svn commit: r567027 - in /webservices/wss4j/trunk/src/org/apache/ws/security: action/UsernameTokenSignedAction.java message/WSSecSignature.java

Fri, 17 Aug 2007 04:41:04 -0700 

Author: werner
Date: Fri Aug 17 04:40:41 2007
New Revision: 567027

URL: http://svn.apache.org/viewvc?view=rev&rev=567027
Log:
More flexible handling of username token signature action. Now the
signature may contain the username token that is used to create the
signature key.

Modified:
    
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java?view=diff&rev=567027&r1=567026&r2=567027
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/action/UsernameTokenSignedAction.java
 Fri Aug 17 04:40:41 2007
@@ -17,15 +17,22 @@
 
 package org.apache.ws.security.action;
 
+import java.util.Vector;
+
+import org.apache.ws.security.SOAPConstants;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.WSSecUsernameToken;
 import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.signature.XMLSignature;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * Sign a request using a secret key derived from UsernameToken data.
@@ -52,24 +59,60 @@
         builder.addCreated();
         builder.addNonce();
         builder.prepare(doc);
+
+        // Now prepare to sign.
+        // First step:  Get a WS Signature object and set config parameters
+        // second step: set user data and algorithm parameters. This
+        //              _must_ be done before we "prepare"
+        // third step:  Call "prepare". This creates the internal WS Signature
+        //              data structures, XML element, fills in the algorithms
+        //              and other data.
+        // fourth step: Get the references. These references identify the parts
+        //              of the document that will be included into the 
+        //              signature. If no references are given sign the message
+        //              body by default.
+        // fifth step:  compute the signature
+        //
+        // after "prepare" the Signature XML element is ready and may prepend
+        // this to the security header.
         
         WSSecSignature sign = new WSSecSignature();
         sign.setWsConfig(reqData.getWssConfig());
 
-        if (reqData.getSignatureParts().size() > 0) {
-            sign.setParts(reqData.getSignatureParts());
-        }
         sign.setUsernameToken(builder);
         sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
         sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+        sign.prepare(doc, null, reqData.getSecHeader());
+
+        // prepend in this order: first the Signature Element and then the
+        // UsernameToken Element. This way the server gets the UsernameToken
+        // first, can check it and are prepared to compute the Signature key.  
+        sign.prependToHeader(reqData.getSecHeader());
+        builder.prependToHeader(reqData.getSecHeader());
+
+        Vector parts = null;
+        if (reqData.getSignatureParts().size() > 0) {
+            parts = reqData.getSignatureParts();
+        }
+        else {
+            SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+                    .getDocumentElement());
+            
+            parts = new Vector();
+            WSEncryptionPart encP = new WSEncryptionPart(soapConstants
+                    .getBodyQName().getLocalPart(), soapConstants
+                    .getEnvelopeURI(), "Content");
+            parts.add(encP);
+        }
+        sign.addReferencesToSign(parts, reqData.getSecHeader());
+
         try {
-               
-            sign.build(doc, null, reqData.getSecHeader());
+            sign.computeSignature();
             reqData.getSignatureValues().add(sign.getSignatureValue());
         } catch (WSSecurityException e) {
             throw new WSSecurityException("WSHandler: Error during Signature 
with UsernameToken secret"
                     + e);
         }
-        builder.prependToHeader(reqData.getSecHeader());
     }
 }

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java?view=diff&rev=567027&r1=567026&r2=567027
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java 
(original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecSignature.java 
Fri Aug 17 04:40:41 2007
@@ -710,8 +710,6 @@
                        log.debug("Beginning signing...");
                }
 
-               Element securityHeader = secHeader.getSecurityHeader();
-
                prepare(doc, cr, secHeader);
 
                SOAPConstants soapConstants = 
WSSecurityUtil.getSOAPConstants(doc



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to