Author: coheigea
Date: Fri Jun 19 10:39:49 2009
New Revision: 786443
URL: http://svn.apache.org/viewvc?rev=786443&view=rev
Log:
Some bits and pieces.
- Refactored WSConstants. Added in a note that X509_KEY_IDENTIFIER is
non-standard
- Removed the unused "type" stuff from WSEncryptionPart.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Fri Jun
19 10:39:49 2009
@@ -30,80 +30,88 @@
* Constants in WS-Security spec.
*/
public class WSConstants {
- /*
- * All the various string and keywords required.
- *
- * At first the WSS namespaces as per WSS specifications
- */
- public static final String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";;
- public static final String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";;
- public static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";;
/*
- * The base URIs for the various profiles.
- */
- public static final String SOAPMESSAGE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";;
- public static final String SOAPMESSAGE_NS11 =
"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";;
- public static final String USERNAMETOKEN_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";;
- public static final String X509TOKEN_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";;
- public static final String SAMLTOKEN_NS =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";;
- /*
- * The Element name (local name) of the security header
+ * Standard constants used in WSS4J
*/
- public static final String WSSE_LN = "Security";
+
+ //
+ // Namespaces
+ //
+ public static final String WSSE_NS =
+
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";;
+ public static final String WSSE11_NS =
+ "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";;
+ public static final String WSU_NS =
+
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";;
+
+ public static final String SOAPMESSAGE_NS =
+
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";;
+ public static final String SOAPMESSAGE_NS11 =
+ "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";;
+ public static final String USERNAMETOKEN_NS =
+
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";;
+ public static final String X509TOKEN_NS =
+
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";;
+ public static final String SAMLTOKEN_NS =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";;
- /*
- * The Thumbprint relative URI string (without #)
- * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
- */
- public static final String THUMBPRINT ="ThumbprintSHA1";
+ public static final String SIG_NS = Constants.SignatureSpecNS;
+ public static final String ENC_NS = EncryptionConstants.EncryptionSpecNS;
+ public static final String XMLNS_NS = Constants.NamespaceSpecNS;
+ public static final String XML_NS = Constants.XML_LANG_SPACE_SpecNS;
- /*
- * The SAMLAssertionID relative URI string (without #)
- */
- public static final String SAML_ASSERTION_ID = "SAMLAssertionID";
+ public static final String SAML_NS =
"urn:oasis:names:tc:SAML:1.0:assertion";
+ public static final String SAMLP_NS =
"urn:oasis:names:tc:SAML:1.0:protocol";
+ public static final String WSS_SAML_NS =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";;
- /*
- * The EncryptedKeyToken value type URI used in wsse:Reference
- */
- public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
+ public static final String URI_SOAP11_ENV =
+ "http://schemas.xmlsoap.org/soap/envelope/";;
+ public static final String URI_SOAP12_ENV =
+ "http://www.w3.org/2003/05/soap-envelope";;
+ public static final String URI_SOAP11_NEXT_ACTOR =
+ "http://schemas.xmlsoap.org/soap/actor/next";;
+ public static final String URI_SOAP12_NEXT_ROLE =
+ "http://www.w3.org/2003/05/soap-envelope/role/next";;
+ public static final String URI_SOAP12_NONE_ROLE =
+ "http://www.w3.org/2003/05/soap-envelope/role/none";;
+ public static final String URI_SOAP12_ULTIMATE_ROLE =
+ "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver";;
- /*
- * The relative URI to be used for encrypted key SHA1 (Without #)
- * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
- */
- public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
+ public static final String C14N_OMIT_COMMENTS =
+ Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
+ public static final String C14N_WITH_COMMENTS =
+ Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
+ public static final String C14N_EXCL_OMIT_COMMENTS =
+ Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+ public static final String C14N_EXCL_WITH_COMMENTS =
+ Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
- /*
- * The namespace prefixes used. We uses the same prefix convention
- * as shown in the specifications
- */
- public static final String WSSE_PREFIX = "wsse";
- public static final String WSSE11_PREFIX = "wsse11";
- public static final String WSU_PREFIX = "wsu";
- public static final String DEFAULT_SOAP_PREFIX = "soapenv";
+ public static final String KEYTRANSPORT_RSA15 =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
+ public static final String KEYTRANSPORT_RSAOEP =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+ public static final String TRIPLE_DES =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
+ public static final String AES_128 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+ public static final String AES_256 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final String AES_192 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+ public static final String DSA = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ public static final String RSA = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
- /*
- * Now the namespaces, local names, and prefixes of XML-SIG and XML-ENC
- */
- public static final String SIG_NS = Constants.SignatureSpecNS;
- public static final String SIG_PREFIX = "ds";
+ public static final String WST_NS =
"http://schemas.xmlsoap.org/ws/2005/02/trust";;
+ public final static String WSC_SCT =
"http://schemas.xmlsoap.org/ws/2005/02/sc/sct";;
+
+ //
+ // Localnames
+ //
+ public static final String WSSE_LN = "Security";
+ public static final String THUMBPRINT ="ThumbprintSHA1";
+ public static final String SAML_ASSERTION_ID = "SAMLAssertionID";
+ public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
+ public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
public static final String SIG_LN = "Signature";
- public static final String ENC_NS = EncryptionConstants.EncryptionSpecNS;
- public static final String ENC_PREFIX = "xenc";
public static final String ENC_KEY_LN = "EncryptedKey";
public static final String ENC_DATA_LN = "EncryptedData";
public static final String REF_LIST_LN = "ReferenceList";
-
- /*
- * The standard namespace definitions
- */
- public static final String XMLNS_NS = Constants.NamespaceSpecNS;
- public static final String XML_NS = Constants.XML_LANG_SPACE_SpecNS;
-
- /*
- * The local names and attribute names used by WSS
- */
public static final String USERNAME_TOKEN_LN = "UsernameToken";
public static final String BINARY_TOKEN_LN = "BinarySecurityToken";
public static final String TIMESTAMP_TOKEN_LN = "Timestamp";
@@ -116,169 +124,104 @@
public static final String SIGNATURE_CONFIRMATION_LN =
"SignatureConfirmation";
public static final String SALT_LN = "Salt";
public static final String ITERATION_LN = "Iteration";
-
- /*
- * The definitions for SAML
- */
- public static final String SAML_NS =
"urn:oasis:names:tc:SAML:1.0:assertion";
- public static final String SAMLP_NS =
"urn:oasis:names:tc:SAML:1.0:protocol";
public static final String ASSERTION_LN = "Assertion";
- public static final String WSS_SAML_NS =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";;
public static final String WSS_SAML_ASSERTION = "SAMLAssertion-1.1";
- public static final String WSS_SAML_KI_VALUE_TYPE = WSS_SAML_NS +
SAML_ASSERTION_ID;
-
- //
- // SOAP-ENV Namespaces
- //
- public static final String URI_SOAP11_ENV =
- "http://schemas.xmlsoap.org/soap/envelope/";;
- public static final String URI_SOAP12_ENV =
- "http://www.w3.org/2003/05/soap-envelope";;
-
- public static final String[] URIS_SOAP_ENV = {
- URI_SOAP11_ENV,
- URI_SOAP12_ENV,
- };
-
- // Misc SOAP Namespaces / URIs
- public static final String URI_SOAP11_NEXT_ACTOR =
- "http://schemas.xmlsoap.org/soap/actor/next";;
- public static final String URI_SOAP12_NEXT_ROLE =
- "http://www.w3.org/2003/05/soap-envelope/role/next";;
- public static final String URI_SOAP12_NONE_ROLE =
- "http://www.w3.org/2003/05/soap-envelope/role/none";;
- public static final String URI_SOAP12_ULTIMATE_ROLE =
- "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver";;
-
+ public static final String PW_DIGEST = "PasswordDigest";
+ public static final String PW_TEXT = "PasswordText";
+ public static final String PW_NONE = "PasswordNone";
+ public static final String ENCRYPTED_HEADER = "EncryptedHeader";
+
public static final String ELEM_ENVELOPE = "Envelope";
public static final String ELEM_HEADER = "Header";
public static final String ELEM_BODY = "Body";
-
public static final String ATTR_MUST_UNDERSTAND = "mustUnderstand";
public static final String ATTR_ACTOR = "actor";
public static final String ATTR_ROLE = "role";
-
public static final String NULL_NS = "Null";
+
+ //
+ // Prefixes
+ //
+ public static final String WSSE_PREFIX = "wsse";
+ public static final String WSSE11_PREFIX = "wsse11";
+ public static final String WSU_PREFIX = "wsu";
+ public static final String DEFAULT_SOAP_PREFIX = "soapenv";
+ public static final String SIG_PREFIX = "ds";
+ public static final String ENC_PREFIX = "xenc";
+
+
+ //
+ // Fault codes defined in the WSS 1.1 spec under section 12, Error handling
+ //
+
/**
- * Sets the {...@link
org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String,
String) UserNameToken}
- * method to use a password digest to send the password information
- * <p/>
- * This is a required method as defined by WS Specification, Username
token profile.
- */
- public static final String PW_DIGEST = "PasswordDigest";
- /*
- * The password type URI used in the username token
+ * An unsupported token was provided
*/
- public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS +
"#PasswordDigest";
-
+ public static final QName UNSUPPORTED_SECURITY_TOKEN =
+ new QName(WSSE_NS, "UnsupportedSecurityToken");
+
/**
- * Sets the {...@link
org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String,
String) UserNameToken}
- * method to send the password in clear
- * <p/>
- * This is a required method as defined by WS Specification, Username
token profile.
- */
- public static final String PW_TEXT = "PasswordText";
- /*
- * The password type URI used in the username token
+ * An unsupported signature or encryption algorithm was used
*/
- public static final String PASSWORD_TEXT = USERNAMETOKEN_NS +
"#PasswordText";
+ public static final QName UNSUPPORTED_ALGORITHM =
+ new QName(WSSE_NS, "UnsupportedAlgorithm");
/**
- * Sets the {...@link
org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String,
String) UserNameToken}
- * method to send _no_ password related information.
- * <p/>
- * This is a required method as defined by WS Specification, Username
token profile as passwords are optional.
- * Also see the WS-I documentation for scenario's using this feature in a
trust environment.
- */
- public static final String PW_NONE = "PasswordNone";
-
- /**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to encrypt the symmetric data encryption key with the RSA
algorithm.
- * <p/>
- * This is a required method as defined by XML encryption.
+ * An error was discovered processing the <Security> header
*/
- public static final String KEYTRANSPORT_RSA15 =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
-
+ public static final QName INVALID_SECURITY =
+ new QName (WSSE_NS, "InvalidSecurity");
+
/**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to encrypt the symmetric data encryption key with the RSA
algorithm.
- * <p/>
- * This is a required method as defined by XML encryption.
- * <p/>
- * NOTE: This algorithm is not yet supported by WSS4J
+ * An invalid security token was provided
*/
- public static final String KEYTRANSPORT_RSAOEP =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
+ public static final QName INVALID_SECURITY_TOKEN =
+ new QName (WSSE_NS, "InvalidSecurityToken");
+
/**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to use triple DES as the symmetric algorithm to encrypt data.
- * <p/>
- * This is a required method as defined by XML encryption.
- * The String to use in WSDD file (in accordance to w3c specifications:
- * <br/>
- * http://www.w3.org/2001/04/xmlenc#tripledes-cbc
+ * The security token could not be authenticated or authorized
*/
- public static final String TRIPLE_DES =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
-
+ public static final QName FAILED_AUTHENTICATION =
+ new QName (WSSE_NS, "FailedAuthentication");
+
/**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to use AES with 128 bit key as the symmetric algorithm to
encrypt data.
- * <p/>
- * This is a required method as defined by XML encryption.
- * The String to use in WSDD file (in accordance to w3c specifications:
- * <br/>
- * http://www.w3.org/2001/04/xmlenc#aes128-cbc
+ * The signature or decryption was invalid
*/
- public static final String AES_128 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
-
- /**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to use AES with 256 bit key as the symmetric algorithm to
encrypt data.
- * <p/>
- * This is a required method as defined by XML encryption.
- * The String to use in WSDD file (in accordance to w3c specifications:
- * <br/>
- * http://www.w3.org/2001/04/xmlenc#aes256-cbc
+ public static final QName FAILED_CHECK =
+ new QName (WSSE_NS, "FailedCheck");
+
+ /**
+ * Referenced security token could not be retrieved
*/
- public static final String AES_256 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-
- /**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to use AES with 192 bit key as the symmetric algorithm to
encrypt data.
- * <p/>
- * This is a optional method as defined by XML encryption.
- * The String to use in WSDD file (in accordance to w3c specifications:
- * <br/>
- * http://www.w3.org/2001/04/xmlenc#aes192-cbc
+ public static final QName SECURITY_TOKEN_UNAVAILABLE =
+ new QName (WSSE_NS, "SecurityTokenUnavailable");
+
+ /**
+ * The message has expired
*/
- public static final String AES_192 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+ public static final QName MESSAGE_EXPIRED =
+ new QName (WSSE_NS, "MessageExpired");
- /**
- * Sets the {...@link
org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signature}
- * method to use DSA with SHA1 (DSS) to sign data.
- * <p/>
- * This is a required method as defined by XML signature.
- */
- public static final String DSA = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ //
+ // Misc
+ //
+ public static final String WSS_SAML_KI_VALUE_TYPE = WSS_SAML_NS +
SAML_ASSERTION_ID;
+ public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS +
"#PasswordDigest";
+ public static final String PASSWORD_TEXT = USERNAMETOKEN_NS +
"#PasswordText";
- /**
- * Sets the {...@link
org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signature}
- * method to use RSA with SHA to sign data.
- * <p/>
- * This is a recommended method as defined by XML signature.
- */
- public static final String RSA = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+ public static final String[] URIS_SOAP_ENV = {
+ URI_SOAP11_ENV,
+ URI_SOAP12_ENV,
+ };
- public static final String C14N_OMIT_COMMENTS =
Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
- public static final String C14N_WITH_COMMENTS =
Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
- public static final String C14N_EXCL_OMIT_COMMENTS =
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
- public static final String C14N_EXCL_WITH_COMMENTS =
Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
+ /*
+ * Constants used to configure WSS4J
+ */
/**
- * Sets the {...@link
org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signing}
- * method to send the signing certificate as a
- * <code>BinarySecurityToken</code>.
+ * Sets the {...@link
+ * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * } method to send the signing certificate as a
<code>BinarySecurityToken</code>.
* <p/>
* The signing method takes the signing certificate, converts it to a
* <code>BinarySecurityToken</code>, puts it in the security header,
@@ -288,18 +231,20 @@
* The X509 profile recommends to use {...@link #ISSUER_SERIAL} instead
* of sending the whole certificate.
* <p/>
- * Please refer to WS Security specification X509 profile, chapter 3.3.2
- * and to WS Security specification, chapter 7.2
+ * Please refer to WS Security specification X509 1.1 profile, chapter
3.3.2
+ * and to WS Security SOAP Message security 1.1 specification, chapter 7.2
* <p/>
* Note: only local references to BinarySecurityToken are supported
*/
public static final int BST_DIRECT_REFERENCE = 1;
/**
- * Sets the {...@link
org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signing}
- * or the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to send the issuer name and the serial number of a
- * certificate to the receiver.
+ * Sets the {...@link
+ * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * } or the {...@link
+ * org.apache.ws.security.message.WSSecEncrypt#build(Document, Crypto,
WSSecHeader)
+ * } method to send the issuer name and the serial number of a certificate
to
+ * the receiver.
* <p/>
* In contrast to {...@link #BST_DIRECT_REFERENCE} only the issuer name
* and the serial number of the signing certificate are sent to the
@@ -307,43 +252,43 @@
* method uses the public key associated with this certificate to encrypt
* the symmetric key used to encrypt data.
* <p/>
- * Please refer to WS Security specification X509 profile, chapter 3.3.3
+ * Please refer to WS Security specification X509 1.1 profile, chapter
3.3.3
*/
public static final int ISSUER_SERIAL = 2;
/**
- * Sets the {...@link
org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
- * method to send the certificate used to encrypt the symmetric key.
+ * Sets the {...@link
+ * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * } or the {...@link
+ * org.apache.ws.security.message.WSSecEncrypt#build(Document, Crypto,
WSSecHeader)
+ * }method to send the certificate used to encrypt the symmetric key.
* <p/>
* The encryption method uses the public key associated with this
certificate
- * to encrypr the symmetric key used to encrypt data. The certificate is
- * converted into a <code>KeyIdentfier</code> token and sent to the
receiver.
+ * to encrypt the symmetric key used to encrypt data. The certificate is
+ * converted into a <code>KeyIdentifier</code> token and sent to the
receiver.
* Thus the complete certificate data is transfered to receiver.
* The X509 profile recommends to use {...@link #ISSUER_SERIAL} instead
* of sending the whole certificate.
* <p/>
- * <p/>
- * Please refer to WS Security specification X509 profile, chapter 7.3
+ * Please refer to WS Security SOAP Message security 1.1 specification,
+ * chapter 7.3. Note that this is a NON-STANDARD method. The standard way
to refer to
+ * an X.509 Certificate via a KeyIdentifier is to use {...@link
SKI_KEY_IDENTIFIER}
*/
public static final int X509_KEY_IDENTIFIER = 3;
+
/**
- * Sets the
- * {...@link org.apache.ws.security.message.WSSignEnvelope#build(Document,
Crypto)
- * signing}
- * method to send a <code>SubjectKeyIdentifier</code> to identify
+ * Sets the {...@link
+ * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto,
WSSecHeader)
+ * } method to send a <code>SubjectKeyIdentifier</code> to identify
* the signing certificate.
* <p/>
- * Refer to WS Security specification X509 profile, chapter 3.3.1
- * This identification token is not yet fully tested by WSS4J. The
- * WsDoAllSender does not include the X.509 certificate as
- * <code>BinarySecurityToken</code> in the request message.
+ * Refer to WS Security specification X509 1.1 profile, chapter 3.3.1
*/
public static final int SKI_KEY_IDENTIFIER = 4;
/**
* Embeds a keyinfo/key name into the EncryptedData element.
* <p/>
- * Refer to WS Security specification X509 profile
*/
public static final int EMBEDDED_KEYNAME = 5;
@@ -387,7 +332,6 @@
* This identifier uses the SHA-1 digest of a security token to
* identify the security token. Please refer to chapter 7.3 of the OASIS
WSS 1.1
* specification.
- *
*/
public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER = 10;
@@ -413,8 +357,6 @@
*/
public static final int KEY_VALUE = 13;
- public static final String ENCRYPTED_HEADER = "EncryptedHeader";
-
/*
* The following values are bits that can be combined to for a set.
* Be careful when selecting new values.
@@ -448,70 +390,4 @@
public static final int WSE_DERIVED_KEY_LEN = 16;
public static final String LABEL_FOR_DERIVED_KEY = "WS-Security";
- /**
- * WS-Trust namespace
- */
- public static final String WST_NS =
"http://schemas.xmlsoap.org/ws/2005/02/trust";;
-
- public final static String WSC_SCT =
"http://schemas.xmlsoap.org/ws/2005/02/sc/sct";;
-
- //
- // Fault codes defined in the WSS 1.1 spec under section 12, Error handling
- //
-
- /**
- * An unsupported token was provided
- */
- public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(WSSE_NS,
"UnsupportedSecurityToken");
-
- /**
- * An unsupported signature or encryption algorithm was used
- */
- public static final QName UNSUPPORTED_ALGORITHM = new QName(WSSE_NS,
"UnsupportedAlgorithm");
-
- /**
- * An error was discovered processing the <Security> header
- */
- public static final QName INVALID_SECURITY = new QName (WSSE_NS,
"InvalidSecurity");
-
- /**
- * An invalid security token was provided
- */
- public static final QName INVALID_SECURITY_TOKEN = new QName (WSSE_NS,
"InvalidSecurityToken");
-
- /**
- * The security token could not be authenticated or authorized
- */
- public static final QName FAILED_AUTHENTICATION = new QName (WSSE_NS,
"FailedAuthentication");
-
- /**
- * The signature or decryption was invalid
- */
- public static final QName FAILED_CHECK = new QName (WSSE_NS,
"FailedCheck");
-
- /**
- * Referenced security token could not be retrieved
- */
- public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName (WSSE_NS,
"SecurityTokenUnavailable");
-
- /**
- * The message has expired
- */
- public static final QName MESSAGE_EXPIRED = new QName (WSSE_NS,
"MessageExpired");
-
- /**
- * Header type in <code>org.apache.ws.security.WSEncryptionPart</code>
- */
- public static final int PART_TYPE_HEADER = 1;
-
- /**
- * Body type in <code>org.apache.ws.security.WSEncryptionPart</code>
- */
- public static final int PART_TYPE_BODY = 2;
-
- /**
- * Element type in <code>org.apache.ws.security.WSEncryptionPart</code>
- */
- public static final int PART_TYPE_ELEMENT = 3;
-
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
Fri Jun 19 10:39:49 2009
@@ -31,14 +31,6 @@
private String id;
/**
- * Types of WSEncryptionPart
- * <code>org.apache.ws.security.WSConstants.PART_TYPE_HEADER</code>
- * <code>org.apache.ws.security.WSConstants.PART_TYPE_BODY</code>
- * <code>org.apache.ws.security.WSConstants.PART_TYPE_ELEMENT</code>
- */
- private int type = -1;
-
- /**
* Constructor to initialize part structure with element, namespace, and
modifier.
*
* This constructor initializes the parts structure to lookup for a
@@ -63,32 +55,6 @@
}
/**
- * Constructor to initialize part structure with element, namespace, and
modifier,type.
- *
- * This constructor initializes the parts structure to lookup for a
- * fully qualified name of an element to encrypt or sign. The modifier
- * controls how encryption encrypts the element, signature processing does
- * not use the modifier information.
- *
- * <p/>
- *
- * Regarding the modifier ("Content" or "Element") refer to the W3C
- * XML Encryption specification.
- *
- * @param nm Element's name
- * @param nmspace Element's namespace
- * @param encMod The encryption modifier
- * @param type Type of the WSEncryptionPart
- */
- public WSEncryptionPart(String nm, String nmspace, String encMod, int
type) {
- name = nm;
- namespace = nmspace;
- encModifier = encMod;
- this.type = type;
- id = null;
- }
-
- /**
* Constructor to initialize part structure with element id.
*
* This constructor initializes the parts structure to lookup for a
@@ -124,30 +90,6 @@
}
/**
- * Constructor to initialize part structure with element id, modifier and
type.
- *
- * This constructor initializes the parts structure to lookup for a
- * an element with the given Id to encrypt or sign. The modifier
- * controls how encryption encrypts the element, signature processing does
- * not use the modifier information.
- *
- * <p/>
- *
- * Regarding the modifier ("Content" or "Element") refer to the W3C
- * XML Encryption specification.
- *
- * @param id The Id to of the element to process
- * @param encMod The encryption modifier
- * @param type of the element
- */
- public WSEncryptionPart(String id, String encMod,int type) {
- this.id = id;
- encModifier = encMod;
- this.type = type;
- name = namespace = null;
- }
-
- /**
* @return the local name of the element to encrypt.
*/
public String getName() {
@@ -175,7 +117,7 @@
return id;
}
- public void setEncId (String id) {
+ public void setEncId(String id) {
encId = id;
}
@@ -183,12 +125,4 @@
return encId;
}
- public int getType() {
- return type;
- }
-
- public void setType(int type) {
- this.type = type;
- }
-
}
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Fri Jun 19 10:39:49 2009
@@ -325,7 +325,7 @@
/**
* Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI).
- * Takes a X509 certificate, gets it SKI data, converts into base 64 and
+ * Takes a X509 certificate, gets the SKI data, converts it into base 64
and
* inserts it into a <code>wsse:KeyIdentifier</code> element, which is
placed
* in the <code>wsse:SecurityTokenReference</code> element.
*
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java Fri Jun 19
10:39:49 2009
@@ -36,8 +36,7 @@
/**
- * WS-Security Test Case
- * <p/>
+ * WS-Security Test Case for SubjectKeyIdentifier.
*
* @author Davanum Srinivas ([email protected])
* @author Werner Dittmann ([email protected])
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java Fri Jun 19
10:39:49 2009
@@ -139,6 +139,39 @@
assertTrue (cert != null);
}
+ /**
+ * Test signing a SOAP message using a BST, sending the CA cert as well in
the
+ * message.
+ */
+ public void testSignatureDirectReferenceCACert() throws Exception {
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("wss40", "security");
+ sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ sign.setUseSingleCertificate(false);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug("BST CA Cert");
+ LOG.debug(outputString);
+ }
+ //
+ // Verify the signature
+ //
+ List results = verify(signedDoc, cryptoCA);
+ WSSecurityEngineResult result =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+ X509Certificate cert =
+
(X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ assertTrue (cert != null);
+ }
+
/**
* Test signing a SOAP message using Issuer Serial. Note that this should
fail, as the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
