SignatureProcessor.java

ruchithf Thu, 06 Sep 2007 07:16:16 -0700

Author: ruchithf
Date: Thu Sep  6 07:15:38 2007
New Revision: 573275

URL: http://svn.apache.org/viewvc?rev=573275&view=rev
Log:
Improved handling of STR in a derived key token
There are cases where the STR contains a KeyIdentifier


<c:DerivedKeyToken xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"; u:Id="_9">
        <o:SecurityTokenReference>
                <o:KeyIdentifier 
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>uuid:12aa0c64-d7bb-4394-a0b5-a7410ba975d6</o:KeyIdentifier>
        </o:SecurityTokenReference>
        <c:Offset>0</c:Offset>
        <c:Length>24</c:Length>
        <c:Nonce>GchqApY/EE3zi9WVVUIIzg==</c:Nonce>
</c:DerivedKeyToken>



Modified:
    
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=573275&r1=573274&r2=573275&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
 Thu Sep  6 07:15:38 2007
@@ -344,13 +344,37 @@
                 byte[] thumb = Base64.decode(((Text) node).getData());
                 alias = crypto.getAliasForX509CertThumb(thumb);
             }
-
         }
+        
         if (alias != null) {
             return crypto.getCertificates(alias);
         }
         return null;
     }
+    
+    public String getKeyIdentifierValue() {
+        if(containsKeyIdentifier()) {
+            Node node = getFirstElement().getFirstChild();
+            if (node == null) {
+                return null;
+            }
+            if (node.getNodeType() == Node.TEXT_NODE) {
+                return ((Text) node).getData();
+            }
+        } 
+        return null;
+    }
+    
+    public String getKeyIdentifierValueType() {
+        if(containsKeyIdentifier()) {
+            Element elem = getFirstElement();
+            return elem.getAttribute("ValueType");
+            
+        } 
+        return null;
+    }
+    
+        
 
     public String getX509SKIAlias(Crypto crypto) throws WSSecurityException {
         if (skiBytes == null) {

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=573275&r1=573274&r2=573275&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
 Thu Sep  6 07:15:38 2007
@@ -28,6 +28,8 @@
 import org.apache.ws.security.message.token.DerivedKeyToken;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
 import org.apache.ws.security.util.Base64;
 import org.w3c.dom.Element;
 
@@ -62,7 +64,7 @@
         //Deserialize the DKT
         DerivedKeyToken dkt = new DerivedKeyToken(elem);
         
-        this.extractSecret(wsDocInfo, dkt, cb);
+        this.extractSecret(wsDocInfo, dkt, cb, crypto);
         
         String tempNonce = dkt.getNonce();
         if(tempNonce == null) {
@@ -110,22 +112,39 @@
      * @param dkt
      * @throws WSSecurityException
      */
-    private void extractSecret(WSDocInfo wsDocInfo, DerivedKeyToken dkt, 
CallbackHandler cb)
+    private void extractSecret(WSDocInfo wsDocInfo, DerivedKeyToken dkt, 
CallbackHandler cb, Crypto crypto)
             throws WSSecurityException {
         SecurityTokenReference str = dkt.getSecuityTokenReference();
         if (str != null) {
-            Reference ref = str.getReference();
-            String uri = ref.getURI();
-            Processor processor = wsDocInfo.getProcessor(uri.substring(1));
-            if(processor == null) {
+            Processor processor;
+            String uri = null;
+            if(str.containsReference()) {
+                Reference ref = str.getReference();
+                
+                uri = ref.getURI();
+                processor = wsDocInfo.getProcessor(uri.substring(1));
+            } else {
+                //Contains key identifier
+                String keyIdentifier = str.getKeyIdentifierValue();
+                processor = wsDocInfo.getProcessor(keyIdentifier);
+            }
+            
+            if(processor == null && uri != null) {
                 //Now use the callback and get it
                 this.secret = this.getSecret(cb, uri.substring(1));
-            }else if (processor instanceof EncryptedKeyProcessor) {
+            } else if (processor instanceof EncryptedKeyProcessor) {
                 this.secret = ((EncryptedKeyProcessor) processor)
                         .getDecryptedBytes();
             } else if (processor instanceof SecurityContextTokenProcessor) {
                 this.secret = ((SecurityContextTokenProcessor) processor)
                         .getSecret();
+            } else if (processor instanceof SAMLTokenProcessor) {
+                SAMLTokenProcessor samlp = (SAMLTokenProcessor) processor;
+                SAMLKeyInfo keyInfo = SAMLUtil.getSAMLKeyInfo(samlp
+                        .getSamlTokenElement(), crypto, cb);
+                //TODO Handle malformed SAML tokens where they don't have the 
+                //secret in them
+                this.secret = keyInfo.getSecret();
             } else {
                 throw new WSSecurityException(
                         WSSecurityException.FAILED_ENC_DEC, 
"unsupportedKeyId");

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=573275&r1=573274&r2=573275&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 Thu Sep  6 07:15:38 2007
@@ -368,7 +368,17 @@
                     principal.setLabel(dkt.getLabel());
                     principal.setLength(dkt.getLength());
                     principal.setOffset(dkt.getOffset());
-                    String basetokenId = 
dkt.getSecuityTokenReference().getReference().getURI().substring(1);
+                    String basetokenId = null;
+                    SecurityTokenReference secuityTokenReference = dkt
+                            .getSecuityTokenReference();
+                    if (secuityTokenReference.containsReference()) {
+                        basetokenId = secuityTokenReference.getReference()
+                                .getURI().substring(1);
+                    } else {
+                        // KeyIdentifier
+                        basetokenId = secuityTokenReference
+                                .getKeyIdentifierValue();
+                    }
                     principal.setBasetokenId(basetokenId);
                     return principal;
                 } else if(samlKi != null) {



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r573275 - in /webservices/wss4j/trunk/src/org/apache/ws/security: message/token/SecurityTokenReference.java processor/DerivedKeyTokenProcessor.java processor/SignatureProcessor.java

Reply via email to