */
+    public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
+            CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults,
+            WSSConfig config) throws WSSecurityException {
+        this.getCertificatesTokenReference(elem, crypto);
+        returnResults.add(0, new WSSecurityEngineResult(WSConstants.BST, 
this.token, this.certificates));
+    }
+    
+    /**
+     * Extracts the certificate(s) from the Binary Security token reference.
+     * <p/>
+     *
+     * @param elem The element containing the binary security token. This is
+     *             either X509 certificate(s) or a PKIPath.
+     * @throws WSSecurityException
+     */
+    private void getCertificatesTokenReference(Element elem, Crypto crypto)
+            throws WSSecurityException {
+        this.createSecurityToken(elem);
+        if (token instanceof PKIPathSecurity) {
+            this.certificates = ((PKIPathSecurity) 
token).getX509Certificates(false, crypto);
+        } else if (token instanceof X509Security) {
+            X509Certificate cert = ((X509Security) 
token).getX509Certificate(crypto);
+            this.certificates = new X509Certificate[1];
+            this.certificates[0] = cert;
+        }
+    }
+
+    /**
+     * Checks the <code>element</code> and creates appropriate binary security 
object.
+     *
+     * @param element The XML element that contains either a 
<code>BinarySecurityToken
+     *                </code> or a <code>PKIPath</code> element. Other element 
types a not
+     *                supported
+     * @throws WSSecurityException
+     */
+    private void createSecurityToken(Element element) throws 
WSSecurityException {
+        this.token = new BinarySecurity(element);
+        String type = token.getValueType();
+
+        if (X509Security.getType().equals(type)) {
+            this.token = new X509Security(element);
+        } else if (PKIPathSecurity.getType().equals(type)) {
+            this.token = new PKIPathSecurity(element);
+        } else {
+            throw new 
WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
+                "unsupportedBinaryTokenType", new Object[]{type});
+        }
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public X509Certificate[] getCertificates() {
+        return certificates;
+    }
+
+    public BinarySecurity getToken() {
+        return token;
+    }
+
+}

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=554665&r1=554664&r2=554665
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 Mon Jul  9 07:54:26 2007
@@ -213,6 +213,7 @@
                                 "noSigCryptoFile");
                     }
                     if (el.equals(WSSecurityEngine.binaryToken)) {
+                        //TODO: Use results from BinarySecurityTokenProcessor
                         certs = getCertificatesTokenReference((Element) token,
                                 crypto);
                     } else if (el.equals(WSSecurityEngine.SAML_TOKEN)) {



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to