Author: coheigea
Date: Mon Jun 15 14:26:14 2009
New Revision: 784791
URL: http://svn.apache.org/viewvc?rev=784791&view=rev
Log:
[WSS-198] - Backported some fixes from trunk for this issue.
- The problem was that the EncryptedKeyProcessor and ReferenceListProcessor
append the Id to the decrypted element
- I added the decrypted DOM element to WSDataRef instead so that the user can
see what element was decrypted.
- Added a test.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
Mon Jun 15 14:26:14 2009
@@ -27,10 +27,16 @@
*/
import javax.xml.namespace.QName;
+import org.w3c.dom.Element;
public class WSDataRef {
/**
+ * The protected DOM element
+ */
+ private Element protectedElement;
+
+ /**
* reference by which the Encrypted Data was referred
*/
private String dataref;
@@ -114,5 +120,32 @@
public void setName(QName name) {
this.name = name;
}
+
+ /**
+ * @param element The protected DOM element to set
+ */
+ public void setProtectedElement(Element element) {
+ protectedElement = element;
+ String prefix = element.getPrefix();
+ if (prefix == null) {
+ name =
+ new QName(
+ element.getNamespaceURI(), element.getLocalName()
+ );
+ } else {
+ name =
+ new QName(
+ element.getNamespaceURI(), element.getLocalName(), prefix
+ );
+ }
+ }
+
+ /**
+ * @return the protected DOM element
+ */
+ public Element getProtectedElement() {
+ return protectedElement;
+ }
+
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Jun 15 14:26:14 2009
@@ -31,9 +31,6 @@
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -378,13 +375,10 @@
}
if (tmpE.getLocalName().equals("DataReference")) {
String dataRefURI = ((Element) tmpE).getAttribute("URI");
- WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1));
- Element elt = decryptDataRef(doc, dataRefURI,dataRef,
decryptedBytes);
- dataRef.setName(
- new javax.xml.namespace.QName(
- elt.getNamespaceURI(), elt.getLocalName()
- )
- );
+ if (dataRefURI.charAt(0) == '#') {
+ dataRefURI = dataRefURI.substring(1);
+ }
+ WSDataRef dataRef = decryptDataRef(doc, dataRefURI,
decryptedBytes);
dataRefs.add(dataRef);
}
}
@@ -423,181 +417,35 @@
return Base64.decode(encodedData);
}
- private Element decryptDataRef(
+ /**
+ * Decrypt an EncryptedData element referenced by dataRefURI
+ */
+ private WSDataRef decryptDataRef(
Document doc,
String dataRefURI,
- WSDataRef wsDataRef,
byte[] decryptedData
) throws WSSecurityException {
if (log.isDebugEnabled()) {
- log.debug("found data refernce: " + dataRefURI);
+ log.debug("found data reference: " + dataRefURI);
}
//
- // Look up the encrypted data. First try wsu:Id="someURI". If no such
Id then
- // try the generic lookup to find Id="someURI"
+ // Find the encrypted data element referenced by dataRefURI
//
- Element encBodyData = WSSecurityUtil.getElementByWsuId(doc,
dataRefURI);
- if (encBodyData == null) {
- encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
- }
- if (encBodyData == null) {
- throw new WSSecurityException(
- WSSecurityException.INVALID_SECURITY, "dataRef", new
Object[]{dataRefURI}
- );
- }
-
- boolean content = X509Util.isContent(encBodyData);
-
- // get the encryption method
- String symEncAlgo = X509Util.getEncAlgo(encBodyData);
-
+ Element encryptedDataElement =
+ ReferenceListProcessor.findEncryptedDataElement(doc, dataRefURI);
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+ //
+ String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
SecretKey symmetricKey =
WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
- // initialize Cipher ....
- XMLCipher xmlCipher = null;
- try {
- xmlCipher = XMLCipher.getInstance(symEncAlgo);
- xmlCipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
- } catch (XMLEncryptionException e) {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
- );
- }
-
- if (content) {
- encBodyData = (Element) encBodyData.getParentNode();
- }
- final Node parent = encBodyData.getParentNode();
-
- final java.util.List before_peers = listChildren(parent);
- try {
- xmlCipher.doFinal(doc, encBodyData, content);
- } catch (Exception e1) {
- throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
null, null, e1);
- }
-
- if (parent.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
- && parent.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
-
- Node decryptedHeader = parent.getFirstChild();
- Element decryptedHeaderClone =
(Element)decryptedHeader.cloneNode(true);
- String sigId =
decryptedHeaderClone.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if (sigId == null || sigId.equals("")) {
- String id =
((Element)parent).getAttributeNS(WSConstants.WSU_NS, "Id");
-
- String wsuPrefix =
- WSSecurityUtil.setNamespace(
- decryptedHeaderClone, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX
- );
- decryptedHeaderClone.setAttributeNS(WSConstants.WSU_NS,
wsuPrefix + ":Id", id);
- wsDataRef.setWsuId(id.substring(1));
- } else {
- wsDataRef.setWsuId(sigId);
- }
-
- parent.getParentNode().appendChild(decryptedHeaderClone);
- parent.getParentNode().removeChild(parent);
- }
-
- final java.util.List after_peers = listChildren(parent);
- final java.util.List new_nodes = newNodes(before_peers, after_peers);
- for (
- final java.util.Iterator pos = new_nodes.iterator();
- pos.hasNext();
- ) {
- Node node = (Node) pos.next();
- if (node instanceof Element) {
- if (!Constants.SignatureSpecNS.equals(node.getNamespaceURI())
&&
-
node.getAttributes().getNamedItemNS(WSConstants.WSU_NS, "Id") == null) {
- String wsuPrefix =
- WSSecurityUtil.setNamespace(
- (Element)node, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX
- );
- ((Element)node).setAttributeNS(WSConstants.WSU_NS,
wsuPrefix + ":Id", dataRefURI);
- wsDataRef.setWsuId(dataRefURI.substring(1));
- }
- wsDataRef.setName(new
QName(node.getNamespaceURI(),node.getLocalName()));
-
- return (Element) node;
- }
- }
- return encBodyData;
- }
-
- /**
- * @return a list of child Nodes
- */
- private static java.util.List
- listChildren(
- final Node parent
- ) {
- if (parent == null) {
- return java.util.Collections.EMPTY_LIST;
- }
- final java.util.List ret = new java.util.ArrayList();
- if (parent.hasChildNodes()) {
- final NodeList children = parent.getChildNodes();
- if (children != null) {
- for (int i = 0, n = children.getLength(); i < n; ++i) {
- ret.add(children.item(i));
- }
- }
- }
- return ret;
+ return ReferenceListProcessor.decryptEncryptedData(
+ doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
+ );
}
/**
- * @return a list of Nodes in b that are not in a
- */
- private static java.util.List
- newNodes(
- final java.util.List a,
- final java.util.List b
- ) {
- if (a.size() == 0) {
- return b;
- }
- if (b.size() == 0) {
- return java.util.Collections.EMPTY_LIST;
- }
- final java.util.List ret = new java.util.ArrayList();
- for (
- final java.util.Iterator bpos = b.iterator();
- bpos.hasNext();
- ) {
- final Node bnode = (Node) bpos.next();
- final java.lang.String bns = bnode.getNamespaceURI();
- final java.lang.String bln = bnode.getLocalName();
- boolean found = false;
- for (
- final java.util.Iterator apos = a.iterator();
- apos.hasNext();
- ) {
- final Node anode = (Node) apos.next();
- final java.lang.String ans = anode.getNamespaceURI();
- final java.lang.String aln = anode.getLocalName();
- final boolean nsmatch =
- ans == null
- ? ((bns == null) ? true : false)
- : ((bns == null) ? false : ans.equals(bns));
- final boolean lnmatch =
- aln == null
- ? ((bln == null) ? true : false)
- : ((bln == null) ? false : aln.equals(bln));
- if (nsmatch && lnmatch) {
- found = true;
- }
- }
- if (!found) {
- ret.add(bnode);
- }
- }
- return ret;
- }
-
- /**
* Get the Id of the encrypted key element.
*
* @return The Id string
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Mon Jun 15 14:26:14 2009
@@ -23,7 +23,6 @@
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -42,11 +41,9 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
public class ReferenceListProcessor implements Processor {
private static Log log =
@@ -93,8 +90,6 @@
CallbackHandler cb,
Crypto crypto
) throws WSSecurityException {
- Document doc = elem.getOwnerDocument();
-
Node tmpE = null;
ArrayList dataRefUris = new ArrayList();
for (tmpE = elem.getFirstChild();
@@ -109,8 +104,11 @@
}
if (tmpE.getLocalName().equals("DataReference")) {
String dataRefURI = ((Element) tmpE).getAttribute("URI");
- WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1));
- decryptDataRefEmbedded(doc, dataRefURI, dataRef, cb, crypto);
+ if (dataRefURI.charAt(0) == '#') {
+ dataRefURI = dataRefURI.substring(1);
+ }
+ WSDataRef dataRef =
+ decryptDataRefEmbedded(elem.getOwnerDocument(),
dataRefURI, cb, crypto);
dataRefUris.add(dataRef);
}
}
@@ -118,137 +116,153 @@
return dataRefUris;
}
- public void decryptDataRefEmbedded(
+
+ /**
+ * Decrypt an (embedded) EncryptedData element referenced by dataRefURI.
+ */
+ private WSDataRef decryptDataRefEmbedded(
Document doc,
String dataRefURI,
- WSDataRef dataRef,
CallbackHandler cb,
Crypto crypto
) throws WSSecurityException {
-
if (log.isDebugEnabled()) {
log.debug("Found data reference: " + dataRefURI);
}
//
- // Look up the encrypted data. First try wsu:Id="someURI". If no such
Id
- // then try the generic lookup to find Id="someURI"
+ // Find the encrypted data element referenced by dataRefURI
//
- Element encBodyData = null;
- if ((encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI))
== null) {
- encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
- }
- if (encBodyData == null) {
- throw new WSSecurityException(
- WSSecurityException.INVALID_SECURITY, "dataRef", new Object[]
{dataRefURI}
- );
- }
-
- boolean content = X509Util.isContent(encBodyData);
-
- // Now figure out the encryption algorithm
- String symEncAlgo = X509Util.getEncAlgo(encBodyData);
-
- Element tmpE =
- (Element)WSSecurityUtil.findElement(
- (Node) encBodyData, "KeyInfo", WSConstants.SIG_NS
+ Element encryptedDataElement = findEncryptedDataElement(doc,
dataRefURI);
+ //
+ // Prepare the SecretKey object to decrypt EncryptedData
+ //
+ String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+ Element keyInfoElement =
+ (Element)WSSecurityUtil.getDirectChildElement(
+ encryptedDataElement, "KeyInfo", WSConstants.SIG_NS
);
- if (tmpE == null) {
+ if (keyInfoElement == null) {
throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyinfo");
}
-
//
// Try to get a security reference token, if none found try to get a
// shared key using a KeyName.
//
Element secRefToken =
- (Element) WSSecurityUtil.getDirectChild(
- tmpE, "SecurityTokenReference", WSConstants.WSSE_NS
+ WSSecurityUtil.getDirectChildElement(
+ keyInfoElement, "SecurityTokenReference", WSConstants.WSSE_NS
);
-
SecretKey symmetricKey = null;
if (secRefToken == null) {
- symmetricKey = X509Util.getSharedKey(tmpE, symEncAlgo, cb);
+ symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo,
cb);
} else {
- symmetricKey = getKeyFromSecurityTokenReference(secRefToken,
symEncAlgo, crypto, cb);
+ symmetricKey =
+ getKeyFromSecurityTokenReference(secRefToken, symEncAlgo,
crypto, cb);
}
- // initialize Cipher ....
+ return
+ decryptEncryptedData(
+ doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
+ );
+ }
+
+
+ /**
+ * Look up the encrypted data. First try wsu:Id="someURI". If no such Id
then try the
+ * generic lookup to find Id="someURI"
+ *
+ * @param doc The document in which to find EncryptedData
+ * @param dataRefURI The URI of EncryptedData
+ * @return The EncryptedData element
+ * @throws WSSecurityException if the EncryptedData element referenced by
dataRefURI is
+ * not found
+ */
+ public static Element
+ findEncryptedDataElement(
+ Document doc,
+ String dataRefURI
+ ) throws WSSecurityException {
+ Element encryptedDataElement = WSSecurityUtil.getElementByWsuId(doc,
dataRefURI);
+ if (encryptedDataElement == null) {
+ encryptedDataElement = WSSecurityUtil.getElementByGenId(doc,
dataRefURI);
+ }
+ if (encryptedDataElement == null) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY, "dataRef", new Object[]
{dataRefURI}
+ );
+ }
+ return encryptedDataElement;
+ }
+
+
+ /**
+ * Decrypt the EncryptedData argument using a SecretKey.
+ * @param doc The (document) owner of EncryptedData
+ * @param dataRefURI The URI of EncryptedData
+ * @param encData The EncryptedData element
+ * @param symmetricKey The SecretKey with which to decrypt EncryptedData
+ * @param symEncAlgo The symmetric encryption algorithm to use
+ * @throws WSSecurityException
+ */
+ public static WSDataRef
+ decryptEncryptedData(
+ Document doc,
+ String dataRefURI,
+ Element encData,
+ SecretKey symmetricKey,
+ String symEncAlgo
+ ) throws WSSecurityException {
XMLCipher xmlCipher = null;
try {
xmlCipher = XMLCipher.getInstance(symEncAlgo);
xmlCipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
- } catch (XMLEncryptionException e1) {
+ } catch (XMLEncryptionException ex) {
throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e1
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
);
}
+ WSDataRef dataRef = new WSDataRef(dataRefURI);
+ dataRef.setWsuId(dataRefURI);
+ boolean content = X509Util.isContent(encData);
+ Node parent = encData.getParentNode();
+ Node previousSibling = encData.getPreviousSibling();
if (content) {
- encBodyData = (Element) encBodyData.getParentNode();
- dataRef.setName(new QName(encBodyData.getNamespaceURI(),
encBodyData.getLocalName()));
+ encData = (Element) encData.getParentNode();
+ parent = encData.getParentNode();
}
-
+
try {
- Node parentEncBody =encBodyData.getParentNode();
- final java.util.List before_peers = listChildren(parentEncBody);
-
- xmlCipher.doFinal(doc, encBodyData, content);
-
- if
(parentEncBody.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
- &&
parentEncBody.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
- Node decryptedHeader = parentEncBody.getFirstChild();
- Element decryptedHeaderClone =
(Element)decryptedHeader.cloneNode(true);
- String sigId =
decryptedHeaderClone.getAttributeNS(WSConstants.WSU_NS, "Id");
+ xmlCipher.doFinal(doc, encData, content);
+ } catch (Exception ex) {
+ throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
null, null, ex);
+ }
+
+ if (parent.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
+ && parent.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
- if (sigId == null || sigId.equals("")) {
- String id =
((Element)parentEncBody).getAttributeNS(WSConstants.WSU_NS, "Id");
- String wsuPrefix =
- WSSecurityUtil.setNamespace(
- decryptedHeaderClone, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX
- );
- decryptedHeaderClone.setAttributeNS(WSConstants.WSU_NS,
wsuPrefix + ":Id", id);
- dataRef.setWsuId(id.substring(1));
- } else {
- dataRef.setWsuId(sigId);
- }
-
-
parentEncBody.getParentNode().appendChild(decryptedHeaderClone);
- parentEncBody.getParentNode().removeChild(parentEncBody);
- }
-
- final java.util.List after_peers = listChildren(parentEncBody);
- final java.util.List new_nodes = newNodes(before_peers,
after_peers);
- for (
- final java.util.Iterator pos = new_nodes.iterator();
- pos.hasNext();
- ) {
- Node node = (Node) pos.next();
- if (node instanceof Element) {
-
if(!Constants.SignatureSpecNS.equals(node.getNamespaceURI())
- &&
node.getAttributes().getNamedItemNS(WSConstants.WSU_NS, "Id") == null) {
- String wsuPrefix =
- WSSecurityUtil.setNamespace(
- (Element)node, WSConstants.WSU_NS,
WSConstants.WSU_PREFIX
- );
- ((Element)node).setAttributeNS(
- WSConstants.WSU_NS, wsuPrefix + ":Id", dataRefURI
- );
- dataRef.setWsuId(dataRefURI.substring(1));
- }
- dataRef.setName(new
QName(node.getNamespaceURI(),node.getLocalName()));
- }
+ Node decryptedHeader = parent.getFirstChild();
+ Element decryptedHeaderClone =
(Element)decryptedHeader.cloneNode(true);
+ parent.getParentNode().appendChild(decryptedHeaderClone);
+ parent.getParentNode().removeChild(parent);
+ dataRef.setProtectedElement(decryptedHeaderClone);
+ } else if (content) {
+ dataRef.setProtectedElement(encData);
+ } else {
+ Node decryptedNode;
+ if (previousSibling == null) {
+ decryptedNode = parent.getFirstChild();
+ } else {
+ decryptedNode = previousSibling.getNextSibling();
+ }
+ if (decryptedNode != null && Node.ELEMENT_NODE ==
decryptedNode.getNodeType()) {
+ dataRef.setProtectedElement((Element)decryptedNode);
}
-
- } catch (Exception e) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_CHECK, null, null, e
- );
}
+
+ return dataRef;
}
-
- public String getId() {
- return null;
- }
+
/**
* Retrieves a secret key (session key) from a already parsed EncryptedKey
@@ -356,88 +370,8 @@
return WSSecurityUtil.prepareSecretKey(algorithm, decryptedData);
}
- /**
- * @return a list of Nodes, representing the
- */
- private static java.util.List
- listChildren(
- final Node parent
- ) {
- if (parent == null) {
- return java.util.Collections.EMPTY_LIST;
- }
- final java.util.List ret = new java.util.ArrayList();
- if (parent.hasChildNodes()) {
- final NodeList children = parent.getChildNodes();
- if (children != null) {
- for (int i = 0, n = children.getLength(); i < n; ++i) {
- ret.add(children.item(i));
- }
- }
- }
- return ret;
- }
-
- /**
- * @return a list of Nodes in b that are not in a
- */
- private static java.util.List
- newNodes(
- java.util.List a,
- java.util.List b
- ) {
- if (a.size() == 0) {
- return b;
- }
- if (b.size() == 0) {
- return java.util.Collections.EMPTY_LIST;
- }
-
- a = new ArrayList(a);
- //try a fast node compare at same position first.....
- for (int x = 0; x < b.size(); x++) {
- final Node bnode = (Node)b.get(x);
- final Node anode = (Node)a.get(x);
- if (bnode == anode
- || bnode.getLocalName().equals(anode.getLocalName())
- && bnode.getNamespaceURI().equals(anode.getNamespaceURI())) {
- b.remove(x);
- a.remove(x);
- }
- }
- //what's left is stuff that didn't exactly position match, do slower
searches
- final java.util.List ret = new java.util.ArrayList();
- for (
- final java.util.Iterator bpos = b.iterator();
- bpos.hasNext();
- ) {
- final Node bnode = (Node) bpos.next();
- final java.lang.String bns = bnode.getNamespaceURI();
- final java.lang.String bln = bnode.getLocalName();
- boolean found = false;
- for (
- final java.util.Iterator apos = a.iterator();
- apos.hasNext() && !found;
- ) {
- final Node anode = (Node) apos.next();
- final java.lang.String ans = anode.getNamespaceURI();
- final java.lang.String aln = anode.getLocalName();
- final boolean nsmatch =
- ans == null
- ? ((bns == null) ? true : false)
- : ((bns == null) ? false : ans.equals(bns));
- final boolean lnmatch =
- aln == null
- ? ((bln == null) ? true : false)
- : ((bln == null) ? false : aln.equals(bln));
- if (nsmatch && lnmatch) {
- found = true;
- }
- }
- if (!found) {
- ret.add(bnode);
- }
- }
- return ret;
+ public String getId() {
+ return null;
}
+
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
Mon Jun 15 14:26:14 2009
@@ -528,10 +528,13 @@
*/
public static String getIDFromReference(String ref) {
String id = ref.trim();
- if ((id.length() == 0) || (id.charAt(0) != '#')) {
+ if (id.length() == 0) {
return null;
}
- return id.substring(1);
+ if (id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+ return id;
}
/**
@@ -557,11 +560,7 @@
if (id == null) {
return null;
}
- id = id.trim();
- if ((id.length() == 0) || (id.charAt(0) != '#')) {
- return null;
- }
- id = id.substring(1);
+ id = getIDFromReference(id);
return WSSecurityUtil.findElementById(doc.getDocumentElement(), id,
null);
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java
Mon Jun 15 14:26:14 2009
@@ -27,6 +27,7 @@
import org.apache.axis.message.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
@@ -42,6 +43,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Vector;
/**
* WS-Security Test Case <p/>
@@ -58,7 +60,7 @@
+ "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>"
+ "<SOAP-ENV:Body>"
+ "<add
xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
- + "<value xmlns=\"\">15</value>"
+ + "<value xmlns=\"http://blah.com\";>15</value>"
+ "</add>"
+ "</SOAP-ENV:Body>"
+ "</SOAP-ENV:Envelope>";
@@ -139,6 +141,70 @@
LOG.info("After Encryption....");
verify(encryptedSignedDoc);
}
+
+ /**
+ * Test that signs and then encrypts a WS-Security envelope, then performs
+ * decryption and verification <p/>
+ *
+ * @throws Exception
+ * Thrown when there is any problem in signing, encryption,
+ * decryption, or verification
+ */
+ public void testSigningEncryption() throws Exception {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ WSSecSignature sign = new WSSecSignature();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ LOG.info("Before Encryption....");
+ Document doc = unsignedEnvelope.getAsDocument();
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+ Document encryptedSignedDoc = encrypt.build(signedDoc, crypto,
secHeader);
+ LOG.info("After Encryption....");
+ verify(encryptedSignedDoc);
+ }
+
+
+ /**
+ * Test that signs a SOAP Body, and then encrypts some data inside the
SOAP Body.
+ * As the encryption adds a wsu:Id to the encrypted element, this test
checks that
+ * verification still works ok.
+ */
+ public void testWSS198() throws Exception {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ WSSecEncrypt encrypt = new WSSecEncrypt();
+ WSSecSignature sign = new WSSecSignature();
+ encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
+ sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+ LOG.info("Before Encryption....");
+ Document doc = unsignedEnvelope.getAsDocument();
+
+ Vector parts = new Vector();
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ "add",
+ "http://ws.apache.org/counter/counter_port_type";,
+ "");
+ parts.add(encP);
+ encrypt.setParts(parts);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+ Document encryptedSignedDoc = encrypt.build(signedDoc, crypto,
secHeader);
+ LOG.info("WSS198");
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
+ LOG.debug(outputString);
+ }
+ verify(encryptedSignedDoc);
+ }
/**
* Verifies the soap envelope <p/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
